I have a pretty good system of keeping the bad guys at bay, and I was trying to make it better. Currently, I use Apache:BlockAgent to block bad UA's, and I modified this into a second script to block bad IP's (which I naturally call Apache:BlockIP!)

I did this so I could have one master file of bad agents and IP's, and call the block from all my Virtual Hosts- makes for easy housekeeping. Typically, you get on the BlockIP list when you run a Spider-trap script on one of my sites. I usually just clear this file once a week or so, just in case any of the IP's are shared...

OK, so I have noticed a few IP's I want to keep off forever. So I decided to put something like this in httpd.conf:

<Directory "/">
order allow,deny
allow from all
## NAME PROTECT
deny from 12\.148\.209\.196
deny from 12\.224\.186\.194
deny from 12\.148\.196\.(12[8-9]¦1[3-9][0-9]¦2[0-4][0-9]¦25[0-5])
deny from 12\.148\.209\.(19[2-9]¦2[0-4][0-9]¦25[0-5])
deny from 62\.192\.125\.90
blah... blah... blah...
</Directory>

Now I have no way of testing this (except waiting!), and I am not sure I put this in the right place... so I thought I would ask...

1) Is this a good way of dealing with "permenant" offenders?
2) Is this the fastest/least strain on the server way to do this?
3) Is "<Directory "/">" correct, and where in httpd.conf should I put this if I want it to effect ALL VH's on ther server?

Thanks!

Dave