upsonar.io

Upsonar/1.0 Monitoring Bot

If you see this bot in your server logs, someone is using upsonar.io to monitor their own website.

User-Agent String
Upsonar/1.0 (+https://upsonar.io/ping)

This is the only User-Agent string Upsonar uses. All monitoring requests are HTTP GET requests.

What This Bot Does

Upsonar is a website monitoring service. The bot makes periodic HTTP GET requests to check availability, response time, and page content. It also loads page resources (CSS, JS, images, fonts) to detect broken third-party dependencies.

The site owner configured this monitoring themselves. If you manage the server and don't want this traffic, contact the website owner — not us.

HTTP GET only
1-5 min intervals
9 global regions
No POST/PUT/DELETE
IP Addresses

Upsonar uses dynamic cloud infrastructure. IP addresses are dynamic and change frequently — IP-based whitelisting is not possible. Use User-Agent matching instead (see below).

How to Whitelist

If your WAF or firewall blocks the bot, add an exception rule matching the User-Agent.

Cloudflare

Security → WAF → Custom Rules → Create Rule:

Rule name: Allow Upsonar Expression: (http.user_agent contains "Upsonar") Action: Skip — skip all remaining custom rules

If using Super Bot Fight Mode: Security → Bots → Configure → add the same expression to your allow list.

AWS WAF

Create a rule with a string match condition:

Field: User-Agent header Match type: Contains Value: Upsonar Action: Allow

Place this rule before your Bot Control managed rule group so it takes priority.

Nginx

# In your server block, before any deny rules: set $block 1; if ($http_user_agent ~* "Upsonar") { set $block 0; } if ($block) { return 403; }

Apache

# In .htaccess or virtual host config: SetEnvIfNoCase User-Agent "Upsonar" allowed_bot # Add to your existing access rules: <RequireAny> Require env allowed_bot # your existing Require directives here </RequireAny>
HTTP Headers Sent

User-Agent: Upsonar/1.0 (+https://upsonar.io/ping)

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.9

Accept-Encoding: gzip

Cache-Control: no-cache

Accept-Encoding is set automatically by the HTTP client. Users can configure additional custom headers (e.g., Authorization) for monitoring authenticated endpoints. Custom header values are masked in check results.

Want to monitor your own website?