Using .htaccess to prevent DDOS attack not working with Permalinks
-
We have become victim of a vicious DDOS attack.
Thankfully, they should be easily removed as they are GET requests with the string ?ptrxcz appended to end of the URL.
With this in mind we have set up rules to give 403 permission error pages to requests that fulfil this using .htacess. The trouble is these don’t appear to work with permalinks installed also.
Here is my full .htaccess file as it is.
RewriteEngine On
RewriteCond %{QUERY_STRING} ^ptrxcz.*$
RewriteRule (.*) – [F]# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule># END WordPress
The beggining part is redirecting users with ptrxcz to the 403 page. This works perfectly if I remove the WordPress rules underneath it, but with them included it just never works.
Frustratingly using a negative regex with the QUERY_STRING search works in reverse correctly (blocking everything except request with the query string, as so:
RewriteCond %{QUERY_STRING} !^ptrxcz.*$
Note the added !
Does anyone have any idea:
1. Why it doesnt work with permalinks
2. How I can make it work with permalinks
3. Why a negative regex works but not a positive one.Thanks for any help
- The topic ‘Using .htaccess to prevent DDOS attack not working with Permalinks’ is closed to new replies.