htaccess - block traffic WITH specific get request

Question

I'm being hit with a get request up to 20 times a second. This is a wordpress site, here is an attached apache log

108.162.216.170 - - [24/Jun/2014:16:42:26 -0700] "GET /?edd_action=check_license&license=506e284d78dyd7dyd5d4d3f07d&item_name=FILE+Name HTTP/1.1" 200 526 "-" "WordPress/3.9.1; http://soomaalidamaanta.net"

Here is my htaccess, but I'm not having luck blocking it.

RewriteEngine on
Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} soomaalidamaanta\.com [NC,OR]
RewriteCond %{HTTP_REFERER} soomaalidamaanta\.net
RewriteRule .* - [F]

order allow,deny
deny from 68.171.211.157
allow from all

RewriteEngine On
RewriteCond %{QUERY_STRING} /?edd_action=check_license&license=506e284d78dyd7dyd5d4d3f07d&item_name=FILE+Name [NC]
RewriteRule .* - [F]`

Answer 1

I ended up finding out how to block by user agent, and since this user agent specified the site in question, I blocked it and it's working now.

RewriteEngine On
#RewriteCond %{HTTP_USER_AGENT} Chrome [NC,OR] 
RewriteCond %{HTTP_USER_AGENT} soomaalidamaanta [NC] 
RewriteRule .* - [F] 

Answer 2

Tweak your 2nd block rule's regex like this:

RewriteCond %{QUERY_STRING} edd_action=check_license&license=506e284d78dyd7dyd5d4d3f07d&item_name=FILE [NC]
RewriteRule ^ - [F]

Answer 3

I'd change the first rule to:

RewriteCond %{THE_REQUEST} soomaalidamaanta [NC]
RewriteRule ^ - [F]

and drop the second rule.

• Since soomaalidamaanta is in the request, it looks to me like you don't need the second rule.
• No need to check for .net or .com, the one conditions finds it either way
• In the rule, ^ is enough, no need for the .*