I read the solution to block null/empty user-agent request here but I was checking if we can block it by web.config.
We are getting lots of requests with no user agent set. Is there any other method to block request with no user-agent?
With URLRewrite 2.x installed on the server you can add rewrite rules to web.config (system.webServer section). Something like this.
<rewrite>
<rules>
<rule name="BlockEmpty" stopProcessing="true">
<match url=".*"/><!-- Any url -->
<conditions>
<add input="{HTTP_USER_AGENT}" pattern="^$"/><!-- Empty -->
</conditions>
<action type="CustomResponse" statusCode="403" statusDescription="Forbidden"/>
</rule>
</rules>
</rewrite>