HEX
Server: Apache
System: Linux msm5694.mjhst.com 3.10.0-1160.119.1.el7.x86_64 #1 SMP Tue Jun 4 14:43:51 UTC 2024 x86_64
User: camjab_ssh (1000)
PHP: 5.3.29
Disabled: NONE
$ pwd: /etc/httpd/active_rules/
Upload Files
File: //etc/httpd/active_rules/wp-xmlrpc-post.conf
# Blocks excessive xmlrpc.php POSTs
<Location /xmlrpc.php>
# Setup brute force detection.
ErrorDocument 406 "Error 406...IP block temporarily for too many requests"
# React if block flag has been set.
SecRule IP:bf_block "@gt 0" "phase:2,deny,status:406,log,msg:'ip address blocked for 3 minutes, more than 4 posts in 30 seconds.',id:'99999987'"

# Setup Tracking for successful posts (status 200)
SecRule REQUEST_METHOD "@streq POST" "phase:5,chain,t:none,nolog,pass,id:'99999988'"
SecRule RESPONSE_STATUS "^200" "setvar:IP.bf_counter=+1,deprecatevar:IP.bf_counter=1/20"
SecRule IP:bf_counter "@ge 4" "t:none,setvar:IP.bf_block=1,expirevar:IP.bf_block=180,setvar:IP.bf_counter=0,id:'99999989'"
</Location>
@ Telegram