Recently we are having a lot of hits to wordpress xmlrpc.php which in end causes high load on the servers.
We tried rewriting all xmlrpc.php to 127.0.0.1 but didn't help much. Since apache was still handling the connections.
In the end we blocked this kind of connections using
iptables -I INPUT 1 -p tcp --dport 80 -m string --string "xmlrpc.php" --algo bm -j DROP
Unfortunately, all of this is causing problems with plugins that are using xmlrpc.php like jetpack etc.
Anyone had experience with this kind of problem and has some suggestions how to handle this ?
Edit:
Is it possible to add additional rule which would allow access from the wordpress IP range ? How would that rule look like since the blocking rule is using string ?
No comments:
Post a Comment