From c3868db8e2cac19e0b3552e430e157f7603a4865 Mon Sep 17 00:00:00 2001 From: cschantz Date: Fri, 2 Jan 2026 15:56:31 -0500 Subject: [PATCH] Fix bot blocking recommendations to use cPanel mod_rewrite format Changed User-Agent blocking output from old .htaccess SetEnvIfNoCase format to modern mod_rewrite format suitable for cPanel global config. New format: - File: /etc/apache2/conf.d/includes/pre_main_global.conf - Uses with RewriteCond/RewriteRule - Returns 403 Forbidden [F,L] for bad bots - Case-insensitive matching [NC] - Properly formatted for cPanel best practices Also updated SEO bot blocking section to match format. --- modules/security/bot-analyzer.sh | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/modules/security/bot-analyzer.sh b/modules/security/bot-analyzer.sh index d031297..24b4478 100755 --- a/modules/security/bot-analyzer.sh +++ b/modules/security/bot-analyzer.sh @@ -1563,16 +1563,20 @@ generate_report() { fi echo "" - echo "# User-Agent blocking (add to .htaccess):" - echo "SetEnvIfNoCase User-Agent \"nikto|nmap|masscan|sqlmap|havij\" bad_bot" - echo "SetEnvIfNoCase User-Agent \"acunetix|nessus|burp|metasploit\" bad_bot" + echo "# cPanel User-Agent blocking (add to /etc/apache2/conf.d/includes/pre_main_global.conf):" echo "" - echo "# Optional: Block aggressive SEO bots" - echo "# SetEnvIfNoCase User-Agent \"AhrefsBot|SemrushBot|MJ12bot|DotBot\" bad_bot" + echo "" + echo " RewriteEngine On" + echo " RewriteCond %{HTTP_USER_AGENT} \"(nikto|nmap|masscan|sqlmap|havij|acunetix|nessus|burp|metasploit)\" [NC]" + echo " RewriteRule ^ - [F,L]" + echo "" echo "" - echo "Order Allow,Deny" - echo "Allow from all" - echo "Deny from env=bad_bot" + echo "# Optional: Block aggressive SEO bots (uncomment to enable)" + echo "# " + echo "# RewriteEngine On" + echo "# RewriteCond %{HTTP_USER_AGENT} \"(AhrefsBot|SemrushBot|MJ12bot|DotBot|Meta-ExternalAgent|Go-http-client)\" [NC]" + echo "# RewriteRule ^ - [F,L]" + echo "# " echo "" echo "# CSF/iptables format:"