• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Trying to block direct access to a drupal URL

R

Richard Grevers

New Pleskian
[Resolved] Trying to block direct access to a drupal URL

I have a problem with one URL on my server getting 250,000+ hits a month from spambots trying to register for the site. Although we are using a Drupal 7 module to detect and ignore those bots, that still results in the site serving two full pages to each one, which is exceeding our International Traffic Quota and costing $$
I've put
Code: 
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?permaculture\org\nz/ [NC]
RewriteRule ^user/register - [L,F]

in the domain's vhost.conf and run the updater, but direct requests or links from other sites are still working. I'm trying to figure whether that's a Plesk problem, a Drupal problem or some combination.

(Plesk Panel 10.4.4. on CentOS/Apache)
 
Last edited:
you seem to be missing a . before the org and the nz.

Also this doesn't belong in vhost.conf, it belongs in an .htaccess - maybe that's the problem?
 
Hi,
I forgot I had posted about this in this forum as well.

Faris Raouf said:
you seem to be missing a . before the org and the nz.

Also this doesn't belong in vhost.conf, it belongs in an .htaccess - maybe that's the problem?
Click to expand...

Yes, I spotted the dot problem - and then once I realised the directory didn't exist I moved it to the Virtual URL rewriting block in the .htaccess

In the end the attacks turned out to be more widespread, and we've put the site on Cloudflare.
 
You must log in or register to reply here.

Similar threads

brother4
Question Best way to block direct PHP file access and ensure .htaccess rules are always applied with Nginx as a reverse proxy?
Replies
1
Views
991
brother4
brother4
T
Question Fail2ban trying to setup a rule to ban ai bots
Replies
4
Views
3K
Bitpalast
Bitpalast
C
Question Who or what is changing my htaccess file
2
Replies
21
Views
12K
roban
R
R
Question Blocking access to wp-admin with nginx directive
Replies
0
Views
2K
Rooked
R
T
Issue Host settings and htaccess behavior in nginx proxy mode
Replies
3
Views
3K
Peter Debik
P
Back
Top