App XMLRPC requests and ModSecurity

  1. Hello,
    I'm having some troubles with the XMLRPC requestes that the iOS app generates. I manage a Wordpress 4.1.1 set as a Network install.

    My hosting company has the ModSecurity activated and, for that reason, it blocks every time the users that have the App:
    Message: Access denied with code 403, [Rule: 'user:bf_block' '@gt 0'] [id "117"] [msg "IP address blocked for 5 minutes. More than 2 XMLRPC POST requests within 60 seconds."] [severity "WARNING"] [MatchedString "1"]

    My question is: is it possible to limit the amount of XMLRPC requests if someone only open the stats page (and not, for example, the Post or Comments page)?
    Or, better, limit the XMLRPC requests only if the user opens the Post, Page or Comments pages?

    Thank you in advance,

  2. After browsing some other topics, I figure out that the issue comes from the latest App version that makes too many XML-RPC requests that are interpreted as a potential attack and blocked.

    The block works at IP level and that's the reason why if you use WiFi for example, you won't be able to connect to your website anymore (you see 403 or 406 errors).

    At the moment the only possible solutions are uninstalling the App or temporary disabling the ModSecurity, waiting for a solution for the App developers.

  3. Hi Gabriele

    More than 2 XMLRPC POST requests within 60 seconds.

    That is a ridiculously low limit. Who is your hosting company?

    You might also try the steps in this FAQ to rename your xmlrpc.php file and avoid triggering the block.

  4. Thank you Eric for the answer!

    You're right, 2 requests are too few, but what is the optimal limit in your opinion to prevent abuses?

  5. This has been killing me for months now. The only fix I could find was my Host provider telling me to disable ModSecurity... Which worked, but seriously...disable it? :-(

    Anyway all I was missing was the right terminology. I was originally searching: NSXMLParserErrorDomain Error 111 and getting no where. For some reason today I tried "ModSecurity wordpress app" and this lovely thread came up. Maybe this will help the next guy...

    Thanks so much for the link to the FAQ


Topic Closed

This topic has been closed to new replies.

About this Topic