Mod_security not blocking empty useragent requests

I can't get mod_security to block empty useragent requests. I am not very saavy with it so after searching I found this rule:

SecMarker BEGIN_UA_CHECK
SecRule &REQUEST_HEADERS:User-Agent "@eq 0" \"skipAfter:END_UA_CHECK,phase:2,rev:'1',ver:'OWASP_CRS/2.2.9',maturity:'9',accuracy:'9',t:none,block,msg:'Request Missing a User Agent Header',id:'960009',tag:'OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_UA',tag:'WASCTC/WASC-21',tag:'OWASP_TOP_10/A7',tag:'PCI/6.5.10',severity:'5',setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.notice_anomaly_score},setvar:tx.%{rule.id}-OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER-%{matched_var_name}=%{matched_var}"
SecRule REQUEST_HEADERS:User-Agent "^$" \"phase:2,t:none,block,msg:'Empty User Agent Header',id:'960006',rev:'1',ver:'OWASP_CRS/2.2.9',maturity:'9',accuracy:'9',tag:'OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_UA',severity:'5',setvar:'tx.msg=%{rule.msg}',setvar:tx.anomaly_score=+%{tx.notice_anomaly_score},setvar:tx.%{rule.id}-OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER-%{matched_var_name}=%{matched_var}"
SecMarker END_UA_CHECK

In the file located here: /etc/modsecurity/modsecurity_custom_rules.conf

But it just doesn't block the requests…

Am I missing something?

<Location /> # Block empty User-Agents. SecRule &REQUEST_HEADERS:User-Agent "@eq 0" \ "id:'13009',phase:2,t:none,deny,status:406" SecRule REQUEST_HEADERS:User-Agent "^$" \ "id:'13006',phase:2,t:none,deny,status:406" </Location>

Mod_security not blocking empty useragent requests

Best Answer

Related Topic

Best Answer

Related Solutions

Why does mod_security require an ACCEPT HTTP header field

Mod_security not actually blocking requests despite rule trigger & returning 403

Related Topic