How to Deny Traffic Based on Operating System on a ProxySG appliance

book

Article ID: 168598

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

You would like to control all web traffic from a specific operating system (OS).

Resolution

To control the traffic from specific operating systems, the ProxySG appliance must be able to detect it. This process depends on the client sending the request. Most browsers include OS in the user-agent field in the HTTP request header.  For example:

https://msdn.microsoft.com/en-us/library/ms537503(v=vs.85).aspx
 
GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Host: microsoft.com

Windows NT 6.3The Platform token identifies the operating system and version. The example token indicates Windows 8.1.

To deny all requests from Windows 8.1: 
  1. Launch the Visual Policy Manager (VPM) from Configuration > Policy > Visual Policy Manager.
  2. Create a new rule in a web access layer.
  3. Set the source object as a new Request Header.
  4. In the Set Request Header object, set the drop-down menu type to User-agent.
  5. Enter Windows NT 6.3 in the regex field.  
  6. Set the action to Deny.
  7. Install policy.

Once the above steps are complete, all web requests from Windows 8.1 workstations are denied, provided the HTTP header is viewable by the ProxySG appliance, and it contain Windows NT 6.3 in the User-agent field of the request.

Note: This policy will stop most traffic from Windows 8.1 workstations, but any client application that obfuscates or does not send the user-agent string will not trigger the rule in this article.