How do I block a UserAgent that is only Mozilla?

How do I block a UserAgent that is only Mozilla? - .htaccess files are extremely useful in many cases for users who either do not have root permissions or for users who simply aren't comfortable in making changes in their web server's configuration file. Trying to debug .htaccess not working isn't always the easiest thing to do, however, hopefully by checking the discuss below mentioned about htaccess, , , , .htaccess common problems as well as the troubleshooting tips, you'll have a better grasp on what you may have to modify to get your .htaccess file running smoothly.Problem :

How do I block a UserAgent that is only Mozilla?

URL: 64.79.100.26.webcrawler.link

This does NOT work: RewriteCond %HTTP_USER_AGENT Mozilla;)$ [NC,OR]

IP Range was blocked, but I want to block the UA too ;)

Solution :

If the UA is Mozilla only, then this should work:

RewriteCond %HTTP_USER_AGENT ^Mozilla$ [NC,OR]

This should not block any other UA string.

However, I am not in favor of blocking by such a common UA string. It could possibly block a valid user. I would prefer to block by IP address or IP address block.

Block by IP Address:

Apache .htaccess File

RewriteCond %REMOTE_ADDR ^64.79.100.11$ [NC]
RewriteRule .* - [F,L]

Cisco Firewall

access-list deny-64-79-100-11-32 deny ip 64.79.100.11 any
permit ip any any

Nginx

Edit nginx.conf and insert include blockips.conf; if it does not exist. Edit blockips.conf and add the following:

deny 64.79.100.11;

Microsoft IIS Web Server

<rule name="abort ip address 64.79.100.11/32" stopProcessing="true">
 <match url=".*" />
  <conditions>
   <add input="REMOTE_ADDR" pattern="^64.79.100.11$" />
  </conditions>
 <action type="AbortRequest" />
</rule>

Windows netsh ADVFirewall Firewall

netsh advfirewall firewall add rule name="block-ip-64-79-100-11-32" dir=in interface=any action=block remoteip=64.79.100.11/32

Block by IP Address Block:

IP Address Range:

64.79.96.0 - 64.79.111.255

NetMask:

Block: 64.79.96.0/20
Base Address: 64.79.96.0
Broadcast Address: 64.79.111.255
Net Mask: 255.255.240.0
Host Mask: 0.0.15.255
Bits: 20
Size: 4096
2nd Element: 64.79.96.2
Block by IP Address Block

Apache .htaccess File

RewriteCond %REMOTE_ADDR ^64.79.([0-1]+[0-1]+[90123456789]+[67890123456789]+).([0-2]+[0-5]+[0-5]+)$ [NC]
RewriteRule .* - [F,L]

Cisco Firewall

access-list deny-64-79-96-0-20 deny ip 64.79.96.0 0.0.15.255 any
permit ip any any

Nginx

Edit nginx.conf and insert include blockips.conf; if it does not exist. Edit blockips.conf and add the following:

deny 64.79.96.0/20;

How to block by IP address block using Linux IPTables Firewall.

**Note: Use with caution.

/sbin/iptables -A INPUT -s 64.79.96.0/20 -j DROP

Microsoft IIS Web Server

<rule name="abort ip address block 64.79.96.0/20" stopProcessing="true">
 <match url=".*" />
  <conditions>
   <add input="REMOTE_ADDR" pattern="^64.79.111..*$" />
  </conditions>
 <action type="AbortRequest" />
</rule>

Windows netsh ADVFirewall Firewall

netsh advfirewall firewall add rule name="block-ip-block-64-79-96-0-20" dir=in interface=any action=block remoteip=64.79.96.0/20

Additionally, if you would like to do some further testing, give the htaccess tester tool a try. It allows you to specify a certain URL as well as the rules you would like to include and then shows which rules were tested, which ones met the criteria, and which ones were executed.