wafRules.rules does not exist

  • Vinod

    (@vinodsunkara)


    6 years, 4 months ago

    Hi Team

    I have hosted my WordPress Linux web site on Azure environment. After installed the wordfence plug-in, have seen that the File “wafRules.rules” does not exist in Wordfence –> Tools –> Daignostics –> File systems, and php_erros.log file has filled up with

    “Unable to open /home/site/wwwroot/wp-content/wflogs/config-synced.php for reading and writing”

    Did some google search and as i saw a lot of customers were posted the same error message on different different websites, but since no one has answered for this error.

    For a workaround I updated my wordfence-waf.php file to the following and tested.

    Added extra (define(“WFWAF_IS_WINDOWS”, true);)

    <?php
    // Before removing this file, please verify the PHP ini setting auto_prepend_file does not point to this.

    if (file_exists(‘/home/site/wwwroot/wp-content/plugins/wordfence/waf/bootstrap.php’)) {
    define(“WFWAF_LOG_PATH”, ‘/home/site/wwwroot/wp-content/wflogs/’);
    define(“WFWAF_IS_WINDOWS”, true);
    include_once ‘/home/site/wwwroot/wp-content/plugins/wordfence/waf/bootstrap.php’;
    }
    ?>

    wafRules.rules is now being downloaded/saved and config.php and other files are staying and the error messages have gone in Wordfence –> Tools –> Diagnostics –> File systems, but after a few days the issue was started again because the wordfence plug-in opening a lot of configuration files. I did some further research and it seems like it might relate to the limits of the system on number of file opens allowed being exceeded. I updated /etc/security/limits.conf to add:

    * soft nofile 65535
    * hard nofile 65535

    To increase the limit from the default (1024 I think). So far this seems to have stopped the errors, but if I restart the web app the modified settings on /etc/security/limits.conf will not be persisted due to the host environment policies.

    Please help to find a permanent fix for this issue. Wordfence plug-in is opening a lot of configuration files.

Viewing 4 replies - 1 through 4 (of 4 total)

  • Hi @vinodsunkara,
    The Wordfence Firewall uses /wflogs/ for it’s immediate memory due to that then the Firewall is loaded a connection to the database has not yet been established. It does read to and write to those files fairly frequently.

    I’ve had another customer reporting a similar problem on Azure recently. I’m not quite sure how we can resolve it though.

    There aren’t that many files in wflogs and only few are written to frequently so it seems strange that the 1024 limit should be reached unless you have a very large amount of traffic on the site. How much traffic does this site have approximately?

    Thread Starter Vinod

    (@vinodsunkara)

    Hi,

    The site traffic is very low and not sure why the limits of the system on number of file opens allowed being exceeded.

    Without this (define(“WFWAF_IS_WINDOWS”, true);) configuration on wordfence-waf.php, config.php and other necessary files are being added then deleted from wflogs directory.This is meant to get around the saving of the config.php and other configuration files in the file system. Is there any other way to download/save config file without this configuration to see if it can fix the issue.

    Hi @vinodsunkara,

    1024 files open at once does seem not out of the question, so bumping up the limits does seem like the solution.

    You mentioned that it’s annoying because whenever your host restarts, the limits are reverted back to their low values.

    Can you try enforcing these limits and saving them with:

    sysctl -w fs.file-max=65535
sysctl -p

    Dave

    Thread Starter Vinod

    (@vinodsunkara)

    Hi Dave,

    I have made changes to /etc/sysctl.conf with the above limits, but the changes do not persist upon reboot. The limits are reverted back to their low values. because any modifications outside of /home will not be persisted after server restart.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘wafRules.rules does not exist’ is closed to new replies.