Litespeed Webserver and Full WAF not working

  • Resolved jasonschell

    (@jasonschell)


    3 years, 11 months ago

    Hi,
    I was upgrading my webserver from Apache with PHP-FPM (PHP 7.4) to LiteSpeed Webserver with Apache and FastCGI.
    During Activate Full WAF-Mode, NinjaFirewall recommends LiteSpeed as automated setup.
    It creates the entry in .htaccess:

    # BEGIN NinjaFirewall
<IfModule Litespeed>
   php_value auto_prepend_file "/var/www/vhosts/XXX.de/YYY.de/wp-content/nfwlog/ninjafirewall.php"
</IfModule>
# END NinjaFirewall

    It shows following message:
    Oops! Full WAF mode is not enabled yet.
    Make sure your HTTP server support the php_value auto_prepend_file directive in .htaccess files. Maybe you need to restart your HTTP server to apply the change, or simply to wait a few seconds and reload this page?

    I waited and reloaded, even restarted the server but NF is still in WordPress WAF mode.
    I tried all setup methods. But NF still shows me WP WAF mode.

    I checked whether my server configuration supports the php_value auto_prepend_file directive in .htaccess files and I think it should, because I checked in the phpinfo-file and there is an entry in line “auto_prepend_file” with the correct path.

    I switched back to Apache only and NinjaFirewall is showing me Full WAF mode. Switching again to LS is staying in WP WAF mode.

    I could provide you both phpinfo-files from Apache only and LiteSpeed if it could help?
    Can you help me finding out the problem? Maybe it’s even a bug in NinjaFirewall, or why is phpinfo showing me that the ninjafirewall.php is auto_prepend_file?

    Thanks for your help!

    The page I need help with: [log in to see the link]

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author nintechnet

    (@nintechnet)

    When I check your site, it shows you’re running Nginx. Is that a reverse proxy?

    HTTP/2 200 
server: nginx
date: Mon, 21 Dec 2020 15:31:43 GMT
content-type: text/html; charset=UTF-8
vary: Accept-Encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT

    Can you run the troubleshooter script with LiteSpeed: https://nintechnet.com/share/wp-check.txt
    1. Rename it to “wp-check.php”.
    2. Upload it into your WordPress root folder.
    3. Go to https://YOUR WEBSITE/wp-check.php
    4. Delete it afterwards.
    5. Paste the results here.

    Thread Starter jasonschell

    (@jasonschell)

    Thanks for your fast reply!
    Yes, nginx is being used as a reverse proxy with apache. I’m managing my server with Plesk and this is the initial setup.
    But when I’m with LiteSpeed (activated it again a few moments ago), nginx service is stopped and Apache is running only (with LS).

    I run the script and I’m surprised that it says, NinjaFirewall is in FullWAF-mode while viewed directly in NF-Dashboard is showing me WP-WAF mode only:

    At first without activated the FullWAF-mode:

    NinjaFirewall (WP edition) troubleshooter

HTTP server	:	LiteSpeed
PHP version	:	7.4.13
PHP SAPI	:	LITESPEED
 	 	 
auto_prepend_file	:	none
wp-config.php	:	found in /var/www/vhosts/itservices-schell.de/webdesign-schell.de/wp-config.php
NinjaFirewall detection	:	NinjaFirewall WP Edition is loaded (WordPress WAF mode)
 	 	 
Loaded INI file	:	/var/www/vhosts/system/webdesign-schell.de/etc/php.ini
user_ini.filename	:	.user.ini
user_ini.cache_ttl	:	300 seconds
User PHP INI	:	none found
 	 	 
DOCUMENT_ROOT	:	/var/www/vhosts/itservices-schell.de/webdesign-schell.de
ABSPATH	:	/var/www/vhosts/itservices-schell.de/webdesign-schell.de/
WordPress version	:	5.6
WP_CONTENT_DIR	:	/var/www/vhosts/itservices-schell.de/webdesign-schell.de/wp-content
Plugins directory	:	/var/www/vhosts/itservices-schell.de/webdesign-schell.de/wp-content/plugins
User Role	:	Unknown role (or user not logged in)
User Capabilities	:	Error: missing manage_options capability - Error: missing unfiltered_html capability
Make sure you are logged in to WordPress before running this script.
Log dir permissions	:	/var/www/vhosts/itservices-schell.de/webdesign-schell.de/wp-content/nfwlog dir is writable
Cache dir permissions	:	/var/www/vhosts/itservices-schell.de/webdesign-schell.de/wp-content/nfwlog/cache dir is writable
NinjaFirewall (WP edition) troubleshooter v1.9.3

