Blocking by user-agent string in httpd.conf not effective

httpd.confsetenvuseragent

I'd like to block some spiders and bad bots by user-agent text string for all of my virtual hosts via httpd.conf but have yet to find success. Below are the contents of my http.conf file. Any ideas why this isn't working? env_module is loaded.

SetEnvIfNoCase User-Agent "^BaiDuSpider" UnwantedRobot
SetEnvIfNoCase User-Agent "^Yandex" UnwantedRobot
SetEnvIfNoCase User-Agent "^Exabot" UnwantedRobot
SetEnvIfNoCase User-Agent "^Cityreview" UnwantedRobot
SetEnvIfNoCase User-Agent "^Dotbot" UnwantedRobot
SetEnvIfNoCase User-Agent "^Sogou" UnwantedRobot
SetEnvIfNoCase User-Agent "^Sosospider" UnwantedRobot
SetEnvIfNoCase User-Agent "^Twiceler" UnwantedRobot
SetEnvIfNoCase User-Agent "^Java" UnwantedRobot
SetEnvIfNoCase User-Agent "^YandexBot" UnwantedRobot
SetEnvIfNoCase User-Agent "^bot*" UnwantedRobot
SetEnvIfNoCase User-Agent "^spider" UnwantedRobot
SetEnvIfNoCase User-Agent "^crawl" UnwantedRobot
SetEnvIfNoCase User-Agent "^NG\ 1.x (Exalead)" UnwantedRobot
SetEnvIfNoCase User-Agent "^MJ12bot" UnwantedRobot

<Directory "/var/www/">
    Order Allow,Deny
    Allow from all
    Deny from env=UnwantedRobot
</Directory>
<Directory "/srv/www/">
    Order Allow,Deny
    Allow from all
    Deny from env=UnwantedRobot
</Directory>

EDIT – @Shane Madden: I do have .htaccess files in each virtual host's document root with the following.

order allow,deny
deny from xxx.xxx.xxx.xxx
deny from xx.xxx.xx.xx
deny from xx.xxx.xx.xxx
...
allow from all

Could that be creating conflict? Sample VirtualHost config:

<VirtualHost xx.xxx.xx.xxx:80>
 ServerAdmin admin@domain.com
 ServerName domain.com
 ServerAlias www.domain.com
 DocumentRoot /srv/www/domain.com/public_html/
 ErrorLog "|/usr/bin/cronolog /srv/www/domain.com/logs/error_log_%Y-%m"
 CustomLog "|/usr/bin/cronolog /srv/www/domain.com/logs/access_log_%Y-%m"     combined
</VirtualHost>

Best Answer

Try this, and if it fails, try it in a .htaccess file...

   #Bad bot removal
   RewriteEngine on
   RewriteCond %{HTTP_USER_AGENT} ^useragent1 [OR]
   RewriteCond %{HTTP_USER_AGENT} ^useragent2 [OR]
   RewriteCond %{HTTP_USER_AGENT} ^useragent3
   RewriteRule ^(.*)$ http://website-you-want-to-send-bad-bots-to.com

Follow this pattern, and don't put an [OR] on the very last one.

EDIT: New solution:

If you want to block all (friendly) bots, make a file called "robots.txt" and put it in where your index.html is. Inside it, put this:

User-agent: *
Disallow: /

You'd still need to maintain a list like my original answer (above) to disallow the bots that ignore robots.txt.

Related Solutions

Apache – Blocking Access via User Agent String

you can deny access by BrowserMatch and Deny from SetEnvIf Example:

SetEnvIfNoCase User-Agent "^Wget" bad_bot
SetEnvIfNoCase User-Agent "^EmailSiphon" bad_bot
SetEnvIfNoCase User-Agent "^EmailWolf" bad_bot
<Directory "/var/www">
        Order Allow,Deny
        Allow from all
        Deny from env=bad_bot
</Directory>

To permanenly block them you have to write custom log file and use fail2ban for example to ban them with iptables

For example create LogFormat

LogFormat "%a %{User-agent}i" ipagent

Add logging to your vhost/server-wide

CustomLog /var/log/apache2/useragent.log ipagent

/etc/fail2ban/filter.d/baduseragent.conf

[Definition]
failregex = ^<HOST> Mozilla/4\.0 \(compatible; MSIE 7\.0; Windows NT 5\.1; SV1; \.NET CLR 2\.0\.50727\) Havij$

/etc/fail2ban/jail.conf

[apache-bad-user-agent]

enabled  = true
port     = 80,443
protocol = tcp
filter   = baduseragent
maxretry = 1
bantime  = 86400
logpath  = /var/log/apache2/useragent.log

Nginx not blocking user agents

nginx only applies one location block at each level of the config. All the files which are 404ing are .php files which hit the \.php location block, and therefore do not use the / location block which contains your user agent block. To fix this move your user agent block outside the location block to the root level so that it gets applied to all requests.

if ($http_user_agent ~* "morfeus fucking scanner|ZmEu") {
    return 403;
}

location / {
    ...
}

location \.php {
    ...
}

Edit: You can test this with something like curl which lets you set arbitrary headers:

% curl -I localhost/sf645/blah
HTTP/1.1 404 Not Found
% curl -I -H 'User-agent: ZmEu' localhost/sf645/blah
HTTP/1.1 403 Forbidden
% curl -I -H 'User-agent: morfeus fucking scanner' localhost/sf645/blah
HTTP/1.1 403 Forbidden

Best Answer

Related Solutions

Apache – Blocking Access via User Agent String

Nginx not blocking user agents

Related Topic