Hi there,
I try to activate the Full WAF but always get the info "Oops! Full WAF mode is not enabled yet. Because PHP caches INI files, you may need to wait up to five minutes before the changes are reloaded by the PHP interpreter. "
I’ve tried Apache CGI/FastCGI with .user.ini (waiting 5 minutes) and Apache CGI/FastCGI with php.ini – no luck; I also tried to edit the .htacess
My hoster is goneo...
Here is what the troubleshoot says:
HTTP server: Apache/2.4.57 (Debian)
PHP version: 8.1.21
PHP SAPI: FPM-FCGI
auto_prepend_file: /web/1/000/051/661/xxxxxxx/htdocs/xxxxxx/wp-content/nfwlog/ninjafirewall.php
Loader's path to firewall: /data/web/1/000/051/661/xxxxxx/htdocs/xxxxxx/wp-content/plugins/ninjafirewall/lib/firewall.php
wp-config.php: found in /data/web/1/000/051/661/xxxxxx/htdocs/xxxxxx/wp-config.php
NinjaFirewall detection: NinjaFirewall WP Edition is loaded (Full WAF mode)
Loaded INI file: /etc/php/8.1/fpm/php.ini
user_ini.filename:.user.ini
user_ini.cache_ttl:300 seconds
User PHP INI: .user.ini found -
DOCUMENT_ROOT: /web/1/000/051/661/xxxxxx/htdocs/xxxxxx
SCRIPT_FILENAME: Warning: there's a double slash (//) in the SCRIPT_FILENAME variable: //web/1/000/051/661/xxxxxx/htdocs/xxxxxx/troubleshoot.php
This may prevent PHP from loading its INI files.
ABSPATH: /data/web/1/000/051/661/xxxxxx/htdocs/xxxxxx/ (ABSPATH != DOCUMENT_ROOT)
WordPress version : 6.3.1
WP_CONTENT_DIR: /data/web/1/000/051/661/xxxxxx/htdocs/xxxxxx/wp-content
Plugins directory: /data/web/1/000/051/661/xxxxxx/htdocs/xxxxxx/wp-content/plugins
User Role:Administrator
User Capabilities: manage_options: OK - unfiltered_html: OK
Log dir permissions: /data/web/1/000/051/661/xxxxxx/htdocs/xxxxxx/wp-content/nfwlog dir is writable
Cache dir permissions:/data/web/1/000/051/661/xxxxxx/htdocs/cellulite/xxxxxx/nfwlog/cache dir is writable
]]>I’m trying to activate Full WAF mode on a Nginx/PHP-FPM (7.4) server.
Clicking on “Finish installation” button, an error message shows up:
“NinjaFirewall detected that the requested changes seemed to crash your blog….”
I already installed your ninjacheck.php troubleshooting script.
Where should I go from here?
Thanks for any help!
]]>I was upgrading my webserver from Apache with PHP-FPM (PHP 7.4) to LiteSpeed Webserver with Apache and FastCGI.
During Activate Full WAF-Mode, NinjaFirewall recommends LiteSpeed as automated setup.
It creates the entry in .htaccess:
# BEGIN NinjaFirewall
<IfModule Litespeed>
php_value auto_prepend_file "/var/www/vhosts/XXX.de/YYY.de/wp-content/nfwlog/ninjafirewall.php"
</IfModule>
# END NinjaFirewallIt shows following message:
Oops! Full WAF mode is not enabled yet.
Make sure your HTTP server support the php_value auto_prepend_file directive in .htaccess files. Maybe you need to restart your HTTP server to apply the change, or simply to wait a few seconds and reload this page?
I waited and reloaded, even restarted the server but NF is still in WordPress WAF mode.
I tried all setup methods. But NF still shows me WP WAF mode.
I checked whether my server configuration supports the php_value auto_prepend_file directive in .htaccess files and I think it should, because I checked in the phpinfo-file and there is an entry in line “auto_prepend_file” with the correct path.
I switched back to Apache only and NinjaFirewall is showing me Full WAF mode. Switching again to LS is staying in WP WAF mode.
I could provide you both phpinfo-files from Apache only and LiteSpeed if it could help?
Can you help me finding out the problem? Maybe it’s even a bug in NinjaFirewall, or why is phpinfo showing me that the ninjafirewall.php is auto_prepend_file?
Thanks for your help!
]]>
Oops! Le mode Full WAF n'est pas encore activé.
