Drupal Performance Tips: Fighting post flooding on a typical static Drupal site
One of the servers we maintain suddenly started developing performance hiccups. The site running on the server was a fully static website configured with static page caching via boost. The site used to receive a reasonably good volume of anonymous and search engine traffic on a daily basis. The only form on the site was a search form which existed as a separate page.
On examination of the cause of the server load we found that the server was being pounded by post data by some rogue bot. Although the site used static page caching with boost all POST goes directly to Drupal and results in a Drupal bootstrap. This was why the server load spiked in spite of the static caching being used.
Since all pages except the search page were static pages we fixed the issue with a simple htaccess rule that caught all POST requests except the one corresponding to the search page. The following is the snippet we added to the htaccess to prevent post data to all URLs except for the search page.
RewriteCond %{REQUEST_METHOD} POST RewriteCond %{REQUEST_URI} ^content/search [NC] RewriteRule ^(.*)$ - [F,L]
The rewrite rule will simply discard all POST requests to all pages except the search page. Adding this rule brought down the server load to normal.