Block certain User-Agents

[JohnnyW2M Profile]

Hi,

I am under attack by some sort of botnet that is doing a ddos style attack on my site. I am noticing a commonality in the User Agent string and I need help to block them. I tried this line below, but it blaocked anything Mazilla and I just want to block the ones using X11, Linux.

This is one of the bad guys:
Mozilla/5.0+(X11;+Linux)+Gecko+Firefox/5.0

I tried this:
RewriteCond %{HTTP_USER_AGENT} !^Mozilla/5.0+\(X11;\ U;\ Linux\ i686;\ [a-z]{2}-[A-Z]{2};\ rv:[1-9]\.[0-9.]+\)\ Gecko/Debian-[1-9]\.[0-9.]+-[0-9]+\ Galeon/[2-9]\.[0-9.]+\ \(Debian\ package\ [2-9]\.[0-9.]+-[0-9]+\)$
RewriteRule .? - [F]

[Yaroslav]

Hello.

Sorry for delay, your ticket was lost in the ticketing system because of bug.
I beleive the answer to your initial question is no longer relevant, however, may I propose you to take a look at new mod_antibot module we recently added to Helicon Ape: https://www.helicontech.com/ape/doc/mod_antibot.htm This module is designed to prevent various bot, brute force and DDoS type of attacks, so you may consider protecting your critical resources if they'd be ever subjected to attack again.