Rule 510 blocks file check configuration

  • Resolved Marc Nilius

    (@zottto)


    6 years, 2 months ago

    Hi!

    Due to some limitations to the hosting environment I have to configure Ninja Firewall in WordPress WAF mode. After doing so, I am unable to configure the file check. Whenever I try to do that, I’m blocked by the firewall and the firewall log tells me, that rule 510 “DOCUMENT_ROOT variable in HTTP request” is the reason. The rule cannot be disabled in the rules editor, so now I’m stuck with the configuration.

    What can I do? (plugin version 3.8.1 freshly installed)

    Thanks,
    Marc

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Hi,

    As you are the admin, you should be whitelisted by the firewall. You can check that from the “Overview” page.

    If a rule is not available from the “Rules Editor”, it is a firewall policy. That one can be changed from “NinjaFirewall > Firewall Policies > Advanced Policies > Various > Block the DOCUMENT_ROOT server variable in HTTP request”.

    Thread Starter Marc Nilius

    (@zottto)

    Thanks for your help.

    So it looks like the main problem ist that my session is not recognized and therefor not whitelisted:

    “It seems that the user session set by NinjaFirewall was not found by the firewall script.”

    – although the line above it says “Username: You are whitelisted by the firewall.”

    I already logged out and in again multiple times.

    Can that be the reason?

    Plugin Author nintechnet

    (@nintechnet)

    There could be several reasons:
    -Headers already sent: another app (plugin, theme etc) throws an error and force the HTTP headers to be sent too early. Check your PHP logs for errors.
    -A problem with your server configuration (e.g., after a PHP update etc). Make sure session are working and that their folder is writable to PHP (session.save_path).
    -Cross-domain issue: you logged it to ‘www.domain.com’ and were redirected to ‘domain.com’.
    -A plugin or theme that creates a new PHP session without checking for an existing one first which can cause this issue.
    -A plugin or theme that that closes (or destroys) an existing PHP session.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Rule 510 blocks file check configuration’ is closed to new replies.