Looking for a bit of righteous judgement!

I currently use a combination of methods to assuade my bot paranoia, including:

Code:

# --------------------------------------------------------- Bad Agent Blocking
# Blatantly borrowed from various online sources
RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR] 
RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR] 
RewriteCond %{HTTP_USER_AGENT} ^Custo
# ... and the list goes on
RewriteRule ^.* - [F,L]

# --------------------------------------------------------- Query String Exploit Blocking
# Also, blatantly borrowed from various online sources
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]

# --------------------------------------------------------- Common PHP Exploit Redirect
# I like to think I thought this one up
RewriteCond %{REQUEST_URI} ^.*awstats\.pl [OR]
RewriteCond %{REQUEST_URI} ^.*azenv\.php [OR]
RewriteCond %{REQUEST_URI} ^.*main\.php [OR]
# ... and other apps I don't use
RewriteRule ^(.*)$ /_honeypot/ [L]

Where /_honeypot/ is the location of a logging & blacklisting script.

Questions:

1. Worth the effort?
2. Bad idea?
3. A better way?

Trust me, I can take it.

Your .htaccess file is parsed by the web server for every request. That means all the media on your page, all the scripts, all the style sheets, even every little png file, is going to force Apache to deal with all the .htaccess code. For a 200 KB music file, it won't add much (% wise) overhead, but for a bunch of 300 byte icons, that's going to slow things down.

Also, .htaccess isn't a very expressive medium. I would personally let all traffic be funneled through at this point, and use code at a higher level to keep detailed metrics and ban robot like behavior, instead of simple requests.

To avoid parsing .htaccess on small static files it is recommended to install lightweight frontend like nginx or lighttpd to serve all images, css, javascripts and even static html files.

I hear you on the overhead (every lil' bit helps); how would something like this play out given that scenario:

Code:

<FilesMatch "\.(htm|html|js|php)$">
#... all that jazz above
</FilesMatch>

Would it help? or just add to the total K per access?

It's a great strategy! Honest.

However, the implementation is a bit too resource intensive. Why not use something like Squid as a reverse proxy in front of your webserver? Is that a viable option? That way only good traffic gets through.

That is pure genius however.

Thanks for the continued assist.

While my host may allow (in this case) the implementation of a proxy (Squid) or similar front end, I'm constantly striving towards simplistic and purist approaches. My experience has always been that (well implemented and understood) less is more, as more tends to have its own baggage in terms of maintenance and security.

The goal is to meet my masochistic and highly retentive desire to enact some form of diluted justice upon the bots and skiddies without taxing everyone else.

Are there any (non-additive) alternatives?
Magical .conf entries?
How about virtual directories?
Does the <FilesMatch> approach do anything for me?
How about <LocationMatch) or <DirectoryMatch> given a tree something like this:

/var/htdocs/ - All php scripts
/var/htdocs/includedir/ - All php/html includes
/var/htdocs/cssdir/ - All external style sheets
/var/htdocs/jscriptdir/ - All javascript
/var/htdocs/imagedir/ - All images

Is the content in a <...MATCH> block skipped on false or parsed regardless?

Thanks again for all the great feedback, I modified my ill-advised strategy a bit to hopefully eek out a few extra K.

Code:

# --------------------------------------------------------- Bad Agent Blocking
# Blatantly borrowed from various online sources
RewriteCond %{HTTP_USER_AGENT} ^BlackWidow|^ChinaClaw|^Custo
# ... and the list goes on
RewriteRule ^.* - [F,L]

# --------------------------------------------------------- Common PHP Exploit Redirect
# I like to think I thought this one up
RewriteCond %{REQUEST_URI} ^.*awstats\.pl|^.*azenv\.php|^.*main\.php [OR]
# ... and other apps I don't use
RewriteRule ^(.*)$ /_honeypot/ [L]

For some of my sites that are light on graphics, etc, I may let the extra parsing fly and see how the honeypot grows :P... Thanks