if (req.http.User-Agent ~ "(?i)BadBot|SpamBot") {
    error 403;
}
#Check for known bad User-Agent with case insensitivity and deny with 403