Ban specific GET requests found in access_log

Greetingz!
I've been spreading the word about blockhosts, and I've hit a bit of a snag;
I'm attempting to help someone who keeps getting the following in their Apache access_log;

www.mydomain.com||||1181||||120.140.74.198 - - [11/Sep/2010:00:06:32 -0500] "GET /.cod6xo/?action=captcha&a=get&i=45069&v=21 HTTP/1.0" 404 1181 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727)"
www.mydomain.com||||1181||||67.142.166.21 - - [11/Sep/2010:00:06:29 -0500] "POST /.cod6xo/?action=fbgen&v=125&crc=669 HTTP/1.1" 404 1181 "-" "Mozilla/4.0 (compatible; MSIE 7.0; na; )"

They would like block "GET /.cod6xo/" or "POST /.cod6xo/". I've provided them a ReWriteRule, but they would very much perfer to use blockhosts, as it does a great job of watching over their ProFTPd & SSH services as well.

Thank you!
--- Signed,
Someone Who really sucks with RegExp.

block cod6xo

Does the log really have the www.mydomain|||| characters in front of every line?
Normally, the apache log LogFormat definition in httpd.conf puts %h in front - so the IP address of remote server is first in line.

In any case, this should work, add it as per instructions in blockhosts.cfg:

    "apache-cod6xo":
        r'.*?{HOST_IP} .*? "(GET|POST) /.cod6xo/',