WordPress xmlprc.php DDoS and brute-force attacks. How to identify, block, mitigate and leverage these xmlrpc.php scans, brute-force, and user enumeration attacks on WordPress sites… Secure WordPress xmlprc.php interface and reduce service disruption.
Tag: web.config

Remove IIS Server version HTTP Response Header
Remove HTTP response headers in Windows Server IIS 10 and ASP.NET because Windows Server IIS loves to tell the world that a website runs on IIS. It does so with the Server header in the HTTP response. Here is how w to remove Server and other HTTP response headers in Windows Server IIS and ASP.NET. Using web.config files. You don’t want to give hackers too much information about your servers, heh? ;-)

IIS Outbound Rules with gzip compression
Learn how to use URL Rewrite Outbound Rules in IIS, to offload content from a different server or host name. This way IIS with URL Rewrite acts as a reverse proxy. Add gzip compression to the mix, and this will improve website performance. In this post, I’ll also show you how to fix the URL Rewrite Module error “Outbound rewrite rules cannot be applied when the content of the HTTP response is encoded (“gzip”).” in IIS.

Block WordPress comment spammers manually
Learn to block WordPress comment spammers manually. The less spammers hit your WordPress blog, the better your blog performs, is one of my opinions. A second is, the less unnecessary plugins you use on your WordPress blog, the better. So, a little while ago I decided to remove plugins like Stop Spammer Registration Plugin and do its work myself. Here is why & how.
WordPress 3.5 on IIS 8.0 is unable to save a web.config file
WordPress 3.5 on IIS 8.0 is unable to save a web.config file because of a hard IIS version check in wp-includes/vars.php. Quick fix available here.
Convert .htaccess to web.config
This post describes some of the IIS URL Rewrite Module web.config equivalents of commonly used Apache .htaccess settings. This is useful when you convert your Apache .htaccess to IIS web.config. The second part of this post outlines how to use Internet Information Services Manager to import and convert .htaccess rules to web.config.

"The length of the URL for this request exceeds the configured maxUrlLength value"
Learn how to increase IIS’ maximum URL length value to resolve the IIS and ASP.NET error message “The length of the URL for this request exceeds the configured maxUrlLength value”. The Windows Server IIS maximum URL length is defined by the HttpRuntimeSection.MaxUrlLength property. Its value is 260 characters. This may cause problems with longer than configured maxUrlLength URL’s.

How to filter web traffic with blocklists
I needed a HTTP blocklist. Block and filter unwanted web HTTP traffic with blocklists, on both IIS and Apache webservers. Protect your website easily with this PHP blocklist class. Let’s create our own little HTTP filter.