RewriteEngine On
Exclude ACME challenge
RewriteCond %{REQUEST_URI} ^/.well-known/acme-challenge RewriteRule ^ - [L]
Whitelist your IP
RewriteCond %{REMOTE_ADDR} ^XX.XXX.XX.XXX$ RewriteRule .* - [L]
Allow known bots
RewriteCond %{HTTP_USER_AGENT} (Baiduspider|Polyring) [NC] RewriteRule .* - [L]
Allow access to errors folder
RewriteCond %{REQUEST_URI} ^/errors/ RewriteRule .* - [L]
Allow access to specific RSS feeds
RewriteCond %{REQUEST_URI} ^/feeds/blog.php$ [OR] RewriteCond %{REQUEST_URI} ^/feeds/combined.php$ [OR] RewriteCond %{REQUEST_URI} ^/social/rss/index.php$ [OR] RewriteCond %{REQUEST_URI} ^/rss.php$ [OR] RewriteCond %{REQUEST_URI} ^/robots.txt$ [OR] RewriteCond %{REQUEST_URI} ^/public/feeds/feed.opml$ RewriteRule .* - [L]
Block common scraping libraries
RewriteCond %{HTTP_USER_AGENT} (python|okhttp|libwww|Go-http-client|Apache-HttpClient|curl) [NC] RewriteRule .* - [F,L]
Block unidentified bots: empty UA or Accept
RewriteCond %{HTTP_USER_AGENT} ^$ [OR] RewriteCond %{HTTP_ACCEPT} ^$ RewriteRule .* - [F,L]
Inline 403 message for humans
ErrorDocument 403 /errors/403.txt