I am looking at my Apache access log and there is suspicious activity from several ip ranges. What they have in common is that all of them are identified as "Allegro-Software-WebClient/4.07".
Is there a way for me to create a rule for apf or similar that will do:
DROP ALL CLIENTS IF NAME STARTS WITH "Allegro"
For a firewall to do this, it has to support HTTP protocol inspection which is not supported by most firewalls (if not all). Firewalls usually inspect lower layers.
I suggest to install a proxy like squid in front of apache. The, you can configure it to deny access based on the user-agent (called browser in squid).
acl aclname browser [-i] regexp ...
The proxy server helps also in caching and thus improving your server performance.
