open_basedir restriction related to Ninja FireWall

  • Resolved ziegel

    (@ziegel)


    3 years, 4 months ago

    Hi,

    I have recently started receiving the following Log record message:

    AH01071: Got error ‘PHP message: PHP Warning: file_exists(): open_basedir restriction in effect. File(/wp-content/plugins/ninjafirewall/lib/firewall.php) is not within the allowed path(s): (/var/www/vhosts/example.com/:/tmp/:/var/lib/php/sessions) in /var/www/vhosts/example.com/httpdocs/wp-content/nfwlog/ninjafirewall.php on line 6’, referer: https://example.com/wp-admin/admin-ajax.php

    My PHP open_basedir setting was set on Ubuntu 16.04 (which is not upgraded to version 20.04) is:
    {WEBSPACEROOT}{/}{:}{TMP}{/}{:}/var/lib/php/sessions

    The folder:
    /var/lib/php/sessions
    Does exist.

    Can you please assist?

    • This topic was modified 3 years, 4 months ago by ziegel.
Viewing 7 replies - 1 through 7 (of 7 total)
  • Thread Starter ziegel

    (@ziegel)

    Hi,

    I do see on your guide:
    https://blog.nintechnet.com/ninjafirewall-wp-edition-the-htninja-configuration-file/

    In the document root folder:
If your document root is /home/user/public_html/, the location of the file will be /home/user/public_html/.htninja.
Recommended only if you have an open_basedir restriction. If you are using the Apache HTTP server, the file is relatively protected because, by default, it will never serve a file whose name starts with .ht*. However, if you are using Nginx or any other HTTP server that doesn’t use .htaccess files, you must set it up so that it will block any access to the file from a web browser.

    Which is a bit strange.. As I was using the plugin for a long time, and it’s only now I see such comments.

    Should I place the file on the root folder?
    And should it be done also for staging?

    Any other thought?

    Thread Starter ziegel

    (@ziegel)

    Possible correction:
    The issue I have might not relate to the specific file in the above comment:
    .htninja

    Thread Starter ziegel

    (@ziegel)

    Issue seems to be with:
    nfwlog

    which is placed within
    /var/www/vhosts/currenge.com/httpdocs/wp-content/

    May I ask how can I permit it to be there?

    Plugin Author nintechnet

    (@nintechnet)

    Can you run the troubleshooter script and paste the results here: https://nintechnet.com/share/wp-check.txt

    1. Rename this file to “wp-check.php”.
    2. Upload it into your WordPress root folder.
    3. Go to https://YOUR WEBSITE/wp-check.php
    4. Delete it afterwards.

    Thread Starter ziegel

    (@ziegel)

    Hi,

    I have done so, and am sending you the results below

    I think I had TWO :
    .user.ini.ninja123456789

    files, and deleted one of them, which could have lead to the issue.

    NinjaFirewall (WP edition) troubleshooter
HTTP server	:	Apache
PHP version	:	7.4.21
PHP SAPI	:	FPM-FCGI
 	 	 
auto_prepend_file	:	/var/www/vhosts/example.com/httpdocs/wp-content/nfwlog/ninjafirewall.php
Loader's path to firewall	:	The loader does not exist: /wp-content/plugins/ninjafirewall/lib/firewall.php
.htninja	:	found in /var/www/vhosts/example.com/.htninja
wp-config.php	:	found in /var/www/vhosts/example.com/httpdocs/wp-config.php
    Plugin Author nintechnet

    (@nintechnet)

    The .htninja is within the open_basedir path.
    But as mentioned in the “Loader’s path to firewall”, the path to the firewall’s loader is wrong: /wp-content/plugins/ninjafirewall/lib/firewall.php

    It should be the absolute path, i.e., /var/www/vhosts/example.com/httpdocs/wp-content/plugins/ninjafirewall/lib/firewall.php

    Open the “/var/www/vhosts/example.com/httpdocs/wp-content/nfwlog/ninjafirewall.php” script and modify the two lines accordingly.

    Thread Starter ziegel

    (@ziegel)

    Thanks a lot!

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘open_basedir restriction related to Ninja FireWall’ is closed to new replies.