Cannot activate Full Waf !

  • Resolved nam1962

    (@nam1962)


    4 years ago

    Hi, I don’t know why, I cannot activate full WAF on the site.

    
Oops! Le mode Full WAF n'est pas encore activé.
Assurez-vous que votre serveur HTTP prend en charge la directive php_value auto_prepend_file dans les fichiers .htaccess. Peut-être devez-vous redémarrer votre serveur HTTP pour appliquer les changements, ou simplement attendre quelques secondes puis recharger cette page ?

    Here wp-check & wp-db :

    
wp-check.php
NinjaFirewall (WP edition) troubleshooter
HTTP server 	: 	Apache
PHP version 	: 	7.4.11
PHP SAPI 	: 	LITESPEED
 	 	 
auto_prepend_file 	: 	none
wp-config.php 	: 	found in /home/myself/public_html/wp-config.php
NinjaFirewall detection 	: 	NinjaFirewall WP Edition is loaded (WordPress WAF mode)
 	 	 
Loaded INI file 	: 	/opt/alt/php74/etc/php.ini
user_ini.filename 	: 	.user.ini
user_ini.cache_ttl 	: 	300 seconds
User PHP INI 	: 	.user.ini found -
 	 	 
DOCUMENT_ROOT 	: 	/home/myself/public_html
ABSPATH 	: 	/home/myself/public_html/
WordPress version 	: 	5.5.3
WP_CONTENT_DIR 	: 	/home/myself/public_html/wp-content
Plugins directory 	: 	/home/myself/public_html/wp-content/plugins
User Role 	: 	Administrator
User Capabilities 	: 	manage_options: OK - unfiltered_html: OK
Log dir permissions 	: 	/home/myself/public_html/wp-content/nfwlog dir is writable
Cache dir permissions 	: 	/home/myself/public_html/wp-content/nfwlog/cache dir is writable

NinjaFirewall (WP edition) troubleshooter v1.9.2

wp-db.php
Version: 1.8
Found /home/myself/public_html/wp-config.php.
Opening it for reading.
Looking for DB_NAME, DB_USER, DB_PASSWORD, DB_HOST and $table_prefix:

    DB_NAME: found 'myself_wp866'
    DB_USER: found 'myself_wp866'
    DB_PASSWORD: found (click here to view password)
    DB_HOST: found 'localhost'
    table_prefix: found 'wpyc_'

Attempting to connect to the DB: OK

Attempting to read NinjaFirewall's options (nfw_options) from the DB: OK
Calling fetch_object: OK
Checking options integrity: OK

Attempting to read NinjaFirewall's rules (nfw_rules) from the DB: OK
Calling fetch_object: OK
Checking rules integrity: OK

Exiting.

    Here .htninja (with the site’s IP in place of xx)

    
<?php
/*
 +===================================================================+
 | NinjaFirewall optional configuration file                         |
 |                                                                   |
 | See: https://nintechnet.com/ninjafirewall/wp-edition/help/?htninja |
 +===================================================================+
*/

if ( $_SERVER["REMOTE_ADDR"] == 'xx.xx.xx.xx' ) {
   return 'ALLOW'; // whitelist
}

    I tried to ininstall ninjafirewall & ninjascanner and to remove all ninjafiles in www folder.
    Got this after reinstall (via WP extension backoffice) :

    
[08/Nov/20:15:19:24 +0000] "nfw_options" is corrupted, restoring from last known good backup file (/home/myself/public_html/wp-content/nfwlog/cache/backup_xxxxxxx5_xxxxx.6xxx.php)

    What should I try now ?

    The page I need help with: [log in to see the link]

Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Author nintechnet

    (@nintechnet)

    You are using Apache with LITESPEED PHPSAPI. During the Full WAF setup, which option did you choose?

    Thread Starter nam1962

    (@nam1962)

    Hi, thank you for caring.
    I try with Litespeed (as on my other sites by the same hoster, but those other sites do accept Full waf)

    Plugin Author nintechnet

    (@nintechnet)

    Maybe you need to add the directive to the .user.ini or php.ini instead, as it is Apache. Try to select “Apache + CGI/FastCGI or PHP-FPM”.
    If that doesn’t work, can you ask you host where you should use the auto_prepend_file directive: in a .htaccess, a INI file (php.ini or .user.ini) or elsewhere (hosting panel)?

