You'd block out everyone with Norton Internet Security installed with default settings, people behind certain enterprise firewalls. Do you really want to do that?

No I don't. Thanks for the warning.

RewriteCond %{HTTP_REFERER}<>%{HTTP_USER_AGENT} ^-<>¦<>-$

This blocks a user-agent of "hyphen" or a Referrer from "hyphen".

These are called "fake blank user-agents" and "fake blank referers". The reason is that if a user-agent or referer is truly blank, then Apache shows it as a double-quoted hyphen in your access log file.

Webmasters often block blank UAs and referrers. So, the bad guys changed their referrers to a single hyphen. It won't be blocked by a rule intended to block blank referrers, and yet it looks like a normal blank referrer in your access log. Same for the user-agent.

Suggestion:

Block blank user-agent AND referrer unless it is a HEAD request.

Block a user-agent OR referrer equal to hyphen unconditionally.

Your code above does the second function, and I've posted the code for the first function recently, but I can't search for it right now.

Jim

I've posted the code for the first function recently, but I can't search for it right now.

I believe this thread contains Jim's reference:
[webmasterworld.com...]

Thanks. I'll spend some time looking it over. And testing.