Here are the step-by-step instructions to block bad bots using Apache Configuration β Include Editor β Pre Main Include β All Versions in WHM/cPanel, specifically for servers running LiteSpeed in Apache-compatible mode (like yours with LiteSpeed Enterprise + CloudLinux + Imunify360):
π Goal:
Globally block known bad bots at the Apache configuration level using WHMβs Include Editor (Pre Main Include β All Versions). This works on LiteSpeed too because it reads Apache-style config files.
β Step-by-Step Instructions
1. Login to WHM as root
- URL:
https://your-server-hostname:2087
2. Navigate to Apache Include Editor
- Go to:
WHM > Service Configuration > Apache Configuration - Click: Include Editor
3. Select: βPre Main Includeβ β βAll Versionsβ
- This ensures the configuration applies to all Apache versions (and LiteSpeed if using Apache compatibility mode).
- Click Edit for
All Versions.
4. Paste the Full Bad Bot Blocking Code
<Directory "/home">
# Set environment variable for known bad bots
SetEnvIfNoCase User-Agent "AhrefsBot" bad_bots
SetEnvIfNoCase User-Agent "SemrushBot" bad_bots
SetEnvIfNoCase User-Agent "DotBot" bad_bots
SetEnvIfNoCase User-Agent "MJ12bot" bad_bots
SetEnvIfNoCase User-Agent "ZoominfoBot" bad_bots
SetEnvIfNoCase User-Agent "AlphaBot" bad_bots
SetEnvIfNoCase User-Agent "ClaudeBot" bad_bots
SetEnvIfNoCase User-Agent "Bytespider" bad_bots
SetEnvIfNoCase User-Agent "Bytedance" bad_bots
SetEnvIfNoCase User-Agent "Yandex" bad_bots
SetEnvIfNoCase User-Agent "Baiduspider" bad_bots
SetEnvIfNoCase User-Agent "Mail.Ru" bad_bots
SetEnvIfNoCase User-Agent "coccocbot-image" bad_bots
SetEnvIfNoCase User-Agent "rogerbot" bad_bots
SetEnvIfNoCase User-Agent "PHPCrawl" bad_bots
SetEnvIfNoCase User-Agent "BLEXBot" bad_bots
SetEnvIfNoCase User-Agent "magpie-crawler" bad_bots
SetEnvIfNoCase User-Agent "SeznamBot" bad_bots
SetEnvIfNoCase User-Agent "seoscanners.net" bad_bots
SetEnvIfNoCase User-Agent "ZumBot" bad_bots
SetEnvIfNoCase User-Agent "MaxPointCrawler" bad_bots
SetEnvIfNoCase User-Agent "Nutch" bad_bots
SetEnvIfNoCase User-Agent "Buzzbot" bad_bots
SetEnvIfNoCase User-Agent "ADmantX" bad_bots
SetEnvIfNoCase User-Agent "Heritrix" bad_bots
SetEnvIfNoCase User-Agent "Indy Library" bad_bots
SetEnvIfNoCase User-Agent "BlackWidow" bad_bots
SetEnvIfNoCase User-Agent "ChinaClaw" bad_bots
SetEnvIfNoCase User-Agent "Custo" bad_bots
SetEnvIfNoCase User-Agent "DISCo" bad_bots
SetEnvIfNoCase User-Agent "Download Demon" bad_bots
SetEnvIfNoCase User-Agent "eCatch" bad_bots
SetEnvIfNoCase User-Agent "EirGrabber" bad_bots
SetEnvIfNoCase User-Agent "EmailSiphon" bad_bots
SetEnvIfNoCase User-Agent "EmailWolf" bad_bots
SetEnvIfNoCase User-Agent "Express WebPictures" bad_bots
SetEnvIfNoCase User-Agent "ExtractorPro" bad_bots
SetEnvIfNoCase User-Agent "EyeNetIE" bad_bots
SetEnvIfNoCase User-Agent "FlashGet" bad_bots
SetEnvIfNoCase User-Agent "GetRight" bad_bots
SetEnvIfNoCase User-Agent "GetWeb!" bad_bots
SetEnvIfNoCase User-Agent "Go!Zilla" bad_bots
SetEnvIfNoCase User-Agent "Go-Ahead-Got-It" bad_bots
SetEnvIfNoCase User-Agent "GrabNet" bad_bots
