Invalid user agent and Unknown user agent
These two WAAP policies work together to identify and block requests that lack a standard user-agent parameter. If the agent is missing, this can indicate that an illegitimate client is being used.
Most browsers provide user agent information across the network to validate a client's authenticity and purpose. User agent strings typically follow this syntax:
User-Agent: <product> / <product-version> <comment>
Where:
<product>: A product identifier — its name or development codename.<product-version>: Version number of the product.<comment>: Comments containing additional details — sub-product information.
Both policies are part of the Anti-automation and bot protection group and are enabled by default. To change the state of a policy, navigate to the CDB Technical Web Portal:
- Navigate to WAAP > Bot Management.
- In the domain dropdown at the top right of the page, select the domain.
- Open the Bot Attacks tab.
- Find the Invalid user agent or Unknown user agent policy and click the dropdown next to it to enable or disable it.