Comments
-
If you find anything else out on this, I would greatly appreciate some information sharing. We are still getting pounded by these US-based botnet python requests and adjustments to the WAF, rules, etc. are not having much, if any, impact at all. I'm with you on there needs to be a way to block a specific user agent.
-
Having the same issue on a SMA 410. All rules are firing well, GEO-IP, WAF, custom rules - so now we are seeing a barrage of Python requests for random user names coming from US IP addresses.