If your server is experiencing frequent XML-RPC attacks, blocking access to the xmlrpc.php file server-wide is an effective solution. You can block these requests globally and allow specific websites to use XML-RPC only if needed. Follow the steps below to configure this using the cPFence Web Application Firewall (WAF).
Step 1: Block xmlrpc.php Globally
-
Edit the WAF configuration file:
/opt/cpfence/user-config/cpfwaf/whitelist_ols.conf-
Add the following rule to block
xmlrpc.phpglobally:
SecRule REQUEST_URI "@streq /xmlrpc.php" "id:6001,phase:1,deny,status:403,msg:'Blocking access to xmlrpc.php - cPFence'"-
Apply the changes by running the following command:
/opt/cpfence/app/cpfcronThis will block all XML-RPC requests globally across your server.
Step 2: Enable XML-RPC for Specific Websites (Optional)
If certain websites on your server need access to XML-RPC, you can configure the WAF to allow xmlrpc.php for those domains by adding the following rule:
SecRule REQUEST_HEADERS:Host "@streq example.com" "id:6002,phase:1,pass,nolog,ctl:ruleRemoveById=6001"Replace example.com with the actual domain name. Ensure that each rule has a unique ID (e.g., 6003, 6004).
/opt/cpfence/app/cpfcronThis will allow specific domains to bypass the global block while keeping xmlrpc.php disabled for other websites.
Need Further Assistance?
If you encounter any issues or need additional help, feel free to reach out to our support team via your client portal.
