admiral.com login.Makakuha ng libreng 700pho sa bawat deposito

Resolved

(@ziegel)

Hi,

1) POST /wp-admin/admin-ajax.php
I have a problem where on clicking Login from Plesk WordPress Toolkit, I am forwarded to WordPress special Login page managed by ‘miniOrange 2 Factor Authentication’ MFA.
There I insert the MFA, and am transferred to the WordPress Admin Panel.
When Ninja FireWall is turned On, I get a 403 error for (log attached):

POST /wp-admin/admin-ajax.php

When it’s turned Off, a cron run instead of it, and then admin panel is served.

2) Wp-config.php not seen by wp-check.php
Running wp-check.php I get the below results, where existing wp-confog is not presented (browser gets 500 error on some stage). My IP is white listed for it on .htaccess.

3) Plugin can not be activated via Plesk WP Toolkit
On Plesk WordPress Toolkit, the Ninja FW can be deactivated, but not
Activated.

Security tools on server include:
.htaccess file
ModSEcurity
Plesk WP Toolkit Security
Ninja FireWall
Plesk IP FireWall

Can you please help me find out how to to fix the above errors?

wp-check.php results are:


NinjaFirewall (WP edition) troubleshooter
HTTP server	:	Apache
PHP version	:	7.4.26
PHP SAPI	:	FPM-FCGI
 	 	 
auto_prepend_file			:	/var/www/vhosts/example.com/httpdocs/wp-content/nfwlog/ninjafirewall.php
Loader's path to firewall		:	/var/www/vhosts/example.com/httpdocs/wp-content/plugins/ninjafirewall/lib/firewall.php
.htninja				:	found in /var/www/vhosts/example.com/.htninja

And the log file, where the 403 error take place looks like this:


2021-12-19 21:59:56	Access	<server-ip>	200	POST /wp-cron.php?doing_wp_cron=1639943996.6477580070495605468750 HTTP/1.0	https://example.com/wp-cron.php?doing_wp_cron=1639943996.6477580070495605468750	WordPress/5.8.2; https://example.com	935	Apache SSL/TLS access
2021-12-19 21:59:58	Access	<client-ip>	200	POST /wp-login.php HTTP/1.0	https://plesk.example.com:8443/	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 OPR/82.0.4227.33	3.38 K	Apache SSL/TLS access
2021-12-19 22:00:10	Access	<client-ip>	302	POST /wp-login.php HTTP/1.0	https://example.com/wp-login.php	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36 OPR/82.0.4227.33	1.83 K	Apache SSL/TLS access
2021-12-19 22:00:11	Error	<server-ip>	403	POST /wp-admin/admin-ajax.php HTTP/1.0	https://example.com/wp-admin/admin-ajax.php	WordPress/5.8.2; https://example.com	1.04 K	Apache SSL/TLS access

This topic was modified 2 years, 11 months ago by ziegel.
This topic was modified 2 years, 11 months ago by ziegel.

Viewing 11 replies - 16 through 26 (of 26 total)

← 1 2

Thread Starter

ziegel

(@ziegel)

2 years, 11 months ago

May I ask where on the Ninja Fire Wall plugin is the INCLUDE for .htninja is called, so I can fix it.

On the plugin, if I’m correct you should have an IF for OS, and then have two different PHP Include calls, according to OS.

Thread Starter

ziegel

(@ziegel)

2 years, 11 months ago

Is it in the .user.ini file, that is configured differently, using 'auto_prepend_file' and not the 'include'?

; BEGIN NinjaFirewall
auto_prepend_file = "/var/www/vhosts/example.com/httpdocs/wp-content/nfwlog/ninjafirewall.php"
; END NinjaFirewall

Thread Starter

ziegel

(@ziegel)

2 years, 11 months ago

The actual call uses and OR and a different syntax:

if ( @file_exists($nfw_['file'] = dirname($_SERVER['DOCUMENT_ROOT']) .'/.htninja') ||
	@file_exists($nfw_['file'] = $_SERVER['DOCUMENT_ROOT'] .'/.htninja') ) {
	$nfw_['res'] = @include_once $nfw_['file'];

Thread Starter

ziegel

(@ziegel)

2 years, 11 months ago

Hi,

To me, it seems the wp-check.php file I was using is totlaly broken. Also wp-config.php couldn’t be called with the slash.

