comotion
commented
8 years ago Hi, what is actually happening with the code you have specified is that all IP's are throttled at 45 req/s, but only rejected if they hit the xmlrpc code. This is because that is the order in which the if expression is evaluated.
You'll need to configure your vcl such that the throttling is done more selectively, ie:
if (req.url ~ "xmlrpc.php|wp-login.php") {
if (throttle.is_allowed("ip:" + req.http.X-Actual-IP + ":floods:" + req.url, "45req/s) {
error 429 "Calm down";
shield.conn_reset();
}
}
Note that I've moved the is_allowed() call inside the url check, and that the throttle string includes the url as well as the ip; thus you get a per-url per-ip throttle.
more on this in the throttle vmod docs here: https://github.com/nand2/libvmod-throttle
Hello, I want to block xmlrpc and wp-login requests only for IP that floods and exceed the requests in secon, but when other people from other IPs opens the wp-login.php to be not affected as it's not. This is my configuration as it should be only per IP, but the limits actually are for all IPs that opens wp-login:
if(throttle.is_allowed("ip:" +req.http.X-Actual-IP, "45req/s") > 0s && (req.url ~ "xmlrpc.php|wp-login.php")) { error 429 "Calm down"; shield.conn_reset(); }
My question is why and how can I change it so the blocked IP to be only the ip that exceeds the requests, not all IP that opens wp-login.php. Thank you in advance.