Basically I want to do this in IIS:
In Apache you can block many bots by simply changing your .htaccess files to OPT-IN instead of OPT-OUT, basically whitelisting instead of blacklisting. You let in Google, Yahoo, MSN, etc. and IE, Opera, Firefox, Netscape and bounce EVERYTHING else by default. The beauty here is you don't have to keep looking for bots anymore as anything that identifies itself as a bot will be bounced.
How do I achieve that in IIS? Can you please point me to an example? Thanks!
references: http://www.spanishseo.org/how-to-identify-user-agents-and-ip-addresses-for-bot-blocking
http://incredibill.blogspot.com/2011/05/whitelisting-not-blacklisting-to-stop.html
There's no native way of doing this in IIS. If you're using asp.net it's easy enough to create an httpmodule to do this filtering, although unless we're talking IIS7 then only .net requests will be filtered.
Outside of that, you're looking at an IIS Filter, written in something like C++ or Delphi or something that can compile a dll. They're not easy to write either.
I wrote something similar that uses Project Honeypot (http://projecthoneypot.org/) to block spammy IP addresses. You can get it here: http://code.google.com/p/blacklistprotector/