I don't have a good answer for that. I think It must vary from day to day, based on what our security provider software deems "insecure" at the moment, and they wouldn't tell us if we asked.


Nate Trail
Network Development & MARC Standards Office
LA308, Mail Stop 4402
Library of Congress
Washington DC 20540

-----Original Message-----
From: Code for Libraries [mailto:[log in to unmask]] On Behalf Of Gorman, Jon
Sent: Friday, July 29, 2016 3:30 PM
To: [log in to unmask]
Subject: Re: [Code4Lib] Schema Validations at Library of Congress

> For Security Reasons, the Library of Congress has begun filtering 
> (blocking) HTTP requests that do not express a userAgent  in the header.

Curiosity compels me to ask, is there a whitelist of user agents allowed? Or is it just the presence of any user agent, even something like "RadHackerzTotalAnnoyanceDDOSmytotalllyrandomstringperrequest", allowed?

Jon Gorman
Library IT
University of Illinois
217 244-4688