I need Help needed with htaccess Performance Killers - in some cases I'm blocking the innocent & good bots.

I know enough to be dangerous 8)

This works like a charm:

# libww Blocks W3C-checklink/4.81 libwww-perl/5.836

# Bot Blocker [perishablepress.com...]

<IfModule mod_setenvif.c>
SetEnvIfNoCase User-Agent !^(127\.0\.0\.0|localhost) keep_out
# SetEnvIfNoCase User-Agent (de | IE Trident/4.0 BUG) keep_out

SetEnvIfNoCase User-Agent (ar-sa|ee-es|fr|ru|zh-CN) keep_out

SetEnvIfNoCase User-Agent (360spider|80legs|a6-indexer|aboundex|access|ahrefs|appid|archiver|atwatch|auto|babya|baidu|bandit|
blog|bullseye|classbot|capture|catalog|cfnetwork|chinaclaw|clip|clshttp|client|
collector|commerce|control|copier|copy|copyscape|copubbot|copyrightcheck|cr4nk|
craftbot|crawler|curl|darwin|data|deepnet|devsoft|disco|domain|dotbot|download|
ecatch|elefent|email|emailsiphon|emailwolf|engine|enhancer|exabot|extract|extractor) keep_out

SetEnvIfNoCase User-Agent (ezooms|fetch|flash|filter|flip|free|genieo|getright|go.?is|go!zilla|grab|grabber|
grapeshot|harvest|httpclient|httrack|ichiro|indy|ipod|jakarta|java|larbin|leacher|
library|libww|linkdexbot|loader|mail.ru|majestic|master|meanpathbot|missigua|mj12bot|
moget|mojeekbot|mot-mpx220|mutant|myie2|naver|netants|netscape|netseer|news|newt|
niki-bot|nikto|ninja|miner|nutch|offbyone|offline|pages|pecl|phantomjs|piranha|pix|proxy) keep_out

SetEnvIfNoCase User-Agent (publish|python|quester|reaper|regbot|rma|sauger|scan|scout|scraper|sistrix|
siteexplorer|snippets|sogou|spbot|spider|sqworm|stripper|sucker|super|teleport|
urllib|vampire|voila|webpictures|webspider|webster|wells|wget|whack|win32|winhttp|
wotbox|widow|wisenutbot|wotbox|wwwoffle|xaldon|y!oasis|yandex|yisou|youdao|yrspider|
yx|zeus|zip|zoom|zyborg) keep_out

<Limit GET POST PUT>
Order Allow,Deny
Allow from all
Deny from env=keep_out
</Limit>
</IfModule>


This section does not always work for some odd reason?

*NOTE: I'm having problems with Old Firefox UA's trying to Scape &/or Hack

RewriteEngine On

RewriteCond %{HTTP_USER_AGENT} ^"". [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "Comodo\ Spider\." [NC,OR]
# RewriteCond %{HTTP_USER_AGENT} "Firefox/[1-5]\." [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Firefox/3.6a1pre [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Firefox/4.0b8pre [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "Firefox/10\." [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "Firefox/11\." [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "Firefox/12\." [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "Firefox/13\." [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "Firefox/14\." [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "Firefox/15\." [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "Firefox/16\." [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "Firefox/17\." [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "Firefox/19\." [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "Firefox/21\." [NC,OR]
RewriteCond %{HTTP_USER_AGENT} "Firefox/22\." [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Media\ Center\ PC\ 5.0 [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Microsoft\ URL\ Control [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^monzilla [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^SEO\ ROBOT [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Windows\ 2000 [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Win\ 9x [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Windows\ 98 [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Windows\ 95 [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Windows\ 3.1 [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Windows\ 3.11 [NC,OR]

RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC]

RewriteRule ^.* - [F,L]

# Do not put an [OR] at the end of the list - or a [NC,OR] - or you will ban yourself from your site - and everybody else too!


I find in most cases for me blocking domains are better than by endless list of IP's.

Sample:

# Ukraine (UA)
deny from .ua
deny from 5.248.0.0/16
deny from 31.41.88.0/21
deny from 134.249.0.0/16
deny from 195.242.218.0/23
deny from colocall.net
deny from ddlmega.net
deny from freenet.com.ua
deny from galahost.net
deny from goldentele.com
deny from hostenko.com
deny from imena.ua
deny from ip.net.ua
deny from isphost.com.ua
deny from kiev.ua
deny from kyivstar.net
deny from kyivstar.net.ua
deny from lviv.ua
deny from lan.ua
deny from lan.com.ua
deny from layer6.net
deny from mirohost.net
deny from pautina.ua
deny from shiksabd.com
deny from sovam.net.ua
deny from sovamua.com
deny from steephost.com
deny from steephost.net
deny from sunnet.com.ua
deny from svitonline.com
deny from synapse.net.ua
deny from tapochek.net
deny from thefds.net
deny from triolan.net
deny from uadomen.com
deny from ukrnames.com
deny from ukrservers.com
deny from uaservers.net
deny from ukr.net
deny from ukrindex.com
deny from ukrindex.net
deny from ukrindex.ua
deny from ukrtel.net
deny from ukrtelecom.net
deny from ukrtelecom.com
deny from ukrtelecom.ua
deny from united.net.ua
deny from volia.com
deny from volia.net
deny from xeonn.org


<IfModule mod_setenvif.c>

# Mozilla prior to 4.0
BrowserMatchNoCase ^Mozilla/[0-3] legacy=mozilla

# MSIE prior to 8.0
BrowserMatchNoCase MSIE\D+[0-7]\.[\d.]* legacy=msie

# Firefox prior to 9.0
BrowserMatchNoCase Firefox\D+[0-9]\.[\d.]* legacy=firefox

# Chrome prior to 9.0
BrowserMatchNoCase Chrome\D+[0-9]\.[\d.]* legacy=chrome

# Safari (inc Mobile) prior to 534
BrowserMatchNoCase Safari\D+(?:[0-4]+|\d?53[0-3]\.[\d.]*) legacy=safari

*NOTE: Has Opera Mobile Bug
# Opera prior to 9.80
# BrowserMatchNoCase Opera\D+(?:[0-8][\d.]*|9\.[0-7]) legacy=opera

# Seamonkey prior to 2.6
BrowserMatchNoCase SeaMonkey\D+(?:[01]|2\.[0-5]) legacy=seamonkey

<Limit GET POST PUT>
Order Allow,Deny
Allow from all
Deny from env=legacy
</Limit>
</IfModule>


Anyone else having problems with digitalocean.com sending a ton of bots? I have blocked them for the most part.

[edited by: incrediBILL at 11:46 pm (utc) on Jan 12, 2014]
[edit reason] line breaks [/edit]