Your website is routinely scanned by malware BotNets, which look for the presence of certain web links. Blocking these links has 2 advantages.
This feature is available on Artica v4.50 Service Pack 1 or Artica v4.50 HotFix 20231101-21
- Quickly block Botnets:
If you have activated the CrowdSec feature, which is designed to block at firewall level according to a number of blocked occurrences, testing these links will cause the engine to react and block the source address more quickly. - Prevents backend overload:
In the reverse-proxy context, requests will be transmitted to the Web server, which will of course respond with "404 Page not found".
These operations cost on both elements.
It's best to block them upstream to leave the Web server alone.
On the main reverse-proxy table, choose the grey link “Urls (Deny)”
- A new window appears, displaying Artica's default list of the links most often analyzed by botnets.
Please note that some links target Wordpress CMS software. - Turn on the feature by click on the “Disabled” icon
- Click on Apply to make rules in production.
- In the real-time requests you will see deny access by filtering with the error code 444
