I just learned this now :-) You can now use the URLScan 3.1 with your own custom rules, and it would come handy in situations like rejecting a request based on the User-Agent string.
Below is a sample rule for the same:
[Options] RuleList=DenyUserAgent [DenyUserAgent] DenyDataSection=Agent Strings ScanHeaders=User-Agent [Agent Strings] My Custom User-Agent String
[Options]
RuleList=DenyUserAgent
[DenyUserAgent]
DenyDataSection=Agent Strings
ScanHeaders=User-Agent
[Agent Strings]
My Custom User-Agent String
Useful links
http://learn.iis.net/page.aspx/476/common-urlscan-scenarios/ http://blogs.iis.net/nazim/archive/2008/06/30/urlscan-v3-0-filtering-based-on-request-entity.aspx http://learn.iis.net/page.aspx/473/using-urlscan?info=EXLINK
http://learn.iis.net/page.aspx/476/common-urlscan-scenarios/
http://blogs.iis.net/nazim/archive/2008/06/30/urlscan-v3-0-filtering-based-on-request-entity.aspx
http://learn.iis.net/page.aspx/473/using-urlscan?info=EXLINK
Hope this helps!