Category Archives: agent

want to block user agents with just a hypen at a apache level, not htaccess

I am trying to block access to wp-login.php and xmlrpc.php for all sites on a web server. I want to do this at apache level, not htaccess.

I have a file in conf.d of apache with the following, but when do a CURL test it still shows the page.

<Files ~ "^(wp-login|xmlrpc)\.php">
        order allow,deny
        allow from all
        SetEnvIf User-Agent - bad_user
        Deny from env=bad_user 
</Files>

anybody know what i have wrong?

How to log blocked user agents and blocked ips via htaccess?

I have an .htaccess file with something like the following, but I have no idea who it will block, if anyone. Can someone please tell me how I can write a log file of blocked user agents and IPs.

RewriteEngine on
        RewriteCond %{HTTP_USER_AGENT} ^[Ww]eb[Bb]andit [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^Acunetix [NC,OR]
        RewriteCond %{HTTP_USER_AGENT} ^ZyBorg [NC]
        RewriteRule ^.* - [F,L]

Apache 2.4: Cipher suite depending on User Agent

Is it possible to enable/disable cipher suites depending on the user agent (like BrowserMatch)? I need a single old/weak cipher suite only for an old client application and I have tried some RewriteRules to forbid access to the server with the old cipher suite and not matching user agents. But I need enabled stronger and weaker cipher suites and protocols on vhost level to allow access. So I get an "F" on https://www.ssllabs.com/ssltest . Can I increase the rating (the insecure/weak cipher suite should not be visible for general user agents on the initial handshake).