updated htaccess patch

patches/htaccess.patch

@@ -1,5 +1,5 @@
 diff --git a/docroot/.htaccess b/docroot/.htaccess
-index 4d19147c..80b4a625 100644
+index 4d19147c..df15a39f 100644
 --- a/docroot/.htaccess
 +++ b/docroot/.htaccess
 @@ -1,3 +1,24 @@
@@ -27,18 +27,24 @@ index 4d19147c..80b4a625 100644
  #
  # Apache/PHP/Drupal settings:
  #
-@@ -67,6 +88,54 @@ AddEncoding gzip svgz
+@@ -67,6 +88,60 @@ AddEncoding gzip svgz
  <IfModule mod_rewrite.c>
    RewriteEngine on
-
+
++  # Block access via specific user-agents.
++  RewriteCond %{HTTP_USER_AGENT} CQ-API-Spyder [NC]
++  RewriteRule .* - [F,L]
++
 +  # Block access to php & html files. Node_modules and the vendor
 +  # directory should never be available. Also block any WordPress urls.
 +  RewriteCond %{REQUEST_URI} node_modules [OR,NC]
 +  RewriteCond %{REQUEST_URI} ^/vendor [OR,NC]
 +  RewriteCond %{REQUEST_URI} "/wp-(admin|content/plugins/|includes|cron\.php|config\.php|login\.php|signup\.php)|xmlrpc.php" [OR,NC]
 +  RewriteCond %{THE_REQUEST} \.php[/\s?] [OR,NC]
-+  RewriteCond %{THE_REQUEST} \.html[/\s?] [NC]
++  RewriteCond %{REQUEST_URI} \.html [NC]
++   # Allow access to SimpleSaml login and music.stanford.edu redirect path.
 +  RewriteCond %{REQUEST_URI} !^/simplesaml/module.php
++  RewriteCond %{REQUEST_URI} !^/Academics/LessonSignups.html
 +  RewriteRule .* - [F]
 +
 +  # Block access to specific files/paths to all users except stanford IP's.
@@ -82,7 +88,7 @@ index 4d19147c..80b4a625 100644
    # Set "protossl" to "s" if we were accessed via https://.  This is used later
    # if you enable "www." stripping or enforcement, in order to ensure that
    # you don't bounce between http and https.
-@@ -144,6 +213,8 @@ AddEncoding gzip svgz
+@@ -144,6 +219,8 @@ AddEncoding gzip svgz
    RewriteCond %{REQUEST_URI} !/core/[^/]*\.php$
    # Allow access to test-specific PHP files:
    RewriteCond %{REQUEST_URI} !/core/modules/system/tests/https?\.php