Web App Attack Detected Malicious UserAgent
- Former user (Deleted)
Analytics
Web applications that are hosted in AWS, like any regular web site, are prone to many types of web attacks due to the nature of allowing requests for web traffic from any source. The outcomes of such an extensive presence of web traffic record a high volume of activity. One of the fields captured is the user agent, a small section data describing the browser in use by the client sending a request or response to a web page. A common tactic used by attackers is to send a customized version of this information in hopes that the application will not know how to respond, leaving an opportunity to inject custom code to alter the web page or seek out some form of administrative access.
CUIT monitors for these types of attacks. Although fully hard to remove such an occurrence, the information in the altered request can be used to block the offender. It is recommended to create a security group to block the IP address of the user sending the malicious web traffic. CUIT also offers protection through a web application firewall (WAF) called Cloudflare, which sits in front of the application and discard unwanted traffic such as detection of modified user agents. Web app attacks are discussed by Amazon in the following document: