IS block specific user agent from requesting a page web


We have IIS 6.0 on a Windows Server 2003 with a ASP.NET web application.
Our web application, or specifically one web page is suffering from some bot attack.
Reviewing IIS logs we've detected a User-Agent that is attacking:

#Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status

2012-07-17 23:59:59 W3SVC336290672 POST /MyVirtualDirectory/MyFolder/wf_Page_Under_Attack.aspx - 80 - python-requests/0.13.2 200 0 0

Is it possible on IIS to block or deny access to "python-requests/0.13.2" requests?

Best Answer

There isn't built-in functionality to do what you're looking for.

One no-cost solution that would do what you want is the Ionics Isapi Rewrite Filter (IIRF) ISAPI filter module. They even have sample configuration for blocking access based on User-Agent.

A second option is Microsoft URLScan (as you indicted in you comment-- I couldn't remember if it allowed for logic based on the User-Agent or not). This blog entry describes using URLScan to block requests based on user-agent. I don't believe URLScan can match based on regular expression, but since you're looking for an exact string match it should do what you want too.

Having said all that, though, it's trivially easy for the "bot" author to change their User-Agent string to something "innocuous". You're taking the first steps in an arms race.

Related Topic