    Now I activate the FullWAF-mode with the recommended LiteSpeed-option:

    NinjaFirewall (WP edition) troubleshooter

HTTP server	:	LiteSpeed
PHP version	:	7.4.13
PHP SAPI	:	LITESPEED
 	 	 
auto_prepend_file	:	/var/www/vhosts/itservices-schell.de/webdesign-schell.de/wp-content/nfwlog/ninjafirewall.php
Loader's path to firewall	:	/var/www/vhosts/itservices-schell.de/webdesign-schell.de/wp-content/plugins/ninjafirewall/lib/firewall.php
wp-config.php	:	found in /var/www/vhosts/itservices-schell.de/webdesign-schell.de/wp-config.php
NinjaFirewall detection	:	NinjaFirewall WP Edition is loaded (Full WAF mode)
 	 	 
Loaded INI file	:	/var/www/vhosts/system/webdesign-schell.de/etc/php.ini
user_ini.filename	:	.user.ini
user_ini.cache_ttl	:	300 seconds
User PHP INI	:	none found
 	 	 
DOCUMENT_ROOT	:	/var/www/vhosts/itservices-schell.de/webdesign-schell.de
ABSPATH	:	/var/www/vhosts/itservices-schell.de/webdesign-schell.de/
WordPress version	:	5.6
WP_CONTENT_DIR	:	/var/www/vhosts/itservices-schell.de/webdesign-schell.de/wp-content
Plugins directory	:	/var/www/vhosts/itservices-schell.de/webdesign-schell.de/wp-content/plugins
User Role	:	Unknown role (or user not logged in)
User Capabilities	:	Error: missing manage_options capability - Error: missing unfiltered_html capability
Make sure you are logged in to WordPress before running this script.
Log dir permissions	:	/var/www/vhosts/itservices-schell.de/webdesign-schell.de/wp-content/nfwlog dir is writable
Cache dir permissions	:	/var/www/vhosts/itservices-schell.de/webdesign-schell.de/wp-content/nfwlog/cache dir is writable
NinjaFirewall (WP edition) troubleshooter v1.9.3
    Thread Starter jasonschell

    (@jasonschell)

    Another strange thing:
    When I’m viewing phpinfo() directly from my server, it shows me the auto_prepend_file with NinjaFirewall.
    When I’m viewing phpinfo() from WordPress Health Check, the line auto_prepend_file is empty.

    Plugin Author nintechnet

    (@nintechnet)

    That means the directive in your .htaccess is not recursive, i.e., it applies only to the main root folder, not to any subfolder.
    I’ve never seen that issue with LiteSpeed before. That’s rather odd.
    Can you log in to the LiteSpeed dashboard and add the NinjaFirewall’s directive in the vhost configuration instead?

    Thread Starter jasonschell

    (@jasonschell)

    As LiteSpeed is using the Apache Vhosts Configuration files (because using Plesk, LiteSpeed is only available with Apache together) I entered

    <IfModule Litespeed>
   php_value auto_prepend_file "/var/www/vhosts/itservices-schell.de/webdesign-schell.de/wp-content/nfwlog/ninjafirewall.php"
</IfModule>

    into the Additional Apache-directives settings in Plesk (as LiteSpeed is taking that directive from Apache).
    Now NinjaFirewall shows me Full WAF mode, thanks for your advise!
    But is this a problem which you can fix in NinjaFirewall or are there settings in my LiteSpeed-configuration which is responsible for my non-recursive directive in .htaccess?

    • This reply was modified 3 years, 11 months ago by jasonschell.
    Plugin Author nintechnet

    (@nintechnet)

    I assume it has to do with your configuration. By default, the Full WAF mode works out of the box with Litespeed with its own configuration. I never tried running Litespeed with Apache configuration, but that may be the issue.

    Thread Starter jasonschell

    (@jasonschell)

    Thanks for your quick help!

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Litespeed Webserver and Full WAF not working’ is closed to new replies.