.htaccess rules for blocking bots with an extra condition

Try it like this:

RewriteCond %{HTTP_USER_AGENT} (ADmantX|Proximic|Barkrowler|X-Middleton) [NC]
RewriteRule ^ - [F]

This will block any request where the User-Agent string contains either ADmantX, Proximic, Barkrowler or X-Middleton. The NC flag makes this a case-insensitive match – whether this is strictly required or not in this example I don’t know, but generally this should be a case-sensitive match, since User-Agents (even from bad bots) is usually consistent with regards to case.

The regex prefix ^.* and suffix .*$ are superfluous.

The regex pattern (A|B|C|D) is called alternation. Essentially means A or B or C or D will match.

The RewriteRule pattern .* can be simplified to ^ – which is also marginally more efficient, since you don’t need to actually match anything here, just to be successful.

The L flag is not required when the F flag is used – it is implied.

UPDATE:

It appears that X-Middleton (or rather X-Middleton/1) is appended to all User-Agent strings that reach your site, as they pass through the Ezoic reverse proxy. So, simply blocking based on the presence of this string in the User-Agent header (as above) is not going to work, since it will block all requests!

If X-Middleton is simply appended to the UA string and no further processing occurs then you could theoretically block the request when X-Middleton appears twice (or more times) in the UA string in order to block any request where X-Middleton occurs in the original request.

To handle this situation you would create an additional rule. For example:

RewriteCond %{HTTP_USER_AGENT} (X-Middleton).*\1 [NC]
RewriteRule ^ - [F]

\1 is an internal backreference that matches the first matched subpattern, ie. “X-Middleton”. So, it is only successful when the string “X-Middleton” occurs at least twice, separated by any number of characters (or none).

The above will block blah X-Middleton blah X-Middleton/1, but not blah blah X-Middleton/1 (case-insensitive match).

However, I would want to see an example access log entry (User-Agent string) of such a request before going live with this. It shouldn’t block real user requests, but it might not block fake requests either. If you don’t have an actual fake request, then you can mock one up by customising the User-Agent string your browser sends (in Chrome’s “Inspector” > Customize Menu > More tools > Network conditions OR install a User-Agent switcher plugin) OR use CURL to make the request, eg. curl -A "<custom-user-agent>" <siteurl> – where you’d set <custom-user-agent> to blah X-Middleton blah or something.

I would also be interested to see the complete list of HTTP request headers that are reaching your application server, as there may be a better way to solve this. (I find it unusual that an intermediate proxy would modify the User-Agent, without also providing the original value. Although, maybe there are no additional options?)

Related Posts:

