| Linux hosting5.siteguarding.com 3.10.0-962.3.2.lve1.5.88.el7.x86_64 #1 SMP Fri Sep 26 14:06:42 UTC 2025 x86_64 Path : /etc/apache2/conf.d/modsec/ |
| Current File : //etc/apache2/conf.d/modsec/modsec2.user.conf |
<FilesMatch "xmlrpc.php"> </FilesMatch> # These rules are designed to be effective versus /distributed/ brute force # attacks. While they will function just as well against attacks which are # /not distributed/ they will deny access to all XML-RPC method calls # namespaced with the prefix "wp." # # An IP-based version of these rules may be more appropriate for sites which # attacked from just a few distinct IP addresses. # # See http://alzabo.io/modsecurity/2014/09/15/wordpress-xml-rpc-brute-force.html # for additional information # # SecDataDir is probably better configured as something other than # /tmp. It merely needs to be a directory to which the web server # daemon can write SecDataDir /tmp SecResponseBodyAccess On SecResponseBodyLimitAction ProcessPartial SecResponseBodyMimeType text/xml # SecStreamInBodyInspection requires ModSecurity 2.6.0 or greater SecStreamInBodyInspection On <FilesMatch "xmlrpc.php"> </FilesMatch>