A coworker was investigating why HTTPs requests using a specific user agent would throw immediate 503 errors. After some troubleshooting, we found something very interesting in the iptables ruleset and in bash history.
iptables -t raw -A PREROUTING -m string --algo bm --string "User Agent String" -j DROP
I guess I haven’t been keeping up on the latest features of IPTables. I can block network requests based on a text pattern? This is pretty awesome!
Warning- this type of deep-packet-inspection is really expensive on the CPU. Don’t use it unless you run out of options.