And…ABSPATH has a very strange IF using a quote and not a VAR…. which leads to an error message.

Can you please check?

I would be happy to know if the plugin works or not (the actual calls to include files are different than that used on wp-check.php)?

The link I have used:
https://nintechnet.com/share/wp-check.txt

The ADJUSTED wp-check.php I had to use:

<?php
/*
echo '<p>Hello World1</p>';
 +=====================================================================+
 | wp-check.php  (c) NinTechNet - https://nintechnet.com/               |
 +=====================================================================+
*/
$version = '1.9.4';
/*
 +=====================================================================+
 | NinjaFirewall's (WP/WP+ Edition) troubleshooter script              |
 +=====================================================================+
 | 1. Rename this file to "wp-check.php".                              |
 | 2. Upload it into your WordPress root folder.                       |
 | 3. Go to https://YOUR WEBSITE/wp-check.php                           |
 | 4. Delete it afterwards.                                            |
 +=====================================================================+
*/
if (version_compare(PHP_VERSION, '5.4', '<') ) {
	if (! session_id() ) {
		session_start();
	}
} else {
	if (session_status() !== PHP_SESSION_ACTIVE) {
		session_start();
	}
}
error_reporting(0);
ini_set('display_errors', 0);

?><html>
<head>
	<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
	<style>.tdb{background: none repeat scroll 0% 0% #F1F1F1}</style>
</head>
<body style="font-family: 'Open Sans',sans-serif;">
<h3>NinjaFirewall (WP edition) troubleshooter</h3>
<table width="100%" border="0" cellpadding="4" cellspacing="0">
	<tr class="tdb">
		<th width="30%">HTTP server</th>
		<td>:</td>
		<td>
		<?php
		if (! empty( $_SERVER['SERVER_SOFTWARE'] ) ) {
			echo $_SERVER['SERVER_SOFTWARE'];
		} else {
			echo '<font color="orange">unknown</font>';
		}
		?>
		</td>
	</tr>
	<tr>
		<th width="30%">PHP version</th>
		<td>:</td>
		<td>
		<?php
		if ( defined('PHP_VERSION') ) {
			if ( version_compare( PHP_VERSION, '5.5', '<' ) ) {
				echo PHP_VERSION . ': <font color="red">Error, NinjaFirewall requires PHP 5.5 or greater</font>';
			} else {
				echo PHP_VERSION;
			}
		} else {
			echo '<font color="orange">unknown</font>';
		}
		?>
		</td>
	</tr>
	<tr class="tdb">
		<th width="30%">PHP SAPI</th>
		<td>:</td>
		<td>
		<?php
		if ( defined('PHP_SAPI') ) {
			echo strtoupper( PHP_SAPI );
			if ( defined('HHVM_VERSION') ) {
				echo ' (HHVM detected)';
			}
		} else {
			echo '<font color="orange">unknown</font>';
		}
		?>
		</td>
	</tr>
	<tr><th width="30%">&nbsp;</th><td>&nbsp;</td><td>&nbsp;</td></tr>

	<tr>
		<th width="30%">auto_prepend_file</th>
		<td>:</td>
		<td>
		<?php
		$auto_prepend_file = ini_get('auto_prepend_file');
		if ( $auto_prepend_file ) {
			echo $auto_prepend_file;
		} else {
			echo 'none';
		}
		?>
		</td>
	</tr>

