Hi There,
We are looking for a way to block a specific user agent from being allowed through the firewall.. i cant see any way to do this?
The user agent is: user_agent="AppleExchangeWebServices/807 AddressBookSourceSync/2421.27"
Id rather avoid creating a IP block on the XG rule as there could be other legitimate traffic coming from this source.
Thank you
Hi,
There's no way to create a custom application signature in Sophos XG. You will have to block it with a custom IPS Signatures.
Can you try out this (horrible) made signature ? You can create a Custom IPS Signature inside the Intrusion Prevention Tab, at Custom IPS Signatures.
content:"|41 70 70 6c 65 45 78 63 68 61 6e 67 65 57 65 62 53 65 72 76 69 63 65 73|";
It should look like this:
After creating it, you can apply it on a IPS Policy, then on a Firewall Rule.
Here's the result of the IPS Engine matching correctly the signature. (I've change my browser user agent to it, to see if it worked.)
Thanks!
