• Resolved slr1979

    (@slr1979)


    I enabled the PHP firewall after seeing the notification on my site and would like to know how to disable this if necessary?

    I can see the following in my htaccess

    # Begin AIOWPSEC Firewall
    	<IfModule LiteSpeed>
    		php_value auto_prepend_file '/home/domain.com/public_html/aios-bootstrap.php'
    	</IfModule>
    	<IfModule lsapi_module>
    		php_value auto_prepend_file '/home/domain.com/public_html/aios-bootstrap.php'
    	</IfModule>
    # End AIOWPSEC Firewall

    But there does not appear to be a setting to disable this which seems a bit odd. I assume I can just comment out the above and this will prevent the aios-bootstrap.php from being loaded?

    Thanks

Viewing 12 replies - 1 through 12 (of 12 total)
  • Plugin Contributor Prashant Baldha

    (@pmbaldha)

    The quickest way to remove the PHP-based firewall is to make empty aios-file.php file from the root folder by removing all code from it. Please don’t delete this file.
    We are implementing the feature to disable the PHP-based firewall from your WP site. You will get it in a future version of AIOS.

    Thread Starter slr1979

    (@slr1979)

    Thank you for the response but surely removing the code from the htacess would be sufficient

    I was under the impression that php_value auto_prepend_file just inserted the file at run time like require in php and if this line is removed the file will no longer load? Please correct me if I am wrong , I am self taught.

    IMHO it is not acceptable for developers to provide optional features that cannot be easily removed. This is now implemented on my live site and although there are no obvious issues at the moment, I would like to have control back of the way my site is configured asap.

    Please advise

    Plugin Contributor Prashant Baldha

    (@pmbaldha)

    @slr1979

    Please accept my apologies for your inconvenience.

    You are right that the php_value auto_prepend_file is inserted.

    If you deactivate the AIOS plugin, all these entries will be removed.

    
    IMHO it is not acceptable for developers to provide optional features that cannot be easily removed. This is now implemented on my live site and although there are no obvious issues at the moment, I would like to have control back of the way my site is configured asap.
    

    I am 100% agree with you. We are working on it. It will be given the option to remove PHP-based firewall completely.

    Thank you for your opinion.

    May I join this conversation? I cannot find aios-file.php within the plugin files. Where should I find it?

    Plugin Contributor Prashant Baldha

    (@pmbaldha)

    @lqdmbr
    I am sorry that I mistyped the file name. The file name is aios-bootstrap.php in place of aios-file.php.

    You will find it in your site’s root folder.

    Thread Starter slr1979

    (@slr1979)

    Has the ability to deactivate this been considered yet? It has been 4 weeks since my last comment.

    Plugin Contributor Prashant Baldha

    (@pmbaldha)

    Please accept my apologies for the delay in getting this feature.

    We have added this feature to our development version of the AIOS plugin.

    You will get it in the next release of the AIOS plugin.

    I am sorry again.

    Thread Starter slr1979

    (@slr1979)

    @pmbaldha Not a problem. Thank you very much for the update. I look forward to the next version.

    Thread Starter slr1979

    (@slr1979)

    Hello @pmbaldha. The last update was 6 days ago and my last post was 1 month ago. Has this been implemented as yet and if so where are the associated settings? I did start this discussion 2 months ago. Please advise

    Plugin Support aporter

    (@aporter)

    Hi @slr1979

    You can find the option to revert the setup for the PHP firwall in:

    WP Security -> Firewall -> Advanced Settings

    Then press the “Downgrade Firewall” button.

    Best Wishes,

    Ashley

    Thread Starter slr1979

    (@slr1979)

    @aporter Many thanks for your reply. Much appreciated!

    I get 500 Internal Server Error still even after deleting contents of aios-bootstrap.php file. I even tried rebooting my server.

    The contents of my file aios-bootstrap.php before leaving it empty:

    <?php
    /**

    • @version 1.0.1
    • WARNING: Please do not delete this file.
      • This will cause PHP to throw a fatal error and render your site unusable.
      • To safely delete this file, please check both your .user.ini file and your php.ini file and ensure this file is not set in the auto_prepend_file directive.
      • Please ask your web hosting provider if you need guidance with executing the aforementioned steps.
        */
        $GLOBALS[‘aiowps_firewall_rules_path’] = DIR.’/wp-content/uploads/aios/firewall-rules/’;

    // Begin AIOWPSEC Firewall
    if (file_exists(DIR.’/wp-content/plugins/all-in-one-wp-security-and-firewall/classes/firewall/wp-security-firewall.php’)) {
    include_once(DIR.’/wp-content/plugins/all-in-one-wp-security-and-firewall/classes/firewall/wp-security-firewall.php’);
    }
    // End AIOWPSEC Firewall


    Any ideas?

Viewing 12 replies - 1 through 12 (of 12 total)
  • The topic ‘Disabling PHP Firewall’ is closed to new replies.