The firewall is blocking all uploads of all administrators

  • Resolved Andrey

    (@andr3y1p)


    9 years ago

    Ditails:
    PHP ver. — 5.3.3
    Ninja ver. — 3.1 (security rules: 2016-03-11.2)
    WP ver. — 4.4.2
    WP type — multisite

    Problem: The super admin / admin on subdomain tries to upload a file – http error occurs. If Enable option “File Uploads – Allow uploads” upload works for all users.

    What I did?

    ##Thisscript.php 

    <?php
if (! session_id() ) {
   session_start();
   echo 'Starting session.<br />';
} else {
   echo 'Session was already started.<br />';
}
echo 'Checking "nfw_goodguy" session flag: ';
if ( empty($_SESSION['nfw_goodguy'])) {
   echo ' ERROR: not found.';
} else {
   echo ' OK, found it.';
}
?>

    If I login to the superadmins primary domain, the script writes that the session found:

    Session was already started.
    Checking “nfw_goodguy” session flag: OK, found it.

    If I login to the superadmins subdomain, the script writes that the session could not be found:

    Session was already started.
    Checking “nfw_goodguy” session flag: ERROR: not found.

    ##Test #1: Event Notifications. Part I (super admin)
    https://www.ads-software.com/support/topic/ninja-firewall-blocking-admin-user-uploads?replies=16#post-7725645

    USER: Super-admin. Owner
    Login to the main site, received a notice in the mail.

    Someone just logged in to your WordPress admin console:

    -User : super_admin (administrator)
    -IP : ***.***.182.149
    -Date : Март 19, 2016 @ 02:27:51 (UTC +0400)
    -Blog : https://infocult.me/

    NinjaFirewall (WP Edition) – https://ninjafirewall.com/
    Support forum: https://www.ads-software.com/support/plugin/ninjafirewall

    I’m trying to upload a file to a subdomain.
    Firewall Log:

    19/Mar/16 02:27:51 #4931300 info – ***.***.182.149 POST /wp-login.php – Logged in user – [super_admin (administrator)] – infocult.me
    19/Mar/16 02:31:32 #7932120 critical – ***.***.182.149 POST /wp-admin/async-upload.php – Blocked file upload attempt – [phone_icon_w.png, 1,205 bytes] – sf.infocult.me


    USER: Super-admin. Owner
    Login to the subdimain site, in the e-mail did not come.

    Entries that I have logged in firewall, but there are that the file is locked.

    19/Mar/16 02:48:58 #3313975 critical – ***.***.182.149 POST /wp-admin/async-upload.php – Blocked file upload attempt – [phone_icon_w.png, 1,205 bytes] – sf.infocult.me

    ##Test #1: Event Notifications. Part II (other subdomain admin)
    USER: test-admin. Subdomain other admin
    Login to the main site, received a notice in the mail.

    Someone just logged in to your WordPress admin console:

    -User : test-admin (not in users list)
    -IP : ***.***.182.149
    -Date : Март 19, 2016 @ 02:53:24 (UTC +0400)
    -Blog : https://infocult.me/

    NinjaFirewall (WP Edition) – https://ninjafirewall.com/
    Support forum: https://www.ads-software.com/support/plugin/ninjafirewall

    Thisscript.php (main domain):
    Session was already started.
    Checking “nfw_goodguy” session flag: OK, found it.

    Thisscript.php (subdomain):
    Session was already started.
    Checking “nfw_goodguy” session flag: ERROR: not found.

    I’m trying to upload a file to a subdomain.
    Firewall Log:

    19/Mar/16 02:53:25 #2845129 info – ***.***.182.149 POST /wp-login.php – Logged in user – [test-admin (not in users list)] – infocult.me
    19/Mar/16 02:53:47 #6699791 critical – ***.***.182.149 POST /wp-admin/async-upload.php – Blocked file upload attempt – [SteveJobsCloseUp.jpg, 46,886 bytes] – sf.infocult.me


    USER: test-admin. Subdomain other admin
    Login to the subdimain site. Notifications to the mail did not come again. But the firewall recorded attempt to upload a file.

    19/Mar/16 03:01:56 #5650841 critical – ***.***.182.149 POST /wp-admin/async-upload.php – Blocked file upload attempt – [SteveJobsCloseUp.jpg, 46,886 bytes] – sf.infocult.me

    ________________________________________________________

    Follow the instructions here
    https://www.ads-software.com/support/topic/ninja-firewall-blocking-admin-user-uploads?replies=16#post-8026331

    The file nfwpexport.txt I already sent an e-mail “contact at nintechnet dot com”, label [inficult.me-ninjafirewall-problem] ??

    https://www.ads-software.com/plugins/ninjafirewall/

Viewing 14 replies - 1 through 14 (of 14 total)
  • Thread Starter Andrey

    (@andr3y1p)

    This error occurs on all my sites and client sites, on three different hostings.

    PS: I apologize for my english ..)

