WAF Lock not acquired

Hi,

I checked with our developers and got this response:

File locking in PHP doesn’t work over NFS, so that’s why you’re seeing that error message. Depending on your setup, you can edit the wordfence-waf.php file to the WFWAF_LOG_PATH to any directory you’d like, so another non-networked partition should work. It just needs to be writable by the web server.

As always, make sure to make a backup before changing any files.

-Brian

Thanks, I’ll try this. In production we have 2 load balanced web servers which share a common NFS mounted storage. Would having separate wflogs directories in each local file system with mismatched content matter?

I’ve tried your fix on our test server, and it does what it is supposed to (thanks!). I still have 2 concerns though:
1. In a load balanced scenario, you end up with a different wflogs directory on each server with possibly different contents. Does it matter? What information does the wflogs directory store?
2. When the Wordfence plugin is updated, will the file wordfence-waf.php be updated, and clobber the fix?

Here is an update. The whitelisted URL rules (set up in learning mode) were all manually disabled when we switched to “Enabled and Protected” mode. But somehow they have been re-enabled. Where are those rules kept? If they are kept in the file system in wflogs, then the disabling will only occurs on one of the two load balanced web servers (whichever I happen to be connected to), and this would explain the behavior I see. However in they are kept in the joint database, then I should not see this behavior: do you know what could cause this?