	<?php
	if (! empty( $auto_prepend_file ) && file_exists( $auto_prepend_file ) ) {
	?>
		<tr>
		<th width="30%">Loader's path to firewall</th>
		<td>:</td>
		<?php
		$content = file_get_contents( $auto_prepend_file );
		if (! preg_match( "<code>file_exists\('([^']+?)'\)</code>", $content, $match ) ) {
			?>
			<td><font color="red">Cannot find the path!</font></td>
			<?php
		} else {
			if (! file_exists( $match[1] ) ) {
				echo '<td><font color="red">The loader does not exist: '. htmlentities( $match[1] ) .'</font></td>';
			} else {
				echo '<td>'. htmlentities( $match[1] ) .'</td>';
			}
		}
		?>
			</tr>
		<?php
	}
	?>

	<?php
	if ( @file_exists( $file = dirname(getenv('DOCUMENT_ROOT') ) . '/.htninja') ) {
		?>
		<tr>
		<th width="30%">.htninja</th>
		<td>:</td>
		<td>
		<?php
		echo 'found in '. dirname(getenv('DOCUMENT_ROOT') ) . '/.htninja';
		?>
		</td>
	</tr>
	<?php
	include(dirname(getenv('DOCUMENT_ROOT') ) . '.htninja');
	}
	?>
	<tr class="tdb">
		<th width="30%">wp-config.php</th>
		<td>:</td>
		<td>
		<?php
		if ( file_exists( __DIR__ . '/wp-config.php' ) ) {
			echo '<p>Hello Check1</p>';
			$wp_config = __DIR__ . '/wp-config.php';
			echo 'found in (first) '. $wp_config;
		} elseif ( file_exists( dirname( __DIR__ ) . '/wp-config.php' ) ) {
			echo '<p>Hello Check2</p>';

			$wp_config = dirname( __DIR__ ) . '/wp-config.php';
			echo 'found in (second) '. $wp_config;
		} else {
			echo '<font color="red">Error: cannot find your wp-config.php file</font>';
			echo '</td></tr></table></body></html>';
			echo '<p>Hello Check3</p>';
			exit;
		}
		echo '<p>Hello Check4</p>';
		?>
		</td>
	</tr>
	<?php
	echo '<p>Hello Check5</p>';
	if ($wp_config) {
		@include(__DIR__ . 'wp-config.php');
		echo '<p>Hello Check6</p>';
	}
	?>
	<tr>
		<th width="30%">NinjaFirewall detection</th>
		<td>:</td>
		<td>
		<?php
		if ( defined('NFW_STATUS') ) {
			if (NFW_STATUS == 20) {
				$res = 'NinjaFirewall WP Edition is loaded';
				if ( defined('NFW_WPWAF') ) {
					$res .= ' (WordPress WAF mode)';
				} else {
					$res .= ' (Full WAF mode)';
				}
			} elseif (NFW_STATUS == 21) {
				$res = 'NinjaFirewall WP+ Edition is loaded';
				if ( defined('NFW_WPWAF') ) {
					$res .= ' (WordPress WAF mode)';
				} else {
					$res .= ' (Full WAF mode)';
				}
			} elseif (NFW_STATUS == 22) {
				$res = 'NinjaFirewall Pro Edition is loaded';
			} elseif (NFW_STATUS == 23) {
				$res = 'NinjaFirewall Pro+ Edition is loaded';
			} else {
				$res = '<font color="red">NinjaFirewall is loaded but returned error code #'. NFW_STATUS .'</font>';
			}
		} else {
			$res = '<font color="red">NinjaFirewall is not loaded</font>';
		}
		echo $res;
		?>
		</td>
	</tr>

