Could you check in the firewall’s log (NinjaFirewall > Logs) the line showing the blocked request and paste it here so that I could see the reason why you were blocked?
Note that if you are the admin, you shouldn’t be blocked at all.
There are some error like this:
20/Oct/23 09:04:00 #8041948 UPLOAD – 89.246.97.219 POST /wp-admin/async-upload.php – File upload detected, no action taken – [template-background-15-min-termin.jpg (132,648 bytes)] – http://www.xxxxxxxx.de
20/Oct/23 09:06:16 #3322402 CRITICAL 115 89.246.97.219 POST /index.php – Cross-site scripting – [RAW:POST = {“params”:{“classes”:{“c-bg-light”:{“key”:”c-bg-light”,”parent”:”core”,”media”:{“page-width”:{“original”:{“container-padding-right”:”50″}}},”original”:{“background-color”:”color(67)”,”aos-e…] – http://www.xxxxxxxxxx.de
and yes, i am admin.
Regards
You shouldn’t be blocked. Maybe you have a plugin or theme that destroys the PHP session. You can go to “NinjaFirewall > Dashboard” and check if there’s any error or warning about PHP session. If there’s one, you can try to debug the problem by following that post: https://blog.nintechnet.com/ninjafirewall-php-sessions-debugging/
In the meantime, you can temporarily disable rule 115: go to “NinjaFirewall > Security Rules”, click the “Rules Editor” tab and disable the rule in the list.
i get this error in the dashboard:
FirewallEnabledModeNinjaFirewall is running in Full WAF mode.EditionWP Edition ~ Need more security? Explore our supercharged premium version: NinjaFirewall (WP+ Edition)Version4.5.9 ~ Security rules: 2023-10-13.3PHP SAPIAPACHE2HANDLER ~ 8.2.10Admin userxxxxxxxx: You are whitelisted by the firewall.
User sessionIt seems that the user session set by NinjaFirewall was not found by the firewall script.
Help & configurationSecuring WordPress with NinjaFirewall (WP Edition)
In the meantime, you can temporarily disable rule 115: go to “NinjaFirewall > Security Rules”, click the “Rules Editor” tab and disable the rule in the list.
thanks. i did it. now i will check it again
great: this works!
-
This reply was modified 2 years, 7 months ago by
wlengfelder.
User sessionIt seems that the user session set by NinjaFirewall was not found by the firewall script.
That’s the problem. Either you have:
- A plugin or a theme that destroyed the session: you can search in their code for
session_start to find which one is using PHP sessions, in addition to NinjaFirewall.
- An issue on the PHP side (e.g., you update/upgrade PHP but its sessions folder is not writable to the PHP interpreter): You can test your server configuration with this script: https://nintechnet.com/share/wp-session.txt
i uploaded this script and opened the url …
all i get is:
Starting a session.. Writing 835944 to session Closing session. Session value: 835944
everything seems to be ok?
It looks fine and doesn’t seem to be an issue with your PHP configuration.
It seems more likely a problem with another plugin or the theme. Did you try to search your /wp-content/plugins/* and /wp-content/themes/* folders for session_start in all PHP files?
thanks:
here are the results:
/themes:
Starting a session.. Writing 324237 to session Closing session. Session value: 324237
/plugins:
Starting a session.. Writing 280212 to session Closing session. Session value: 280212
You would need to search the code of all your themes and plugins files for the session_start string. You can do that with a plugin such as this one: https://ww.wp.xz.cn/plugins/string-locator/
ok. thanks. i have installed and run the plugin. I find with it a lot of entries that contain “session start”. But how do I find which one is responsible for the problem?
Can you paste here the list of (active) plugins/themes that contain the string?
thanks for info. This plugins contains the string:
fluent-smtp/
/wccp-pro/
/flying-analytics/
/erropix-hydrogen-pack/
/recoda_ws/
/ninjafirewall/
/wpvivid-backuprestore/
themes: i use oxygen builder. with oxygen there is no theme necessary. and the installed basic theme twenty-twenty to is without this string.
I could only check the following 3 free plugins: fluent-smtp, flying-analytics and wpvivid-backuprestore. None of them seems to be a problem.
Maybe the issue is among wccp-pro, erropix-hydrogen-pack or recoda_ws.
If you can temporarily disable them one by one and check the firewall’s dashboard page to see if the session warning message disappear, that will help you to know which one it is.
