Firewall set up

  • Resolved blueberry25

    (@blueberry25)


    3 years, 10 months ago

    Hi,
    I’m trying to optimize the Wordfence Web Application Firewall. The configuration window says:
    “To make your site as secure as possible, the Wordfence Web Application Firewall is designed to run via a PHP setting called auto_prepend_file, which ensures it runs before any potentially vulnerable code runs. This PHP setting is currently in use, and is including this file: (a path)”
    Further down:
    “You can proceed with the installation and we will include this from within our wordfence-waf.php file which should maintain compatibility with your site, or you can opt to override the existing PHP setting.”
    Can I safely proceed with this setting by choosing “Include”?
    Thank you in advance.
    Best

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support WFAdam

    (@wfadam)

    Hello @blueberry25 and thanks for reaching out to us!

    Can you send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

    This will help me see exactly where in the process you are and what we need to do.

    Thanks!

    Thread Starter blueberry25

    (@blueberry25)

    Hello, thank you so much for the quick answer. The report has just been sent.
    Thank you again.
    Best regards.

    Plugin Support WFAdam

    (@wfadam)

    Thanks for sending that diagnostic!

    It says your Server API is FPM/FastCGI and the default configuration for FastCGI should work. However, on some sites with PHP FPM we do sometimes see situations where the settings are being overridden. I don’t see the wordfence-waf.php file being generated either, which could be a read/write issue. The wordfence-waf.php is usually created in the root directory(where your htaccess file resides) when the plugin is installed. If you use FTP or a file manager, are you able to see this file?

    This is from our documentation:
    In rare cases, when a host uses PHP-FPM, they may have PHP settings defined in a “pool” file. These settings can override options set in your custom php.ini or .user.ini file. You may need to ask the host if they have settings in the pool file. The default location for the pool file on new Ubuntu servers is similar to /etc/php/7.0/fpm/pool.d/www.conf (depending on the PHP version) and an example of an option that would override your auto_prepend_file option is php_admin_value[auto_prepend_file] = none. If the host is able to remove this option, it should allow your settings to be used for the firewall.

    So I would at this point recommend that you reach out to your host and ask them this:

    I need to set a PHP value auto_prepend_file on my site but it doesn’t seem to be taking effect. Can you explain how to set auto_prepend_file on my site?

    Hopefully, they’ll be able to give you an idea of why it’s not working. If you have any questions, let me know!

    Let me know what you find!

    Thanks!

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Firewall set up’ is closed to new replies.

Tags