On Mon, Feb 18, 2013 at 5:44 PM, Leonardo Bacha Abrantes < leona...@lbasolutions.com> wrote:
> Hi guys, > > Yandex, which ignores robots.txt, has been indexing my site. > I tried to block on httpd.conf with these configurations below but didn't > work. > > SetEnvIfNoCase User-Agent "^YandexBot*" bad_bot > <Directory /> > Order Allow,Deny > Allow from all > Deny from env=bad_bot > </Directory> > > > How can I try to block it on modsecurity ? > > Hi Leonardo, Have you tried using a rule like: SecRule REQUEST_HEADERS:User-Agent yandexbot "phase:2,id:1,t:none,t:lowercase,block,msg:'YandexBot identified'" If your using the CRS you could simply add the user-agent string to the modsecurity_35_bad_robots.data file. -- - Josh > > ->> apache log: > > 199.21.99.86 - - [18/Feb/2013:11:20:37 -0300] "GET / HTTP/1.1" *200* 8663 > "-" "Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)" > 199.21.99.86 - - [18/Feb/2013:11:21:29 -0300] "GET > /files_on_my_server/abc.pdf HTTP/1.1" *200 *97637 "-" "Mozilla/5.0 > (compatible; YandexBot/3.0; +http://yandex.com/bots)" > > many thanks! > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set > >
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