    Thread Starter nam1962

    (@nam1962)

    Ok, I’ll ask.
    With Apache, I get this : 

    
Oops! Le mode Full WAF n'est pas encore activé.
Parce que PHP met en cache les fichiers INI, vous devez attendre jusqu'à cinq minutes avant qu'il prenne en compte les modifications effectuées. Veuillez patienter pendant 294 secondes avant de réessayer (vous pouvez quitter cette page et revenir dans quelques minutes).

    What is odd is that I have other (Ninjafirewall functional) accounts by this host.

    Plugin Author nintechnet

    (@nintechnet)

    Can you try again with LiteSpeed and select the “I want to make the changes myself” radio button. Then, below, you will see something like this:

    # BEGIN NinjaFirewall
<IfModule Litespeed>
   php_value auto_prepend_file "/some/path/to/wp-content/nfwlog/ninjafirewall.php"
</IfModule>
# END NinjaFirewall

    Can you double-check that the full path is correct, i.e., that the “/some/path/to/wp-content/nfwlog/ninjafirewall.php” file exists?

    Hi, I am also facing the same issue. No matter how I try auto or manual options and edit the files .user.ini, php.ini and .htaccess it doesn’t work. Using LiteSpeed V7.7 with PHP 7.4.10.

    I finally got it to work. For my case, I had a change of path on server, which the file /wp-content/nfwlog/ninjafirewall.php is still referencing to the old path.

    I had to uninstall the plugin and remove the /wp-content/nfwlog folder, then re-install the plugin for it to work.

    Thread Starter nam1962

    (@nam1962)

    Hi, I think I got the point with the help of my hoster : PlanetHoster
    we decided to create a brand new hosting & to test.
    It didn’t work.
    Then, the hoster tested the replacement of litespeed by lsapi_module and Full WAF is now functional !

    As I use NinjaFirewall for years by the same hoster, I wondered why this issue : the default has always been Litespeed and on most of my sites I’m on Apache and anyhow, full WAF was ok.

    Thus, I checked an old site of mine and saw that the .htaccess has :

    
# BEGIN NinjaFirewall
php_value auto_prepend_file /home/turlututu/public_html/wp-content/nfwlog/ninjafirewall.php
# END NinjaFirewall

    But the, now corrected .htaccess on this thread’s site is :

    
# BEGIN NinjaFirewall
<IfModule lsapi_module>
php_value auto_prepend_file "/home/trululu/public_html/wp-content/nfwlog/ninjafirewall.php"
</IfModule>
# END NinjaFirewall

    once corrected by my hoster.

    It was

    
# BEGIN NinjaFirewall
<IfModule Litespeed>
php_value auto_prepend_file "/home/trululu/public_html/wp-content/nfwlog/ninjafirewall.php"
</IfModule>
# END NinjaFirewall

    before.

    Thus a new question : is this call for IfModule really needed ?
    This is even more acute when one knows that the commercial offer of my hoster can be changed from Apache to LiteSpeed (in this case, I suspect the site we just repaired would again drop full WAF, wouldn’t it ?)

    • This reply was modified 3 years, 11 months ago by nam1962.
    Plugin Author nintechnet

    (@nintechnet)

    Your PHP SAPI, LSAPI, doesn’t recognize Litespeed but lsapi_module instead. I’ll make some changes in the next release to detect and fix that.
    The ifmodule directive is not mandatory but used only to prevent a crash when switching to another PHP SAPI for instance. If you changed from Apache + LSAPI to Apache + PHP-FPM, the HTTP server would crash if there’s no ifmodule directive because it wouldn’t recognize the php_value directive.
    You can remove it if you want, as long as you don’t switch to another PHP SAPI.

    • This reply was modified 3 years, 11 months ago by nintechnet.
    Thread Starter nam1962

    (@nam1962)

    Ok, got your point.

    Just to tell you about my experience, I use NinjaFirewall on several sites for years (that maybe why I have “old” .htaccess setup)I’ve always seen “LiteSpeed” suggested as default and never changed it.
    Seeminly, at that time, your script didn’t give the ifmodule directive.
    Last year, my older hosting plan and all included sites (thus without ifmodule) was shifted from Apache to LiteSpeed and … it was immediately functional (I’ll now check all it’s .htaccess nevertheless.

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Cannot activate Full Waf !’ is closed to new replies.

Tags