Sure, just anchor the pattern at both ends so that it matches "Mozilla" and nothing else.

Here's a collection of Mozilla-spoof blockers that I've used. Note that all anchoring variations are intentional and important.

# BLOCK faked Mozilla UAs.
RewriteCond %{HTTP_USER_AGENT} ^Mozilla$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mozilla/[1-9]\.[0-9]+$ [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mozilla/4\.0\+?\(compatible\; [OR]
RewriteCond %{HTTP_USER_AGENT} ^Mozilla/3\.0\ \(compatible\)$ [OR]
RewriteCond %{HTTP_USER_AGENT} Mozilla/3.Mozilla/2\.
RewriteRule !^403.*\.html$ - [F]

Jim

Thanx Jim! I should've known that one <g>.

I have all of those variations blocked, except the first two...which I'm blocking now.

This is another fake Mozilla spoofer which visits me almost every day.

RewriteCond %{HTTP_USER_AGENT} ^Mozilla/5\.0\ \(Version\:\ [0-9]{2,4}\ Type\:[0-9]{2,4}\)$

Hey BlueSky,

I have that one banned, too. I read your other post(s) about it and banned using part of the UA:

RewriteCond %{HTTP_USER_AGENT} ^Mozilla/5\.0\ \(Version

Just in case the numbers in the string are changed any (example - Version: 123) it'll be covered. I know I'm not banning any real browsers because I've never seen a Mozilla version that uses "version" in its name.

coyote: Yeah, yours would work. [0-9]{2,4} expression says any number between 0 and 9, and it must occur at least twice and no more than four times. It's good for numbers 00 - 9999 and would catch Version 123.

He's been consistent on using 2 to 4 digits. I just went thru my logs and noticed he used Version 1 once today. Since he decided to break this pattern by using one digit, I think I'll switch over to a partial like you're doing.