SetEnvIfNoCase User-Agent "Grafula" bad_bots
SetEnvIfNoCase User-Agent "HMView" bad_bots
SetEnvIfNoCase User-Agent "HTTrack" bad_bots
SetEnvIfNoCase User-Agent "Image Stripper" bad_bots
SetEnvIfNoCase User-Agent "Image Sucker" bad_bots
SetEnvIfNoCase User-Agent "InterGET" bad_bots
SetEnvIfNoCase User-Agent "Internet Ninja" bad_bots
SetEnvIfNoCase User-Agent "JetCar" bad_bots
SetEnvIfNoCase User-Agent "JOC Web Spider" bad_bots
SetEnvIfNoCase User-Agent "larbin" bad_bots
SetEnvIfNoCase User-Agent "LeechFTP" bad_bots
SetEnvIfNoCase User-Agent "Mass Downloader" bad_bots
SetEnvIfNoCase User-Agent "MIDown tool" bad_bots
SetEnvIfNoCase User-Agent "Mister PiX" bad_bots
SetEnvIfNoCase User-Agent "Navroad" bad_bots
SetEnvIfNoCase User-Agent "NearSite" bad_bots
SetEnvIfNoCase User-Agent "NetAnts" bad_bots
SetEnvIfNoCase User-Agent "NetSpider" bad_bots
SetEnvIfNoCase User-Agent "Net Vampire" bad_bots
SetEnvIfNoCase User-Agent "NetZIP" bad_bots
SetEnvIfNoCase User-Agent "Octopus" bad_bots
SetEnvIfNoCase User-Agent "Offline Explorer" bad_bots
SetEnvIfNoCase User-Agent "Offline Navigator" bad_bots
SetEnvIfNoCase User-Agent "PageGrabber" bad_bots
SetEnvIfNoCase User-Agent "Papa Foto" bad_bots
SetEnvIfNoCase User-Agent "pavuk" bad_bots
SetEnvIfNoCase User-Agent "pcBrowser" bad_bots
SetEnvIfNoCase User-Agent "RealDownload" bad_bots
SetEnvIfNoCase User-Agent "ReGet" bad_bots
SetEnvIfNoCase User-Agent "SiteSnagger" bad_bots
SetEnvIfNoCase User-Agent "SmartDownload" bad_bots
SetEnvIfNoCase User-Agent "SuperBot" bad_bots
SetEnvIfNoCase User-Agent "SuperHTTP" bad_bots
SetEnvIfNoCase User-Agent "Surfbot" bad_bots
SetEnvIfNoCase User-Agent "tAkeOut" bad_bots
SetEnvIfNoCase User-Agent "Teleport Pro" bad_bots
SetEnvIfNoCase User-Agent "VoidEYE" bad_bots
SetEnvIfNoCase User-Agent "Web Image Collector" bad_bots
SetEnvIfNoCase User-Agent "Web Sucker" bad_bots
SetEnvIfNoCase User-Agent "WebAuto" bad_bots
SetEnvIfNoCase User-Agent "WebCopier" bad_bots
SetEnvIfNoCase User-Agent "WebFetch" bad_bots
SetEnvIfNoCase User-Agent "WebGo IS" bad_bots
SetEnvIfNoCase User-Agent "WebLeacher" bad_bots
SetEnvIfNoCase User-Agent "WebReaper" bad_bots
SetEnvIfNoCase User-Agent "WebSauger" bad_bots
SetEnvIfNoCase User-Agent "Website eXtractor" bad_bots
SetEnvIfNoCase User-Agent "Website Quester" bad_bots
SetEnvIfNoCase User-Agent "WebStripper" bad_bots
SetEnvIfNoCase User-Agent "WebWhacker" bad_bots
SetEnvIfNoCase User-Agent "WebZIP" bad_bots
SetEnvIfNoCase User-Agent "Wget" bad_bots
SetEnvIfNoCase User-Agent "Widow" bad_bots
SetEnvIfNoCase User-Agent "WWWOFFLE" bad_bots
SetEnvIfNoCase User-Agent "Xaldon WebSpider" bad_bots
SetEnvIfNoCase User-Agent "Zeus" bad_bots
<RequireAll>
Require all granted
Require not env bad_bots
</RequireAll>
</Directory>5. Click βUpdateβ to Save the Include
6. Restart Apache (or LiteSpeed)
Restart Apache (will signal LiteSpeed if active):
- WHM > Restart Services > HTTP Server (Apache)
OR
Restart LiteSpeed directly:
- WHM > Plugins > LiteSpeed Web Server > Restart LiteSpeed
β
Done! Bad bots are now blocked globally on all sites hosted under /home.
