https://live.paloaltonetworks.com/t5/next-generation-firewall/security-settings-on-ngfw-to-block-dangerous-user-agent/m-p/583041#M2953 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/530444383">@E.SilvaHueck</a>,</P> <P>You could setup a custom vulnerability signature and set it up so it's blocked across your network. As an example, blocking GPTBot you could do the following assuming that you're decrypting inbound traffic.</P> <LI-CODE lang="markup"> &lt;pattern-match&gt; &lt;pattern&gt;User-Agent:.+GPTBot/&lt;/pattern&gt; &lt;context&gt;http-req-headers&lt;/context&gt; &lt;negate&gt;no&lt;/negate&gt; &lt;/pattern-match&gt;</LI-CODE> Tue, 09 Apr 2024 13:30:00 GMT BPry 2024-04-09T13:30:00Z https://live.paloaltonetworks.com/t5/next-generation-firewall/security-settings-on-ngfw-to-block-dangerous-user-agent/m-p/583009#M2952 <P>Hi All,</P> <P>&nbsp;</P> <P>Good morning!</P> <P>&nbsp;</P> <P>I would like to get guidance from you regarding how to block user agents on Paloalto NGFW. I mean, when I am managing Web Application Firewalls (WAF) from other provider. I am able to configure a section within the security section in the WAF, where I can block bad bots, and any other bad user agent (e.g. python, Go lang, Java, etc) used by not authorised external users to scan the website for vulnerabilities, etc.</P> <P>&nbsp;</P> <P>Is there a way to setting up a similar security measure within Paloalto NGFW? If it is so. Could you help providing guidance for this security setting for me please?</P> <P>&nbsp;</P> <P>Thanks in advance.</P> <P>Elias</P> <P>&nbsp;</P> <P><LI-PRODUCT title="NGFW" id="NGFW"></LI-PRODUCT>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Tue, 09 Apr 2024 07:14:40 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/security-settings-on-ngfw-to-block-dangerous-user-agent/m-p/583009#M2952 E.SilvaHueck 2024-04-09T07:14:40Z https://live.paloaltonetworks.com/t5/next-generation-firewall/security-settings-on-ngfw-to-block-dangerous-user-agent/m-p/583041#M2953 <P><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/530444383">@E.SilvaHueck</a>,</P> <P>You could setup a custom vulnerability signature and set it up so it's blocked across your network. As an example, blocking GPTBot you could do the following assuming that you're decrypting inbound traffic.</P> <LI-CODE lang="markup"> &lt;pattern-match&gt; &lt;pattern&gt;User-Agent:.+GPTBot/&lt;/pattern&gt; &lt;context&gt;http-req-headers&lt;/context&gt; &lt;negate&gt;no&lt;/negate&gt; &lt;/pattern-match&gt;</LI-CODE> Tue, 09 Apr 2024 13:30:00 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/security-settings-on-ngfw-to-block-dangerous-user-agent/m-p/583041#M2953 BPry 2024-04-09T13:30:00Z https://live.paloaltonetworks.com/t5/next-generation-firewall/security-settings-on-ngfw-to-block-dangerous-user-agent/m-p/583050#M2954 <P>Thanks a lot for the information!</P> Tue, 09 Apr 2024 14:35:56 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/security-settings-on-ngfw-to-block-dangerous-user-agent/m-p/583050#M2954 E.SilvaHueck 2024-04-09T14:35:56Z