I'm trying to block requests from bots by pattern glitter_calendar on apache.
Prehistory. My server is heavily accessed by bots. The request URI is ...glitter_calendar.. The wordpress returns 404. The server even goes down once a week. I tried blocking them with Fail2ban. Without success. The server load doesn't go down and I get new hosts appearing in my iptables block-rule constantly.
In my .htaccess I am trying to add a block rule by pattern glitter_calendar:
# BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # END WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{THE_REQUEST} ^.*(wpdffcontent)|(glitter_calendar)|(mp4:).* [NC] RewriteRule ^(.*)$ - [F,L] </IfModule> <Files xmlrpc.php> Order Deny,Allow Deny from all </Files> Found similar questions. Links:
- https://stackoverflow.com/questions/4640807/how-to-block-bot-requests-to-urls-that-match-a-common-pattern-in-apache/4640865#4640865
- https://perishablepress.com/eight-ways-to-blacklist-with-apaches-mod_rewrite/
My mod rewrite doesn't seem to work. I get Error 404 Not Found inside wordpress, not by means of apache.
Module mod_rewrite is turned on:
# httpd -M ... Loaded Modules: ... rewrite_module (shared) ... The virtual host configuration is managed with virtualmin. How do I fix this?
Part of httpd.conf:
... LoadModule rewrite_module modules/mod_rewrite.so ... <VirtualHost x.x.x.x]:80> SuexecUserGroup "#505" "#504" ServerName example.com ServerAlias www.example.com ServerAlias webmail.example.com ServerAlias admin.example.com ServerAlias autoconfig.example.com ServerAlias autodiscover.example.com DocumentRoot /home/example/public_html ErrorLog /var/log/virtualmin/example.com_error_log CustomLog /var/log/virtualmin/example.com_access_log combined ScriptAlias /cgi-bin/ /home/example/cgi-bin/ ScriptAlias /awstats/ /home/example/cgi-bin/ ScriptAlias /AutoDiscover/AutoDiscover.xml /home/example/cgi-bin/autoconfig.cgi ScriptAlias /Autodiscover/Autodiscover.xml /home/example/cgi-bin/autoconfig.cgi ScriptAlias /autodiscover/autodiscover.xml /home/example/cgi-bin/autoconfig.cgi DirectoryIndex index.html index.htm index.php index.php4 index.php5 <Directory /home/example/public_html> Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI allow from all AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch AddType application/x-httpd-php .php AddHandler fcgid-script .php AddHandler fcgid-script .php5 FCGIWrapper /home/example/fcgi-bin/php5.fcgi .php FCGIWrapper /home/example/fcgi-bin/php5.fcgi .php5 </Directory> <Directory /home/example/cgi-bin> allow from all AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch </Directory> RewriteEngine on RewriteCond %{HTTP_HOST} =webmail.example.com RewriteRule ^(.*) https://example.com:20000/ [R] RewriteCond %{HTTP_HOST} =admin.example.com RewriteRule ^(.*) https://example.com:10000/ [R] RemoveHandler .php RemoveHandler .php5 php_admin_value engine Off FcgidMaxRequestLen 1073741824 Alias /dav /home/example/public_html Alias /pipermail /var/lib/mailman/archives/public <Location /dav> DAV on AuthType Basic AuthName "example.com" AuthUserFile /home/example/etc/dav.digest.passwd Require valid-user ForceType text/plain Satisfy All RemoveHandler .php RemoveHandler .php5 RewriteEngine off </Location> <Files awstats.pl> AuthName "example.com statistics" AuthType Basic AuthUserFile /home/example/.awstats-htpasswd require valid-user </Files> RedirectMatch /cgi-bin/mailman/([^/\.]*)(.cgi)?(.*) https://example.com:10000/virtualmin-mailman/unauthenticated/$1.cgi$3 RedirectMatch /mailman/([^/\.]*)(.cgi)?(.*) https://example.com:10000/virtualmin-mailman/unauthenticated/$1.cgi$3 php_value memory_limit 32M IPCCommTimeout 41 Redirect /mail/config-v1.1.xml /cgi-bin/autoconfig.cgi Redirect /.well-known/autoconfig/mail/config-v1.1.xml /cgi-bin/autoconfig.cgi </VirtualHost> 