  1. using htaccess to check for cookie on permalink then conditionall rewrite with query parameter
  2. How to exclude a directory from WordPress permalinks in a Multisite environment?
  3. Create rewriterules for different domains in htaccess file with WP multisite
  4. Add additional non-rewrite .htaccess directives on multisites via mod_rewrite_rules filter
  5. add_rewrite_rule on multisite doesn’t work
  6. ReWriteRules and WordPress Multi-Sites with Sub Directories
  7. Wrong Redirect/Rewrite Rules?
  8. URL without www redirect directly with submission page – Multiwordpress install
  9. Help with multisite redirect issues using Cherokee OR solid nginx config?
  10. Rewriting request to another site
  11. Can I add a rewrite rule in htaccess to remove the multisite subdirectory from the URL?
  12. Site Redirecting to wp-signup.php
  13. Moving a WP Multisite to a subdirectory
  14. multisite 404 error for subdirectory
  15. How to hide admin account in BuddyPress? (for security reasons)
  16. Multisite htaccess on localhost with WP as an SVN external?
  17. WP-Admin not working properly at WordPress multisite with subdirectories
  18. Multisite Subdomains result in 403 Forbidden
  19. WordPress Multisite – Multiple subfolders for blogs
  20. Multisite: Develop locally using production images with .htaccess
  21. multisite htaccess 301 redirects
  22. How to prevent hotlinking with htaccess in WordPress and why most common use about it doesn’t work?
  23. W3 Total Cache Plugin with WP 3 MultiUser [closed]
  24. Nginx rules for subdomain multisite install (Bedrock)
  25. Protect Uploads in Multisite
  26. Domain redirect in WordPress multisite
  27. Suppress subdirectory from WordPress Multisite primary URL
  28. Can I write ‘RewriteCond’ using ‘functions.php’?
  29. add_rewrite_rule not registering on Multisite
  30. WordPress Multisite Login Access
  31. Has anyone experience w/ WordPress (MultiSite) hidden users (possibly hacked)?
  32. Why wordpress multisite redirect to wp-signup if site exists?
  33. WordPress multisite htaccess
  34. Multisite without .htaccess
  35. Multisite installation on IIS gives 404 trying to access the admin dashboard
  36. Images uploading to wrong directory after changing to multisite
  37. Sub-subdomain getting redirected to main domain
  38. How to properly force https and www on multisite with Apache HTAccess
  39. wordpress htaccess is hijacking my .mp4 files
  40. Cookie nonce is invalid – Multisite
  41. WordPress mutisite migration
  42. Multisite, can’t see sub blogs
  43. Rewrite rule to load images from production does nothing
  44. How to disable the default WordPress redirect to non-www URLs?
  45. How can i redirect one url to another url using .htaccess or add_rewrite_rule
  46. Redirect subdomain in Multisite installation?
  47. Issue with htaccess redirection in WP Multisite
  48. Redirect only posts to New Domain
  49. SELinux security vs WordPress updates
  50. Multisite on localhost using xampp
  51. Multisite setup help – plain domain/subsite always redirects to domain with subdir multisite
  52. Multisite – 404 when accessing sub-sites
  53. How to configure Multisite Network with randomized hostnames?
  54. WordPress Multisite’s in subdirectory not redirecting to dashboard settings
  55. Htaccess file isn’t redirecting http sub-pages to https––they display 404 error instead, tried many solutions and none work
  56. Some PDF files get Forbidden Access and other open normally on the same directory subsites
  57. htaccess file for multiple CMS’s (multisite wordpress + wolfcms) on same domain but different subdirectories
  58. Wrong filepaths and admin page infinite reload after migrating to aws bitnami
  59. Nginx Wildcard SSL with WordPress Multisite Subdomains
  60. Good way to block users within a multisite setup without deleting them?
  61. WordPress multisite .htaccess causes 500 error on old *.php URLs
  62. Rewriting “pretty” blog category URL with htaccess / add_rewrite_rule() causes 404 page
  63. Multisite Redirection to new domains
  64. Run additional service on domain with WordPress Multisite?
  65. WordPress Network (multisite) — how to ensure each site has their own admin URL?
  66. WordPress sub-domain multisite 505 error
  67. Redirect to localhost after installing Multisite on server
  68. WordPress: how to change URL for individual MultiSites?
  69. How to host unrelated pages on WordPress domain
  70. How to protect specific uploaded files from being accessed by non-logged-in users in WP-multisite
  71. Multisite sub-directories IIS 7.5 change media/uploads location
  72. add_rewrite_rule not working in WordPress Multisite
  73. Multisite install w/ Sub domains on a subdomain
  74. Multisite Subdomain Redirect Mask
  75. Move wp-content htacess
  76. Cannot use Network Admin (Dashboard) on Multi-site after 301 www redirect
  77. Hosting 2 WordPress websites in /public_html/ & /public_html/subdirectory/ at the same time
  78. Multisite Sub domains not working
  79. How to Deny Access to No Referrer Requests on Multiste with Mapped domains
  80. Multisite Subdirectory Site Dashboard redirect loop
  81. 404 not working on main site on multisite
  82. Working with Reverse Proxies and Multisite Installation
  83. Static directories in a WordPress multisite network
  84. WordPress Multisite and how to apply sef urls only to specific sites
  85. How many .htaccess files should a WordPress multisite (subdirectory set up) have?
  86. How to fix redirection of Post/Page of wordpress inside the wordpress?
  87. Multisite htaccess file causing segfault (Segmentation fault 11)
  88. Rewriting subfolders to specific parent folder in WordPress
  89. trying to install a wordpress multisite in a subfolder and have custom subsite urls
  90. Pretty URL via Rewrite
  91. Multisite htaccess with domain rewrites
  92. Cannot get 301 redirection in htaccess to work (either Redirect or Rewrite)
  93. Nginx rules for subdomain multisite install (Bedrock)
  94. How To Change the URL of a WordPress Multisite
  95. htaccess and redirect to new url using regex
  96. Multisite, different domains, optional subdirectory, and htaccess
  97. Redirect extra url to Multisite in folder
  98. Permalinks in Multisite not working
  99. Can’t get pretty permalinks to work without index.php
  100. External rewrite rules missing in htaccess – Multisite