What there be a performance hit when I add this to my .htaccess file:
HOWTO stop automated spam-bots using .htaccess
or should I add it to my PHP file instead?
or leave it out completely? Because spammers might fake their useragent anyway?
Would it also make sense to prevent users from accessing your website via a proxy server? I know that this might also block people from accessing your website who didn't come here with bad intentions. But, what are some of the reasons why people would visit a website via a proxy server, other than spam, or when a website is blocked in their country?
What there be a performance hit when I add this to my .htaccess file?
Possibly, if you have thousands or tens of thousands of user agent strings to match against. Apache has to check this rule on every request.
or should I add it to my PHP file instead?
No Apache's parsing of .htaccess will still be quicker than a PHP process. For PHP, Apache has to start a PHP interpreter process for every request.
or leave it out completely? Because spammers might fake their useragent anyway?
Probably yes. It is very likely that most malicious spam bots will be faking a standard user agent.
But, what are some of the reasons why people would visit a website via a proxy server, other than spam, or when a website is blocked in their country?
There is a lot of legitimate uses for a proxy server. One is mobile clients that use some sort of prefetching to save mobile traffic. There are also some ISPs who force their clients to use their proxy servers. In my opinion, locking out users who use a proxy server is not a wise move.
The bottom line is probably that these things are not worth worrying about unless you have a lot of traffic going to waste because of malicious activities.