lucy24 - 1:40 am on Dec 14, 2012 (gmt 0)
I'm still frightened of using htaccess in the httpd.conf file
Good, because it can't be done :) If you have your own server, you don't need htaccess at all. Anything that applies to the whole site goes in the config file. Anything that applies to specific directories also goes in the config file, but this time inside <Directory> envelopes. You must have a basic idea how this works, or you would never have got the server running in the first place.
Possibly when you say "htaccess" you really mean access restrictions, via whatever mod or combination of mods you currently use. The Allow and Deny directives are probably mod_authz_something-or-other. (If they're mod_access, you urgently need to upgrade your server.) This can be combined with mod_setenvif, which is what wilderness was referring to.
If you're afraid of mod_rewrite, mod_setenvif variables may be less intimidating. They often work in conjunction with your access module-- whichever one it happens to be-- so you can say things like
BrowserMatch Baidu go_away
BrowserMatch IckyNastyRobot go_away
and then add a line to your Deny section that says
Deny from env=goaway
... Except that something is still a little fishy, because if you've got a "Deny from all" in place, with only specific overrides, then you shouldn't need to do any of this.