Activate Full WAF on Hetzner Webhosting with PHP 8

  • Resolved agssl

    (@agssl)


    5 months, 2 weeks ago

    Has anyone managed to activate full WAF on Hetzner with PHP greater than 8? Under PHP 7, it still works with:

    <IfModule mod_php7.c>
   php_value auto_prepend_file […]
</IfModule>

    But with PHP 8 and:

    <IfModule mod_php.c>
   php_value auto_prepend_file […]
</IfModule>

    everything is ignored. It doesn’t matter if it’s through .htaccess, .user.ini, or php.ini.

Viewing 11 replies - 1 through 11 (of 11 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Can you add the directive for PHP 8 to your .htaccess and then run the troubleshooter script:
    https://nintechnet.com/share/wp-check.txt

    Thread Starter agssl

    (@agssl)

    Hey, I just did that. Here’s the relevant part (I masked the paths with […]):

    HTTP server	:	Apache
    PHP version	:	8.2.23
    PHP SAPI	:	CGI-FCGI

    auto_prepend_file	:	none
    .htninja	:	found in […]/.htninja
    wp-config.php	:	found in […]/wp-config.php
    NinjaFirewall detection	:	NinjaFirewall WP Edition is loaded (WordPress WAF mode)

    Loaded INI file	:	/home/httpd/php82-ini/[…]/php.ini
    user_ini.filename	:	none
    user_ini.cache_ttl	:	300 seconds
    User PHP INI	:	php.ini found -
     	 	 
    DOCUMENT_ROOT	:	[…]
    ABSPATH	:	[…]
    WordPress version	:	6.6.2
    WP_CONTENT_DIR	: […]/wp-content
    Plugins directory	:	[…]/wp-content/plugins
    User Role	:	Administrator
    User Capabilities	:	manage_options: OK - unfiltered_html: OK
    Log dir permissions	:	[…]/wp-content/nfwlog dir is writable
    Cache dir permissions	:	[…]/wp-content/nfwlog/cache dir is writable
    Plugin Author nintechnet

    (@nintechnet)

    Can you ask your host how/where to add the PHP auto_prepend_file directive? That’s very odd that it stopped working with PHP 8. Or maybe there’s a new option in your hosting admin panel where you can add the directive?

    Thread Starter agssl

    (@agssl)

    I created a ticket and just received a response that Hetzner can manually set this in the PHP.ini for each account. I also asked if there’s any way to make the change myself, but haven’t received an answer on that yet. Creating a support ticket with Hetzner for each site is a bit tedious. I’ll post an update here once Hetzner gets back to me.

    Thread Starter agssl

    (@agssl)

    I just received the response. Hetzner no longer uses mod_php (at least not from PHP 8 onwards). The setting simply needs to be added without the “IfModule mod_phpX.c” directive ??

    Just write it like

    # BEGIN NinjaFirewall
    php_value auto_prepend_file "[…]/wp-content/nfwlog/ninjafirewall.php"
    # END NinjaFirewall
    EuroNur

    (@euronur)

    Can you please tell me where it should be inserted? .htaccess or php.ini?

    Will it then also work with PHP 8.x?

    Thank you!

    Thread Starter agssl

    (@agssl)

    Just put it in the .htaccess without the “IfModule mod_phpX.c” directive. I’m currently using it with PHP 8.2 and 8.3

    Thank you very much for your feedback. Unfortunately, I haven’t managed it yet. What do I actually have to select here?

    Plugin Author nintechnet

    (@nintechnet)

    @euronur, select the first one (Apache + PHP7 module).

    Consider updating your PHP to a supported version (8.3+), as you appear to be running an old 7.x version that is no longer supported.

    Your support was worth its weight in gold. I found out that another plugin does not support PHP 8.x and caused the error message. In retrospect I can say: NinjaFirewall runs with PHP 8.4 in Full WAF mode without any problems. Thank you! ??

    No question, just a big thank you to @agssl for posting the information about Hetzner and the mod_phpX.c.

    I was about to install NinjaFirewall on a Hetzner server and had the same issues, but this thread and your answer solved it <3

Viewing 11 replies - 1 through 11 (of 11 total)
  • You must be logged in to reply to this topic.