Not sure what I'm doing wrong here, but the rule doesn't appear to be working as expected. Using Firefox addon I can change my user agent to show the github info and I can confirm in the IIS logs that the user agent is showing the github info, but the traffic isn't being dropped.
I'd like to add some logging so that I can confirm the rule is seeing the user-agent info but that doesn't seem to be working either.
when HTTP_REQUEST {
log local0. "User-Agent:[HTTP::header "User-Agent"]"
if { [HTTP::header "User-Agent"] contains "github.com/tenderlove/mechanize"} {
reject
}
}
[\code]
Any thoughts or suggetions on what I can do better here?
Thanks,
Bob