nintechnet
Forum Replies Created
-
Maybe someone tried to upload a file but the firewall blocked it and PHP only created it (it couldn’t write its content to it, hence it is 0 byte).
Check your PHP error log, it will show why you have a 500 error.I tried with your two IP addresses but it worked as expected.
Try to create ainfo.phpscript with the following content:<?php
phpinfo(33);Upload it to your WordPress root folder and go to
https://your-site/info.php
Then, search and paste here the values for:
–HTTP_ACCEPT_ENCODING
–HTTP_ACCEPT
–HTTP_ACCEPT_LANGUAGE
–HTTP_USER_AGENTI cannot reproduce the issue, it always work as expected.
Can you go to Firewall Policies > WordPress AJAX and check what IP is displayed in the “Your server IP (xxxxx), localhost and private IP addresses will not be affected by this policy” label ?What IP is displayed in NinjaFirewall’s log?
::1?
Any locale and private IP is whitelisted, regardless it is an IPv4 or IPv6.@euronur, select the first one (Apache + PHP7 module).
Consider updating your PHP to a supported version (8.3+), as you appear to be running an old 7.x version that is no longer supported.You do not need to make any change. I think this quote is a bit confusing:
Is your website running behind a firewall or reverse proxy?
By firewall, they likely mean another server with a firewall installed in front of yours, not a software running on your server like NinjaFirewall.
So, no changes needed.It is a false positive, it is NinjaFirewall’s configuration backup file.
I recommend to exclude the/wp-content/nfwlog/folder from your scanner, as it includes rules, configuration and cached files.They are blocked because there’s some HTML code inside their cookie.
Go to “NinjaFirewall > Security Rules”, click the “Rules Editor” tab and select rule 100 and click “Disable it”.Thanks for reporting the issue.
The culprit is line 1384 in /lib/firewall_policies.php https://plugins.trac.ww.wp.xz.cn/browser/ninjafirewall/tags/4.7/lib/firewall_policies.php#L1384list( $key, $value ) = explode( ':', "$header:" );It should be replaced with:
list( $key, $value ) = explode(':', $header, 2 );I’ll add the fix to the next release.
You need to disable the “NinjaFirewall > Firewall Policies > Permissions > Block attempts to publish, edit or delete a published post by users who do not have the right capabilities” policy.
We started rewriting several parts of NinjaFirewall’s code, and that will include the code that sends email notifications. It will likely allow the use of custom templates so that users will be able to customize the body and message of emails.
It is a known issue, there are discussions about it on this forum. It will be fixed in the next version.
There’s almost no difference between Full WAF and WordPress WAF modes when it comes to the login page. The only one is that the latter will be slightly slower, but that would only matter if you were facing a huge brute-force attack.
When you have the captcha enabled, the login page won’t load until the user enters the right captcha. That works like the password except that a human can read and enter the captcha, not the password.
So if you want to get rid of bots and brute force attacks, the captcha is fine. If you want to prevent bots and humans (hackers) to access the login page, the password is better.Can you ask your customer to log out and then log in back again? That will create a new WordPress session and may solve their problem.
You need to exclude
/deleteme.-File Guard:
NinjaFirewall > Monitoring > File Guard: Add/deleteme.to the “Exclude the following files/folders” input field.-File Check:
NinjaFirewall > Monitoring > File Check: You need to delete the current snapshot and, when you recreate it, add/deleteme.to the “Exclude the following files/folders” input field.