PoseurBot is the automated crawler that visits websites on behalf of verified Poseur customers. It simulates a synthetic visitor moving through a scenario on a verified host and records an experience log. It does not index content.
PoseurBot/1.0 (+https://poseur.io/bot)
Every request PoseurBot makes includes this User-Agent header. You can match on
PoseurBot in your server logs or WAF rules.
PoseurBot visits one or more pages on the verified host as needed to complete the scenario being tested. It does not follow links off the verified host, does not crawl beyond the journey under test, and does not spider.
Poseur requires customers to verify domain ownership before any scan. PoseurBot will only visit a host that its customer has proven they control.
PoseurBot does not index or publish your content. The experience log is private to the customer who owns the run.
If your WAF or rate-limiter blocks PoseurBot, allowlist requests where the
User-Agent header contains PoseurBot. Example nginx rule:
if ($http_user_agent ~* "PoseurBot") {
set $limit_exempt 1;
}
To block PoseurBot at your WAF or firewall, deny requests where the
User-Agent header contains PoseurBot. Example nginx rule:
if ($http_user_agent ~* "PoseurBot") {
return 403;
}Poseur only visits hosts that its customers have verified they own. If you have not given a Poseur customer a verification token, PoseurBot will never visit your site.
Abuse reports: [email protected].
General questions: [email protected].