iProgram,

Yes, it does slow them down, but you might want to consider the other delays in the system, such as the transmission delay from server to client, server disk access latency, etc. These other delays are measured in milliseconds rather than microseconds, and will probably swamp any delay due to native Apache directive execution.

If your site gets fewer that, say, 7200 unique visitors per hour, I doubt you'll notice *any* additional delay if you use fewer than 200 additonal access-control directives.

I've implemented access controls using both mod_access and mod_rewrite directives. As you point out, robots.txt must be recognized as a request to properly-implemented, non-malicious automated user-agents. It does no good if the robot is not coded properly or if it is malicious.

Jim

hello Jim, thank you for your message. I use mod_rewrite too. Now I decide to apply this to all websites on my server. I think the best place to block bad agents is not in .htaccess file, but httpd.conf file. It will work for all my websites on this server, right? My next two questions are:
1. In httpd.conf file, where sould I place the SetEnvIfNoCase User-Agent "^WebZIP" bad_bot... codes?
2. Need I restart Apache to make this work?

iProgram,

1a. I'm not sure, I haven't installed access restrictions in http.conf -- I rent my server space. :(
1b. Please let us know what works for you when you get it working. :)
2. Yes, you must restart Apache for this stuff to take effect.

Jim