500 Error after optimizing WAF on plugin

  • Resolved BKS

    (@bsabherwal)


    9 months, 1 week ago

    Hello,

    I am trying to enable the WAF on the via wordfence and it updates the .htaccess file. As soon as that is done, the WP backend is rendering 500 error. Below is the error I see in the errorlog

    .htaccess: Require not allowed in context, referer: /wp-admin/admin.php?page=WordfenceWAF&subpage=waf_options

    Below is what is being added to the .htaccess file

    # Wordfence WAF
    <IfModule mod_php5.c>
    	php_value auto_prepend_file '/var/www/example.com/wordfence-waf.php'
    </IfModule>
    <IfModule mod_php7.c>
    	php_value auto_prepend_file '/var/www/example.com/wordfence-waf.php'
    </IfModule>
    <IfModule mod_php.c>
    	php_value auto_prepend_file '/var/www/example.com/wordfence-waf.php'
    </IfModule>
    <Files ".user.ini">
    <IfModule mod_authz_core.c>
    	Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
    	Order deny,allow
    	Deny from all
    </IfModule>
    </Files>

    # END Wordfence WAF

    If I comment out the below lines, it starts working normally.

    Am I good to keep these lines commented out or should I address this? If so, what are my options?

    <IfModule mod_authz_core.c>
    	Require all denied
    </IfModule>

    Thanks for your help.

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Support wfphil

    (@wfphil)

    9 months, 1 week ago

    Hi @bsabherwal

    This error appears to be caused by a web server configuration issue that your hosting provider can investigate for you.

    If you have a .user.ini server configuration file present in the root directory where WordPress is hosted and you load the URL below (for your domain name) and you see a 403 Forbidden response then you can leave those lines omitted that you have removed:

    example[.]com/.user.ini

    Thread Starter BKS

    (@bsabherwal)

    9 months, 1 week ago

    I am hosting the site on my own server and I do not have .user.ini file on the server.

    Plugin Support wfphil

    (@wfphil)

    9 months, 1 week ago

    Hi @bsabherwal

    Thank you for the update.

    If you are using an Apache web server is it version 2.2 or 2.4?

    Thread Starter BKS

    (@bsabherwal)

    9 months, 1 week ago

    @wfphil , It is version 2.4. Thanks.

    Thread Starter BKS

    (@bsabherwal)

    9 months, 1 week ago

    @wfphil Any update on this?

    Plugin Support wfphil

    (@wfphil)

    9 months, 1 week ago

    Hi @bsabherwal

    If you are not using a .user.ini file then you don’t need to use the blocking code below:

    <Files ".user.ini">
    <IfModule mod_authz_core.c>
    	Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
    	Order deny,allow
    	Deny from all
    </IfModule>
    </Files>

    As you are using Apache 2.4 then there is a guide below to investigate fixing the 500 error for the mod_authz_core module:

    https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘500 Error after optimizing WAF on plugin’ is closed to new replies.