Allow script to run

  • Resolved dimsal

    (@dimsal)


    3 years, 4 months ago

    Hi,

    How can I allow a certain php script to run inside wp-content folder? It’s a thumbnail creation php script and I need to run it for a couple of times.

    I used this page as a reference: https://blog.nintechnet.com/ninjafirewall-wp-edition-the-htninja-configuration-file/

    I tried both this solution:

    if (strpos($_SERVER['SCRIPT_FILENAME'], '/foo/bar/') !== FALSE) {
   return 'ALLOW';
}

    and this:

    if (strpos($_SERVER['SCRIPT_NAME'], 'script.php') !== FALSE ) {
   return 'ALLOW';
}

    but none of these worked. What am I doing wrong?

    Could you give some tips?

    Thank you.

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author nintechnet

    (@nintechnet)

    The syntax is correct and it worked when I tested it. Did you check in the “NinjaFirewall > Dashboard” page if the .htninja script is loaded by the firewall?

    Thread Starter dimsal

    (@dimsal)

    Yes, the .htninja file is loaded by the firewall.

    One other weird thing is in Advanced tab of Firewall Policies I have Set Content-Security-Policy for the website frontend enabled and the rules are not getting updated. I’ve added new rules but the browser’s Developer Console still shows old outdated version of the rules. I checked all the caching, etc. and can’t find the reason why would it show the old version. Any ideas what else to check?

    Plugin Author nintechnet

    (@nintechnet)

    Can you run the troubleshooter script and paste the results here: https://nintechnet.com/share/wp-check.txt
    1. Rename it to “wp-check.php”.
    2. Upload it into your WordPress root folder.
    3. Go to https://YOUR WEBSITE/wp-check.php
    4. Delete it afterwards.

    Thread Starter dimsal

    (@dimsal)

    Here’s the result:

    NinjaFirewall (WP edition) troubleshooter
HTTP server	: nginx/1.19.3
PHP version	: 7.4.24
PHP SAPI	: FPM-FCGI
 	 	 
auto_prepend_file : /home/******/webapps/my-dev-site/wp-content/nfwlog/ninjafirewall.php
Loader's path to firewall : /home/******/webapps/my-dev-site/wp-content/plugins/ninjafirewall/lib/firewall.php
wp-config.php :	found in /home/******/webapps/my-dev-site/wp-config.php
NinjaFirewall detection	: NinjaFirewall WP Edition is loaded (Full WAF mode)
 	 	 
Loaded INI file	: /etc/php74rc/php.ini
user_ini.filename : .user.ini
user_ini.cache_ttl : 300 seconds
User PHP INI : .user.ini found -
 	 	 
DOCUMENT_ROOT : /home/******/webapps/my-dev-site
ABSPATH	: /home/******/webapps/my-dev-site/
WordPress version :	5.8.1
WP_CONTENT_DIR	: /home/******/webapps/my-dev-site/wp-content
Plugins directory :	/home/******/webapps/my-dev-site/wp-content/plugins
User Role : Administrator
User Capabilities :	manage_options: OK - unfiltered_html: OK
Log dir permissions	: /home/******/webapps/my-dev-site/wp-content/nfwlog dir is writable
Cache dir permissions :	/home/******/webapps/my-dev-site/wp-content/nfwlog/cache dir is writable

NinjaFirewall (WP edition) troubleshooter v1.9.4
    • This reply was modified 3 years, 4 months ago by dimsal.
    Thread Starter dimsal

    (@dimsal)

    Never mind, found the issue. I misconfigured the .htninja file — put a similar looking but different domain hence both issues. Now all resolved.

    Thread Starter dimsal

    (@dimsal)

    Ticket is resolved.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Allow script to run’ is closed to new replies.