Throttling / request rate limit for certain locations?

[ravanhagen]

Hi, is it possible to throttle (per client) requests for certain files or locations (for example wp-longin.php or xmlrpc.php) as a simple means to block basic brute force attacks?

I only found documentation on general throttling against ddos but not anything more specific. Thanks for any info

 

[Cold-Egg]

Maybe something like fail2ban and CrawdSec may help.

We added fail2ban to the ols1clk script a few days ago, and it's mainly to protect wp-login.php and xmlrpc.php from multiple POST requests. Feel free to adjust the fail2ban config to match your goal.

 

[ravanhagen]

Ok, thanks... As far as I remember, Fail2ban is IPv4 only, right? Or has that changed?

 

[Cold-Egg]

According to Fail2Ban GitHub note, IPv6 support is implemented in version 0.10