We have two different options to block abnormal user access in Apache; 1) set a global policy in the Apache httpd.conf 2) set a local policy based in ReWrite Rule in .htaccess
How to set a global policy in the Apache /etc/httpd/conf/httpd.conf ?
To set a global policy that blocks access to user agents that don't contain "Mozilla," you can use the following configuration in your httpd.conf
file:
<IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTP_USER_AGENT} !Mozilla [NC] RewriteRule ^ - [F] </IfModule>
sudo systemctl restart httpd # on CentOS/RHEL sudo systemctl restart apache2 # on Debian/Ubuntu
Hot to set a local policy for your web application?
You should add below scripts on top of .htaccess in your web application
RewriteEngine On RewriteCond %{HTTP_USER_AGENT} !Mozilla [NC] RewriteRule ^ - [F]
How do I block in my php code?
You can block abnormal access to your web application by adding below code on top of your code - it will be something like index.php
# block abnormal connection if (!preg_match("/^Mozilla\/(.+)/", getenv('HTTP_USER_AGENT'))) { http_response_code(404); exit; }