How to Block User Agents on Heroku

Why you might need this

User Agents are the self-reported names that HTTP client software reports itself as - as such they’re easily changed. While that is undisputably the case, in practice many bots and malicious scripts still report as the command line tools or HTTP libraries that they’re using to generate requests.

As an example, many vulnerability probe or scanning software will report as one of the Curl User Agents

Example: PycURL/7.43.0.2 libcurl/7.47.0

This fact makes blocking user agent blocking a useful (if often underestimated) feature.

Prerequisites

What you need to get started:

  1. Expedited WAF add-on is setup in front of your application.

How To Block User Agents on Heroku

Add individual user agents to be blocked to the Block Bots page of your Expedited WAF dashboard:

Notes

  • By default Expedited WAF blocks user agents which don’t match real browsers (missing or malformed agents)

Resources

Learn more about User Agents.

Try Expedited WAF.
Get a Free Tee.

Option 1: Install Expedited WAF (the Web Application Firewall service that shields your Heroku applications from attacks) from the Heroku Elements Marketplace..

Seven days later we'll ask for some feedback and your (US or Canada only) shipping details.

Option 2: Select a Date & Time below to talk to us about your existing web application security framework and see how Expedited WAF can help better secure your Heroku applications.