Welcome to WebmasterWorld Guest from 188.8.131.52
Maybe it is in there but I cant seem to find it, with the size of the thread.
Clearly using htaccess the rules must be read each and every time a page is read so it sounds like a the rules could be put into the httpd but the order.
Where does one need to put the the rules, before other existing rules of after them It strikes me that before would be better but I am not sure.
rules for error pages
rules for maing pages static looking
rules for preventing hotlinking
rules for ban list
Is there a default order to the list?
Each and every time a resource - page, script, image, CSS file, etc. - is requested, actually -- regardless of whether the code is in httpd.conf or .htaccess.
The advantage of httpd.conf over .htaccess is that code in httpd.conf is compiled at startup, versus code in .htaccess being interpreted on-the-fly at the time that a request arrives.
As to order... If you have a real problem with certain IPs or certain user-agents hotlinking, putting the code to block those first will save you a little server CPU time. However, successful requests will usually have to pass through the entire block of code, since 'good guys' will be allowed access only after all of your tests to see if they are in fact good. Therefore, the only gain is to kick frequent abusers out at the earliest opportunity.
However, if you can't pinpoint a type of problem that occurs very frequently, then there is no basis upon which to establish order except for ease of documentation and maintenance.
About the only thing I can tell you is that in .htaccess, mod_access directives are processed before mod_rewrite directives, regardless of their position in your code -- each module reads and interprets the code looking for directives it can handle, so you do not really control the exact order of execution by position in your file.
I hope this description makes sense!