Block URL that does not exist on website

4cool.abhishek4 · July 10, 2023, 5:40am

Hello All,

My website was DDOS-attacked. And the attack is still active after 7 days. My resources are overloaded. I have already implemented the important steps. Now what I want to do is create one firewall rule for the URL that does not exist on my website. Here are the few examples which attacker is visiting:

/1220045x8wxged55k3wwkg/1220045x8wxged55k3wwkg-1220045x8wxged55k3wwkg/
/rrer4545009n8df83vsfb736ab5/545009n8df83vsfb736ab5/
/139020fxryx92uvhy9n4bk/
/7687hghas878/
/nmbgjd89/dklkl0784

…and million more.

Help me create firewall rule to block all these.

domjh · July 10, 2023, 1:05pm

You can’t specify this directly due to the nature of firewall rules, if there is a pattern you could try to use RegEx (on Business or above).

In general, this may help:

4cool.abhishek4 · July 10, 2023, 2:28pm

The attacker is visiting URLs that do not have .html in them. And I am using WordPress, and I know all the urls, posts, categories, and tags of my website.

I am publishing content on my website from the year 2015.

My post URL format is : mywebsite. com/2015/11/postname.html
Tag Format is: mywebsite .com/tag/tagname
Category Format is: mywebsite .com/category/categoryname

I tried creating a rule like:

If URL Path Does Not Contain /2015/ OR
If URL Path Does Not Contain /2016/ OR
If URL Path Does Not Contain /2017/ OR
If URL Path Does Not Contain /2018/ OR
If URL Path Does Not Contain /2019/ OR
If URL Path Does Not Contain /2020/ OR
If URL Path Does Not Contain /2021/ OR
If URL Path Does Not Contain /2022/ OR
If URL Path Does Not Contain /2023/ OR
If URL Path Does Not Contain /tag/ OR
If URL Path Does Not Contain /category/ OR
If URL Path Does Not Contain .html

Then Take Action Block.

But when I apply this rule, all URLs or full websites get blocked. Even the ones that I mentioned in the condition are also inaccessible. Am I making any mistake in creating condition ?
I think if I apply this condition, the attack will stop because he is not targeting any post, tag, or category URL. He is attacking /wp* URLs, /sitemap.xml, and random URLs like /jhdj323233/, /8283bjbjjdsd/sdsdsd/.

domjh · July 10, 2023, 2:54pm

I believe with the expression you are creating there you want AND not OR, if uri parth does not contain x and does not contain y and does not contain z then block.

jnperamo · July 11, 2023, 3:01pm

You could try “allowlisting” all the paths of your website with a firewall rule (with many OR cases), however, that’d be very tedious.

If you are subscribed to the business or ent plan, you can create custom counters on rate limit rules that would allow you to only throttle requests that trigger a lot of 404s on your website.

4cool.abhishek4 · July 11, 2023, 3:24pm

Not working.
If URL Path Does Not Contain /2022/ AND
If URL Path Does Not Contain /2023/ AND
If URL Path Does Not Contain .html
Then Block.
Not working

cbrandt · July 11, 2023, 4:17pm

In what sense? Is it still blocking everything? Or not blocking enough?

Does your homepage also end with .html?
How about category, tag and date archives pages?

For example, do you have:
example.com/category/some-category/ or
example.com/category/some-category.html?

You should also not block any path starting with /wp-, as these are essential to a WordPress. This exception would include files like /wp-content/.../file.img and all static files, as well as requests you theme/plugins may make to WP’s REST API (/wp-json/...). Use the operator 'Does not start withinstead ofDoes not contain`.

system · July 26, 2023, 4:18pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.