Ninja Blocking Access to Webmail

  • Resolved kelley_rao

    (@kelley_rao)


    9 years, 3 months ago

    Hello,

    I learned of your plugin yesterday and am very excited about it since it blocks bots/spammers before it even hits the WP database (at least that is how I understand it).

    My question is since installing this on several sites, access to /webmail is forbidden. Is there a work around for this?

    Thank you.

    https://www.ads-software.com/plugins/ninjafirewall/

Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Hi,

    Can you check the firewall log and paste here the lines that show the blocked request(s) ? It will also show the reason why you were blocked.

    Thread Starter kelley_rao

    (@kelley_rao)

    Thanks for the reply; where might I find the firewall log?

    Kelley

    Thread Starter kelley_rao

    (@kelley_rao)

    Found the log (very cool!); there is no record of the blocking activity nor reason. I will contact my host in the interim.

    Kelley

    Thread Starter kelley_rao

    (@kelley_rao)

    My host says I need to whitelist the URL of webmail or IP (can’t do IP because they are dynamic) based on this: https://ninjafirewall.com/wordpress/htninja/

    But I’m really not clear on what to do with this file. Can you help?

    Plugin Author nintechnet

    (@nintechnet)

    Maybe your webmail is having issue with PHP session?

    If you want to whitelist it, the .htninja is indeed the best option.
    Assuming that your website is “mywebsite.com” and that you access your webmail at “mywebsite.com/webmail/”:

    1. Create a file named “.htninja” either in your root folder or in its parent folder (see the doc about the differences between both).
    2. Add this code to it:

    <?php
/*
 +=============================================================+
 | NinjaFirewall optional configuration file                   |
 |                                                             |
 | See: https://ninjafirewall.com/wordpress/htninja/            |
 +=============================================================+
*/

if (strpos($_SERVER['SCRIPT_NAME'], '/webmail') !== FALSE) {
   return 'ALLOW';
}

    Replace webmail with the right folder name.

    3. Login to the WordPress dashboard, click on “NinjaFirewall > Overview” and ensure the .htninja configuration file is detected by the firewall (see screenshot).

    4. Try to access your webmail.

    Thread Starter kelley_rao

    (@kelley_rao)

    Thank you so much. Worked a treat!

    Kelley

    Hi,

    Resurrecting an old support thread…I’m having the same issues as the OP. With NinjaFirewall enabled I’m being blocked from RoundCube webmail client. I’ve added the above code in .htninja file (seen as optional configuration file) with the corrected path to my /mail folder, restarted web services, but still cannot access my webmail. I can get to the login screen, but after input user / pass, I get a blank screen.

    Thanks,
    Brian

    Plugin Author nintechnet

    (@nintechnet)

    Hi

    Maybe Roundcube is having issue with PHP sessions? If you have a blank page, the error will likely be written to your PHP error log.

    You can try to create a PHP INI file (php.ini or .user.ini) in the Roundcube folder with this line only:

    auto_prepend_file =

    The should override the ‘auto_prepend_file’ directive used by NinjaFirewall.
    If you load the firewall from a .htaccess, not a PHP INI, you would need to create an .htaccess instead, and add this line:

    <IfModule mod_php5.c>
php_value auto_prepend_file none
</IfModule>

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Ninja Blocking Access to Webmail’ is closed to new replies.