Results 1 to 3 of 3

Thread: Forbid serverwide access to xmlrpc.php

  1. #1
    Join Date
    Jul 2008
    Location
    Maastricht
    Posts
    2,969

    Forbid serverwide access to xmlrpc.php

    I stumbled on this solution, which is to be put in the httpd.conf file of apache (I don't have nginx).
    Code:
    <FilesMatch "^(xmlrpc\.php|wp-trackback\.php)">
    Order Deny,Allow
    Deny from all
    </FilesMatch>
    What is the best way to do this?
    Copy a httpd.conf to /usr/local/directadmin/custombuild/custom/ap2 and then put this code somewhere in there? If yes where is the best place to put it in the config?

    If no, what is a better solution?
    Greetings, Richard.

  2. #2
    Join Date
    Aug 2015
    Posts
    27
    Same question, but then for Apache with nginx as reverse proxy.

    Do I need to put in httpd.conf. file as or this

    Code:
    location = /xmlrpc.php {
    	deny all;
    	access_log off;
    	log_not_found off;
    }
    in nginx.conf file?

  3. #3
    Join Date
    Jul 2008
    Location
    Maastricht
    Posts
    2,969
    Looks to me the nginx.conf as I found on the same site I found my code:
    5. Blocking access in nginx
    If you are running nginx instead of Apache you should add this code to your nginx configuration:
    server {
    location = /xmlrpc.php {
    deny all;
    }
    }
    Greetings, Richard.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •