WAF causing issues with SnappyMail client

  • Resolved mikolajek

    (@mikolajek)


    2 months, 1 week ago

    I cannot say when this happened, but it looks it was caused either by the last or one of the last WF updates.

    I’m using a SnappyMail client and it used to run without issues. Now it displays the following error when accessed:

    Warning: Unknown: open_basedir restriction in effect. File(/home/rutkowski/domains/rutkowski.pro/public_html/wordfence-waf.php) is not within the allowed path(s): (/home/rutkowski/domains/rutkowski.pro/public_html/snappymail:/tmp:/var/tmp:/opt/alt/php72/usr/share/pear/:/opt/alt/php54/usr/share/pear/:/opt/alt/php80/usr/share/pear/:/opt/alt/php83/usr/share/pear/:/opt/alt/php55/usr/share/pear/:/opt/alt/php74/usr/share/pear/:/opt/alt/php56/usr/share/pear/:/opt/alt/php71/usr/share/pear/:/opt/alt/php70/usr/share/pear/:/opt/alt/php53/usr/share/pear/:/opt/alt/php84/usr/share/pear/:/opt/alt/php82/usr/share/pear/:/opt/alt/php81/usr/share/pear/:/opt/alt/php73/usr/share/pear/:/dev/urandom:/var/www/html/waf/:/usr/share/GeoIP/:/usr/local/directadmin/plugins/waf/data/rutkowski) in?Unknown?on line?0Warning: Unknown: Failed to open stream: Operation not permitted in?Unknown?on line?0Warning: Unknown: open_basedir restriction in effect. File(/home/rutkowski/domains/rutkowski.pro/public_html/wordfence-waf.php) is not within the allowed path(s): (/home/rutkowski/domains/rutkowski.pro/public_html/snappymail:/tmp:/var/tmp:/opt/alt/php72/usr/share/pear/:/opt/alt/php54/usr/share/pear/:/opt/alt/php80/usr/share/pear/:/opt/alt/php83/usr/share/pear/:/opt/alt/php55/usr/share/pear/:/opt/alt/php74/usr/share/pear/:/opt/alt/php56/usr/share/pear/:/opt/alt/php71/usr/share/pear/:/opt/alt/php70/usr/share/pear/:/opt/alt/php53/usr/share/pear/:/opt/alt/php84/usr/share/pear/:/opt/alt/php82/usr/share/pear/:/opt/alt/php81/usr/share/pear/:/opt/alt/php73/usr/share/pear/:/dev/urandom:/var/www/html/waf/:/usr/share/GeoIP/:/usr/local/directadmin/plugins/waf/data/rutkowski) in?Unknown?on line?0Warning: Unknown: Failed to open stream: Operation not permitted in?Unknown?on line?0Fatal error: Failed opening required '/home/rutkowski/domains/rutkowski.pro/public_html/wordfence-waf.php' (include_path='.:/opt/alt/php82/usr/share/pear:/opt/alt/php82/usr/share/php:/usr/share/pear:/usr/share/php') in?Unknown?on line?0

    If I disable WAF in WF, SnappyMail runs fine, so it looks WAF is blocking something. Can you suggest what should I allow in WAF to make SnappyMail run?

    Thank you!

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support wfmargaret

    (@wfmargaret)

    Hi @mikolajek,

    Thanks for reaching out. From the error message, SnappyMail has open_basedir in effect, which restricts the files that PHP has access to from that site. With the firewall optimization enabled, SnappyMail is trying to load the Wordfence firewall optimization but doesn’t have access to the Wordfence files.

    You could update the open_basedir directive in SnappyMail to include all of public_html, or you could exclude the SnappyMail application in the firewall optimization. If you check in the root of your WordPress installation in public_html, you will find the Wordfence firewall?auto_prepend_file directives in the .htaccess and/or .user.ini (depending on your server setup). If you copy those rules to your the SnappyMail directory but change the?auto_prepend_file to be blank it should be excluded from the Wordfence Firewall.

    Please let me know if you have any questions!

    Thanks,
    Margaret

    Thread Starter mikolajek

    (@mikolajek)

    Thank you, but I believe I haven’t got this part fully:

    If you copy those rules to your the SnappyMail directory but change the auto_prepend_file to be blank it should be excluded from the Wordfence Firewall.

    So I need to copy this part from the root .htaccess:

    # Wordfence WAF
    <IfModule LiteSpeed>
    php_value auto_prepend_file '/home/rutkowski/domains/rutkowski.pro/public_html/wordfence-waf.php'
    </IfModule>
    <IfModule lsapi_module>
    php_value auto_prepend_file '/home/rutkowski/domains/rutkowski.pro/public_html/wordfence-waf.php'
    </IfModule>
    <Files ".user.ini">
    <IfModule mod_authz_core.c>
    Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
    </IfModule>
    </Files>

    # END Wordfence WAF

    to a .htaccess in the SnappyMail folder, but what do you mean by changing the file to be blank?

    When I simply copied these lines directly (no alterations made) my domain snappy.rutkowski.pro now redirects to the main page.

    Plugin Support wfmargaret

    (@wfmargaret)

    Hi @mikolajek,

    Thanks for following up! That’s correct. In the copied .htaccess entries, you’ll want to update these lines:

    php_value auto_prepend_file '/home/rutkowski/domains/rutkowski.pro/public_html/wordfence-waf.php'

    to this:

    php_value auto_prepend_file ''

    This removes the auto_prepend_file setting.

    The entries for the Wordfence firewall in the .htaccess shouldn’t lead to any redirects. If the application still redirects after editing the auto_prepend_file directives, please check with your host to determine if any server configuration may be interfering.

    Thanks,
    Margaret

    Thread Starter mikolajek

    (@mikolajek)

    Wonderful, thanks a lot for this trick, Margaret, it works like a charm!

    Have a happy festive season!

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.