If you have a high traffic website, when you look at the website access log or ssl access log, you may find there are a lot of spam url requests.
In my website one day’s access log, I found 90000 //xmlrpc.php request and 40000 //wp-cron.php requests. Such kind of requests will not being blocked by spam software because the request source ip and request frequency is regular.
But those kind of request is useless at all and will only cost your website bandwidth and slow down your web server. So we should block them by my self.
1. Block Special Url Request In .htaccess File.
If your website server run as a standalone server and do not use any CDN service, you can block such kind url requests in your website’s .htaccess file. This is so called local block.
- Run ssh command to login to your linux server.
ssh [email protected]_server_ip_address
- Go to your website root folder ( usually /home/your_user_name/public_html folder ).
- Run vim command to edit .htaccess file.
esc , ikey to enter input mode. Enter below content in .htaccess file.
# Block WordPress xmlrpc.php requests <Files xmlrpc.php> order deny,allow deny from all allow from xxx.xxx.xxx.xxx </Files>
esc, :, w, q, !key to save the changes and exit vim editor.
- The disadvantage of this method is that the spam traffic still arrive at your original web server, it can not improve web server speed and performance largely.
2. Block Special URL Request In CDN Server.
If your website use a CDN service ( for example CloudFlare ), you can block special url request by add a firewall rule in the CDN service. This can reduce your website spam traffic largely because the spam url request will never arrive at your website. This is so called cloud block.
2.1 Create CloudFlare Firewall Rule To Block Special Url Request.
- Login to your CloudFlare account.
- Click Firewall button at top navigation bar, then click Firewall Rules link under Firewall button.
- Click Create a Firewall rule button at right side to create a new firewall rule.
- Input a Rule name in the next page.
- Add one or multiple incoming requests match condition in When incoming requests match… area. Multiple incoming requests match condition can has And / Or relationship.
- In this example I select URI in Field drop down list, select Contains in Operator dropdown list and input /abc.php in Value input text box to create the first incoming request match condition.
- Then I click And button at the end of above request match condition and input another query string contains request match condition (Field(URI Query String), Operator(contains), Value(username)).
- Select Block from Choose an action drop down list at the bottom of the page.
- Click Deploy button to deploy the firewall rule.
- Now all the traffics that match above conditions will be blocked at CloudFlare side. This will reduce original web server traffic pressure and improve server speed and performance.