Customize error code 503 for locked out users

  • Resolved isradlt

    (@isradlt)


    9 months, 2 weeks ago

    Hi there,

    I currently have a few WordPress sites hosted on AWS Beanstalk environments and use Wordfence as a WAF in all of these sites. We have enabled the option to block IP addresses that try to log in more than 10 times with wrong credentials and this throws out 503 error codes to the visitors. I think this is the expected behavior, but the problem is that every time our webserver gets a 500 error, our Beanstalk treats this as a faulty web server and shows a warning in AWS console. This is just a warning but it’s a bit annoying to have this warning from time to time.

    Wordfence live traffic with 503 error codes:
    https://ibb.co/PcFY97r

    AWS Beanstalk complaining about these 50x errors:
    https://ibb.co/bKPJZW4

    I was looking at the Wordfence plugin code and I think I found how to customize this error code to something more useful in our case, like 403 or 404 errors, in these files:

    vendor/wordfence/wf-waf/src/lib/waf.php
    vendor/wordfence/wf-waf/src/lib/utils.php

    But I don’t know if there is another way to customize this code and make it persistent if we update Wordfence to newer versions, or if this is a feature I should request.

    Thanks!

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @isradlt, thanks for highlighting your use-case.

    We do have a case open to migrate our HTTP 503 response codes to 429 for temporary blocks/rate limiting and 403 for permanent. Due to the ever-shifting nature of priorities when it comes to threat detection, I’m never able to give release dates or updates on development here on the forum, but have passed your additional request to the team.

    We’re unable to support custom code changes to the plugin, although it’s important to note that any changes you do choose to make may be broken or reverted with future plugin updates.

    Thanks,
    Peter.

    p15h

    (@prestonwordsworth)

    @wfpeter, good to hear you have plans to migrate to the semantically more appropriate 429 for rate limiting. That’d be a most welcome improvement!

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.

Tags