https://live.paloaltonetworks.com/t5/general-topics/excessively-long-useragent/m-p/556740#M113002 <P>Thank you for your response.<BR />Although I understand site owners can request that the Palo bot does not scan their ip address(es), this sets a precedent, site owners should not be expected to "opt out" via email from bots sent from legitimate companies - that would be a full-time job <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span><BR />At a minimum, the robots.txt file should be respected.<BR />...non-legit organisations would ignore the request, and possibly spam harder ( how does a site owner know Palo is legit, again, researching this would be part of the full-time job )<BR />I think my main point is that the site logs get populated with overly-long "useragents" that read like advertisements, something a malicious actor might do, but not a legitimate organisation. <BR />Looking at the multitude of useragents, malicious and legit, Palo bot stands out as not really being a useragent at all.<BR />Although not a scientific test, a sample of 10,000 useragents gives me an average string length of 78, Palo bot is 269 characters in length.<BR />imo legitimate companies should "play nicely" and follow convention.</P> Wed, 06 Sep 2023 12:25:55 GMT chaeron 2023-09-06T12:25:55Z https://live.paloaltonetworks.com/t5/general-topics/excessively-long-useragent/m-p/556116#M112922 <P>I don't think the following bot useragent is acceptable:</P> <P>&nbsp;</P> <P>Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers&amp;#39; presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: <A href="mailto:scaninfo@paloaltonetworks.com" target="_blank">scaninfo@paloaltonetworks.com</A></P> <P><BR />It is excessively long, and reads more like an advert. A legit organisation should not be doing this IMO</P> <P>Site admins should need to opt-in, as is good practice for accepting cookies for example, not opt-out. <BR /><BR />Does the Palo bot abide by robots.txt or similar mechanism?</P> Fri, 01 Sep 2023 09:56:24 GMT https://live.paloaltonetworks.com/t5/general-topics/excessively-long-useragent/m-p/556116#M112922 chaeron 2023-09-01T09:56:24Z https://live.paloaltonetworks.com/t5/general-topics/excessively-long-useragent/m-p/556726#M112998 <P>Hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/313150">@chaeron</a> ,</P> <P>&nbsp;</P> <P>This was discussed before here:</P> <P><A href="https://live.paloaltonetworks.com/t5/general-topics/high-loads-by-scanner/td-p/503445" target="_blank">https://live.paloaltonetworks.com/t5/general-topics/high-loads-by-scanner/td-p/503445</A></P> <P>&nbsp;</P> <P>As suggested, in order to be removed contact the email from the access log and request to remove your IP address from the scans.</P> <P>&nbsp;</P> <P>Kind regards,</P> <P>-Kim.</P> Wed, 06 Sep 2023 10:54:16 GMT https://live.paloaltonetworks.com/t5/general-topics/excessively-long-useragent/m-p/556726#M112998 kiwi 2023-09-06T10:54:16Z https://live.paloaltonetworks.com/t5/general-topics/excessively-long-useragent/m-p/556740#M113002 <P>Thank you for your response.<BR />Although I understand site owners can request that the Palo bot does not scan their ip address(es), this sets a precedent, site owners should not be expected to "opt out" via email from bots sent from legitimate companies - that would be a full-time job <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span><BR />At a minimum, the robots.txt file should be respected.<BR />...non-legit organisations would ignore the request, and possibly spam harder ( how does a site owner know Palo is legit, again, researching this would be part of the full-time job )<BR />I think my main point is that the site logs get populated with overly-long "useragents" that read like advertisements, something a malicious actor might do, but not a legitimate organisation. <BR />Looking at the multitude of useragents, malicious and legit, Palo bot stands out as not really being a useragent at all.<BR />Although not a scientific test, a sample of 10,000 useragents gives me an average string length of 78, Palo bot is 269 characters in length.<BR />imo legitimate companies should "play nicely" and follow convention.</P> Wed, 06 Sep 2023 12:25:55 GMT https://live.paloaltonetworks.com/t5/general-topics/excessively-long-useragent/m-p/556740#M113002 chaeron 2023-09-06T12:25:55Z