OK, here's a brief summary: I've decided to turn off all trackbacks to my Wordpress blog to stop dead trackback spam (I never got any TBs anyway) - however, this doesn't stop the use of bandwidth because those pesky bots still visit the page even though the TB doesn't appear on my site any more.

I put the following in my .htaccess file to redirect them away from the site:

RedirectMatch permanent ^/.*/trackback$ http://invalid.host

(ie any URI ending in /trackback will be redirected to a non-existent domain.

This is all well and good, however what I would really like to do is a file-based version of this approach to bouncing referrer spam [epcostello.net].

Based on this, and what I've read elsewhere, I've tried this:

SetEnvIfNoCase Request_URI .*/trackback tbspam=yes
RewriteCond %{ENV:tbspam} ^yes$ [NC]
RewriteCond %{REMOTE_ADDR} ^(.*)$ [NC]
RewriteRule ^(.*)$ %1 [R=301,L]

(I have also tried variations in the SetEnvIfNoCase line)

It doesn't work - it doesn't crash the server, but when I go to a URI ending in /trackback it silently changes to the same URI without trackback - which is the blog page for an article itself - but it's not a redirect (301).

Any ideas on how I can get this to work?

By the way, I know all about spoofing IPs, open relays etc. and that bouncing back to the originating IP could theoretically hurt other innocent people - however I have no sympathy for anyone who has an insecure PC whether or not they have knowledge of that. I don't want my server to put up with it or silently dismiss it any longer. I am interested in this as an exercise whether or not I employ this as a long-term solution.

Thanks in advance.