Rules Not Updating

  • Resolved daemonic79

    (@daemonic79)


    1 year, 6 months ago

    Hi,

    Since moving my site to a new server, i am having issues with the rules not updating.

    Checking the Wordfence Diagnostics;
    ~/wp-content/wflogs is readable and writeable
    Connecting back to this site is OK and gives the correct IP
    Connecting to Wordfence servers (https) is OK

    I have looked through previous support posts on this issue, and checked the following;
    – The below ip’s are not blocked;
    44.239.130.172
    44.238.191.15
    35.155.126.231
    54.68.32.247
    44.235.211.232
    54.71.203.174
    – Have tried using the database as the storage engine
    define('WFWAF_STORGAE_ENGINE', 'mysqli');
    – Removed the wflogs folder and let it be recreated (The rules.php file gets recreated with the correct suexec user and group but is always 0 in size)
    – Tested connection to noc4.wordfence.com:443 (output below);
    curl -v noc4.wordfence.com:443
    * Trying 44.238.191.15:443…
    * Connected to noc4.wordfence.com (44.238.191.15) port 443 (#0)
    > GET / HTTP/1.1
    > Host: noc4.wordfence.com:443
    > User-Agent: curl/7.76.1
    > Accept: */*
    >

    I’m at a loss now as to what else i can try any help would be gratefully received.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @daemonic79, thanks for your detailed message.

    That certainly does seem strange as you’ve tried updating the files in addition to the MySQLi engine, so it doesn’t seem tied to permissions. The connections to our servers, in addition to your site, reporting as successful possibly suggests there are no blocklisted IPs for your site at our end.

    I think the best first action to take would be send us a copy of your diagnostics so I can take the specifics of your site to the team without having to disclose them here on the forums. Send them to wftest @ wordfence . com directly using the link at the top of the Wordfence > Tools > Diagnostics page.

    Afterwards, click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

    NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email

    Thanks,
    Peter.

    Thread Starter daemonic79

    (@daemonic79)

    Hi Peter,

    I have sent the Diagnostics page as requested.

    Thanks

    Thread Starter daemonic79

    (@daemonic79)

    Hi Peter,

    I believe I have found the cause of the issue…

    I cached the response from the wfWAFCronFetchRulesEvent->fire() function to a file (to avoid the rate limiting) to work out what was going on.
    As part of that function, verifySignedRequest is called to verify the signature of the rules being received.
    My test code of the resulting openssl_verify output was returning -1 as the result.
    On checking the errors from openssl_error_string() i was getting the following;
    0480006c:pem routines::no start line
    03000098:digital envelope routines::invalid digest
    This then led me to look into SHA1 with Redhat 9 and clones (Alma/Rocky in my case).
    From the changelog, it turns out that;
    The use of SHA-1 for signatures is restricted in the default crypto policy.
    After enabling SHA1 the resulting openssl_verify output now returns 1, as expected.
    Checking this on another site that isn’t rate limited at present, now allows for the rules to update.

    I imagine that I wont be the last to come across this issue, going forward, so it could be worth the signature verification algorithm being updated to something other than SHA1?

    Thanks ??

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Rules Not Updating’ is closed to new replies.