Deny access to user agents using .htaccess
17 December 2021
A common nuisance for website owners are useless bots and crawlers. In particular so-called SEO bots can be a pain. They have a habit of eating up all your website’s resources by making an excessive number of hits, and you get nothing in return. Some of these bots look for a robots.txt file before they start hitting your website, but that is of little help if your website is attacked by a bot you didn’t know about.
Blocking bots
You can quickly stop a bot in its tracks via your website’s .htaccess file. For instance, earlier today I found a bot called DataForSeoBot that was grinding a website to a halt. The bot used this user agent:
"Mozilla/5.0 (compatible; DataForSeoBot/1.0; +https://dataforseo.com/dataforseo-bot)"
The following rule returns an error 403 (“forbidden”) if the user agent contains the (case-insensitive) string “dataforseobot”:
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} "dataforseobot" [NC]
RewriteRule "^.*$" - [F,L]
The rule is similar to the rules I used in the article about denying access to URLs. It again uses Apache’s mod_rewrite module. The main difference is that the rule matches a user agent (%{HTTP_USER_AGENT}) rather than a URL (%{REQUEST_URI}).
So, the rewrite condition checks if the user agent includes the string dataforseobot, and the NC flag ignores the case. It is worth noting that the double quotes around the string are redundant in this example – you only need them if the string you want to match contains one or more spaces.
Next, the rewrite rule matches any string ("^.*$") and the F flag returns an error 403. The L flag tells Apache to not process any other rules in the .htaccess file.
Matching multiple user agents
You can use a simple regular expression to match multiple user agents. For instance, another naughty bot I encountered recently identified itself as “trendkite-akashic-crawler”. To match both the DataForceSeoBot and the Trendkit crawler you can use this rule:
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} "(dataforseobot|trendkite-akashic)" [NC]
RewriteRule "^.*$" - [F,L]
Test your rules
As said, the above rules return an error 403 if the user agent is matched. To check if your rules are working you can therefore look for the user agent in your website’s access log. Here, you can see the bot tried to access /foo.html and that Apache returned an error 403:
1.2.3.4 - - [13/Dec/2021:13:59:06 +0000] "GET /foo.html HTTP/1.1" 403 0 "-" "Mozilla/5.0 (compatible; DataForSeoBot/1.0; +https://dataforseo.com/dataforseo-bot)"
If you have access to cURL then you also check your rules by spoofing the user agent:
$ curl -IL -A "Mozilla/5.0 (compatible; DataForSeoBot/1.0; +https://dataforseo.com/dataforseo-bot)" http://example.com/ HTTP/1.1 403 Forbidden ...
The curl command uses three options:
-Ireturns just the server’s response headers, which includes the status code. It doesn’t download the web page.-Lmakes cURL follow any redirects, such as a redirect from HTTP to HTTPS.-Aspecifies the user agent that is sent to the server. This is what allows you to spoof the user agent.
robots.txt vs block rules
Ideally, you only need to tell what bots are and aren’t allowed to crawl your website via a robots.txt file. In practice, this approach doesn’t really work. There are too many bots, and new bots are let loose all the time. Keeping track of them quickly becomes a full time job.
There is the option to only allow specific bots. However, there are many bots that check if the bot is explicitly denied or allowed, and follow whatever the rule is for the Googlebot if the bot is not listed in the robots.txt file. This effectively gives them carte blanche, as very few websites deny the almighty Googlebot. Plus, there are also lots of bots that simply ignore robots.txt files.
In short, blocking naughty bots is a sensible approach. The bots will still try to crawl your website, but they are always denied access. Returning an error 403 uses hardly any resources, and the bots can therefore no longer cause your website to slow down.
Featured Blogs
Identifying Common Server Issues and How to Avoid Them
To maintain a smooth operation of any online business or digital service you need a server that is efficient and that you can rely on. Here at catalyst2 we understand the challenges that businesses face daily; purely to keep their business alive so the challenges that are faced in addition to this when server issues …
Why Server Backups are a Safety Net in the Digital World
Data is the foundation for businesses as it provides insights into customer behaviour and trends, as well as business performance and efficiency. So, businesses have the tools they need to make informed decisions and plan strategically. For businesses that are just starting out or that are smaller, data is a catalyst to help identify growth …
What are Flexible Servers and When are They Beneficial?
The word ‘server’ is frequently used in everyday discussions in IT departments within organisations, but unless you work in the tech industry, you might not be familiar with what it really means. A server is the backbone of all digital operations. It is there to manage tasks like data storage, processing requests, delivering content across …
Why Server Uptime Matters for Your Business Website
While many businesses still have physical workspaces or brick-and-mortar stores, the importance of a digital presence shouldn’t be overlooked. In addition to using things like social media channels to boost your brand awareness and interact with your customers, having a website offers several benefits. In today’s digital world, the performance of your website is crucial …
How to Protect Your Website Against Digital Disasters
More so than ever before, having a high-performing website is essential to the ongoing success of a business. Regardless of which industry you operate in, a website is a powerful tool that can improve brand recognition, drive growth and support customer engagement. Not to mention, it allows for online sales and can remove geographical barriers …
Does a Server Impact Website Traffic?
Regardless of which industry sector you operate in or what type of products and services you offer, having a website is non-negotiable in today’s digital world. More so than ever before, people turn to the internet to find businesses that can assist them with their specific needs and if you don’t have a website, you …
A Beginner’s Guide to Managing Your Website Server
When it comes to website management, there is a key component that business owners often overlook; server management. Your website server plays a crucial role in your online presence, it facilitates the delivery of your web pages to users and without a server, your website simply wouldn’t be visible online. So, it’s crucial to ensure …
Exploring the Costs Associated With a Website
In the digital age, getting a website is more than just a way to build an online presence, it’s a vital business investment. Not only do large retail businesses need a website, but smaller local businesses can also benefit from taking their business online. Recognising this importance, many businesses are now dedicating significant resources towards …
The Importance of Dedicated Servers for E-Commerce Websites
In the fast-paced world of e-commerce, having a reliable website is an essential factor in success. Whether you also have a brick-and-mortar store or solely a digital shop, ensuring your website is performing at its best can have a direct impact on your bottom line. Factors such as website uptime, ease of navigation and speed …
Things to Consider During a Website Review
Designing a website requires careful consideration and several reviews during the development stages to ensure everything is perfect. Once live, it can be easy to assume that no further updates are needed and your website will continue to perform well, however, this isn’t always the case. Regularly reviewing your website is essential to ensure its …
What our clients say
Great real person support – direct phone number, usually the same individual so any problems are handled by the same people. Excellent.
