FortiWeb
A FortiWeb can be configured to join a Security Fabric through the root or downstream FortiGate.
gsharma
Staff
Staff
Article Id 368868
Description This article describes how 'http_agent="ZmEu" can be blocked.
Scope FortiWeb.
Solution

FortiWeb can be used to block the traffic coming from 'http_agent="ZmEu"'.

 

This can be achieved by using Custom Policy. Steps can be performed as below:

  1. Navigate to Web Protection -> Advance Protection -> Custom Policy -> Custom Rule -> Create New and Give it name accordingly and select OK.


custompolicy.JPG                                                             

  1. After the rule is made, it is necessary to add Filter, so below the rule select Add Filter -> HTTP Header -> Select OK.
  2. Once it further opens the HTTP Header menu, Set the Header Field as 'Predefined Header name' and Header Name as 'User-Agent'.
  3. In Header Value Type set it as Regular Expression.
  4. Inside Header Value, fill the code as '^ZmEu' (this can be modified based on the http_agent in the traffic logs) and select OK.

    ZmEu.JPG                                                                                 
  5. Once the rule is created, then proceed with creating a Custom Policy and Call the rule in that policy.

    policy.JPG

Once this is set up, call the Custom Policy in the required Web-protection profile, under Policy -> Web Protection Profile -> Custom Policy, and select OK.

Note:

If the issue is not resolved then reach out to the support helpline with the required config and logs. The Regex code used above might need to be modified based on the requirement. 

Related document:
custom-policy