Here is the tailored guide for cPanel + LiteSpeed Enterprise + CloudLinux (with Imunify360), including the complete list of bad bots for comprehensive server protection.
π‘οΈ Block Bad Bots β cPanel + LiteSpeed Enterprise + CloudLinux (Imunify360)
This guide explains how to globally block known bad bots on a cPanel server running LiteSpeed Enterprise with CloudLinux and Imunify360, using:
.htaccess(LiteSpeed + mod_lsapi)- LiteSpeedβs
mod_security - Imunify360’s custom rule support
π Full Bad Bot User-Agent List
All bots below are included in the configuration examples:
AhrefsBot, SemrushBot, DotBot, MJ12bot, ZoominfoBot, AlphaBot,
ClaudeBot, Bytespider, Bytedance, Yandex, Baiduspider,
Mail.Ru, Coccocbot-image, Rogerbot, PHPCrawl, BLEXBot, magpie-crawler,
SeznamBot, seoscanners.net, ZumBot, MaxPointCrawler, Nutch,
Buzzbot, ADmantX, Heritrix, Indy Library, BlackWidow, ChinaClaw,
Custo, DISCo, Download Demon, eCatch, EirGrabber, EmailSiphon,
EmailWolf, Express WebPictures, ExtractorPro, EyeNetIE, FlashGet,
GetRight, GetWeb!, Go!Zilla, Go-Ahead-Got-It, GrabNet, Grafula,
HMView, HTTrack, Image Stripper, Image Sucker, InterGET,
Internet Ninja, JetCar, JOC Web Spider, larbin, LeechFTP,
Mass Downloader, MIDown tool, Mister PiX, Navroad, NearSite,
NetAnts, NetSpider, Net Vampire, NetZIP, Octopus, Offline Explorer,
Offline Navigator, PageGrabber, Papa Foto, pavuk, pcBrowser,
RealDownload, ReGet, SiteSnagger, SmartDownload, SuperBot,
SuperHTTP, Surfbot, tAkeOut, Teleport Pro, VoidEYE, Web Image Collector,
Web Sucker, WebAuto, WebCopier, WebFetch, WebGo IS, WebLeacher,
WebReaper, WebSauger, Website eXtractor, Website Quester, WebStripper,
WebWhacker, WebZIP, Wget, Widow, WWWOFFLE, Xaldon WebSpider, Zeus
β
Method 1: Block via .htaccess (LiteSpeed-compatible)
π Location
/home/username/public_html/.htaccess
π Code
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} "(?i)(AhrefsBot|SemrushBot|DotBot|MJ12bot|ZoominfoBot|AlphaBot|ClaudeBot|Bytespider|Bytedance|Yandex|Baiduspider|Mail\.Ru|coccocbot-image|rogerbot|PHPCrawl|BLEXBot|magpie-crawler|SeznamBot|seoscanners\.net|ZumBot|MaxPointCrawler|Nutch|Buzzbot|ADmantX|Heritrix|Indy Library|BlackWidow|ChinaClaw|Custo|DISCo|Download Demon|eCatch|EirGrabber|EmailSiphon|EmailWolf|Express WebPictures|ExtractorPro|EyeNetIE|FlashGet|GetRight|GetWeb!|Go!Zilla|Go-Ahead-Got-It|GrabNet|Grafula|HMView|HTTrack|Image Stripper|Image Sucker|InterGET|Internet Ninja|JetCar|JOC Web Spider|larbin|LeechFTP|Mass Downloader|MIDown tool|Mister PiX|Navroad|NearSite|NetAnts|NetSpider|Net Vampire|NetZIP|Octopus|Offline Explorer|Offline Navigator|PageGrabber|Papa Foto|pavuk|pcBrowser|RealDownload|ReGet|SiteSnagger|SmartDownload|SuperBot|SuperHTTP|Surfbot|tAkeOut|Teleport Pro|VoidEYE|Web Image Collector|Web Sucker|WebAuto|WebCopier|WebFetch|WebGo IS|WebLeacher|WebReaper|WebSauger|Website eXtractor|Website Quester|WebStripper|WebWhacker|WebZIP|Wget|Widow|WWWOFFLE|Xaldon WebSpider|Zeus)" [NC]
