How to block certain client apps or browsers from accessing a web App in IIS?

 I got a question from one of my colleagues asking how to block certain client application or browsers from accessing a web App in IIS ?

The Question was raised at first from a customer have already disabled Active Sync and still his users can access through 3rd parity Applications like Cloud Magic https://cloudmagic.com and still would like to prevent that ??

So to do so we can use common request-filter settings to improve the security of the IIS web server. Any Client access your site, the browser software identifies itself by sending a user-agent string, and that is already get logged in IIS log as below:

 

#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status time-taken

2013-12-01 10:51:45 ::1 GET / - 80 - ::1 Mozilla/5.0+(Windows+NT+6.3;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/31.0.1650.57+Safari/537.36 - 500 24 50 2206

 User Agent (cs(UserAgent)) is the browser type that the client used.

 

So simply you can block Chrome by configuring a Deny Rule for user-agent= Chrome

 

 

Forexample

                <requestFiltering>

                <filteringRules>

                    <filteringRule name="user agent deny" scanUrl="false" scanQueryString="false">

                        <scanHeaders>

                              <add requestHeader="user-agent" />

                        </scanHeaders>

                         <appliesTo/>

                        <denyStrings>

                              <add string="chrome" />

                        </denyStrings>

                    </filteringRule>

                </filteringRules>

            </requestFiltering>

 

 

Or For our main Customer who liked to block CloudMagic it would be:

 

<denyStrings>

     <add string="CloudMagic" />

</denyStrings>