In the last days in my VPS there are many many GET requests on 1 file that cause a high memory load (all came from a single refer url, with different IPs).
Until now I've blocked these requests via .htaccess
# by refurl
RewriteCond %{HTTP_REFERER} domain\.com [NC]
RewriteRule .* - [F]
# by querystring
RewriteCond %{QUERY_STRING} \ba=ZicX9v\b [NC]
RewriteRule ^ - [F]
But in this way the requests are still processed by apache and still cause an high memory load.
Can I block this requests with mod_security (maybe on phase1) to prevent/decrease the memory load?
Until now I have set this rule to mod_secuurity (but i'm not sure is right):
SecRule REQUEST_HEADERS:REFERER "(?i:(THEDOMAIN))" phase:1,deny,status:412,id:'1234'
PS: my VPS is linux with apache2.2
EDIT: my entire website force HTTPS, not sure if should I add something