During the writing of this chapter, a site I manage was hit with over 200,000 malicious connections a minute and I needed these rules in place to ensure it remained operational. The attack was a WordPress pingback DOS attack, which exploits the fact that the WordPress pingback doesn't have a way of validating the return address. Since the site itself wasn't WordPress-based, we could simply block WordPress as the user agent:
if ($http_user_agent ~ "WordPress") {
return 403;
}
With this rule in place, the site remained operational and the only negative issue was slightly increased traffic. The server was easily able to cope with the normal traffic and the rise in CPU usage was only minimal. Being able to turn a site which was completely offline back into an operational site within five minutes was a great outcome.