Hub WAF rule

More info

experimental-no-user-agent WAF Rule

« Missing User-Agent Header »
v0.2 by crowdsecurity
WAF rule

Protect against no user agent

Installation

cscli appsec-rules install crowdsecurity/experimental-no-user-agent

YAML Configuration

1name: crowdsecurity/experimental-no-user-agent
2description: "Protect against no user agent"
3rules:
4## Useragent header does not exist
5  - and:
6      - zones:
7        - METHOD
8        match:
9          type: regex
10          value: '^GET|POST|PUT|DELETE|PATCH$'
11      - zones:
12        - HEADERS
13        variables:
14         - "User-Agent"
15        transform:
16          - count
17        match:
18          type: equals
19          value: "0"
20
21
22
23    
24labels:
25   type: exploit
26   service: http
27   confidence: 0
28   spoofable: 0
29   behavior: "http:exploit"
30   label: "Missing User-Agent Header"
31   classification:
32     - attack.T1595
33     - attack.T1190
34

Hub WAF rule

« Missing User-Agent Header »v0.2 by crowdsecurityWAF rule

« Missing User-Agent Header »
v0.2 by crowdsecurity
WAF rule