2

I have a wordpress blog setup with nginx. I keep seeing this

80.82.64.220 - - [10/Nov/2016:08:21:48 +0000] "POST /xmlrpc.php HTTP/1.0" 499 0 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"

It's one request per second. So I tried denying access to the xmlrpc.php through nginx conf file.

 location /xmlrpc.php {
    deny all;
    access_log off;
 }

I tail the access file and can see it's still being accessed. No idea why. I try a curl from my dev machine with random params and I get an xml file. I don't know why I'm getting an xml file.

I notice that all request are from the same server. So I think let's just block the ip so I do

sudo ufw deny from 80.82.64.220

I check the status and it does show the rule is added. I tail the access file and I can still see that the file is being accessed.

All the changes in firewall and nginx config file including the access log file are on my actual server. This server sits behind a nginx reverse proxy. The reverse proxy's access log doesn't have this access log so I am guessing, the main server is being accessed directly.

But how is the file still being accessed?

nupac
  • 227
  • 1
  • 3
  • 12
  • If you do read the description, it's not really about xmlrpc file, it's about nginx and firewall rules not working for some reason – nupac Nov 10 '16 at 08:52
  • There are lots of answers in that search about how to block access to the xmlrpc file. – user9517 Nov 10 '16 at 08:59
  • yes it does, if you read the description of this question, you'll see that the actual issue has nothing to do with xmlrpc file and has everything to do with ufw and nginx – nupac Nov 10 '16 at 09:06
  • I changed the question title so it better represents the problem – nupac Nov 10 '16 at 09:15

1 Answers1

3

The location block does not work because it does not process the /xmlrpc.php request. See this document for details.

Use the ^~ modifier or the = construct to raise the precedence of the location block (see this document for details):

location = /xmlrpc.php { ... }
Richard Smith
  • 12,834
  • 2
  • 21
  • 29