Hi!
I have seen lots of bots accessing my websites on my VPS. For now i just block IPs temporarily using CSF, but i would like to have a better and global solution.
So, i'm thinking in 2 options...
first:
Apache Configuration -> Include Editor -> “Pre Main Include”
or
second:
using ModSecurity rules
I don't know if this codes are 100% correct, as i found them on the internet and have not tested.
Can i have some advice about these two options, using apache or modsecurity and if these codes would work?
Thanks
Nuno Leite
I have seen lots of bots accessing my websites on my VPS. For now i just block IPs temporarily using CSF, but i would like to have a better and global solution.
So, i'm thinking in 2 options...
first:
Apache Configuration -> Include Editor -> “Pre Main Include”
Code:
<Directory "/home">
SetEnvIfNoCase User-Agent "MJ12bot" bad_bots
SetEnvIfNoCase User-Agent "AhrefsBot" bad_bots
SetEnvIfNoCase User-Agent "SemrushBot" bad_bots
SetEnvIfNoCase User-Agent "Baiduspider" bad_bots
...
<RequireAll>
Require all granted
Require not env bad_bots
</RequireAll>
</Directory>
Code:
<Directory "/home">
BrowserMatchNoCase "Baiduspider" bots
BrowserMatchNoCase "HTTrack" bots
BrowserMatchNoCase "Yandex" bots
...
Order Allow,Deny
Allow from ALL
Deny from env=bots
</Directory>
using ModSecurity rules
Code:
SecRule REQUEST_HEADERS:User-Agent "CareerBot" "deny,log,noauditlog,severity:2,msg:'Spiderbot blocked',status:403"
Can i have some advice about these two options, using apache or modsecurity and if these codes would work?
Thanks
Nuno Leite