Advanced Firewall without changing php.ini?

  • Resolved dianimation

    (@dianimation)


    8 years, 7 months ago

    Hi there!

    Unfortunately I’m not able to optimize the Web Application Firewall. Every time I tried it ends in a 500 internal server error (error in a cgi-script). I can’t change the php.ini by myself (don’t have access to the servers root-configuration), and my hosting-provider will not do it, because it’s a shared server. Is there a way to get it work anyway?

    I already tried:
    * all steps in the “click here for help”-section, which don’t need a php.ini-modification
    * I deinstalled Wordfence with all of its tables and manually deleted the Wordfence-sections in .htaccess and user.ini and reinstalled Worfence again.

    After reinstallation all of the files are there and modified: The specific sections are placed in .htaccess and user.ini and the wordfence-waf.php is created. But after that, the 500 internal server error appears and I have to override the htaccess-file with my backup to get the site to work again.

    Is there a way without changing the php.ini at all?
    Please for help! Thanks, Diana

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • wfalaa

    (@wfalaa)

    8 years, 7 months ago

    Hi Diana,
    May I know first which hosting provider are you using?

    Also, checking the server error log should reveal more information regarding this “500 internal server error”, in case you don’t know where to find your server error log file, then I suggest asking your server provider.
    After that you can re-configure the firewall again and make note of the pre-selected “server’s configuration” and let me know what it was, then when you get this “500 internal server error” again, you have to look into the server error log file and let me know what you will find there.

    Thanks.

    Thread Starter dianimation

    (@dianimation)

    8 years, 7 months ago

    Thanks for your quick reply!

    The hosting provider is a small local one, called cablelink. Their support told me, that I can’t change the php.ini. My WordPress-error-log-file doesn’t show anything for these dates. I asked the cable-link-support for specific server-error-logs. Hopefully I will get an answer soon.

    But I previously asked the provider-support about my server-configuration – the preselected one “Apache + mod_php” should be the right one.

    I’ll be back as soon as I get the error-log …

    Thread Starter dianimation

    (@dianimation)

    8 years, 7 months ago

    Hi there!

    News from my provider – the server-error-log shows this error:

    [Fri Nov 03 12:28:57.935814 2017] [core:alert] [pid 32312] [client
    MYIP:60933] /vhost_44145/.htaccess: php_value not allowed here,
    referer:
    http://www.MYSITE.at/wp-admin/admin.php?page=WordfenceWAF&wafAction=configureAutoPrepend&currentAutoPrepend

    Am I right, that this does confirm, that my provider doesn’t allow to add something to php.ini? And is there another way to get the Advanced Firewall up and running?

    Thanks again! Diana

    wfalaa

    (@wfalaa)

    8 years, 7 months ago

    Hi Diana,
    The last error message means that adding this line:
    php_value auto_prepend_file '/path_to/wordfence-waf.php'
    to “.htaccess” file isn’t supported by your host, since you have mentioned that editing php.ini file manually isn’t supported either, then I’m afraid you don’t have any other choices to enable “Extended Protection” on your website.

    Thanks.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Advanced Firewall without changing php.ini?’ is closed to new replies.