DDoS attack on Sitemap.xml not being blocked by WF

  • Resolved Tommo

    (@5dt)


    4 years, 6 months ago

    Hi,

    Over the last 24 hours a DDoS attack has been underway specifically targeting my sitemap.xml file – multiple IPs loading the xml file thousands of times every few minutes.
    For some reason Wordfence does not seem to be rate limiting these IPs?
    I’m trying to manually block them in HTaccess in the meantime, which works, but of course the attack will switch IP address as it realises its been blocked.

    How to get Wordfence to automatically block IPs that try to access sitemap more than a few times a minute?
    And, has anyone else had this sort of attack? Nothing in the forum history that I could find.
    Thanks

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
  • Plugin Support wfphil

    (@wfphil)

    Hi @5dt

    Wordfence can’t block or rate limit access to the sitemap.xml file because the web server can immediately serve that file without the need for WordPress to be loaded.

    Server level blocking that you have been doing will resolve it as you have found.

Viewing 1 replies (of 1 total)
  • The topic ‘DDoS attack on Sitemap.xml not being blocked by WF’ is closed to new replies.