	<tr class="tdb"><th width="30%">&nbsp;</th><td>&nbsp;</td><td>&nbsp;</td></tr>
	<tr>
		<th width="30%">Loaded INI file</th>
		<td>:</td>
		<td>
		<?php
		$res = php_ini_loaded_file();
		if ( $res ) {
			echo $res;
		} else {
			echo 'none';
		}
		?>
		</td>
	</tr>
	<tr class="tdb">
		<th width="30%">user_ini.filename</th>
		<td>:</td>
		<td>
		<?php
		$res = ini_get('user_ini.filename');
		if ( $res ) {
			echo $res;
		} else {
			echo 'none';
		}
		?>
		</td>
	</tr>
	<tr>
		<th width="30%">user_ini.cache_ttl</th>
		<td>:</td>
		<td>
		<?php
		$res = ini_get('user_ini.cache_ttl');
		if ( $res ) {
			echo $res . ' seconds';
		} else {
			echo 'none';
		}
		?>
		</td>
	</tr>
	<tr class="tdb">
		<th width="30%">User PHP INI</th>
		<td>:</td>
		<td>
		<?php
		$res = $count = '';
		if ( file_exists('php.ini' ) ) {
			$res = 'php.ini found - ';
			$count++;
		}
		if ( file_exists('php5.ini' ) ) {
			$res .= 'php5.ini found - ';
			$count++;
		}
		if ( file_exists('.user.ini' ) ) {
			$res .= '.user.ini found - ';
			$count++;
		}
		if ( $res ) {
			echo $res;
			if ($count > 1) {
				echo '<font color="red">Warning: you have more than one INI file</font>';
			}
		} else {
			echo "none found";
		}
		?>
		</td>
	</tr>
	<tr><th width="30%">&nbsp;</th><td>&nbsp;</td><td>&nbsp;</td></tr>
	<tr>
		<th width="30%">DOCUMENT_ROOT</th>
		<td>:</td>
		<td>
		<?php
		$res = getenv('DOCUMENT_ROOT');
		if ( $res ) {
			echo $res;
		} else {
			echo '<font color="red">Error: cannot find your DOCUMENT_ROOT</font>';
		}
		?>
		</td>
	</tr>

	<?php
	if ( strpos( @$_SERVER['SCRIPT_FILENAME'], '//' ) !== false ) {
		?>
		<tr class="tdb">
			<th width="30%">SCRIPT_FILENAME</th>
			<td>:</td>
			<td>
			<?php
			echo '<font color="red">Warning: there\'s a double slash (//) in the SCRIPT_FILENAME variable: '.
				htmlspecialchars( $_SERVER['SCRIPT_FILENAME'] ) .
				'<br />This may prevent PHP from loading its INI files.</font>';
			?>
			</td>
		</tr>
		<?php
	}
	?>

