Optimize Firewall failure

Hi @chrisstanyon, thanks for your detailed message and sending your diagnostics over.

As your diagnostic is reporting all-clear for scan errors and is correctly reporting inbound/outbound connections, there is a chance on Litespeed that some code needs to be added to the .htaccess file in the root directory of your site.

Your hosting provider is likely using the LiteSpeed external application abort so we’ll need to override that.

# BEGIN litespeed noabort
<IfModule rewrite_module>
RewriteEngine On
RewriteRule .* - [E=noabort:1]
</IfModule>
# END litespeed noabort

If this is in place, disable Start scan remotely and then try to run a scan as you would normally with debugging mode on. Paste me the debug information if problems persist despite this change.

There is further information here: https://www.wordfence.com/help/advanced/system-requirements/litespeed/

Let me know how you get on!

Thanks,

Peter.

Thanks for the reply Peter,

I’ve already got the noabort rule in the htaccess file. I have no problem running scans.

The issue is that I can only get the Basic Protection working on the firewall (not the Extended Protection). Despite the wordpress-waf file being present in the root, phpinfo() showing the auto_prepend_file pointing correctly, and the bootstrap.php file actually firing, the diagnostics still show that ‘WAF auto prepend active’ is set to No – I would expect that to be set to Yes.

Hi @chrisstanyon,

My apologies, I went down the route of all Wordfence actions being stopped along with the firewall optimization.

I recommend removing everything related to the wordfence-waf in the .htaccess and .user.ini. Then manually add this back to the .htaccess as it’s all it should require:

# Wordfence WAF
<IfModule LiteSpeed>
    php_value auto_prepend_file '‘/var/www/vhosts/path/to/wordfence-waf.php'
</IfModule>
# END Wordfence WAF

Just adjust the path above to the actual location and see if Wordfence picks up on the change. Let me know how that goes for you.

Thanks again,

Peter.

Hey Peter,

Sadly, no change. The prepend entry is still showing in phpinfo(), and the bootstrap.php file is still firing, but the diagnostics tab STILL shows ‘WAF auto prepend active’ as No!

Hi @chrisstanyon,

Sorry to ask an obvious question but I accidentally included an additional invalid quote character at the beginning of the waf path (‘). Can I just confirm that’s not in your site’s version?

I will continue to look into this for you, I just want to make sure I didn’t let a silly error creep in there for you.

Peter.

Haha – I did notice that and wondered whether it was a typo or some special format I was unaware of … so I tried it with the extra quote and it broke. I figured it was a typo and dropped it ??

Not sure whether this will help debug or not, but I’ve uploaded a phpinfo() page to the site: https://shop.chrisstanyon.com/pi.php

Thanks

Hi @chrisstanyon, your reply dropped off my list and I believed I was still awaiting a response, which I apologise for. I’m happy to catch up and get this resolved for you.

You can now remove the PHP info from your site to prevent others from viewing your server configuration. I can see that the auto_prepend_file path is visible in your PHPInfo, whereas was not originally visible in the diagnostics report you sent us – despite the raw PHPInfo being included with this.

Do you have Wordfence installed on your main domain, the shop subdomain, or a separate WordPress/Wordfence for both? I am focusing on the path as I believe this is the issue where Wordfence may be conflicting with a second installation or is not looking in the right place.

Does your wordfence-waf.php contain the following? If not, you can paste it in using your hosting provider’s file manager, or update the file via FTP if you prefer.

<?php
// Before removing this file, please verify the PHP ini setting <code>auto_prepend_file</code> does not point to this.
define('WFWAF_STORAGE_ENGINE', 'mysqli');
if (file_exists(__DIR__ . '/wp-content/plugins/wordfence/waf/bootstrap.php')) {
	define("WFWAF_LOG_PATH", __DIR__ . '/wp-content/wflogs/');
	include_once __DIR__ . '/wp-content/plugins/wordfence/waf/bootstrap.php';
}
?>

Thanks,

Peter.

Hi Peter,

No worries. Appreciate you taking the time help.

OK. The current setup is that WordPress is only installed on a subdomain (shop.chrisstanyon.com). The folder for this subdomain is a sub-folder of my home folder, so the full path to the subdomains document root is:

/var/www/vhosts/chrisstanyon.com/shop.chrisstanyon.com

There are no other WP installations running on this particular hosting package.

I replaced the wordfence-waf.php code with your code (prior to this it had the full path, rather than __DIR__) and it broke the site. Looked at the error logs, and setting the STORAGE_ENGINE to mysqli causes a problem. The full error was:

PHP Fatal error: Uncaught Error: Call to undefined method mysqli_stmt::get_result() in /var/www/vhosts/chrisstanyon.com/shop.chrisstanyon.com/wp-content/plugins/wordfence/vendor/wordfence/wf-waf/src/lib/storage/mysql.php:949

We do have the MySQL ND driver installed, so not sure why it can’t find get_result() – we’re running MariaDB, but not sure that would effect it !

Now here’s the thing that’s baffling me. The WordFence plugin IS calling the wordfence-waf.php file and consequently loading the waf/bootstrap.php file. If I add in some logging to both of these files, I can see those entries in the log file:

if (file_exists(__DIR__ . '/wp-content/plugins/wordfence/waf/bootstrap.php')) {
    define("WFWAF_LOG_PATH", __DIR__ . '/wp-content/wflogs/');
    error_log("The WAF Bootstrap file exists");
    include_once __DIR__ . '/wp-content/plugins/wordfence/waf/bootstrap.php';
}

I’ve added similar error_log calls to the bootstrap.php file, and I can also see them in the logs.

It seems that it’s correctly loading those files – it’s just that the plugin doesn’t appear to recognise that ?? Strange indeed.

Anyway, hope that helps, but if you want any more info, please do let me know.

Thanks

Chris

Hey Peter,

Just a quick update – I figured out the issue with the MySQL ND Driver (get_result() error). Fixed that and dropped the WFWAF_STORAGE_ENGINE constant back in. No more errors, but it’s still not showing as Optimized ??

Hi @chrisstanyon,

It’s certainly positive that you have suppressed any errors, but unusual to see that with the paths specified correctly, NOABORT setting and other Litespeed settings specified to our guidelines the firewall still not reporting as optimized.

There are other optimization troubleshooting steps that you may not have tried around Litespeed and OpenLitespeed in the following documentation: https://www.wordfence.com/help/firewall/optimizing-the-firewall/troubleshooting/

Failing this, could you please send me another diagnostic to wftest @ wordfence . com to see whether the changed configuration since your last one has either introduced errors or might shed more light on any misconfigurations?

Thanks again,

Peter.