Azure Wordpress deny xmlrpc

1.5k views Asked by At

What is the proper way to deny xmlrpc on a Microsoft azure IIS since I don't have a .htacess , but a web.config file what should I add to it to deny access(ping back) to xmlrpc.php

1

There are 1 answers

0
Andrew Westgarth On

using the web.config file you can disable access to url sequences such as xmlrpc.php using IIS Request Filtering (for more information on the additional options see - http://www.iis.net/configreference/system.webserver/security/requestfiltering).

To solve your problem add the highlighted section to your web.config

<system.webServer>
    <security>
        <requestFiltering>
            <denyUrlSequences>
                <add sequence="xmlrpc.php" />
            </denyUrlSequences>
        </requestFiltering>
    </security>
</system.webServer>

This example will return a 404 response to any client requesting the resource and will log a 404.5 (URL Sequence Denied) status in your server log file.

Cheers

Andrew