Actually the Request is already being blocked since a 403 error was logged. BPS is blocking masscan with this Query String Exploits security rule below. “scan” in the User Agent security rule below will match “masscan”.
RewriteCond %{HTTP_USER_AGENT} (havij|libwww-perl|wget|python|nikto|curl|scan|java|winhttp|clshttp|loader) [NC,OR]
To block other User Agents you can use this code below.
1. Copy the code below into this BPS Root Custom Code text box: 14. CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE
2. Click the Save Root Custom Code button.
3. Go to the Security Modes page and click the Root Folder BulletProof Mode Activate button.
RewriteCond %{HTTP_USER_AGENT} (another-user-agent|another-user-agent|another-user-agent|another-user-agent) [NC]
RewriteRule ^(.*)$ - [F]