    Plugin Author nintechnet

    (@nintechnet)

    Hi,

    The problem I can see is this:

    19/Mar/16 02:53:25 #2845129 info – ***.***.182.149 POST /wp-login.php – Logged in user – [test-admin (not in users list)] – infocult.me
    19/Mar/16 02:53:47 #6699791 critical – ***.***.182.149 POST /wp-admin/async-upload.php – Blocked file upload attempt – [SteveJobsCloseUp.jpg, 46,886 bytes] – sf.infocult.me

    When you log in to “infocult.me”, PHP starts a session for that domain.
    But when you upload a file, the log shows “sf.infocult.me”.
    The PHP session is only valid for “infocult.me”. This is the way PHP sessions work.
    It won’t work with “www.infocult.me”, “sf.infocult.me” or “whatever.infocult.me”.

    Plugin Author nintechnet

    (@nintechnet)

    I forgot to ask an important question: when you log in to the subdomain as the Superadmin and click on the ‘Users’ menu, do you see the Superadmin in the users’ list?

    Thread Starter Andrey

    (@andr3y1p)

    I do not remember a case that in the users section in multisite displayed with “Superadmin” role. Usually it displayed just administrators, regardless of their role.

    My screenshot — https://joxi.ru/n2Yn0eKfjp5kBA

    The PHP session is only valid for “infocult.me”. This is the way PHP sessions work.
    It won’t work with “www.infocult.me”, “sf.infocult.me” or “whatever.infocult.me”.

    And so that is not to fix?

    Or do you mean that I have to log in to a subdomain?
    So I did so. It ends the current session, open the private mode and login to the subdomain. But the firewall is still blocking the uploading ??

    Plugin Author nintechnet

    (@nintechnet)

    You have an issue somewhere: either in WordPress or PHP or both.

    When the Superadmin logs in to a site, you should always receive a notification by email, but here, you don’t.

    1. Can you run this command with PHPmyadmin or from MySQL shell:

    SELECT meta_value FROM wp_usermeta WHERE meta_value LIKE ‘%administrator%’

    Replace wp_usermeta with the right DB prefix if you changed it.

    2. Since the latest version 3.1, you can whitelist any logged in user. Can you try to select “Firewall Policies > Users Whitelist > Add all logged in users to the whitelist” and test uploads again?

    Thread Starter Andrey

    (@andr3y1p)

    Setting ?Add all logged in users to the whitelist.?
    does not affect anything.

    Only works ?File Uploads “Allow uploads”?

    I really like your plug-in and put it permanently.
    At all the sites, and I recommend to all my clients.
    Error uploading files on multi site occurs constantly.

    The problem in the plug-in ??

    Plugin Author nintechnet

    (@nintechnet)

    That’s very odd.
    How did you set up your multi-site? Did you use a plugin or did you follow an article like https://codex.www.ads-software.com/Create_A_Network ?

    Can you also post the list of the plugins your are using on that site? Maybe one of them is messing with PHP session.

    Thread Starter Andrey

    (@andr3y1p)

    I’ve been using the “classical method” ?? described in the article.

    I always use the same set of plug-ins:

    • NinjaFirewall (WP Edition);
    • WP Super Cache;
    • Autoptimize;
    • Yoast SEO;
    • Cyr to Lat enhanced;
    • Contact Form 7;
    Plugin Author nintechnet

    (@nintechnet)

    The WP Super Cache plugin could be the problem. Caching applications don’t play well with PHP sessions.
    Can you try to disable the cache, and test again NinjaFirewall?

    Thread Starter Andrey

    (@andr3y1p)

    The problem is relevant to all applications running with cache or just for WP Super Cache?

    Ok, I will test it on the weekends. Or earlier..

    Plugin Author nintechnet

    (@nintechnet)

    It applies to all caching apps because the PHP session ID is stored in a cookie (by default it is named ‘PHPSESSID’) and that can make problem depending on the caching application settings.

    cebln

    (@cebln)

    I am also plagued by the error “http error” when certain editors upload files.
    Staying away from caches is not an option. A page needs to load as fast as possible these days. So what now?
    (Additional info: The setting is that all logged in users are whitelisted)

    • This reply was modified 8 years ago by cebln.
    • This reply was modified 8 years ago by cebln.
    Plugin Author nintechnet

    (@nintechnet)

    Did you check this discussion: https://www.ads-software.com/support/topic/uploads-blocked/

    I don’t think your caching plugin is the problem, because it shouldn’t cache your editors when they are logged in.

    cebln

    (@cebln)

    Thank you for pointing me to the other discussion. Great, a debugging is coming.
    In my case the software does not recognize logged in editors and allows uploading for them. Very mysterious. (Admins never had problems, editors only.)

    • This reply was modified 8 years ago by cebln.
Viewing 14 replies - 1 through 14 (of 14 total)
  • The topic ‘The firewall is blocking all uploads of all administrators’ is closed to new replies.