Question about “DEBUG_ON” firewall log messages

  • Resolved tomdkat

    (@tomdkat)


    5 years, 8 months ago

    Hi! I’m running NinjaFirewall 4.0 (security rules 2019-07-02.1) on WordPress 5.2.2. Everything is working fine, but I’m starting to see strange “DEBUG_ON” entries in the Firewall log. I’ve read about NinjaFirewall’s “Debug” mode here:

    https://nintechnet.com/ninjafirewall/wp-edition/doc/

    but I don’t have debugging enabled in NinjaFirewall. I’m seeing the “DEBUG_ON” entries interspersed with “CRITICAL”, “MEDIUM”, and “HIGH” entries. In fact, the same IP address has generated all three entry types.

    Why would there be “DEBUG_ON” entries in the firewall log if debugging mode isn’t enabled?

    Thanks in advance!

    Peace…

Viewing 5 replies - 1 through 5 (of 5 total)

  • Nice q I have the same think with the new version.

    Plugin Author nintechnet

    (@nintechnet)

    I have one too:
    04/Jul/19 07:27:32 #7466913 DEBUG_ON - 192.3.44.125 GET /index.php - Sanitising user input - [HTTP_REFERER: https://tl.www.ads-software.com/about/']

    No worry, the input is parsed and sanitized as expected by the firewall, but the action code written to the log is wrong, and the firewall log displays it as DEBUG_ON in the “Level” column.
    This is just an error in the “Firewall Log” page, it does not affect the firewall behaviour.
    I’ll fix the code number in the next release.

    Thread Starter tomdkat

    (@tomdkat)

    Thanks! In my case, the HTTP action is a POST and the payload looks like JSON data:

    01/Jul/19 04:10:46  #6400911  DEBUG_ON     -  111.230.23.22    POST /index.php - Sanitising user input - [HTTP_REFERER: 554fcae493e564ee0dc75bdf2ebf94caads|a:3:{s:2:"id";s:3:"'/*";s:3:"num";s:141:"*/ union select 1,0x272F2A,3,4,5,6,7,8,0x7b247b24524345275d3b6469652f2a2a2f286d6435284449524543544f52595f5345...] - aaa.bbb.ccc.ddd

    (I replaced my address, at the end :))

    Is this anything to be concerned about?

    Thanks!

    • This reply was modified 5 years, 8 months ago by tomdkat.
    Plugin Author nintechnet

    (@nintechnet)

    It’s fine. It should be INFO instead of DEBUG_ON, but that does not affect the security, the data was sanitised.

    Thread Starter tomdkat

    (@tomdkat)

    Thanks!

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Question about “DEBUG_ON” firewall log messages’ is closed to new replies.