Rate Limiting for known vulnerable URL’s

  • Resolved Bev

    (@bstofko)


    4 years, 9 months ago

    The documentation for rate limiting describes a setting:

    If 404’s for known vulnerable URL’s exceed…
    If we detect a visitor who is sending a request that matches a known vulnerability scan or exploit and has other heuristics that match a hack attempt, then this counter is used. In general, you can set this to a low number like 15 per minute and set the option to “block.”

    https://www.wordfence.com/help/firewall/rate-limiting/

    I can’t find this on my options page. This is a useful rate limit that I would like to use. Could you please let me know if this is still available.

    Thank you for this plugin!

    • This topic was modified 4 years, 9 months ago by Bev.
Viewing 5 replies - 1 through 5 (of 5 total)

  • Hey @bstofko,

    Please navigate to Wordfence > All Options > Rate Limiting, this is where you’ll find the If a crawler’s pages not found (404s) exceed feature.

    Thanks!

    Gerroald

    Thread Starter Bev

    (@bstofko)

    I had hoped the setting for 404’s for known vulnerable URL’s was still available, and I would set it to block after one attempt. I would not want a 404 on a valid page to cause a block.

    Hey @bstofko,

    My apologies, you’re correct. This feature has been removed. We’ve added a report to ensure we update the docs.

    It was a legacy feature that has a small list of rules that was made obsolete when we released the WAF. Once the WAF was released it wasn’t being updated, and was eventually removed.

    So in short, you’re in under much better protection with the WAF.

    Thanks,

    Gerroald

    Thread Starter Bev

    (@bstofko)

    Is there a way I can immediately lock out users that try to access vulnerable URL’s? For example, I see a lot of the following in the live traffic:

    … blocked by firewall for Directory Traversal – wp-config.php in query string: files=..%2F..%2F..%2F..%2Fwp-config.php

    I would want anyone attempting access like this to be locked out of ALL access for several days. Right now it looks like they are still allowed in even though it is obvious they are attempting to hack in.

    Plugin Support wfphil

    (@wfphil)

    Hi @bstofko,

    You can block IP addresses if you wish but you may decide against doing that based on the large amount of time you will spend doing it and because of the nature about how attacks take place described in the additional article in the documentation below:

    https://www.wordfence.com/help/blocking/#ip-address

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Rate Limiting for known vulnerable URL’s’ is closed to new replies.