	<tr>
		<th width="30%">ABSPATH</th>
		<td>:</td>
		<td>
		<?php
		if (defined('ABSPATH') ) {
			echo ABSPATH;
			$doc_root = rtrim( getenv('DOCUMENT_ROOT'), '/' );
			if ( ABSPATH != $doc_root . '/' ) {
				echo ' (ABSPATH != DOCUMENT_ROOT)';
			}
		} else {
			echo '<font color="red">Warning: cannot find the ABSPATH</font>';
		}
		?>
		</td>
	</tr>
	<tr class="tdb">
		<th width="30%">WordPress version</th>
		<td>:</td>
		<td>
		<?php
		if (! empty($wp_version) ) {
			echo $wp_version;
		} else {
			echo '<font color="red">Warning: cannot find WordPress version</font>';
		}
		?>
		</td>
	</tr>
	<?php
	if ( is_multisite() ) {
		?>
	<tr class="tdb">
		<th width="30%">&nbsp;</th>
		<td>&nbsp;</td>
		<td>Multisite installation detected</td>
	</tr>
		<?php
	}
	?>
	<tr>
		<th width="30%">WP_CONTENT_DIR</th>
		<td>:</td>
		<td>
		<?php
		if (defined('WP_CONTENT_DIR') ) {
			echo WP_CONTENT_DIR;
		} else {
			echo '<font color="red">Warning: cannot find WP_CONTENT_DIR</font>';
		}
		?>
		</td>
	</tr>
	<tr class="tdb">
		<th width="30%">Plugins directory</th>
		<td>:</td>
		<td>
		<?php
		if ( is_dir( WP_PLUGIN_DIR ) ) {
			echo WP_PLUGIN_DIR;
		} else {
			echo '<font color="red">Error: cannot find WordPress plugins directory</font>';
		}
		?>
		</td>
	</tr>
	<tr>
		<th width="30%">User Role</th>
		<td>:</td>
		<td>
		<?php
		if ( $current_user = @wp_get_current_user() ) {
			if (! empty($current_user->caps['administrator']) ) {
				echo 'Administrator';
			} elseif (! empty($current_user->caps['editor']) ) {
				echo 'Editor';
			} elseif (! empty($current_user->caps['author']) ) {
				echo 'Author';
			} elseif (! empty($current_user->caps['contributor']) ) {
				echo 'Contributor';
			} elseif (! empty($current_user->caps['subscriber']) ) {
				echo 'Subscriber';
			} else {
				echo 'Unknown role (or user not logged in)';
			}
		} else {
			echo '<font color="red">Error: cannot find user role</font>';
		}
		?>
		</td>
	</tr>
	<tr class="tdb">
		<th width="30%">User Capabilities</th>
		<td>:</td>
		<td>
			<?php
			$cap = '';
			if ( current_user_can( 'manage_options' ) ) {
				$cap.= "manage_options: OK - ";
			} else {
				$cap.= '<font color="red">Error: missing manage_options capability</font> - ';
				$mo_err = 1;
			}
			if ( current_user_can( 'unfiltered_html' ) ) {
				$cap.= "unfiltered_html: OK";
			} else {
				$cap.= '<font color="red">Error: missing unfiltered_html capability</font>';
				$mo_err = 1;
			}
			echo $cap;
			if (! empty( $mo_err  ) ) {
				echo '<br />Make sure you are logged in to WordPress before running this script.';
			}
		?>
		</td>
	</tr>
	<tr>
		<th width="30%">Log dir permissions</th>
		<td>:</td>
		<td>
		<?php
		if (! is_dir( WP_CONTENT_DIR ."/nfwlog" ) ) {
			echo '<font color="red">Warning: cannot find NinjaFirewall log dir</font>';
		} else {
			if ( is_writable( WP_CONTENT_DIR ."/nfwlog" ) ) {
				echo WP_CONTENT_DIR ."/nfwlog dir is writable";
			} else {
				echo '<font color="red">Warning: '. WP_CONTENT_DIR . '/nfwlog dir is not writable</font>';
			}

		}
		?>
		</td>
	</tr>
	<tr>
		<th width="30%">Cache dir permissions</th>
		<td>:</td>
		<td>
		<?php
		if (! is_dir( WP_CONTENT_DIR ."/nfwlog/cache" ) ) {
			echo '<font color="red">Warning: cannot find NinjaFirewall cache dir</font>';
		} else {
			if ( is_writable( WP_CONTENT_DIR ."/nfwlog/cache" ) ) {
				echo WP_CONTENT_DIR ."/nfwlog/cache dir is writable";
			} else {
				echo '<font color="red">Warning: '. WP_CONTENT_DIR . '/nfwlog/cache dir is not writable</font>';
			}

		}
		?>
		</td>
	</tr>
</table>
<p><code>NinjaFirewall (WP edition) troubleshooter v<?php echo $version ?></code></p>
</body>
</html>

And the results I got after the fixing of wp-check.php, where ABSPATH calling in wp-check.php seems to me as a broken function.

NinjaFirewall (WP edition) troubleshooter

HTTP server	:	Apache
PHP version	:	7.4.27
PHP SAPI	:	FPM-FCGI
 	 	 
auto_prepend_file	:	/var/www/vhosts/example.com/httpdocs/wp-content/nfwlog/ninjafirewall.php
Loader's path to firewall	:	/var/www/vhosts/example.com/httpdocs/wp-content/plugins/ninjafirewall/lib/firewall.php
.htninja	:	found in /var/www/vhosts/example.com/.htninja
wp-config.php	:	

found in (first) /var/www/vhosts/example.com/httpdocs/wp-config.php

NinjaFirewall detection	:	NinjaFirewall WP Edition is loaded (Full WAF mode)
 	 	 
