It's not likely that the rule you cite would work one time and then not work the next time, no matter what rule was there.

If you recall the previous discussion, Apache inserts a hyphen in the log file to indicate a truly-blank referrer. Some malicious user-agents use a literal hyphen as their user-agent or referrer string, but no known good 'bots do this. Your rule blocks accesses with a literal hyphen in either the user-agent or referrer field of the request; AJ and msnbot are not going to use a hyphen.

Do you have any other rules that forbid access based upon hostname, port number, remote_host, or any other parameter that is *not* shown in your log file format?

What (if anything) appears in your server error log for these rejected requests?

Jim

Jim,

I do recall that discussion.

I've looked closer at my log and see that everything between the time of 7:26:55 and 7:28:16 got a 403. This includes links from pages within site and google and yahoo searches. Maybe I was messing with .htaccess file at time. Sure don't remember putting something in there that would deny everything and then taking it out. Not yesterday. But, maybe I did.

Thanks for the .htaccess line.

By the way, I don't deny any IP Address, port or remote host. I host at pair.com and can only see today's error log.