Hi,
You can try to narrow your filter. For instance, if you only need to access the file using the GET method, then you could whitelist only if it is a GET method:
<?php
/*
+===================================================================+
| NinjaFirewall optional configuration file |
| |
| See: http://nintechnet.com/ninjafirewall/wp-edition/help/?htninja |
+===================================================================+
*/
// Allow only if it is a GET request sent to the '/foo/bar/' folder:
if (strpos($_SERVER['SCRIPT_FILENAME'], '/foo/bar/') !== FALSE &&
$_SERVER['REQUEST_METHOD'] == 'GET' ) {
return 'ALLOW';
}
This is just an example, but you can basically add any code you want to the .htninja file.
Great. How about a specific rule like the following?
if (strpos($_SERVER['SCRIPT_FILENAME'], '/foo/bar/') !== FALSE &&
$rule == 310 ) {
return 'ALLOW';
}
You cannot do that, because rules are processed after the .htninja file.
If your issue is about rule 310, I recommend to disable it from the “Rules Editor”.
It is not an important rule and disabling it will not put your site at risk.
Ok, that’s good to know. I may be going off topic a little, but at this point which is the greater threat, turning off rule 310 or whitelisting this one file? They both seem bad to me.
None of them is a threat. I would disable rule 310, it will really not put your site at risk.
