• Resolved neuralnet

    (@neuralnet)


    I’ve setup wordfence but can’t get past ‘optimize firewall’.
    info.php shows the local value;

    auto_prepend_file /correct/path/to/wordfence-waf.php

    indicating that the prepend is being processed correctly, but the diagnostics pages in wordpress shows;

    WAF auto prepend active No

    Any ideas where to go from here ? Using apache2 and php7.4-fpm

    Thanks!

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @neuralnet, thanks for getting in touch.

    This is pretty uncommon as the optimize firewall wizard creating the correct path to your wordfence-waf.php file should be sufficient so I’m wondering if something else is happening here. Did you receive any errors, including PHP rather than front-end ones, when going through the optimization process? Also, does your dashboard suggest that the firewall still needs to be optimized?

    I have seen reports of ini files in locatons like the /etc/php/7.4/fpm/conf.d directory that resets the user_ini.filename to an empty value. You may need to consult your host about this if you don’t have access to this location.

    On some servers, you could use FTP or a file manager to access your .htaccess file in the root directory and make sure this code is input:

    # Wordfence WAF
    <Files ".user.ini">
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order deny,allow
        Deny from all
    </IfModule>
    </Files>
    # END Wordfence WAF

    Then also, in the same directory, edit your .user.ini file with this code:

    ; Wordfence WAF
    auto_prepend_file = '/your/path/to/wordfence-waf.php'
    ; END Wordfence WAF

    Make sure to change the path above with the one where wordfence-waf.php actually resides.

    There is some more information around adding this code and how to manually optimize the firewall here: https://www.wordfence.com/help/firewall/optimizing-the-firewall/#firewall-optimization-setup

    Let me know what you find out!

    Peter.

    Thread Starter neuralnet

    (@neuralnet)

    Hi Peter,

    Thanks for your reply. Initially there was a setting in /etc/php/7.4/fpm/php.ini that I commented out, so now it looks like this;

    ;auto_prepend_file =

    Until this was commented out there were no prepended files shown in info.php, but once I did that it appeared as I mentioned in my first post.

    I’ve checked I can find no reference to prepend in any of the files in /etc/php/7.4/fpm/conf.d/ (in fact I have commented out all auto_prepend_file entries in ALL php configs in /etc/php/7.4/ plus there’s nothing appearing in /var/log/apache2/error.log when I go through firewall optimisation. I can confirm that .htaccess and .user.ini are both as they should be..

    FYI The website firewall gets a score of 34%.. which I can’t make it add up from the options shown in the mouseover ?? (11% premium rules, 35% realtime blocklist, 1% re-enable 9 rules, 20% optimise firewall… which all add up to 67%?).

    In any event, diagnostics still says No;

    Wordfence Firewall Current WAF configuration.
        WAF auto prepend active
        No

    I’d had a good read through the docs before posting, so I’m a bit stumpted. info.php still shows;

    auto_prepend_file /correct/path/to/wordfence-waf.php

    Also listed with info.php in ‘disable_functions’ are the following;

    pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,

    Could any of these be relevent ?

    • This reply was modified 2 years, 8 months ago by neuralnet.
    Plugin Support wfpeter

    (@wfpeter)

    Hi @neuralnet,

    If you’re still having issues, please can you send a diagnostic report so I can see the failure myself to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence > Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

    NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email

    Thanks,

    Peter.

    Thread Starter neuralnet

    (@neuralnet)

    Hi, report sent. Thanks!

    Thread Starter neuralnet

    (@neuralnet)

    Hi Peter,

    I didn’t get any follow-up on this. Did you get the report ?

    Thanks.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘unable to configure firewall’ is closed to new replies.