Recently we are having a lot of hits to wordpress xmlrpc.php which in end causes high load on the servers.
We tried rewriting all xmlrpc.php to 127.0.0.1 but didn't help much. Since apache was still handling the connections.
In the end we blocked this kind of connections using
iptables -I INPUT 1 -p tcp –dport 80 -m string –string "xmlrpc.php" –algo bm -j DROP
Unfortunately, all of this is causing problems with plugins that are using xmlrpc.php like jetpack etc.
Anyone had experience with this kind of problem and has some suggestions how to handle this ?
Edit:
Is it possible to add additional rule which would allow access from the wordpress IP range ? How would that rule look like since the blocking rule is using string ?
Best Answer
The firewall rule you described has 2 issues:
You should make some rate-limits for it rather than just blocking everything.
Using the string module in the firewall is not very wise due to performance reasons.
Your best choice is to put HAProxy in front of Apache. You can take a look at my answer in this post for more details on how to do it and why.