lately this blog gets bombarded with queries like these:

which decoded are Korean SPAM?

which translates as:

iptables / firewalld seem not to work and have to really really figure out why.

until then this is a little workaround, it limits the ?search=pattern query to authenticated users and should save some traffic and resources, after all this is going on for days and i suspect these hosts of malfunction:

host 66.249.64.24 24.64.249.66.in-addr.arpa domain name pointer crawl-66-249-64-24.googlebot.com.

host 66.249.64.26 26.64.249.66.in-addr.arpa domain name pointer crawl-66-249-64-26.googlebot.com.

are DDoSing this blog with Korean search patterns!?

the whole .htaccess looks like this:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# RewriteRule 404 index.php?s=$1 [L,QSA]
</IfModule>
# END WordPress

<FilesMatch "wp-login.php">
    AuthName "WordPress Admin"
    AuthType Basic
    AuthUserFile /home/admin/web/.htpasswd
    require valid-user
</FilesMatch>

<If "%{QUERY_STRING} =~ /^.?s=/">
  AuthName "WordPress Admin"
  AuthType Basic
  AuthUserFile /home/admin/web/.htpasswd
  require valid-user
</If>

<If "%{QUERY_STRING} =~ /^.?search=/">
  AuthName "WordPress Admin"
  AuthType Basic
  AuthUserFile /home/admin/web/.htpasswd
  require valid-user
</If>

result:

apache now answers those requests with “401 Unauthorized

Links:

https://httpd.apache.org/docs/2.4/expr.html

https://serverfault.com/questions/956570/htaccess-to-disable-wordpress-search-domain-s-test/956579

admin