Quick question: Does any legitimate human UA string ever contain the element ".exe"?
Had a slightly droll visit from a Ukrainian robot* making four requests for the same file (what is it with robots and large html files anyway?). Three had assorted humanoid UAs but got blocked on other grounds. The fourth was a blatantly robotic "xpymep.exe" and it got through.
Hence the question. Can I do unanchored
or do I have to stick with a more narrowly constrained
* IP appears to be a mixed range including humans, but I may block it anyway.