HostArmada Web Hosting Knowledge Base

Knowledge is power! Use that power and achieve total and unconditional control over the Web Hosting Services!

How to block the User-Agent of a device or a bot accessing your website using the .htaccess file?

What is a user-agent you might ask? Well, it is a string, which usually defines the browser and operating system of the device from which the request originated. It is typically included in the HTTP headers, and each browser or operating system has its unique identifier. Here is an example of the latest Google Chrome browser user-agent:


Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.92 Safari/537.36

As we have mentioned, the user-agent is shown in the header of the HTTP request. This means, that you can see it for every real visitor or bot that lands on your website using the access logs of the same. Sometimes when you are analyzing your website's traffic, you could come across a user-agent which appears malicious due to the number of resources it appears to be consuming on your website. By consumed resources we are referring to the number of page hits, script executions and images viewed.

In this case, you could use the methods explained in this article to block access to this specific visitor or bot using the .htaccess file of your website

Please do the following:

  1. Open your .htaccess for editing using the methods described in our What is a .htaccess file and how can I find it knowledgebase article.
  2. When you have opened it, please type in the following snippet of code on top of the file:
    RewriteEngine On
    RewriteCond %{HTTP_USER_AGENT} UserAgentName [NC]
    RewriteRule .* - [F,L]
    where "UserAgentName" will be replaced by the actual name of the user-agent causing problems for your site. Here is an example:
    RewriteEngine On
    RewriteCond %{HTTP_USER_AGENT} BadBot [NC]
    RewriteRule .* - [F,L]
    You could also incorporate multiple bots by using the following code snippet:
    RewriteEngine On
    RewriteCond %{HTTP_USER_AGENT} ^.*(User-Agent1|User-Agent2|User-Agent3).*$ [NC]
    RewriteRule .* - [F,L]
    Here is an example:
    RewriteEngine On
    RewriteCond %{HTTP_USER_AGENT} ^.*(BadBot|MaliciousBot|HackBot).*$ [NC]
    RewriteRule .* - [F,L]
  3. Lastly, we will provide you a rule that will block requests from sources that are missing the User-Agent header:
    RewriteCond %{HTTP_USER_AGENT} ^-?$ 
    RewriteRule ^ - [F]

As usual, our support team is 24/7 available, and if you are not confident in setting this up yourself, please give them a poke. They are 24/7 available through the ticketing system in your Client Area.

Was this article useful and on point?

Find out more about HostArmada entire range of optimized Web Hosting Services and take action today on improving your website Loading Speed, Security, and overall Stability!