Assurez-vous que votre serveur HTTP prend en charge la directive php_value auto_prepend_file dans les fichiers .htaccess. Peut-être devez-vous redémarrer votre serveur HTTP pour appliquer les changements, ou simplement attendre quelques secondes puis recharger cette page ?
Here wp-check & wp-db :
wp-check.php
NinjaFirewall (WP edition) troubleshooter
HTTP server : Apache
PHP version : 7.4.11
PHP SAPI : LITESPEED
auto_prepend_file : none
wp-config.php : found in /home/myself/public_html/wp-config.php
NinjaFirewall detection : NinjaFirewall WP Edition is loaded (WordPress WAF mode)
Loaded INI file : /opt/alt/php74/etc/php.ini
user_ini.filename : .user.ini
user_ini.cache_ttl : 300 seconds
User PHP INI : .user.ini found -
DOCUMENT_ROOT : /home/myself/public_html
ABSPATH : /home/myself/public_html/
WordPress version : 5.5.3
WP_CONTENT_DIR : /home/myself/public_html/wp-content
Plugins directory : /home/myself/public_html/wp-content/plugins
User Role : Administrator
User Capabilities : manage_options: OK - unfiltered_html: OK
Log dir permissions : /home/myself/public_html/wp-content/nfwlog dir is writable
Cache dir permissions : /home/myself/public_html/wp-content/nfwlog/cache dir is writable
NinjaFirewall (WP edition) troubleshooter v1.9.2
wp-db.php
Version: 1.8
Found /home/myself/public_html/wp-config.php.
Opening it for reading.
Looking for DB_NAME, DB_USER, DB_PASSWORD, DB_HOST and $table_prefix:
DB_NAME: found 'myself_wp866'
DB_USER: found 'myself_wp866'
DB_PASSWORD: found (click here to view password)
DB_HOST: found 'localhost'
table_prefix: found 'wpyc_'
Attempting to connect to the DB: OK
Attempting to read NinjaFirewall's options (nfw_options) from the DB: OK
Calling fetch_object: OK
Checking options integrity: OK
Attempting to read NinjaFirewall's rules (nfw_rules) from the DB: OK
Calling fetch_object: OK
Checking rules integrity: OK
Exiting.
Here .htninja (with the site’s IP in place of xx)
<?php
/*
+===================================================================+
| NinjaFirewall optional configuration file |
| |
| See: https://nintechnet.com/ninjafirewall/wp-edition/help/?htninja |
+===================================================================+
*/
if ( $_SERVER["REMOTE_ADDR"] == 'xx.xx.xx.xx' ) {
return 'ALLOW'; // whitelist
}
I tried to ininstall ninjafirewall & ninjascanner and to remove all ninjafiles in www folder.
Got this after reinstall (via WP extension backoffice) :
[08/Nov/20:15:19:24 +0000] "nfw_options" is corrupted, restoring from last known good backup file (/home/myself/public_html/wp-content/nfwlog/cache/backup_xxxxxxx5_xxxxx.6xxx.php)
What should I try now ?
]]>I installed Ninjafirewall but can’t activate Full WAF mode. Please help me.
After installing Full WAF mode, nothing happens. Only the “you need to wait 5 minutes because of caching“ message at the top displays. I waited now 24hours & reloaded php. The problem must be somewhere else.
I use Runcloud as SAAS Management panel with a Digital Ocean Ubuntu Server.
The web app is a hybrid stack. Nginx as reverse proxy in Front of Apache (with .htaccess). Server Api is: FPM/FastCGI
I chose the recommended install options: – Apache + CGI/ Fast CGI or PHPFPM
– .user.ini
I read this already:
https://blog.nintechnet.com/troubleshoot-ninjafirewall-installation-problems
& Tried to change the conf file like stated in this thread: https://www.ads-software.com/support/topic/full-waf-mode-with-runcloud-io
But it still don’t works. I’m no expert and don’t know whats the matter.
Is there a solution to activate Full WAF mode with Runcloud ? (Chances are high that I would buy 2 licenses, if it works)
Kind Regards,
Fabian Wagner
I cannot grasp whys I do have to use the LITESPEED option on my setup to get full WAF : https://dolys.fr/wp-check.php
I cannot get why no option work on his site : https://krakrak.com/wpcheck.php
Thank you for your answer ! 
best
nam1962
]]>Thank you,
Pavel
Great plugin BTW.
]]>