Forbid serverwide access to xmlrpc.php

[Richard G]

@Alex: Thank you for the better code and the confirmation.

@John: Thank you for the fix.

 

[shivahost]

the bug for pre file is fixed in 1.56.4

No what is the best solution? detailed please!

 

[Richard G]

IMHO best solution for a server wide block without exceptions is the one which zEitEr gave in post #39.
Reason: This prevents the possibility for a user bypassing the block by accident by using a <Files *> deny,allow in a .htaccess file.

 

[ReN]

This should work in *.4.post:

        <Location ~ "/xmlrpc.php">
                Order allow,deny
                Deny from all
                ErrorDocument 403 "Sorry, you are not allowed to view this page!"
        </Location>

p.s. Confirmed: *.pre templates does not work on my end too, both for Nginx and Apache.

Hi guys , can i just get some extra info regarding this, Where exactly does the above info go , add does the user configs need to be rewritten or apache reinstalled etc etc

TY

 

[Richard G]

It's mentioned here:
https://www.directadmin.com/features.php?id=2158

Next to that it's also explained on the previous page, specially in post #27 on how to do this.

The only thing after creation of the files is to use the ./build rewrite_confs command from the custombuild directory.

 

[balhear]

I have seen examples for implementing this on Apache/Nginx servers here: https://help.poralix.com/articles/how-to-block-access-to-xmlrpc-php-serverwide-on-directadmin.
But, is this achievable on OpenLiteSpeed through the usage of custom templates? How should we proceed in order to accomplish it? Any clue will be wellcome. Thanks in advance.

 

[frog9394]

Hello,

We use this:

        <Files xmlrpc.php>
            Order allow,deny
            Deny from all
            ErrorDocument 403 "Sorry, you are not allowed to view this page!"
        </Files>

it gives no page hit.

It works perfectly on my server. Thanks Alex!