Technical Tip: How to limit access to specific URL from specific User Agents

It is necessary to limit access to specific URLs from specific User Agents.

For example:

There is a requirement to allow access from mobile devices (for example Android, iPhone, and iPad) to access https://www.example.com/abc

The Custom Rule feature may be used for the requirement.

1) Go to ADVANCED APPLICATIONS -> Custom Rule.

It is maybe necessary to enable this module in the '+ ADD MODULES' menu, under ADVANCED APPLICATIONS -> Custom Rule.

2) Select the '+ Create Rule' button on the right.

3) For the Create Custom Rule, enter the respective information.
For Name, specify the respective name to identify the rule, and for
Operation, select Alert & Deny.

4) Select the 'ADD FILTER' button on the right. For Filter Type, select HTTP Header and set HTTP Header to ON. Under Header Name, select User-Agent.

For the Value Pattern enter 'Mobile|iP(hone|ad)|Android' (without quote).
Enable the Reverse Matching option. Select the SAVE FILTER.

5) Select the 'ADD FILTER' button again. For Filter Type, select URL and for URL Pattern, input the respective URL that needs to be allowed access. Select the SAVE FILTER.

6) Select 'OK'.

7) Select 'SAVE' on the Custom Rule page to apply the Custom Rule.

Related document on Onboarding applications:

https://docs.fortinet.com/document/fortiweb-cloud/latest/user-guide/32019/onboarding-applications

Related document on Custom Rule:

https://docs.fortinet.com/document/fortiweb-cloud/latest/user-guide/265098/custom-rule