Trying to stop a bad bot from accessing server using mod_security rules. I have the following but it's not working.
SecRule REQUEST_HEADERS:User-Agent "@rx ^(?:Datanyze)$" "msg:'Datanyze blocked',phase:1,log,id:777777,t:none,block,status:403"
the word "Datanyze" is contained in the User Agent string and I can't find a definitive source anywhere that defines if the UA is the entire string, i.e,:
"Mozilla/5.0 (X11; Datanyze; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
or if you can use text strings therein as UA.
Thank you.
SecRule REQUEST_HEADERS:User-Agent "@rx ^(?:Datanyze)$" "msg:'Datanyze blocked',phase:1,log,id:777777,t:none,block,status:403"
the word "Datanyze" is contained in the User Agent string and I can't find a definitive source anywhere that defines if the UA is the entire string, i.e,:
"Mozilla/5.0 (X11; Datanyze; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
or if you can use text strings therein as UA.
Thank you.