Questions about blocking

  • Resolved gamesprogrammist

    (@gamesprogrammist)


    2 years, 12 months ago

    Hi, I have been working with Wordfence recently and I have a lot of questions:

    1) Is it possible to speed up the blocking and data collection somehow? For example, “15 pages from the user in a minute” actually blocks 40 pages after 5 minutes and that’s not a fact. Is it possible, for example, to view the number of pages in 30 seconds or less? And block not in 5 minutes, but immediately then.
    2) When blocking “Rate Liming”, can I send the user to another site (redirection) so as not to load my own? Redirection as in “Blocking Options” -> “Advanced Country Blocking Options”.

    In fact, because of these two issues, my site does not withstand a small ddos attack (up to 1 Gb/s). When DoS is sent to the same site, the server load continues to grow, the site slows down and the host scolds me.
    I will be glad to hear your answer.

Viewing 6 replies - 1 through 6 (of 6 total)

  • Hi @gamesprogrammist

    Thanks for reaching out!

    I can definitely help answer your questions.

    You can use Rate Limiting to determine how many pages a human or crawler can access in a given amount of time.

    You can limit the amount of traffic that attempts to hit your site with our Rate Limiting Rules on the Firewall Options page. This configures how crawlers and humans are treated.

    I generally set my Rate Limiting Rules to these values to start with:
    Rate Limiting Screenshot

    • If anyone’s requests exceed – 240 per minute
    • If a crawler’s page views exceed – 120 per minute
    • If a crawler’s pages not found (404s) exceed – 60 per minute
    • If a human’s page views exceed – 120 per minute
    • If a human’s pages not found (404s) exceed – 60 per minute
    • How long is an IP address blocked when it breaks a rule – 30 minutes

    I also always set the rule to Throttle instead of Block. Throttling is generally better than blocking because any good search engine understands what happened if it is mistakenly blocked and your site isn’t penalized because of it. Make sure and set your Rate Limiting Rules realistically and set the value for how long an IP is blocked to 30 minutes or so.

    Remember there is no hard and fast, one size fits all set of rules for every site. This is just a good place to start. During an attack you may want to make those rules stricter. If you see visitors, like search engine crawlers getting blocked too often, you might want to loosen them up a little.

    Unfortunately, the Rate Limiting feature does not allow for redirects after a user has been blocked.

    Country Blocking is a premium feature, and we aren’t allowed to discuss any of the premium features here as per forum rules.

    If you have any questions regarding the premium version feel free to put in a support ticket at https://support.wordfence.com or for more information contact presales @ wordfence . com.

    Please let me know if you have any other questions and I will be happy to help!

    Thanks,

    Joshua

    Thread Starter gamesprogrammist

    (@gamesprogrammist)

    I am very glad of your answer, @wfjoshc

    I have slightly aggressive settings and it works for real users, it’s a pity that it’s impossible to do what I wrote in my questions. Unfortunately, during a test check of the site (DDoS 1 Gb/s), he just went into himself. The plugin did not register attacking IP addresses (https://imgur.com/gallery/mEXw2sl). There was only me and the attack was from 21:42 to 21:48. The Firewall did not block anyone, the server response was instead 31 ms -> 2142 ms and the site took a relatively long time to load. With a real attack, the site would have gone down and I would have cried bitterly ??

    What should I do then in my case?
    I will be glad of your answer :3

    Hi @gamesprogrammist

    Thanks for getting back to me!

    Can you send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence > Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

    NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email

    This will allow us to further take a look at what is happening.

    Thanks,

    Joshua

    Thread Starter gamesprogrammist

    (@gamesprogrammist)

    Hi, @wfjoshc
    How glad I am to receive your messages ??
    I have sent a diagnostic message according to your instructions.
    I’m looking forward to the news ??

    Hi @gamesprogrammist

    Wordfence is not meant to be an anti-DDoS tool. Since it is a PHP application, it can’t stop large amounts of traffic from overwhelming the server.

    Wordfence’s rate limiting can help prevent some resource usage if the server is fast enough, but if the server can’t keep up with traffic, then the data Wordfence tries to save to track each IP’s rate limit can’t be saved.

    Since you are unable to control who attacks the site, you should ensure that the server runs smoothly. Apache or nginx settings can be tuned to prevent too many web server or PHP processes from starting at once, which might make the server slow to respond or drop some requests, but still it should still remain functional without restarting or running out of memory.

    The URL /404 test won’t be blocked by the firewall as that is not an attack as far as our plugin is concerned as the request is not inherently malicious.

    If you are worried about DDoS attacks, you could look into an external proxy like Cloudflare that prevents most DoS traffic from reaching your server.

    Please let me know if you have any other questions and I will be happy to help!

    Thanks,

    Joshua

    Thread Starter gamesprogrammist

    (@gamesprogrammist)

    Thank you, no more questions.
    Have a nice day :3

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Questions about blocking’ is closed to new replies.

Tags