Blocking Bad Bots - .htaccess (Apache2)

-


Block bad users based on their User-Agent string

Sometimes your website can be attacked from different IP addresses and it is impossible to block all such users. If there is fixed user-agent in the request, you can block such access using the following rule:

Block multiple bad User-Agents:

<VirtualHost XXX.140.234.34:80>

    ServerName www.example.us

    LogLevel debug

    ErrorLog /var/log/apache2/example.log

    CustomLog /var/log/apache2/example.log combined

    AddDefaultCharset utf-8


    RewriteEngine On


    # Block requests from Amazonbot - this rule sends a 403 Forbidden response ([F]) and stops processing further rewrite rules ([L]).

    RewriteCond %{HTTP_USER_AGENT} Bytespider|ClaudeBot [NC]

    RewriteRule ^ - [F,L]


    RewriteCond %{SERVER_NAME} XXX.140.234.34

    RewriteRule /(.*) http://www.example.us/$1 [R=301,L]


    LimitRequestBody 5120000

    WSGIDaemonProcess www.example.us processes=10 threads=10 maximum-requests=1000 display-name=%{GROUP}

    WSGIProcessGroup www.example.us

    WSGIScriptAlias / /home/admin/deployment/example/wsgi.py

    ....


</VirtualHost>

Blocking unwanted user agents can help prevent certain bots and crawlers from accessing your site, which can save resources and improve security. Here’s an expanded explanation and additional considerations for blocking user agents with Apache:

How it Works

  1. RewriteCond:

    RewriteCond %{HTTP_USER_AGENT} Bytespider|ClaudeBot [NC]
    • This condition checks the User-Agent header of incoming HTTP requests.
    • The Bytespider|ClaudeBot part is a regular expression that matches any user agent containing "Bytespider" or "ClaudeBot".
    • The [NC] flag makes the match case-insensitive (NC stands for No Case).

  2. RewriteRule:

    RewriteRule ^ - [F,L]
    • The ^ is a regular expression that matches the start of the request URI.
    • The - means no substitution should be performed.
    • The [F,L] flags mean:
      • F: Return a 403 Forbidden status code.
      • L: Stop processing further rewrite rules.

Example with More User Agents

You might want to block multiple known bots. Here’s an example with a more comprehensive list:

RewriteCond %{HTTP_USER_AGENT} (Bytespider|ClaudeBot|AhrefsBot|MJ12bot|SemrushBot|Baiduspider) [NC]
RewriteRule ^ - [F,L]

Testing Your Configuration

  1. Restart Apache: After updating the configuration, restart Apache to apply changes:

    sudo systemctl restart apache2

  2. Check Logs: Monitor your log files to ensure the rules are working as expected:

    tail -f /var/log/apache2/example.log

  4. Use cURL: Test the blocking rule using cURL with different user agents:

    curl -I -A "Bytespider" http://www.example.us
curl -I -A "Mozilla/5.0" http://www.example.us

    The first command should return a 403 Forbidden, while the second should return 200 OK or the appropriate status for your site.

Advanced Considerations

  1. Robots.txt: While the robots.txt file politely asks well-behaved bots to avoid certain areas of your site, it does not enforce compliance. Blocking via Apache ensures compliance.

  2. Dynamic Blocking: For a more dynamic approach, consider using mod_security with a rule set designed to block bad bots.

  3. Whitelist Approach: Instead of blocking specific user agents, you could adopt a whitelist approach, allowing only known good bots (like Googlebot, Bingbot) and blocking everything else.

  4. Rate Limiting: In addition to blocking, you can also implement rate limiting to prevent abuse from bots that make too many requests.

Comments

Post a Comment

Popular posts from this blog

Installing the Certbot Let’s Encrypt Client for NGINX on Amazon Linux 2

-
Image
Installing the Certbot Let’s Encrypt Client The certbot package is not available through the package manager by default. You will need to enable the  EPEL  repository to install Certbot. sudo yum install epel-release sudo yum install certbot-nginx Set Up NGINX certbot  can automatically configure  NGINX  for SSL/TLS. It looks for and modifies the server block in your  NGINX  configuration that contains a server_name directive with the domain name you’re requesting a certificate for. In our example, the domain is  www.mydomain.com . Assuming you’re starting with a fresh NGINX install, use a text editor to create a file in the  /etc/nginx/conf.d  directory named  domain_name.conf  (so in our example, www.mydomain.com.conf). Specify your domain name (and variants, if any) with the  server_name  directive: server { listen 80 default_server; listen [::]:80 default_server; root /var/www/html; server_name myd...
Read more

psql: error: connection to server at "localhost" (127.0.0.1), port 5433 failed: ERROR: failed to authenticate with backend using SCRAM DETAIL: valid password not found

-
Image
ERROR psql: error: connection to server at "localhost" (127.0.0.1), port 5433 failed: ERROR: failed to authenticate with backend using SCRAM DETAIL: valid password not found Since Pgpool-II is a PostgreSQL proxy that works between clients and PostgreSQL servers, the authentication comprises two steps: Authentication between client and Pgpool-II Authentication between Pgpool-II and PostgreSQL servers Starting with Pgpool-II 4.0, Pgpool-II supports scram-sha-256 authentication. scram-sha-256 authentication method is strongly recommended because it is the most secure password-based authentication method. Solution 1 If PostgreSQL servers require  MD5  or  SCRAM  authentication for some user’s authentication but the password for that user is not present in  pool_passwd , then enabling  allow_clear_text_frontend_auth  will allow the  Pgpool-II  to use clear-text-password authentication with user to get the password in plain text form from the user ...
Read more

Deploy Nuxt.js app using Apache 2

-
  Deploy your dynamic Nuxt.js app Nuxt.js is an amazing server side rendering application framework for Vue.js. In this article we will see how to deploy Nuxt.js application to AWS instance in universal app mode. Where in Nuxt.js you can choose between Universal, Static Generated or Single Page application. Before we start deploying our dynamic app, if you want just to deploy a static website, you can run this command: npm run generate and it will generate the files and put them in  dist  folder which you can upload to any server you want. But this will not work for universal apps. 1. Build your app To build a ssr app you need to run the following command: npm run build The generated files will not be in the  dist  folder as for the static app, but you can find all generated files in  .nuxt  folder which will be the entry point. 2. Upload to the server There are two ways to do this upload your whole application with the source code or just upload the n...
Read more