htaccess – block traffic WITH specific get request

2 Views

I’m being hit with a get request up to 20 times a second. This is a wordpress site, here is an attached apache log

108.162.216.170 - - [24/Jun/2014:16:42:26 -0700] "GET /?edd_action=check_license&license=506e284d78dyd7dyd5d4d3f07d&item_name=FILE+Name HTTP/1.1" 200 526 "-" "WordPress/3.9.1; http://soomaalidamaanta.net"

Read More

Here is my htaccess, but I’m not having luck blocking it. 

RewriteEngine on
Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} soomaalidamaanta.com [NC,OR]
RewriteCond %{HTTP_REFERER} soomaalidamaanta.net
RewriteRule .* - [F]

order allow,deny
deny from 68.171.211.157
allow from all

RewriteEngine On
RewriteCond %{QUERY_STRING} /?edd_action=check_license&license=506e284d78dyd7dyd5d4d3f07d&item_name=FILE+Name [NC]
RewriteRule .* - [F]`
Post Views: 2

Related posts

Leave a Reply

3 comments

  1. Tweak your 2nd block rule’s regex like this:

    RewriteCond %{QUERY_STRING} edd_action=check_license&license=506e284d78dyd7dyd5d4d3f07d&item_name=FILE [NC]
RewriteRule ^ - [F]

  2. I’d change the first rule to:

    RewriteCond %{THE_REQUEST} soomaalidamaanta [NC]
RewriteRule ^ - [F]

    and drop the second rule.

    • Since soomaalidamaanta is in the request, it looks to me like you don’t need the second rule.
    • No need to check for .net or .com, the one conditions finds it either way
    • In the rule, ^ is enough, no need for the .*

  3. I ended up finding out how to block by user agent, and since this user agent specified the site in question, I blocked it and it’s working now.

    RewriteEngine On
#RewriteCond %{HTTP_USER_AGENT} Chrome [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} soomaalidamaanta [NC] 
RewriteRule .* - [F]