WordPress.org

Support

Support » How-To and Troubleshooting » [Resolved] Using .htaccess to prevent DDOS attack not working with Permalinks

[Resolved] Using .htaccess to prevent DDOS attack not working with Permalinks

  • We have become victim of a vicious DDOS attack.

    Thankfully, they should be easily removed as they are GET requests with the string ?ptrxcz appended to end of the URL.

    With this in mind we have set up rules to give 403 permission error pages to requests that fulfil this using .htacess. The trouble is these don’t appear to work with permalinks installed also.

    Here is my full .htaccess file as it is.

    RewriteEngine On
    RewriteCond %{QUERY_STRING} ^ptrxcz.*$
    RewriteRule (.*) – [F]

    # BEGIN WordPress

    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ – [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>

    # END WordPress

    The beggining part is redirecting users with ptrxcz to the 403 page. This works perfectly if I remove the WordPress rules underneath it, but with them included it just never works.

    Frustratingly using a negative regex with the QUERY_STRING search works in reverse correctly (blocking everything except request with the query string, as so:

    RewriteCond %{QUERY_STRING} !^ptrxcz.*$

    Note the added !

    Does anyone have any idea:

    1. Why it doesnt work with permalinks
    2. How I can make it work with permalinks
    3. Why a negative regex works but not a positive one.

    Thanks for any help

Viewing 1 replies (of 1 total)
  • I have solved my own issue replacing QUERY_STRING with THE_REQUEST and this now works fine and does exactly as I want!

Viewing 1 replies (of 1 total)
  • The topic ‘[Resolved] Using .htaccess to prevent DDOS attack not working with Permalinks’ is closed to new replies.
Skip to toolbar