littatech
November 29, 2024, 9:25am
1
We’ve been observing repeated attempts from various IP addresses trying to access unauthorized routes in our application (e.g., /wp-login.php, /checkout/.env). While I’ve implemented IP logging and firewall bans, this issue persists, with 32 IPs already blocked.
Could you advise on a more efficient, long-term solution, or investigate further to mitigate this traffic?
pawlean
November 29, 2024, 12:43pm
2
Hi, @littatech !
@earlrobb shared this very helpful post recently, he created rules that target these URLs specifically.
Have a small hobby Next.js 14 site. Sorting data I found 40,000 monthly 404’s in the vercel Usage tab. Looking at the Top Paths it’s obvious the site is being hit by bots trying to attack php files and wordpress directories. I have neither on the site.
I am new to firewall management and was wondering if I could get some tips or improvements on what I have done?
In Firewall Rules I have created 2 rules.
RequestPath → MatchesExpression → .php$|.php7$|.aspx$
RequestPath → MatchesExpression ->(…
I’ll also share some other potentially helpful content related to the Firewall:
Nobody wants to serve traffic to malicious or abusive users - this is pretty much universally true. The problem is that detecting those users and blocking them isn’t easy, and if you want to avoid blocking legitimate traffic, it gets even harder.
If you run a public-facing site or app on Vercel, you have probably spent some time thinking about how to control its traffic. Like with most problems, the first step to solving it is analysis, so that’s what I’ll discuss in this guide.
Hi, Vercel Community! I’m Malavika, a Product Manager at Vercel.
We recently hosted a Customer Enterprise Experience Group session on on the Vercel Firewall. During this session, we discussed recently released Firewall features, did a deep dive on how to use rate limiting, and answered questions from the audience.
Chect out the recording ↓
[Enterprise Experience Group: Vercel Firewall]
If you have any questions, let us know!
Thank you to everyone who joined the “Usage Optimization, Spend Management, and Security Best Practices” session! During the session, you:
Learned how to optimize your team’s infrastructure spend
Discovered Vercel’s out-of-the-box features to keep your site secure
We encourage you to use this space for any follow-up questions, discussions and connect with others you met on the call.
What insights or strategies are you excited to implement from today’s session? Feel free to share your thought…
Let us know how you have any other specific questions!
pawlean
December 3, 2024, 1:55pm
4
Great to hear, @littatech !
system
December 10, 2024, 1:56pm
5
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.