Loaded INI file	:	/opt/plesk/php/7.4/etc/php.ini
user_ini.filename	:	.user.ini
user_ini.cache_ttl	:	300 seconds
User PHP INI	:	.user.ini found -
 	 	 
DOCUMENT_ROOT	:	/var/www/vhosts/example.com/httpdocs
ABSPATH	:	Warning: cannot find the ABSPATH
WordPress version	:	Warning: cannot find WordPress version

Note: I also have Ninja Fire Wall on a staging instance which I disabled (as well as all staging), for them not to collide due to wrong configuration of the plugin to use directories which are SYNCEd from staging to live on product updates. You should stay in plugin, and use relative paths and not require absolute paths…

Thread Starter

ziegel

(@ziegel)

2 years, 11 months ago

Please note your wp-check file broke and not complete filling out the information. Is the call for if define ‘quote’ breaking it?

Thread Starter

ziegel

(@ziegel)

2 years, 11 months ago

Also, when signing in to Word Press control panel, coming from Plesk Word Press Toolkit, if Ninja Fire Wall is turned On, there is a 403 error for:

POST /wp-admin/admin-ajax.php

Between two wp-login,php calls:

POST /wp-login.php HTTP/1.0 // prompting MFA screen
POST /wp-admin/admin-ajax.php // when inserting MFA input and clicking, this is the error
POST /wp-login.php // 302 redirection to the wp-jsun --> wp-admin
GET /wp-json/
GET /wp-admin/

While when no using Ninja Fire Wall, what is received is:

POST /wp-login.php // click on plesk toolkit
POST /wp-login.php // inserting MFA
GET /wp-admin/ 
GET /wp-json/wp/v2/

This reply was modified 2 years, 11 months ago by ziegel.

Plugin Author

nintechnet

(@nintechnet)

2 years, 11 months ago

It seems like PHP include() behaves differently, according to OS.

It’s not managed by the OS. It’s populated by the HTTP server and PHP interpreter.
If you can’t run the wp-check script without modifying it, it means you still have a configuration issue.

The document root should not have a trailing slash. But if there’s one, that doesn’t matter. Even multiple slashes anywhere within the path will work too, the OS will discard extra slashes:

$ ls -la /etc/passwd
-rw-r--r-- 1 root root 2628 Jan 11  2021 /etc/passwd
$ ls -la ////etc////////////////passwd
-rw-r--r-- 1 root root 2628 Jan 11  2021 ////etc////////////////passwd

Include() and require() can use absolute or relative paths:
Absolute: require '/var/home/user/.htninja'
Relative (same folder): require '.htninja' or require './.htninja'
Relative (parent folder): require '../.htninja'

If your vhost is chrooted (very seldom) then you can have a leading slash for any file in the root folder and subfolders because that would be the absolute path: require '/.htninja or require '/wp-content/some-script.php'. But that’s not your configuration.

Thread Starter

ziegel

(@ziegel)

2 years, 11 months ago

Hi @nintechnet,

Thanks a lot! To begin with, you were right, and I found an error on my wp-config.php where the protective measure of setting if (!defined('ABSPATH')) exit; which may be used in other PHP files, and should NOT be used in wp-config.php was used. I fixed that.

However, the code in wp-check.php line 139:
include(dirname(getenv('DOCUMENT_ROOT') ) . '/.htninja');

Did break the php working getting, to it.

The same way used to call wp-config, DID WORK fall calling .htaccess:
include(__DIR__ . '/.htninja');

And I got full report that looks Ok.

May I ask, is my Ninja Fire Wall found to be functioning, or there is still an open issue to fix?

And, what caused the above failure, which did not occur for the fixed line?

