Modifying Rewrite Rules to block brute force bots
2 posts
• Page 1 of 1
Modifying Rewrite Rules to block brute force bots
Hi,
I have a multisite wordpress blog that is continuously under brute force bot attacks. I implemented an .htaccess rule to whitelist specific IP addresses ability to access our login page, however, this is not an ideal solution. I found the following rules that is supposed to work for single site installations to prevent remote posting to the login form and would like to modify the code to work with a multisite environment. Essentially, our setup has a lot of mapped domains so rather than specifying one domain I would like it to work for all of them.
If I understand the code correctly it only allows POST for the form when visiting the form on example.com - so that you must be visiting the page to submit the form. I would like it to do the same but for all the domains hosted on my server.
RewriteEngine on
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{HTTP_REFERER} !^http://(.*)?example.com [NC]
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteRule ^(.*)$ - [F]
Thanks,
Pat
I have a multisite wordpress blog that is continuously under brute force bot attacks. I implemented an .htaccess rule to whitelist specific IP addresses ability to access our login page, however, this is not an ideal solution. I found the following rules that is supposed to work for single site installations to prevent remote posting to the login form and would like to modify the code to work with a multisite environment. Essentially, our setup has a lot of mapped domains so rather than specifying one domain I would like it to work for all of them.
If I understand the code correctly it only allows POST for the form when visiting the form on example.com - so that you must be visiting the page to submit the form. I would like it to do the same but for all the domains hosted on my server.
RewriteEngine on
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{HTTP_REFERER} !^http://(.*)?example.com [NC]
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteRule ^(.*)$ - [F]
Thanks,
Pat
Re: Modifying Rewrite Rules to block brute force bots
Hello Pat.
The bad news is mod_rewrite or any other URL rewriting tool is not actually suitable for stopping bots or brute force attacks. The solution you've mentioned in your post that uses HTTP Referrer header is easy to circumvent.
The good news is that Helicon Ape comes with a tool specifically designed to protect against bots and brute force attacks. Its name is mod_antibot. It was considered experimental, but since more out clients have adopted this tool I can confirm it is safe to use in production in latest builds of Ape. Please upgrade your installation to the most current build if you gonna use it.
mod_antibot provides means to create rules that can track repeated actions on your website and put a limit or restrictions on how often some action can be repeated. For instance, you can limit how many times per minute/hour/day your login page may be accessed from the same IP address - I guess this is exactly what you need. Please read mod_antibot documentation here: https://www.helicontech.com/ape/doc/mod_antibot.htm
The syntax is pretty much like the mod_rewrite.
The bad news is mod_rewrite or any other URL rewriting tool is not actually suitable for stopping bots or brute force attacks. The solution you've mentioned in your post that uses HTTP Referrer header is easy to circumvent.
The good news is that Helicon Ape comes with a tool specifically designed to protect against bots and brute force attacks. Its name is mod_antibot. It was considered experimental, but since more out clients have adopted this tool I can confirm it is safe to use in production in latest builds of Ape. Please upgrade your installation to the most current build if you gonna use it.
mod_antibot provides means to create rules that can track repeated actions on your website and put a limit or restrictions on how often some action can be repeated. For instance, you can limit how many times per minute/hour/day your login page may be accessed from the same IP address - I guess this is exactly what you need. Please read mod_antibot documentation here: https://www.helicontech.com/ape/doc/mod_antibot.htm
The syntax is pretty much like the mod_rewrite.
2 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 35 guests