php.ini in subdomain

  • Resolved jkling

    (@jkling)


    5 years, 7 months ago

    Hi,

    I have a global php.ini for my domain with an editor, where I can define the auto_prepend_file. So I can activate Full WAf mode manually.
    IMG A https://snag.gy/jGpbHm.jpg
    You see the path and a running firewall

    Because I have different wordpress installations in various subdomains,
    I left the auto_prepend_file input blank, and put a local php.ini in the root of each subdomain with the correct auto_prepend_file directive.
    The path occurs in the table, which means the local php.ini works.
    But when I see the table, that means the firewall does not work.
    IMG B https://snag.gy/zxJ6jI.jpg

    So I changed the path, to see if the php.ini here does anything with the prepend file. And it does. The Whole text of the license.txt was on to of the phpinfo table.
    IMG C https://snag.gy/ydaFX3.jpg

    I have solved the problem with a auto_prepend_loader.php

    switch ($_SERVER['SERVER_NAME']) {
    case "sub_1.domain.foo":
	 require '/root_1/wordpress/wp-content/nfwlog/ninjafirewall.php';
         break;
    case "sub_2.domain.foo":
	 require '/root_2/wordpress/wp-content/nfwlog/ninjafirewall.php';
         break;		 
}

    Is this a bug or a feature ??

    Best regards
    Jürgen

Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Are you whitelisted by the firewall when you are viewing the phpinfo file?
    Make sure to log out of WordPress before testing again. If you are whitelisted, you won’t be blocked.

    Thread Starter jkling

    (@jkling)

    Sure not. I am aware of this.
    Infact I log out and delete cache and cookies, before I reload the phpinfo.

    Plugin Author nintechnet

    (@nintechnet)

    Did you try “.user.ini” instead of “php.ini”? Often, they are more suitable at the user level. You’ll need to wait a few minutes after renaming the file before you can test it.
    Otherwise, the issue may come from your host PHP configuration: sometimes, the sub-domain inherit the configuration from the domain, sometimes it does not. Using a loader like you did is the best -and most flexible- solution in that case.

    Thread Starter jkling

    (@jkling)

    I have tried user.ini, but this is not supported by the server.

    There is no problem with the php.ini in the subdomain.
    It overwrites the auto_prepend_file directive from the global php.ini perfectly.
    The phpinfo() function gives back the value(path) of the local php.ini and the prepended file is interpreted by php.

    Only the firewall acts strange.

    I have checked the whole path until firewall.php is loaded.
    And as you see, it is loaded.
    The backend shows an error message.
    The admin is blocked from the phpinfo but not from the backend at the same time.

    As soon as I restore my solution with the custom auto_prepend_loader.php all woks fine.

    This is a very pure demo site without content or other plugins.
    If you like, I can send you the credentials for wp and ftp
    to your helpdesk https://nintechnet.com/helpdesk/

    https://snag.gy/Uo60EX.jpg

    By now I have deleted the plugin to start from scratch.

    Plugin Author nintechnet

    (@nintechnet)

    That’s very odd.
    One more question: you wrote “I left the auto_prepend_file input blank”. Can you make sure you commented out (or removed) that auto_prepend_file directive instead?
    If you have an empty auto_prepend_file = directive somewhere in an INI file, that would mess with the one used by the firewall.

    Thread Starter jkling

    (@jkling)

    I cannot delete the epmtpy directive, because the editor generates the file.
    No entry leads to: auto_prepend_file =

    But now I have uploaded an empty file, to put a value on the right side.

    This is the protocoll:
    1. global ini; auto_prepend_file = foe.txt (empty file)
    2. call phpinfo.php; echos auto_prepend_file = foe.txt
    3. install firewall from repository
    4. check no local php.ini in the root
    5. run Full WAF setup
    6. new local php.ini in the root set by the NJ firewall
    7. Test Firewall
    8. Error
    9. call phpinfo.php; echos auto_prepend_file = my server-path/wp-content/nfwlog/ninjafirewall.php
    10. call phpinfo.php in an other browser as guest, firewall is running
    Sorry , your request cannot be processed.
    For security reasons, it was blocked and logged.

    Again the ini does what it has todo. It delivers the right value and the server delivers the file to the phpengine.

    I am pretty sure that conditions to raise the error cannot deal with the situation.

    if (! defined('NFW_STATUS') || NFW_STATUS != 20 ) {
		echo '<div class="error settings-error"><p>'. __('Error: The firewall is not loaded.', 'ninjafirewall'). '</p></div>
		<h3>'. __('Suggestions:', 'ninjafirewall'). '</h3>

    I found two times in your script defined(‘NFW_STATUS’) = 20 and about 10 times an other status. But then I have stopped my investigations.

    In the whole plugin directory there is only the .htninja.sample and now .htninja.
    Maybe this is important for you.

    Plugin Author nintechnet

    (@nintechnet)

    You can try to add this code to any PHP file (phpinfo etc) if you want to test if NinjaFirewall is loaded by the PHP ini:
    echo NFW_STATUS;

    Thread Starter jkling

    (@jkling)

    Hi, I do not have to test it this way, because when the phpinfo.php is protected against guests with the scaring shield of the Ninja Logo, this is a true sign of a impregnable fortress!

    But later on I will check out the NFW_STATUS. Maybe there occure some unexpected numbers.

    Meanwhile I have migrated a wordpress site with NJFW in FullWAF successfully without any problems. Of Course the duplicator plugin could not add the auto_prepend_file directive to the servers php.ini. So at first the FW was disabled.

    After I have fixed the php.ini, the overview startet from the scratch.
    At this time the Fw should allready be running. I am sorry, that I have not checked this out. Anyway. In the next step this error message occured:

    NinjaFirewall detected that the PHP auto_prepend_file directive seems to be used by another application: "myroot"/wp-content/nfwlog/ninjafirewall.php. Because NinjaFirewall needs to use that directive, it will override it.

    I selected php.ini and next. Et voilà the next steps have been skipped and the FW was running, without a new php.ini in “myroot”.

    No problem at all, because the manually adjustment of the server ini is easy and works well. Nevertheless an remarkable fun fact.

    I do not understand, why your FW does not appear in the best rankings for security plugins beside these bloated “you know who” plugins.

    Best wishes

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘php.ini in subdomain’ is closed to new replies.