How to block a user agent from all sites on the server

I originally this posted at webmasters.stackexchange.com, but was told I'd get a better reception here.

For the last few days, I've been suffering from what appears to be a (presumably inadvertent) DDOS attack. I've been getting so many requests from an agent identifying as "Mozilla/4.0 (compatible; ICS)" that apache eats through all the available memory.

Consequently, I'd like to block all requests accompanied by this user agent, so I tried doing this in httpd.conf:

SetEnvIfNoCase User-Agent "Mozilla/4.0 (compatible; ICS)" bad_user
Deny from env=bad_user

But when I restart apache it complains about using deny here. Without having to wrap it in a location or directory block, which would mean I'd have to add a new block for each site, is there any way I can deny access to the whole server?

UPDATE: The error I get

Restarting web server apache2
Syntax error on line 4 of /etc/apache2/httpd.conf: deny not allowed
here
[fail]

Best Answer

Looks like an old question now, but I wanted to do the same and found the answer from nerve above. It's not quite right as is - seems to me that it should be <Location "/">, and the SetEnvIf needs a regular expression so the parentheses need to be quoted.

This worked for me to apply the access control across all vhosts:

SetEnvIfNoCase User-Agent "^Mozilla/4.0 \(compatible; Synapse\)" bad_ua
<Location "/">
    Deny from env=bad_ua
</Location>

Just include that before the vhost definitions.

Best Answer

Related Solutions

Sql – Extracting Browser from user agent in SQL

User agent blacklist recommended

Related Topic