Articles and previews blocked for admin

Hi,

It could be a RAM issue, WordPress may be using more RAM when some actions like previewing are performed. I think 50Mb is a bit too low, although we tested it with much less than that.

If you click on the firewall’s “Overview” page, do you see any warning?
If you temporarily disable “Firewall Policies > Scan POST variable”, does the error go away?

Hi,

thank you for your reply. The overview does not show any warning, and the problem persists even with disabled Scan of POST variables.

My hoster asks, whether special PHP settings are required (apart from what you instructed to put in the php.ini, which worked up until now)? The say, they even tested with PHP 5.6 LATEST, and the problem persisted.

If not, maybe it really is a problem of RAM.

Hi,

You are whitelisted by the firewall otherwise you would see a warning in the “Overview” page.

It looks like a PHP session issue:
1. When you disable the plugin (either from the plugins page or the “Firewall Options” page), the firewall will read its configuration from the DB and will notice it is disabled. If will stop here and let WordPress run.
2. If you don’t disable it and you are the admin, it will read its configuration from the DB, start a PHP session (session_start() function), will notice you are the admin and should be whitelisted. It will stop here and let WordPress run.

The call to session_start() is the only difference between #1 (you aren’t blocked) and #2 (you are blocked).

The PHP session issue could be related to memory but it is hard to say. You would need to ask your host if there is anything wrong or special with your PHP configuration and sessions.

Hi,

ad 2. – actually, NinjaFirewall often fails to recognize me as admin. I already had to disable two firewall rules for that reason, since I was not allowed to do perfectly regular things (I recall, there was the malfunction with the article preview, and something else did not work any more, either).

So maybe, that is the case here, too; but then again – why not logging anything? That is different than before, and does not make any sense. No log, no firewall acivity, am I right? Hence, it would have to be memory or php. Now, back to my host…

Hi

Did you try to allocate more RAM, (64 or 128Mb)?
Did you check your PHP configuration to ensure it logs all errors?

Hi,

the hoster increased my RAM limit to 100MB, without change. They say, on another hosting package the hardware would be different, but I do not really believe that is the bottle neck.

So currently, as my php log is turned on (the hoster did that for me) and logs nothing really (only some database errors when sb logs in, courtesy of a security plugin), I have no idea what is going on.

My hoster tells me, that is would be possible to save the sessions in my webspace, and I am currently trying to find out how to do that, so I can get more information.

I relocated the session folder via session.save_path, and when I reload one of the problematic article preview, in the resulting session file I only find this:

‘GOTMLS_login_ok|b:1;’

Hi,

If NinjaFirewall is enabled and you are logged in as ‘admin’, there should be this in the session file:

nfw_goodguy|b:1;

Seems that the plugin “Anti-Malware and Brute-Force Security by ELI” was responsible for that. I deactivated this plugin. Now, the session file is just empty. What does it mean?

I checked the session folder again, and among 33 session files, only one has content:

nfw_goodguy|b:1;

However, I had not interacted with my website for over an hour at the time the session was created. On the other hand, when I interact, it seems I create an empty session.

Maybe, the content of the session is always deleted again, just after the incident?

NinjaFirewall’s “nfw_goodguy” is only present in the session file while you are logged in.
When you deactivate the plugin or log out, it will delete its session content.

Maybe you have a plugin that overwrites or unset the whole session when you are the admin? In that case, that would delete the whole content, including NinjaFirewall’s one.
You would need to scan all your plugins and search for strings like “session_start” so we would know which ones use PHP sessions.

Today I wrote an article, and all was well – right up to the end, when I added the meta description with the Yoast SEO plugin. Have you had any issues with this? I will follow up when I know more.

Hi,

I never heard about such an issue so far.
Does that plugin deal with PHP sessions?

I searched for “session_start” in the php files of WordPress SEO by Yoast, but there were none. Would not make much sense anyway, I gather. Yoast does not provide support on their free plugin, so that is a dead end for now.

Maybe it is something with the Theme and Yoast and NinjaFirewall together, and the problem goes away some time in the future. I hope so!

As I noticed right now, my last article today even allows preview, and there I already added the meta description. It really is a miraculous thing altogether.

Hi

If you have a static IP, you can whitelist yourself using the .htninja file. That would solve your problem… but that would not help to find out where the issue comes from!