I looked at your SOAP docs here and it looks like the ua (userAgent) is set in the SOAP header so that explains a blank ua. Also, the" Proxy Mechanism"
here looks like it could be abused for hacking. I hope this helps. Is there any way to tighten this up?