Cobra Forum

Question

How to block user-agents in Plesk Control Panel on Windows?


Answer

Choose a method that suites you most:

                  Using Filtering Rules on IIS

To block these agents on IIS use the following steps:


Open the IIS Manager

Navigate to the level that you want to block the request (use the top level to apply it to the entire server)

Click on Request Filtering (in IIS part)

Click on the Filters Tab, then click on Add filtering rule... in the Action panel on the right

Configure the tab as follows:

Define a name for the rule, in this example is "user-agent"

In the Scan Header field, add the value "user-agent"

In the Deny Strings field, add the values of the user-agents that must be blocked, one per line. In the example, is blocking the user-agents "hello" and "world"

You should add closer to this:

(https://pix.cobrasoft.org/images/2025/09/26/63e82255-b12a-4e54-91df-55f0dd3ae664.jpg)

• Press OK and make a non-redirect following query with a specified user agent. Now it will return 404:
• Add the following configuration (where hello, world and helloworld are case-insensitive:

# curl -Ik 10.69.45.153:8880 -A hello
HTTP/1.1 404 Not Found
Content-Length: 929
Content-Type: text/html
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
Date: Tue, 25 Mar 2025 14:47:08 GMT
Connection: close

                  Using URL Rewriting Rules

To create a persistent rule in IIS on URL Rewriting, use the following steps:

1.Open IIS Manager (inetmgr).

2.Select the Server Node (not a specific site).

3.Open URL Rewrite.

4.Click "Add Rules..." on the right.

5.Choose Blank Rule under "Inbound Rules".

6.Click Edit... under "Conditions".

7.Click Add and configure:

• Name: Define a name for the rule, like "Block user-agent"
• Pattern: use ".*" to get all request (without the quotes)
• Condition Input: {HTTP_USER_AGENT}
• Check if the input string: "Matches the Pattern"
• Pattern: ".*(badbot|malicious-agent|exploit-scanner|hello|world).*" (Replace with actual user-agents and without the quotes)

8.Click OK.

9.In Action, select "Abort Request".

10.Click Apply and make a non-redirect following query with a specified user agent. Now it will return error aborting the connection:

[code]# curl -Ik 10.69.45.153:8880 -A world
curl: (56) Recv failure: Connection reset by peer[/code]


This solution is persistent across Plesk updates. It affects all IIS-hosted sites, including the Plesk Panel. It does not rely on web.config, which Plesk modifies.
Alternatively, if you prefer to edit the file manually, you can add the following content to file C:\Windows\System32\inetsrv\config\applicationHost.config inside <system.webServer> after line that starts with <proxy enabled="true"...:
CONFIGTEXT: <rewrite>
    <rules>
        <rule name="Block Bad User-Agents" stopProcessing="true">
            <match url=".*" />
            <conditions>
                <add input="{HTTP_USER_AGENT}" pattern=".*(badbot|malicious-agent|exploit-scanner|hello|world).*" />
          </conditions>
            <action type="AbortRequest" />
      </rule>
    </rules>
</rewrite>

It will provide the same effect as the solution proposed above.