Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set unique user-agent #180

Open
theel0ja opened this issue Jul 9, 2019 · 3 comments
Open

Set unique user-agent #180

theel0ja opened this issue Jul 9, 2019 · 3 comments

Comments

@theel0ja
Copy link

theel0ja commented Jul 9, 2019
edited
Loading

Currently, it seems to be Go-http-client/2.0 which doesn't tell the purpose for the request.

For example SSL Labs test sends SSL Labs https://www.ssllabs.com/about/assessment.html) as user-agent.
@737simpilot
Copy link

I also think the UA needs to change because I block this UA in CloudFlare and it's used for shenanigans. There's no way I'm allowing it.

@borisceranic
Copy link

borisceranic commented Jun 10, 2021
edited
Loading

I'm having exactly the same problem. I can't allow traffic that looks like this through the firewall.

Heck, even disregarding the user agent string and allowing the traffic based on the agent's IP address for initial HSTS preload checks, the IP address might change in future.

Ideally, a change of user agent string is also complemented by introducing a set of verifiable DNS names visible in reverse and forward IP address lookups of the agent (similar to how Google Bot can be reliably recognised).

@nharper
Copy link
Collaborator

nharper commented Jun 10, 2021

This appears to be a duplicate of chromium/hstspreload#107.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@borisceranic @nharper @theel0ja @737simpilot