PHP 7.3: Invalid command ‘php_value

  • Resolved barnez

    (@pidengmor)


    4 years, 10 months ago

    Hi,

    My host moved all sites to a new server 10 days ago. Today, all the sites running NinjaFirewall went down with 500 server errors. The error log shows:

    /home/XXXX/XXXX/.htaccess: Invalid command 'php_value', perhaps misspelled or defined by a module not included in the server configuration

    All sites use PHP version 7.3 with the suphp PHP handler. All the sites have the following .htaccess rule for the firewall:

    
# BEGIN NinjaFirewall
php_value auto_prepend_file /home/XXXX/XXXX/wp-content/nfwlog/ninjafirewall.php
# END NinjaFirewall

    And all sites have the following rule in the .user.ini file:

    
; BEGIN NinjaFirewall
auto_prepend_file = /home/XXXX/XXXX/wp-content/nfwlog/ninjafirewall.php
; END NinjaFirewall

    If I comment out these lines in .htaccess, I recover access to the sites, but I cannot log into the WordPress dashboard. One site gives me a 404 error and takes me to https://79.153.226.174/$. Another with brute force protection always on just scrolls between the captcha page, and another with brute force protection always on allows me to access the WordPress dashboard.

    Could you indicate what the correct .htaccess rules should be for one site, and then I will try this accross all sites?

    • This topic was modified 4 years, 10 months ago by barnez. Reason: Correct typos

    The page I need help with: [log in to see the link]

Viewing 11 replies - 1 through 11 (of 11 total)
  • Thread Starter barnez

    (@pidengmor)

    The troubleshooter script for the 404 error site linked to above gives:

    
HTTP server	:	Apache
PHP version	:	7.3.13
PHP SAPI	:	CGI-FCGI
 	 	 
auto_prepend_file	:	/home/XXXX/XXXX/wp-content/nfwlog/ninjafirewall.php
wp-config.php	:	found in /home/XXXX/XXXX/wp-config.php
NinjaFirewall detection	:	NinjaFirewall WP Edition is loaded (Full WAF mode)
 	 	 
Loaded INI file	:	/opt/cpanel/ea-php73/root/etc/php.ini
user_ini.filename	:	.user.ini
user_ini.cache_ttl	:	300 seconds
User PHP INI	:	.user.ini found -
 	 	 
DOCUMENT_ROOT	:	/home/XXXX/XXXX
ABSPATH	:	        /home/XXXX/XXXX/
WordPress version	:	5.3.2
WP_CONTENT_DIR	:	/home/XXXX/XXXX/wp-content
Plugins directory	:	/home/XXXX/XXXX/wp-content/plugins
User Role	:	Unknown role (or user not logged in)
User Capabilities	:	Error: missing manage_options capability - Error: missing unfiltered_html capability
Make sure you are logged in to WordPress before running this script.
Log dir permissions	:	/home/XXXX/XXXX/wp-content/nfwlog dir is writable
Cache dir permissions	:	/home/XXXX/XXXX/wp-content/nfwlog/cache dir is writable
NinjaFirewall (WP edition) troubleshooter v1.8
    Plugin Author nintechnet

    (@nintechnet)

    You should remove the rules from your .htaccess, your host is using PHP FCGI which requires .user.ini only.
    Try to comment out the lines in your .user.ini too, and wait a few minutes until PHP refreshes its cache. Then log in to WordPress admin dashboard, go to “NinjaFirewall > Dashboard” and click on the “Click here to enable its Full WAF mode” link to automatically add the directive to your .user.ini.

    Thread Starter barnez

    (@pidengmor)

    Commenting out .user.ini helped. It took a little while for PHP to refresh, but then the backend was accessible and the Firewall was running in WordPress WAF mode. However, during the setup for the Full WAF mode it shows the following message:

    
Oops! Full WAF mode is not enabled yet.
Make sure your HTTP server support the php_value auto_prepend_file directive in .htaccess files. Maybe you need to restart your HTTP server to apply the change, or simply to wait a few seconds and reload this page?

    After refreshing the page it shows ‘NinjaFirewall is running in Full WAF mode.’ But the same rules with are added to .htaccess again, so I am back where I started ?? :

    
# BEGIN NinjaFirewall
php_value auto_prepend_file /home/XXX/XXXX/wp-content/nfwlog/ninjafirewall.php
# END NinjaFirewall
    Thread Starter barnez

    (@pidengmor)

    Litespeed is the default recommended on the setup.
    If I select Apache + CGI/FastCGI or PHP-FPM, after the 300 sec wait it returns back to the installer again.

    • This reply was modified 4 years, 10 months ago by barnez. Reason: add info on test with other server option
    Plugin Author nintechnet

    (@nintechnet)

    Try “Apache + suPHP” as you mentioned “PHP version 7.3 with the suphp PHP handler”.

    Thread Starter barnez

    (@pidengmor)

    Tried Apache + suPHP, but the install rolls back to: NinjaFirewall is running in WordPress WAF mode.

    The same with all 5 sites.

    If I try and unistall and reinstall on one of the 5 sites, I hit the same issue. However, if I try a clean install of Ninja Firewall on another site on the same server, it installs successfully as NinjaFirewall is running in Full WAF mode. after using the Litespeed server settings.

    It’s strange. Could this be related to the recent server migration?

    • This reply was modified 4 years, 10 months ago by barnez.
    Thread Starter barnez

    (@pidengmor)

    Left alone for a while and now the Full WAF mode is accepted using the Litespeed (recommended) option. However, the php_value auto_prepend_file directive is again being added to the .htaccess file. Does this mean that the following srevr error is likely to be triggered again, leading to a 500 server error:

    
/home/XXXX/XXXX.htaccess: Invalid command 'php_value', perhaps misspelled or defined by a module not included in the server configuration, referer: https://www.XXXX/
    Plugin Author nintechnet

    (@nintechnet)

    Your configuration seems to be Litespeed + Apache FCGI:

    < HTTP/1.1 302 Found
< Connection: Keep-Alive
< Content-Type: text/html
< Content-Length: 681
< Date: Sun, 26 Jan 2020 10:41:47 GMT
< Server: LiteSpeed

    Try “Apache + suPHP” and select “php.ini”, not “.user.ini”.

    Thread Starter barnez

    (@pidengmor)

    I have tried that. It creates the php.ini file and adds the suPHP_ConfigPath rules to the .htaccess file, but after the 300 sec refresh it is still in WordPress WAF mode.

    Plugin Author nintechnet

    (@nintechnet)

    That’s odd. Maybe only LiteSpeed is being used, as suggested by the installer. In that case, select “Apache + PHP 7 module”. It will add the code to the .htaccess with a <IfModule mod_php> directive that should prevent the 500 error.

    Thread Starter barnez

    (@pidengmor)

    That’s the one! The Full WAF mode loads fine now on all sites now.
    Thank you for your help.

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘PHP 7.3: Invalid command ‘php_value’ is closed to new replies.