Pulling out all the other unrelated stuff, we get:

RewriteCond %{HTTP_USER_AGENT} ^Zeus
RewriteRule !^Bait/.* - [F]

Which is just fine. If the requested resource is not in /Bait/ (or the other removed dirs/files), then it gets a 403. The ".*" on the end is redundant, but won't do anything other than slow things down a little.

The change you made should not be necessary. I'd would look elsewhere for the problem. Maybe that request was from a "spoofed" Zeus, like "Mozilla/4.0 (compatible; Zeus blah blah)" or maybe it requested "bait", not "Bait"? Or maybe there are other RewriteConds not shown? ...Just guesses, but I'm stumped - It should have worked.

Jim

Maybe that request was from a "spoofed" Zeus, like "Mozilla/4.0 (compatible; Zeus blah blah)" or maybe it requested "bait", not "Bait"? Or maybe there are other RewriteConds not shown?

Hi Jim;

The UA was Zeus 2.6 and it had just visited my contact-info poison page, which is permitted in the Rewrite line:

RewriteRule!^(includes/403\.html¦cgi-bin/MKCounter\.cgi¦robots\.txt¦[b]contact-info\.html[/b]¦cgi-bin/contact-info\.cgi¦Bait/.*) - [F]

I solved the exclusion problem by typing out two separate allowances for the Bait directory, one for all html files, Bait/.*\.html and one for Bait/contact-info\.cgi, and tacking them to the end of the Rewrite rule. I was trying to get both with one wildcard rule but didn't have the Regexpr correct with Bait/.*.

I tested my rules in Wannabrowser before and after adding the two new rules and it now works as desired. Any bot following the poison link on /contact-info.html will be treated to a gourmet dinner in my /Bait/ directory.

If you can see how I could allow access for ANY .html AND ANY .cgi files in the Bait directory, in one short expr, let me know. ;)