; ru;

They can't read English?

Seriously: Are other HEAD requests getting blocked as intended? First thought is that the server, for reasons best known to itself, has an exemption for HEAD as opposed to GET.

Incidentally, it is rarely worth the trouble to block an exact IP (down to /32). I find them listed as

213.174.140.0/22

(hosting) which is still awfully narrow. (And apparently they like you better than me, because I've never met them :))

Make sure that GET and POST are blocked.

I'd not worry too much about HEAD requests.

Thanks guys for the replies. And thanks for the 213.174.140.0/22 tip (which I should have know). You both hit on a similar point. My site is an indie record label site and all this action is around MP3 files. That may explain why they show up on my site but not Lucy’s (so far, all the invalid HEAD requests that I am getting have targeted MP3 files). These files then show up on free down load sites (mainly in Russia and China) with hot links back to my site. For example: [mp4.lv...]
This is also why I am worried about HEAD requests. The GETS for these MP3 files are direct links (they do not travel through my site to get to theMP3 files, as is “normal”) and all come from IPs other then the ones issuing the HEAD requests (they look link users of the download sites).

Eeuw. Rather than playing whack-a-mole with HEAD requests, you may need to rig some type of restricted access, so users can only download your files if they're coming from the site. There have been occasional threads about it.

Then again, no reason you can't deal with sound-hotlinks the same way people deal with image-hotlinks. If the referer isn't on your short list of approved sites, rewrite 'em to some horrible cacophony instead. Matter of fact I once picked up a sound of blaring sirens that would just hit the spot ;) (I wanted to throw it at hotlinkers, but it wouldn't work with image requests.)

do you have any other Allow, Deny, Order, Satisfy or Require directives in your configuration?