WAF: Site and admin down after latest Jetpack plugin update

  • Hi, on a site where the plugin Jetpack Protect is active (not sure if that is related) and auto_prepend_file in PHP is set to /home/xxx/public_html/wp-content/jetpack-waf/bootstrap.php we got a completely inaccessible front and back-end after the (automatic) upgrade to the latest Jetpack 13.7

    Turning on WP_DEBUG showed the following error in debug.log:

    [07-Aug-2024 00:10:52 UTC] PHP Fatal error: Uncaught Error: Undefined constant Automattic\Jetpack\Waf\Waf_Rules_Manager::IP_ALLOW_LIST_ENABLED_OPTION_NAME in /home/xxx/public_html/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-waf/src/class-compatibility.php:31

    Stack trace: 
    0 /home/xxx/public_html/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-waf/src/class-waf-initializer.php(37): Automattic\Jetpack\Waf\Waf_Compatibility::add_compatibility_hooks() 
    1 /home/xxx/public_html/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-config/src/class-config.php(316): Automattic\Jetpack\Waf\Waf_Initializer::init() 
    2 /home/xxx/public_html/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-config/src/class-config.php(217): Automattic\Jetpack\Config->enable_waf() 
    3 /home/xxx/public_html/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-config/src/class-config.php(149): Automattic\Jetpack\Config->ensure_feature() 
    4 /home/xxx/public_html/wp-includes/class-wp-hook.php(324): Automattic\Jetpack\Config->on_plugins_loaded() 
    5 /home/xxx/public_html/wp-includes/class-wp-hook.php(348): WP_Hook->apply_filters() 
    6 /home/xxx/public_html/wp-includes/plugin.php(517): WP_Hook->do_action() 
    7 /home/xxx/public_html/wp-settings.php(555): do_action() 
    8 /home/xxx/public_html/wp-config.php(112): require_once('/home/xxx/…') 
    9 /home/xxx/public_html/wp-load.php(50): require_once('/home/xxx/…') 
    10 /home/xxx/public_html/wp-blog-header.php(13): require_once('/home/xxx/…') 
    11 /home/xxx/public_html/index.php(17): require('/home/xxx/…') 
    12 {main}

    I had to temporarily remove the auto_prepend_file rule from php.ini to be able to log in again. Then I remove the (one) IP that was added to the WAF whitelist.

    After that, setting the old auto_prepend_file rule did not break the site and I could even add the IP back to the whitelist without any problems.

    Strange.

Viewing 12 replies - 1 through 12 (of 12 total)
  • Thread Starter Rolf Allard van Hagen

    (@ravanh)

    OK, site down again today with the same error. This time there was no IP in the whitelist and the option “Enable manual block and Allow list” was turned off.

    Had to disable auto_prepend_file rule again to regain access. Changed no settings and reactivated the rule again: site remains accessible.

    VERY strange.

    Thread Starter Rolf Allard van Hagen

    (@ravanh)

    Also strange: Jetpack Monitor does not warn me about the site being down even though I’ve excluded user agent “jetmon/1.0” from getting cached results from LScache. Has the monitor user agent changed?

    Hi there,

    To examine the problem thoroughly, could you please post your site URL here so that we can have a look? If you want it to remain private, you can also contact us via?contact form. If you choose to reach out directly, please include a link to this thread.

    Thank you!

    Thread Starter Rolf Allard van Hagen

    (@ravanh)

    Hi Emily, thanks for taking a look ??

    The site this occurred on twice is https://fricaufeminin.com/ but it has not happened again since I deactivated Jetpack Protect. Not sure if that’s related at all…

    WP 6.6.1
    Jetpack 13.7
    Jetpack Protect 2.2.0 (currently deactivated)
    PHP 8.1 (with auto_prepend_file set for jetpack-waf/bootstrap.php)

    Plugin Contributor Stef (a11n)

    (@erania-pinnera)

    Hi there, @ravanh,

    Have you got a chance to check if there’s any other potential plugin conflict happening with the Protect plugin enabled? We’re ready to escalate this to our developers, and we want to not leave any stones unturned.

    Try to temporarily deactivate all your plugins and check if the problem gets fixed that way. If it works, then reactivate each plugin one by one to find out which one is causing problems.

    I trust that’s not happening with an older Jetpack version as you mentioned in your first message.

    Let me know what you find out – thanks!

    Thread Starter Rolf Allard van Hagen

    (@ravanh)

    Hi @erania-pinnera the problem is that the issue does not occur instantly. so I can test without other plugins or with all other plugins, I’m afraid the immediate result will be the same: a site operating normally.

    The site just went down while after the first Jetpack update, showing the mentioned errors in debug.log. Then taking the steps described above, the issue went away and only a few hours later it occurred again.

    Since disabling Jetpack Protect it has not happened anymore…

    I can share a list of active plugins, if that helps ??

    Plugin Support lastsplash (a11n)

    (@lastsplash)

    Hi @ravanh

    You shared logs from the first time this happened. Do you have anything in debug.log from the second time it happened?

    Thread Starter Rolf Allard van Hagen

    (@ravanh)

    Hi @lastsplash sorry, no, I did not keep those…

    Hi Rolf,

    Ok, thanks for letting us know! I’ve escalated this to our developers to see if they can figure out the cause.

    We’ll get back to you when we can!

    Plugin Support lastsplash (a11n)

    (@lastsplash)

    @ravanh

    Thank you so much for patiently waiting for a response!

    Our development team has located the likely cause of the issue and are working on a fix.

    We’ll let you know here once the fix has been released.

    Thread Starter Rolf Allard van Hagen

    (@ravanh)

    Great news. Thank you for your support ??

    Plugin Support Chatoxz (a11n)

    (@chatoxz)

    Hi,@ravanh,

    Our developers have released a new version of Jetpack Protect 3.0.0, which includes a fix for this issue. You should safely install the latest plugin version, and you’ll be good to go.

Viewing 12 replies - 1 through 12 (of 12 total)
  • You must be logged in to reply to this topic.