Modrewrite question

[Mr Anderson]

One of the rules in my htaccess is set to block connection attempts from anything with an empty useragent string:

Code:

RewriteCond %{HTTP_USER_AGENT} =""
RewriteRule .* - [F,L]

That works quite well and has cut down on a lot of spam and hack attempts on my domain.

However I've now discovered that a legitimate service that I'm subscribed to makes periodic connection attempts via software without a UA string. Not surprisingly they think it best for me to allow their service through, rather than them make an effort to fix the issue with their software. I've already pointed out to them that I'm not the only one that blocks access based on empty UAs, and that there's likely to be other people with a similar issue with their software, but not heard back on that.

On the off-chance they're going to be stubborn and not correct it at their end, is there any way of modifying that modrewrite rule to block empty UAs, except for theirs (based either on their IP or on the file that they're trying to access - preferably IP)?

[JasonD]

There is no obligation for a UA to identify itself, legitimate or otherwise.

Add a RewriteCond %{REMOTE_ADDR} !="1.2.3.4"

[Mr Anderson]

There is no obligation for a UA to identify itself, legitimate or otherwise.

Maybe not everywhere but, when several thousand attempts per month are made to access my comment forms by bots with empty UAs, there is on my site.

Add a RewriteCond %{REMOTE_ADDR} !="1.2.3.4"

Cheers

[Mr Anderson]

%{REMOTE_ADDR} !="1.2.3.4"

Couldn't get it to work like that, but it did with this format:

Code:

RewriteCond %{REMOTE_ADDR} !^1\.2\.3\.4$
RewriteCond %{HTTP_USER_AGENT} =""
RewriteRule .* - [F,L]

Thanks for pointing me in the right direction though