Full WAF Mode

Did you run the troubleshooter script?

Yes I did. The message on the Ninja Dashboard is as below:
Firewall Enabled
Mode NinjaFirewall is running in WordPress WAF mode. For better protection, activate its Full WAF mode:

The Full WAF mode isn’t working as shown by the message in Firewall Policies:
To use this feature, please go to the Dashboard page and enable NinjaFirewall’s Full WAF mode.

The Troubleshooter script:

NinjaFirewall (WP edition) troubleshooter
HTTP server : Apache/2.4.41 (Ubuntu)
PHP version : 7.4.3
PHP SAPI : FPM-FCGI

auto_prepend_file : /var/www/site1/public_html/wp-content/nfwlog/ninjafirewall.php
Loader’s path to firewall : /var/www/site1/public_html/wp-content/plugins/ninjafirewall/lib/firewall.php
wp-config.php : found in /var/www/site1/public_html/wp-config.php
NinjaFirewall detection : NinjaFirewall WP Edition is loaded (Full WAF mode)

Loaded INI file : /etc/php/7.4/fpm/php.ini
user_ini.filename : .user.ini
user_ini.cache_ttl : 300 seconds
User PHP INI : .user.ini found –

DOCUMENT_ROOT : /var/www/site1/public_html
ABSPATH : /var/www/site1/public_html/
WordPress version : 5.5.1
WP_CONTENT_DIR : /var/www/site1/public_html/wp-content
Plugins directory : /var/www/site1/public_html/wp-content/plugins
User Role : Unknown role (or user not logged in)
User Capabilities : Error: missing manage_options capability – Error: missing unfiltered_html capability
Make sure you are logged in to WordPress before running this script.
Log dir permissions : /var/www/site1/public_html/wp-content/nfwlog dir is writable
Cache dir permissions : /var/www/site1/public_html/wp-content/nfwlog/cache dir is writable
NinjaFirewall (WP edition) troubleshooter v1.9.1

In continuation with my last post, please note that this is setup on a VPS’s LAMP stack.

The script shows that it is running in “Full WAF” mode inside the root folder, where you uploaded it. So it seems that your INI file is not recursive and doesn’t apply to sub-folders.
Maybe you need either the suPHP_ConfigPath or PHPRC directives as indicated in this post: https://blog.nintechnet.com/troubleshoot-ninjafirewall-installation-problems/

Tried the PHPRC directive and it doesn’t work.

FCGI makes the PHP applications run through mod_fcgid instead of mod_suphp. So suPHP_ConfigPath will not work since fcgid_module is enabled.

Any way how to make the ini file recursive?

Try to rename the file from .user.ini to php.ini and wait 5 minutes. If it still doesn’t work, you’d need to ask your host how to make your INI files work recursively.

The renaming didn’t work too.

The site is running on a self-managed VPS. So there won’t be any assist from the VPS provider.

By default, all .user.ini are recursive. There must be something wrong with your configuration. Double-slashes could be the issue. See this discussion, although it’s about cPanel, it can apply to any server:
https://forums.cpanel.net/threads/user-ini-files-not-recursive.601163/

Was working on recursive issue for php.ini per your article but to no avail. And the Double-Slashes was also checked earlier which changed nothing.

Anyway, have now finally managed to get the full WAF activated. Taken a different approach setting up the complicated PHP-FPM and FCGI configuration for the LAMP.

Thank you for your replies.

• This reply was modified 4 years, 1 month ago by eddyferns.

PHP-FPM is the best option. And you can use its fastcgi_cache to cache your blog.

Indeed PHP-FPM has become a highly recommended option by many of late.