Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Work with the User-agent Header

The user-agent header is a header in a request for web access sent under the HTTP protocol. This header identifies the software program that was used to send the request. You can work with this header to create a rule that performs a particular action on a request that contains this header.

The software used on a client for sending a request can be a browser, a media player, or a similar program. If you find, for example, that requests sent with a particular browser cause issues with user authentication on Web Gateway, you can create a rule that skips authentication for these requests or blocks them.

The rule contains the value of the user-agent header in the criteria for the action that is performed. When a request is processed on Web Gateway, this value is retrieved from the request to see whether it is the one for the software program that causes issues.

If not only one program causes issues or you expect that more will be found, you can also work with a list of user-agents. The value of the user-agent header within a request is then compared to the list entries to see whether it matches any of them.

Finding the user-agent

To create a rule with an action for a request that caused issues due to its user-agent, you must know which user-agent it is. There are several ways to find this out.

  • Access log — You can inspect the access log that is maintained on Web Gateway. The data that this log records includes the user-agent header of a request by default.
  • Online resources — You can find information about browsers, media players, and similar programs that run as user-agents on client systems using online resources, for example, performing an online search.

    Websites ae available that support your search for information, for example, by listing and describing the most common user-agents or by identifying the browser that is currently in use on a client.
  • TCP dump — You can create a TCP dump of the request processing that Web Gateway performs, using the troubleshooting functions on the user interface. For more information about these functions, see the Troubleshooting chapter.

When a TCP dump has been created, you can work with a packet tracing tool, for example, Wireshark, to follow the TCP stream. You can select a GET request sent for web access and inspect the data packets of this request with its headers.

If you already have some information about the user-agent that causes issues, you can filter the output in Wireshark accordingly. Entering, for example, the following line returns all data packets that contain the text string "Mozilla".

http.user_agent matches "Mozilla"

NOTE: Most user-agent headers for browsers begin with the text string "Mozilla". This does not necessarily mean that the user-agent is the Mozilla Firefox browser. It could be Firefox or a different browser.


  • Was this article helpful?