Is there any way to detect an attack within Apache and block it? I'm thinking of a rule or something to check the user-agent or equiv before calling the CGI or PHP etc. I'm looking to protect some old servers where BASH updates won't be forthcoming (I know the answer is to upgrade the servers, but these aren't my servers and it ain't my call)