WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Using .htaccess to prevent DDOS attack not working with Permalinks (2 posts)

  1. Peter Featherstone
    Member
    Posted 1 year ago #

    We have become victim of a vicious DDOS attack.

    Thankfully, they should be easily removed as they are GET requests with the string ?ptrxcz appended to end of the URL.

    With this in mind we have set up rules to give 403 permission error pages to requests that fulfil this using .htacess. The trouble is these don't appear to work with permalinks installed also.

    Here is my full .htaccess file as it is.

    RewriteEngine On
    RewriteCond %{QUERY_STRING} ^ptrxcz.*$
    RewriteRule (.*) - [F]

    # BEGIN WordPress

    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>

    # END WordPress

    The beggining part is redirecting users with ptrxcz to the 403 page. This works perfectly if I remove the WordPress rules underneath it, but with them included it just never works.

    Frustratingly using a negative regex with the QUERY_STRING search works in reverse correctly (blocking everything except request with the query string, as so:

    RewriteCond %{QUERY_STRING} !^ptrxcz.*$

    Note the added !

    Does anyone have any idea:

    1. Why it doesnt work with permalinks
    2. How I can make it work with permalinks
    3. Why a negative regex works but not a positive one.

    Thanks for any help

  2. Peter Featherstone
    Member
    Posted 1 year ago #

    I have solved my own issue replacing QUERY_STRING with THE_REQUEST and this now works fine and does exactly as I want!

Topic Closed

This topic has been closed to new replies.

About this Topic