User agents are nearly unenforceable in HTTP requests executed through
XSLT. I don't think this affects me with respect to Library of Congress web
services, but I can see it being a problem for someone else. Wouldn't the
best course of action be to block known bad bots rather than block everyone
that doesn't implement a user agent?
On Fri, Jul 29, 2016 at 3:29 PM, Gorman, Jon <[log in to unmask]> wrote:
> > For Security Reasons, the Library of Congress has begun filtering
> > HTTP requests that do not express a userAgent in the header.
> Curiosity compels me to ask, is there a whitelist of user agents allowed?
> Or is it just the presence of any user agent, even something like
> "RadHackerzTotalAnnoyanceDDOSmytotalllyrandomstringperrequest", allowed?
> Jon Gorman
> Library IT
> University of Illinois
> 217 244-4688