Currently when a CDN PoP requests a resource from an origin server, it uses the user agent string of the client which requests the resource.
I'd rather see the User Agent string overwritten. This helps in multiple ways:
- Logging. It's obvious what resources are requested by CDN PoPs. Since it's hard to obtain an up-to-date list of IP-addresses of all PoPs in the group, it's far easier to look for a fixed user agent string.
- Filtering of botnet traffic. Some User Agent strings are only used by botnets. We want to be able to ban such user agents without risking to block a CDN PoP
- A requested resource should be idempotent: the origin server should never respond differently based on the User Agent given, since the CDN won't be able to to that either. So making it impossible by using a constant User Agent would prevent this.
Please sign in to leave a comment.