Hi,
I have an apache-2.4.56 install on fedora37 and trying to block some bots from accessing the site, unless they're trying to access our RSS feeds. How can I do this?
I'm blocking the bots with SetEnvIF lines in the .htacess file in the document root like:
SetEnvIf user-agent "(?i:libwww)" stayout=1
deny from env=stayout
<RequireAll>
Require all granted
Require not env stayout
</RequireAll>
However, creating an entry that explicitly allows access to the XML files before or after doesn't seem to take effect:
RewriteRule linuxsecurity_features\.xml$ - [L]
It is still blocked by the user-agent setting above. I understood the file was processed from the top down, and when a match is made, it stops processing. Is that not the case? Shouldn't the RewriteRule above, if placed before the env rule, be enough to stop processing the htaccess file and allow access?
I've also tried adding these RewriteRule entries to the server config htaccess with an Include, but it appears the .htaccess in the document root is always processed afterwards, even after finding match in the server config htaccess.