Firewall Optimization in Docker

Hi @sandbox2800, thanks for your

Ultimately, the type of optimization you choose should depend on the platform/hosting your site resides on. Most should be sufficient to be auto-detected by the wizard, and your host should be able to help with your php.ini location if your particular configuration requires it to be modified.

Our optimization docs and troubleshooting are provided below if you’ve not worked through those yet:

https://www.wordfence.com/help/firewall/optimizing-the-firewall/

https://www.wordfence.com/help/firewall/optimizing-the-firewall/troubleshooting/

Let me know if you’ve exhausted the options there and are still unable to optimize the firewall, as further diagnostic information may be required.

Peter.

Peter,

Thanks for the response. I have ran up and down those troubleshooting guides an unknown amount of times.

I thought I put it in my original post but apparently I have not. I am self hosting on a Synology.

With the help of ChatGPT (I know not the best option), I thought I found the php.ini and made the edit from the manual configuration but I’m still prompted to optimize.

My firewall is now enabled and protecting (no longer learning) but it still is not optimized. I’m not sure what else to try and fix the optimizated.

I’ve considered going premium but if the plugin won’t work with my setup, there’s little motivation.

Hi @sandbox2800,

Sorry to see the optimization is still not working as intended. We may be able to spot the configuration options that may be appropriate for your setup if you drop us a diagnostic to us at wftest @ wordfence . com directly using the link at the top of the Wordfence > Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email

Thanks again,
Peter.

@wfpeter,

The diagnostic report has been sent. Thank you for taking some time to look into my situation.

Hi @sandbox2800, thanks for sending that over.

There seem to be no fundamental issues with communication etc. but I think the auto_prepend_file directive pointing to wordfence-waf.php should be placed in .htaccess or .user.ini on your setup if the php.ini file can’t be found in /usr/local/etc/php. Try both .htaccess and .user.ini to see if you can get positive results on optimization.

Add:

; Wordfence WAF
auto_prepend_file = '/your/path/to/wordfence-waf.php'
; END Wordfence WAF

…to your .htaccess/.user.ini file in the root folder of your site. If wordfence-waf.php was never created in the root of your site either, you can create it manually and fill it with the 8 line example that includes MySQLi on the following page: https://www.wordfence.com/help/firewall/mysqli-storage-engine/

If you wish to continue using the file-based logs instead of MySQLi, check this section too: https://www.wordfence.com/help/firewall/mysqli-storage-engine/#reverting-back-to-the-file-based-firewall-data-storage-engine

Thanks again,
Peter.

@wfpeter

A couple of places where I’m not following along. I’m not sure if you are saying do this or that or this and that.

For example:

but I think the?auto_prepend_file?directive pointing to wordfence-waf.php should be placed in?.htaccess?or?.user.ini?on your setup if the?php.ini?file can’t be found in?/usr/local/etc/php

Should that line be placed in .htaccess OR user.ini and only IF the php.ini can’t be found in /usr/local/etc/php?

I placed it in .htaccess but do not have a user.ini. I also could not locate php.ini in /usr/local/etc/php but did find php.ini-development and php.ini-production.

As mentioned above I did add the auto_prepend_file line to my .htaccess but in regards to:

?If?wordfence-waf.php?was never created in the root of your site either, you can create it manually and fill it with the 8 line example that includes MySQLi on the following page:?https://www.wordfence.com/help/firewall/mysqli-storage-engine/

wordfence-waf.php was created in my root however it is slightly different than the exampled linked.

<?php
// Before removing this file, please verify the PHP ini setting auto_prepend_file does not point to this.

if (file_exists(DIR.'/wp-content/plugins/wordfence/waf/bootstrap.php')) {
define("WFWAF_LOG_PATH", DIR.'/wp-content/wflogs/');
include_once DIR.'/wp-content/plugins/wordfence/waf/bootstrap.php';
}

I do not have this line, from the example. My site is running a mariadb instance.

define('WFWAF_STORAGE_ENGINE', 'mysqli');

Also when that append file line is added to .htaccess, it gives me an internal server error.

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at webmaster@localhost to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.