The report I got with the fix looks as the one below:

NinjaFirewall (WP edition) troubleshooter
HTTP server	:	Apache
PHP version	:	7.4.27
PHP SAPI	:	FPM-FCGI
 	 	 
auto_prepend_file	:	/var/www/vhosts/example.com/httpdocs/wp-content/nfwlog/ninjafirewall.php
Loader's path to firewall	:	/var/www/vhosts/example.com/httpdocs/wp-content/plugins/ninjafirewall/lib/firewall.php
.htninja	:	found in /var/www/vhosts/example.com/.htninja
wp-config.php	:	found in /var/www/vhosts/example.com/httpdocs/wp-config.php
NinjaFirewall detection	:	NinjaFirewall WP Edition is loaded (Full WAF mode)
 	 	 
Loaded INI file	:	/opt/plesk/php/7.4/etc/php.ini
user_ini.filename	:	.user.ini
user_ini.cache_ttl	:	300 seconds
User PHP INI	:	.user.ini found -
 	 	 
DOCUMENT_ROOT	:	/var/www/vhosts/example.com/httpdocs
ABSPATH	:	/var/www/vhosts/example.com/httpdocs/
WordPress version	:	5.8.2
WP_CONTENT_DIR	:	/var/www/vhosts/example.com/httpdocs/wp-content
Plugins directory	:	/var/www/vhosts/example.com/httpdocs/wp-content/plugins
User Role	:	Administrator
User Capabilities	:	manage_options: OK - unfiltered_html: OK
Log dir permissions	:	/var/www/vhosts/example.com/httpdocs/wp-content/nfwlog dir is writable
Cache dir permissions	:	/var/www/vhosts/example.com/httpdocs/wp-content/nfwlog/cache dir is writable
NinjaFirewall (WP edition) troubleshooter v1.9.4

Thread Starter

ziegel

(@ziegel)

2 years, 11 months ago

It seems, your code, if made a small change to, would also work…

Instead of a line with a slash before file name:
include(dirname(getenv('DOCUMENT_ROOT') ) . '/.htninja');

One without a slash, worked:
include(dirname(getenv('DOCUMENT_ROOT') ) . '.htninja');

getenv(‘DOCUMENT_ROOT’):
DOCUMENT_ROOT : /var/www/vhosts/example.com/httpdocs

dir(/var/www/vhosts/example.com/httpdocs):
/var/www/vhosts/example.com

And my server configured to add a trailing slash, would make this:
/var/www/vhosts/example.com/

And the the file name to add, in such a case, should be:
'.htninja'

And not:
'/.htninja'

This reply was modified 2 years, 11 months ago by ziegel.

Thread Starter

ziegel

(@ziegel)

2 years, 11 months ago

SO, one of the bottom lines, would be, would the below plugin code work, or it would need an adjustment (due to server adding trailing slash):

if ( @file_exists($nfw_['file'] = dirname($_SERVER['DOCUMENT_ROOT']) .'/.htninja') ||
	@file_exists($nfw_['file'] = $_SERVER['DOCUMENT_ROOT'] .'/.htninja') ) {
	$nfw_['res'] = @include_once $nfw_['file'];

Plugin Author

nintechnet

(@nintechnet)

2 years, 11 months ago

The firewall is working as it indicates “NinjaFirewall WP Edition is loaded (Full WAF mode)”. Go to the “NinjaFirewall > Dashboard” page and check if there’s any error or warning.

This code is correct:
dirname($_SERVER['DOCUMENT_ROOT']) .'/.htninja'

I cannot remove the slash, because that will break 70,000+ sites using NinjaFirewall.

Enable debugging in WordPress and check the error log:
1. Edit your wp-config.php
2. Search for:
define('WP_DEBUG', false);
3. Replace with:
define('WP_DEBUG', true);
4. Add this line below:
define( 'WP_DEBUG_LOG', true );

The error log (if any) will be located in “/wp-content/debug.log”. It will display the reason why you have an error.

Viewing 11 replies - 16 through 26 (of 26 total)

← 1 2

The topic ‘/wp-admin/admin-ajax.php Error on WP Signin, and wp-config.php not seen by NFW w’ is closed to new replies.