Thousands of calls to PHP backdoors

Hi, we are getting a lot of Requests to known PHP / Wordpress backdoors (and not only). Since they don’t exist on our apllication, a 404 Response is served. This is causing increased Bandwith usage, since every 404 Response is about 500KB when compressed.

We tried redirecting all “.php” requests via the netlify.toml to a route on our application that serves a response of about 200B. This unfortunately did not work.

What we tried so far in the netlify.toml (of course not all simultaneously):

[[redirects]]
  from = "/*"
  to = "/"
  status = 403
  force = true
  query = { path = "/*php*" }
[[redirects]]
  from = "/*"
  to = "/"
  status = 403
  force = true
  conditions = { path = "*/.php" }
[[redirects]]
  from = "/*php"
  to = "/"
  status = 403
  force = true
[[redirects]]
  from = "*/*.php"
  to = "/"
  status = 403
  force = true
[[redirects]]
  from = "/*.php"
  to = "/404.html"
  status = 404
  force = true

Has anyone experienced something like that and has been able to solve it?

We are running Remix.js v2 with the “older” Netlify adapter (non-Vite).

Site name: schu-sanity.

@nikolay I’m not super familiar with the netlify.toml way of specifying redirects/rewrites, but most of those seem to have various issues to me.

#1 - query is for Query string parameters - documentation
#2 - conditions mention only country, role, cookie presence - documentation
#3 - the wildcard * cannot be in the middle of the path - documentation
#4 - same as #3
#5 - same as #3

If you need to achieve something the redirects/rewrites engine cannot, Netlify’s staff would likely suggest you create your own Edge Function.

1 Like

Hi @nikolay as Nathan mentioned have you tried using edge functions?