unable to configure firewall

Hi @neuralnet, thanks for getting in touch.

This is pretty uncommon as the optimize firewall wizard creating the correct path to your wordfence-waf.php file should be sufficient so I’m wondering if something else is happening here. Did you receive any errors, including PHP rather than front-end ones, when going through the optimization process? Also, does your dashboard suggest that the firewall still needs to be optimized?

I have seen reports of ini files in locatons like the /etc/php/7.4/fpm/conf.d directory that resets the user_ini.filename to an empty value. You may need to consult your host about this if you don’t have access to this location.

On some servers, you could use FTP or a file manager to access your .htaccess file in the root directory and make sure this code is input:

# Wordfence WAF
<Files ".user.ini">
<IfModule mod_authz_core.c>
    Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
    Order deny,allow
    Deny from all
</IfModule>
</Files>
# END Wordfence WAF

Then also, in the same directory, edit your .user.ini file with this code:

; Wordfence WAF
auto_prepend_file = '/your/path/to/wordfence-waf.php'
; END Wordfence WAF

Make sure to change the path above with the one where wordfence-waf.php actually resides.

There is some more information around adding this code and how to manually optimize the firewall here: https://www.wordfence.com/help/firewall/optimizing-the-firewall/#firewall-optimization-setup

Let me know what you find out!

Peter.

Hi Peter,

Thanks for your reply. Initially there was a setting in /etc/php/7.4/fpm/php.ini that I commented out, so now it looks like this;

;auto_prepend_file =

Until this was commented out there were no prepended files shown in info.php, but once I did that it appeared as I mentioned in my first post.

I’ve checked I can find no reference to prepend in any of the files in /etc/php/7.4/fpm/conf.d/ (in fact I have commented out all auto_prepend_file entries in ALL php configs in /etc/php/7.4/ plus there’s nothing appearing in /var/log/apache2/error.log when I go through firewall optimisation. I can confirm that .htaccess and .user.ini are both as they should be..

FYI The website firewall gets a score of 34%.. which I can’t make it add up from the options shown in the mouseover ?? (11% premium rules, 35% realtime blocklist, 1% re-enable 9 rules, 20% optimise firewall… which all add up to 67%?).

In any event, diagnostics still says No;

Wordfence Firewall Current WAF configuration.
    WAF auto prepend active
    No

I’d had a good read through the docs before posting, so I’m a bit stumpted. info.php still shows;

auto_prepend_file /correct/path/to/wordfence-waf.php

Also listed with info.php in ‘disable_functions’ are the following;

pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,

Could any of these be relevent ?

• This reply was modified 2 years, 8 months ago by neuralnet.

Hi @neuralnet,

If you’re still having issues, please can you send a diagnostic report so I can see the failure myself to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence > Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email

Thanks,

Peter.

Hi, report sent. Thanks!

Hi Peter,

I didn’t get any follow-up on this. Did you get the report ?

Thanks.