i want to secure /wp-admin directory from DDOS, so i thought that it would be good idea to block everybody with htaccess who dont have some special cookie (named ‘mzgtest’ with value ‘tak’). if somebody dont have this cookie should be redirected to /wp-admin/login subfolder
i wrote this .htaccess file (i located it in /wp-admin subfolder) rule:
RewriteCond %{HTTP_COOKIE} !mzgtest=tak [NC]
RewriteRule ^(.*)$ ./login/ [NC,L]
but it dosnt work. it works opposite. when this rule is set:
-
if somebody has cookie mzgtest=test, is redirected to /wp-admin/login subfolder
-
if somebody doesnt have this cookie, is redirected to /wp-admin/login but browser shows error 500
any idea how it should be written?
You’re getting 500 (internal error) because of infinite looping as Apache keeps forwarding to
/admin/login/. You need to set the cookie if it is not already set: