Manual Installation of Optimized Firewall

  • I just set up wordfence and am trying to set up the Optimized firewall.

    According to phpinfo() I’m running Apache2 + FPM/FastCGI. I also located the php.ini file based on what was listed as the Loaded Configuration File path.

    I tried the automatic installation using recommended settings (Apache+FastCGI) but that ran into a server error that could only be fixed by removing the Wordfence entry from .htaccess.

    Instead, I decided to use the manual option. I see that the wordfence-waf.php was indeed added to /var/[path]/ and I added the line of code (auto_prepend_file = ‘/var/[path]/wordfence-waf.php’) to the previously identified php.ini file.

    ([path] is an actual normal path, removed for security.)

    While the site is still running fine, it still shows that I’m only using the basic firewall. Any idea what I did wrong? Thank you!

    More system details if that helps: Linux 5.10.0-27-cloud-amd64 #1 SMP Debian 5.10.205-2 (2023-12-31) x86_64

    • This topic was modified 9 months, 2 weeks ago by jennnjennjen.
    • This topic was modified 9 months, 2 weeks ago by jennnjennjen.
    • This topic was modified 9 months, 2 weeks ago by jennnjennjen.

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @jennnjennjen, thanks for your question.

    I might expect with FastCGI for the .user.ini to contain the optimization code. The .htaccess file in the root directory would usually contain:

    # Wordfence WAF
<Files ".user.ini">
<IfModule mod_authz_core.c>
    Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
</IfModule>
</Files>
# END Wordfence WAF

    Then also in the same directory, your .user.ini would contain:

    ; Wordfence WAF
auto_prepend_file = '/your/path/to/wordfence-waf.php'
; END Wordfence WAF

    Make sure to change the path above with the one that you currently see in your .htaccess and ensure auto_prepend_file is removed from .htaccess once you’ve copied it.

    We have seen in rare cases hosts denying configuration of .user.ini/.htaccess to its customers, therefore requiring Wordfence to permanently run in Basic Protection. However, please try the above first. If the firewall isn’t optimized after making those changes, consider consulting your host’s support as to whether you have the ability to modify those settings/files and let us know.

    I noted that the character was in your example above, ensure that the path is contained inside the ' character. That could just be formatting after pasting into the forum though rather than an issue with your original input.

    Let us know how you get on!
    Peter.

    Thread Starter jennnjennjen

    (@jennnjennjen)

    Hi Peter, thanks for the helpful information! I went ahead inserted the code you specified in the two files, but the .htaccess file is still causing the 500 internal server error.

    (I should also mention for clarification, I’m running Apache 2.4, specifically)

    I toyed around with and it seems that this line seems to be causing the error:

        Require all denied

    I’m not sure why. Would appreciate any ideas as to why I’m not able to include it! Currently my .htaccess includes the following (basically exactly what you had above with that one line removed) and it works without the server error and shows as being optimized:

    # Wordfence WAF
<Files ".user.ini">
<IfModule mod_authz_core.c>
</IfModule>
<IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
</IfModule>
</Files>

# END Wordfence WAF

    Is it ok if I leave it out or does that defeat the purpose? Is there an alternative I could use instead?

    Really appreciate the assistance!

    • This reply was modified 9 months, 2 weeks ago by jennnjennjen.
    • This reply was modified 9 months, 2 weeks ago by jennnjennjen.
    • This reply was modified 9 months, 2 weeks ago by jennnjennjen.
    • This reply was modified 9 months, 2 weeks ago by jennnjennjen.
    • This reply was modified 9 months, 2 weeks ago by jennnjennjen.
    • This reply was modified 9 months, 2 weeks ago by jennnjennjen.
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Manual Installation of Optimized Firewall’ is closed to new replies.