I researched mod_security to see if this were possible - if it is, I can't locate the corresponding documentation.
There is a bot scraping images from my site using a blank IP and blank host field and I cannot figure out how to make scraping more difficult for this guy.
I reckon using:
SecRule REMOTE_HOST "" deny,status:403 would also boot a large portion of users.
Any tips? I'm open to preferable server-wide bans, not just htaccess options (if possible)?