RewriteRule .* - [F,L]
β This works on:
- LiteSpeed Enterprise
- CloudLinux with
mod_lsapi - All PHP versions
π Method 2: LiteSpeed ModSecurity Rule (Global)
π WHM Path
WHM > Plugins > LiteSpeed Web Server > WebAdmin Console > Security > ModSecurity > Rules
π Rule
SecRule REQUEST_HEADERS:User-Agent "@rx (?i)(AhrefsBot|SemrushBot|DotBot|MJ12bot|ZoominfoBot|AlphaBot|ClaudeBot|Bytespider|Bytedance|Yandex|Baiduspider|Mail\.Ru|coccocbot-image|rogerbot|PHPCrawl|BLEXBot|magpie-crawler|SeznamBot|seoscanners\.net|ZumBot|MaxPointCrawler|Nutch|Buzzbot|ADmantX|Heritrix|Indy Library|BlackWidow|ChinaClaw|Custo|DISCo|Download Demon|eCatch|EirGrabber|EmailSiphon|EmailWolf|Express WebPictures|ExtractorPro|EyeNetIE|FlashGet|GetRight|GetWeb!|Go!Zilla|Go-Ahead-Got-It|GrabNet|Grafula|HMView|HTTrack|Image Stripper|Image Sucker|InterGET|Internet Ninja|JetCar|JOC Web Spider|larbin|LeechFTP|Mass Downloader|MIDown tool|Mister PiX|Navroad|NearSite|NetAnts|NetSpider|Net Vampire|NetZIP|Octopus|Offline Explorer|Offline Navigator|PageGrabber|Papa Foto|pavuk|pcBrowser|RealDownload|ReGet|SiteSnagger|SmartDownload|SuperBot|SuperHTTP|Surfbot|tAkeOut|Teleport Pro|VoidEYE|Web Image Collector|Web Sucker|WebAuto|WebCopier|WebFetch|WebGo IS|WebLeacher|WebReaper|WebSauger|Website eXtractor|Website Quester|WebStripper|WebWhacker|WebZIP|Wget|Widow|WWWOFFLE|Xaldon WebSpider|Zeus)" \
"id:999999,phase:1,deny,status:403,msg:'Blocked Bad Bot'"β This is applied server-wide and integrates well with LiteSpeed Enterprise.
π‘οΈ Method 3: CloudLinux Imunify360 Custom Rule
π Path
/etc/sysconfig/imunify360/generic/modsec.custom.conf
π Content
Paste the same ModSecurity rule as above.
Then restart Imunify360 service:
systemctl restart imunify360β Imunify360 will enforce this with its WAF, adding reporting and centralized logging.
π‘ Best Practice Summary
| Method | Scope | Recommended When |
|---|---|---|
.htaccess | Per-site | Shared hosting, site-specific rules |
| ModSecurity | Server-wide | VPS/dedicated servers (LiteSpeed/Apache) |
| Imunify360 WAF | Server-wide | Servers using CloudLinux with Imunify360 |
| Cloudflare WAF | Edge-level | For pre-filtering before reaching your server |
| Cloudflare Workers | Edge+Logic | For advanced rule logic or global bot defense |