I was looking through my access logs today and concluded I should probably make an effort to deal with bad traffic. I am trying to use this list (https://github.com/bluedragonz/bad-bot-blocker) as as starting point.
My server is setup is a Java Application server fronted by apache server. The configuration for the application server is
<Location />
ProxyPass ajp://localhost:8009/
</Location>
I added the blocking list in a separate file that is included before the jboss file
Include "/opt/bitnami/apache2/conf/extra/badbot.conf"
Include "/opt/bitnami/jboss/conf/jboss.conf"
an extract of that badbot file looks like this
Options All -Indexes
RewriteEngine on
# Block Bad Bots & Scrapers
SetEnvIfNoCase User-Agent "Aboundex" bad_bot
Order Allow,Deny
Allow from all
deny from env=bad_bot
this config is ok but doenst seem to do anything when I spoof my user agent. I tried removing the order allow deny stuff from the badbot file and putting into the location part of the jboss.conf file but that didn't seem to work either.
