:: overlapping ::
Is there a way to block with only one instruction all websites that ends with .ru?
Mine looks like this:
RewriteCond %{HTTP_REFERER} \.(ru|ua)(/|$) [NC]
RewriteCond %{HTTP_REFERER} !(google|yandex|mail)\.
The [NC] flag is because of mail.RU; you don't need it when naming specific sites unless they have a record of garbling their own casing. Be sure to exempt any legitimate search engines.
The \b version will also cover sites in .ru.blahblah. I don't know if those actually occur, but when blocking referer spam it sure can't hurt.
Edit: Only as I post this do I realize that I don't
need to make an [NC] for mail.RU, since the rule is intended to exempt them anyway ... and besides it isn't "mail" but "Mail", at least in the UA. Oops.
:: wandering off to check logs and see if any referer spam has actually used capital RU or UA ::
Nope, don't find any. It always helps if you can leave off the [NC] flag.
Further edit: I also find that the actual form in referers-- as opposed to the robot's UA-- is simply "mail.ru" lower case. Double oops. And, finally, there exist spam sites with names in the form "blahblahmail.ru" so I'll need a front anchor there. Triple oops.
:: wandering off again to edit htaccess ::
