I just learned this now :-) You can now use the URLScan 3.1 with your own custom rules, and it would come handy in situations like rejecting a request based on the User-Agent string.

Below is a sample rule for the same:

[Options]

RuleList=DenyUserAgent

 

[DenyUserAgent]

DenyDataSection=Agent Strings

ScanHeaders=User-Agent

 

[Agent Strings]

My Custom User-Agent String

Useful links

     http://learn.iis.net/page.aspx/476/common-urlscan-scenarios/

     http://blogs.iis.net/nazim/archive/2008/06/30/urlscan-v3-0-filtering-based-on-request-entity.aspx

     http://learn.iis.net/page.aspx/473/using-urlscan?info=EXLINK

Hope this helps!