Can I block unwanted sessions by IP address or User-Agent or bot?

Any user with Admin permissions can selectively manage and control what sessions are captured within Fullstory. 

To supplement domain blocking, you also have the ability to add filters for client IP addresses and User-Agent substrings.

Simply navigate to Settings > Data Capture and Privacy > Data Capture to add targeted exclusions. Exclusions need to be added one at a time (we don't accept comma separated lists). 

Block IPs

Many customers want to omit traffic generated by their employees who work behind a shared IP address. When you add an IP address to the list under Settings > Data Capture and Privacy > Data Capture, any client browser with that IP address that visits your site won’t have Fullstory data captured. Additionally, to save time, you can add IP addresses in bulk from this same view.
FullStory 2022-06-30 at 1.43.17 PM.jpg

You can wildcard (*) each part of the IP address, where each part is separated by "." (IPv4) or ":" (IPv6). For example, if you wanted to block both and, you could simply supply 192.168.1.*.

In addition to blocking IP address by wildcard, Fullstory also supports CIDR IP notations for blocking purposes. 

Block User Agents

Robots and automated crawlers aren’t usually an issue for web applications that exist behind a log in. Many of our customers run Fullstory on public facing, content-rich sites, and robots can generate lots of unwanted sessions. 

We’ve added the ability to automatically block a list of common bot user agents, or to manually add User-Agent substrings to prevent these visits from generating sessions. If the string you specify is contained at all in the User-Agent reported by the robot when it visits, we won’t capture data.

Screen Shot 2022-06-30 at 1.44.01 PM.png

Here is the list of bots we block when you select the Block popular bot UAs:

  • Googlebot
  • Bingbot
  • Slurp
  • DuckDuckBot
  • Baiduspider
  • YandexBot
  • Sogou
  • Exabot
  • facebot
  • facebookexternalhit
  • ia_archiver
  • moatbot
  • HeadlessChrome
  • Pinterestbot
  • Pingdom
  • YandexRenderResourcesBot
  • YandexMobileBot
  • PetalBot
  • DatadogSynthetics
  • RuxitSynthetic

Note: Common bot traffic is not blocked by default. There are times you may find it useful to watch sessions from bots to understand exactly how they interact with and consume resources on your site. 

For example, this may be because they are using programmed monitoring services to ensure great uptime and catch user experience issues, or they may need to see how much robot traffic they are getting to hold a marketing partner accountable. 

Admins can block common bot traffic in Settings > Data Capture.

You can find the user agent string for each session in the session replay view. At the top right of the screen, we'll show details under the user's name. Click on the browser and operating system to view the full user-agent string. 

Screen Shot 2022-06-30 at 1.44.52 PM.png

It's important to note that the user-agent details will only be available for a user during a session playback and not available on their main user card, since the details are specific to the session and can change as user's log in from different browsers or machines.

After you've copied the User-Agent details, navigate to Settings > Data Capture & Privacy > Data Capture and select "Add blocked UA..." under the Blocked User-Agents section. From here, you can paste your selection to block visits by these robots.

Note: When you turn off data capture by IP or UA String, sessions that were already underway will continue to capture until completed, so you may notice a few more sessions populate even after you've turned off data capture. 

Identifying Unwanted IP Addresses or User Agents

If you're unsure how to identify potentially harmful IP Addresses or User Agents, using a dashboard card to monitor session volume by user dimension is a great way to start. Use this recipe as a guide to creating your own dimensionality card to monitor session volume by IP Address or User Agent.

Need to get in touch with us?

The Fullstory Team awaits your every question.

Ask the Community Technical Support