Description
This article describes how to use FortiWeb advanced protection rules and policies to restrict access to web applications from certain browsers or block unknown browsers/user-agents.
Solution
In FortiWeb restrict browsers by:
- Creating FortiWeb custom rules and policies to detect browsers based on http header 'User-Agent'.
- Add the custom policies protection profiles
In the FortiWeb GUI Create custom policy
- Web Protection -> Advanced Protection -> Custom Policy.
This article describes how to use FortiWeb advanced protection rules and policies to restrict access to web applications from certain browsers or block unknown browsers/user-agents.
Solution
In FortiWeb restrict browsers by:
- Creating FortiWeb custom rules and policies to detect browsers based on http header 'User-Agent'.
- Add the custom policies protection profiles
In the FortiWeb GUI Create custom policy
- Web Protection -> Advanced Protection -> Custom Policy.
This example prevents access to application from Firefox browser.
Note: If 'Header Value Reverse Match' is turned ON, then access to application is only allowed from Firefox browsers.
CLI Config:
config waf custom-access rule
edit "Block_UserAgent"
set action alert_deny
set severity Low
config http-header-filter
edit 1
set predefined-header user-agent
set header-value Firefox
set pre-header-type regular
next
end
next
end
