I'm using Fortigate D100 in office. When I double check our Apache 2.2 web server. I found out the access_log full of the Http info which matched UserAgent show in https://httpinfo.net/?sort=useragent, the source ip address to post this is different after few seconds. 

192.168.1.33 - - [21/Sep/2017:00:04:04 +0800] "GET / HTTP/1.1" 200 60549 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 95; MSIECrawler)THISISTESTOPEN"

I think about a way how to use my Fortigate to prevent all the entries post in our Apache server. I intent to use Moziila all signature rules in Intrusion menu. Seems it works quite alright.

But when I take a look on some entries, 

223.19.205.149 - - [21/Sep/2017:00:05:41 +0800] "GET /apple-touch-icon-120x120-precomposed.png HTTP/1.1" 404 320 "-" "MobileSafari/601.1 CFNetwork/758.3.15 Darwin/15.4.0" 223.19.205.149 - - [21/Sep/2017:00:05:41 +0800] "GET /apple-touch-icon-120x120.png HTTP/1.1" 404 308 "-" "MobileSafari/601.1 CFNetwork/758.3.15 Darwin/15.4.0" 223.19.205.149 - - [21/Sep/2017:00:05:42 +0800] "GET /apple-touch-icon.png HTTP/1.1" 404 300 "-" "MobileSafari/601.1 CFNetwork/758.3.15 Darwin/15.4.0" 223.19.205.149 - - [21/Sep/2017:00:05:42 +0800] "GET /apple-touch-icon.png HTTP/1.1" 404 300 "-" "MobileSafari/601.1 CFNetwork/758.3.15 Darwin/15.4.0"

But I found out there are some http info looks like from Mobile browser to flood, I'm not sure which Signature Rules in Intrusion menu can prevent this. So can somebody give me a clue? 

Million thanks

Francis