2008/10/20 Amos Jeffries <squid3@xxxxxxxxxxxxx>: > > It's not so much an empty string. As a completely missing header. > Squid can only test what it has against what it checks. If you get my > meaning. > > I haven't tested it, but you might have better luck if you invert the test > to allow access to okay agents and deny the rest. > > All they have to do is send -U "fu" and they get past the wget blocker. > Not to mention the real browser UA are commonly known and often recommended > for script kiddies to spoof the IE agent to get past site barriers and > brokenness in one action. > > Amos > Thanks Amos, I figured that out just after I'd posted my original mail. I appreciate that the blocking is pretty weak but it seems that the majority of the unwanted traffic is some kind of automated client not supplying any User Agent at all. I guess we going for the "low hanging fruit", anyone who really wants the content will be able to fetch it (by spoofing as a real user agent) but this should way to block a bunch of it. James
