This is working for me:
Mmnnyeah, maybe, but "working" isn't everything.
The word "Mozilla" normally does come first if it's present at all, but do you want to admit humanoid robots who happen to say it further along in their UA string?
Slashes do not need to be escaped.
No need to specify "Mozilla/4.0" unless you've got a friend using Mozilla/4.2 (which I'm pretty sure does not exist). The shorter the string-to-match, the faster the server can get out of there.
The trailing (.*) is doubly unnecessary: there's no point to capturing in this location, and the .* isn't needed anyway.
There is absolutely no reason to say [NC] when the text to be matched contains no alphabetic characters-- or, indeed, any characters at all.
Finally, [G] implies [L]. The [NS] flag will do no harm, but it really isn't needed unless you've got a vast number of subrequests to screen out.
Constrain the rule to requests for pages
(^|\.html|/)$
(replacing "html" with whichever extension your site uses) to save the server having to evaluate conditions on requests for supporting files.
or "-"
You can say
^-?$
if you like. I generally do. But it's probably superfluous. Logs say "-" if a given header was not sent at all, as opposed to being empty. But for rule-writing purposes the referer is ^$ either way.
If there's more than one condition, list them in order of most-likely-to-fail. This depends on your individual site, though for most people it will mean the "Mozilla" line comes first.
The quoted rule sends a 410 ("Gone") response. If you want a 403 instead, that's a [F] flag.
