Hello Haupt,
Happy new year, i believe you would like to block wildcard agent(any user-agent)in the http request, for that we would need to create rejex for that as mentioned in the below discussion,
https://community.imperva.com/discussion/block-invalid-ip?ReturnUrl=%2fcommunities%2fcommunity-home%2fdigestviewer%3fcommunitykey%3d39c6092a-d67a-4bc2-8134-bfbb25fc43af
But ideally if we block all the user, it;s not the correct way of creating the policy.
For creating regex you can use this link, Regex Library,
------------------------------
Syed Noor Fazal
Product Support Engineer
------------------------------
Original Message:
Sent: 01-09-2023 09:30
From: Haupt Cont
Subject: Data Set Wildcards
Hello,
I have a security policy (Web Service Custom policy) which blocks an HTTP request if an certain user-agent is in the HTTP header. The data with the user-agents ("blocklist") is stored in a Data Set.
The policy only matches the criteria based on "User Agent (Lookup Data Set)" settings in the policy. In the "Lookup Data Set" i have chosen the predefined Data Set with the user agents which I want to block.
The policy only matches full strings (literal) an no wildcards. If the user agent strings changes (for instance the version in the user agent string) my policy doesn't block any more.
Is there a possibility to match sub-strings or wildcards using a Lookup Data Set?
Thanks
#On-PremisesWAF(formerlySecuresphere)
------------------------------
Haupt Cont
------------------------------