BBQ Pro provides strong firewall security out of the box, and also makes it easy to enable advanced and custom protection. This quick tutorial explains how to use BBQ’s Custom Patterns to block any sort of nuisance request from accessing your site.

Step 1: Identify

The first step is to identify exactly what it is that you want to block. So if your site is getting spammed/attacked, you can examine your error/access log to find out who/what is responsible. For example, let’s say that your access log shows lots of requests that look something like this:

123.456.789 - [28/Dec/2015:15:14:40] "GET /some/path/ HTTP/1.0" 200 100 "http://example.com/some/referrer/" "Some Pathetic User Agent"

Although log entries tend to vary a bit, most of them include the following information:

  • IP Address
  • Request URI & Query String
  • Referrer URI
  • User Agent

The trick to blocking unwanted requests is to identify the least common, but most unique factor. That could be a specific string in the Request URI, the referrer URL, or User Agent. You can also block by IP Address and other properties. In this example, the User Agent includes a unique string, “Pathetic”, that we can use to identify and block future requests.

Note: identifying the best possible request property to block is a bit of an art form that requires some understanding and practice. For more information, check out my series of articles at Perishable Press on identifying malicious requests.

Step 2: Enable Custom Rules

Next, make sure that BBQ Pro’s Custom Patterns are enabled. You can do so in the plugin’s settings, check the box for “Custom Rules” and remember to save your changes.

Step 3: Add Custom Pattern

At this point, we are ready to add the chosen string, “Pathetic”, to the appropriate location in BBQ’s Custom Patterns. Because the string that we want to block is from the User Agent, we scroll down a bit and enter the pattern in the “User Agent” section. Then click to save changes.

Likewise, for adding patterns for other request properties like Request URI, Query String, or Referrer. Simply locate the corresponding section in Custom Patterns and add whichever patterns you would like to block. You can add as many custom patterns as needed.

Step 4: Test

With the new pattern added to BBQ’s Custom Patterns, your site now is protected from all matching requests. So any future attempts to reach your site via “Pathetic” user agent will be denied. After adding a new pattern, you should take a moment to test for proper functionality. Here is a simple guide that explains how to test patterns with BBQ Pro.

Bonus: Real-world example

To further illustrate how to block unwanted requests with BBQ Pro. Let’s say that our site is getting hounded by requests coming from a site named sumool.com. The requests each report a different/random IP address, user agent, and request URIs. So the only consistent variable is the referrer, which is an URL that contains the target string, sumool.com. Now to block sumool.com, follow these steps:

  • Enable the BBQ Pro setting, “Custom Rules”
  • Visit the BBQ Firewall ▸ “Custom” screen
  • Go to the Referrer panel and click “Add Pattern”
  • In the field, add sumool.com
  • Click “Save Changes” and done

That’s all there is to it. Note that this will block all requests coming from sumool.com that include the target string in the Referrer URL.

If you can get any other information, like the Request URI(s), User Agent, and/or IP Address, it would enable more ways to block anything coming from sumool.com. But for now, based on the access logs, just blocking via the Referrer should be sufficient.