Reading a blog from the person that set up the website for Emmanuel Macron, I
came across this nginx tip. I would return 444 and add it to my user agent map.
But in the simplest form:
-
# Block WordPress Pingback DDoS attacks
if ($http_user_agent ~* "WordPress") {
ret
I take it you don't use a WAF of any kind i also think you should add it to
a MAP at least instead of using IF.
The WAF I use for these same rules is found here.
https://github.com/nbs-system/naxsi
The rules for wordpress and other content management systems are found
here.
http://spike.nginx-g
t sufficient.
Original Message
From: c0nw0nk
Sent: Saturday, May 20, 2017 3:36 AM
To: nginx@nginx.org
Reply To: nginx@nginx.org
Subject: Re: WordPress pingback mitigation
I take it you don't use a WAF of any kind i also think you should add it to
a MAP at least instead of using IF.
T
no
> apparent reason. Case in point, I had a referral from the al Aqsa
> Martyrs Brigade. Terrorists! And numerous porn sites, all
> irrelevant. So Naxsi alone isn't sufficient.
>
> Original Message
> From: c0nw0nk
> Sent: Saturday, May 20, 2017 3:36 AM
> To: nginx
l Aqsa
> > Martyrs Brigade. Terrorists! And numerous porn sites, all
> > irrelevant. So Naxsi alone isn't sufficient.
> >
> > Original Message
> > From: c0nw0nk
> > Sent: Saturday, May 20, 2017 3:36 AM
> > To: nginx@nginx.org
> > Reply To: nginx@
, all irrelevant. So Naxsi alone isn't
> sufficient.
>
> Original Message
> From: c0nw0nk
> Sent: Saturday, May 20, 2017 3:36 AM
> To: nginx@nginx.org
> Reply To: nginx@nginx.org
> Subject: Re: WordPress pingback mitigation
>
> I take it you don't use a WAF
e in point, I had a referral from the
> > > al Aqsa Martyrs Brigade. Terrorists! And numerous porn sites,
> > > all irrelevant. So Naxsi alone isn't sufficient.
> > >
> > > Original Message
> > > From: c0nw0nk
> > > Sent: Saturday, May 20, 2017 3:3
pbooth Wrote:
---
> Wow- I really like the sound of naxsi. In the past I've used F5's ASM,
> the WAF built on their big-ip platform. It was powerful though prone
> to false positives. I don't believe there are any real shortcuts that
> allow you t
t
know of any free exploit testers. Maybe the list can suggest a few.
Original Message
From: mex
Sent: Sunday, May 21, 2017 2:25 AM
To: nginx@nginx.org
Reply To: nginx@nginx.org
Subject: Re: WordPress pingback mitigation
pbooth Wrote:
--
