Apache 2.4: Block access to xmlrpc.php of all domains

apache-2.4xmlrpc

I would like to block the access to xmlrpc.php

I created a file in

/etc/apache2/conf.d/block.conf

and added the following content:

<FilesMatch "(^\.|wp-config\.php|xmlrpc\.php|(?<!robots)\.txt|(liesmich|readme)\.*)"> 
Require all denied
</FilesMatch>

If I try any domain on the server I'm still getting access: example.com/xmlrpc.php

I would have expected an "Forbidden"-error.

Best Answer

Your syntax is correct but it seems directory /etc/apache2/conf.d not included in /etc/apache2/apache.conf. So either you can include this file with below syntax or move block.conf in directory /etc/apache2/conf-enabled which included in apache(ubuntu) by default.

open file /etc/apache2/apache2.conf in vim or your favroite editor and add below line at the end

Include /etc/apache2/conf.d/block.conf

Restart apache and check, it should be work

Related Solutions

Linux – WordPress and Apache 2.4 installation troubles: Cannot Serve Directory

It looks like you have forgotten DirectoryIndex.

This should be added to the <VirtualHost> serving WordPress.

DirectoryIndex index.php

Nginx deny all for location block not working as expected

The location block does not work because it does not process the /xmlrpc.php request. See this document for details.

Use the ^~ modifier or the = construct to raise the precedence of the location block (see this document for details):

location = /xmlrpc.php { ... }

Best Answer

Related Solutions

Linux – WordPress and Apache 2.4 installation troubles: Cannot Serve Directory

Nginx deny all for location block not working as expected

Related Topic