WAF Settings & locked out

  • Resolved Greg Marshall

    (@timeassistant)


    9 years, 11 months ago

    Hey guys,

    we recently moved our VPS to new a host. We have nginx as a proxy to apache (managed by engintron cpanel plugin), using Fast CGI, Zend Opcache, php 5.6. When going to the set up page for the WAF its preselected and recommended option is for Apache + suPHP. However I feel like it should definitely recommend apache + FCGI as thats closer to what I am using?

    I also noticed that wordfence seems to be listing my IP (used to login as admin) as the VPS server dedicated IP this is obviously incorrect too.

    And just recently AFTER I was logged in wordfence seems to have banned me too. Potentially via the server IP again.

    Your access to this site has been limited

    Your access to this service has been temporarily limited. Please try again in a few minutes. (HTTP response code 503)

    Reason: Blocked by login security setting.

    Important note for site admins: If you are the administrator of this website note that your access has been limited because you broke one of the Wordfence firewall rules. The reason your access was limited is: “Blocked by login security setting.”.

    Clearly this is a false positive or something but I don’t want to disable the rule either. What do I do?

    https://wordpress.org/plugins/wordfence/

Viewing 8 replies - 1 through 8 (of 8 total)
  • wfasa

    (@wfasa)

    9 years, 11 months ago

    Hello Greg,
    you probably need to change your settings under “How does Wordfence get IPs” on the Wordfence “Options” page. Please check out this section and also this section of our documentation and see if it helps.

    Thread Starter Greg Marshall

    (@timeassistant)

    9 years, 11 months ago

    Hi Thanks,

    I did eventually work that part out, seems to be reporting correct IPs now. However I still have an issue with my other point I made

    we recently moved our VPS to new a host. We have nginx as a proxy to apache (managed by engintron cpanel plugin), using Fast CGI, Zend Opcache, php 5.6. When going to the set up page for the WAF its preselected and recommended option is for Apache + suPHP. However I feel like it should definitely recommend apache + FCGI as thats closer to what I am using?

    Can you advise what I should do here?

    Thanks

    wfasa

    (@wfasa)

    9 years, 11 months ago

    I suggest you try what you think is best. You know enough about it so your guess might be better than Wordfences.

    If you have any immediate issues after the configuration check in the root of your WordPress installation in files .htaccess and .user.ini for “Wordfence WAF” definitions. That is what the configuration does, it adds directives there for loading the Firewall before any other code loads on your website thus extending your protection.

    Thread Starter Greg Marshall

    (@timeassistant)

    9 years, 11 months ago

    Ok not quite the answer I was looking for but thanks.

    I guess I will just have to try and see what happens

    wfasa

    (@wfasa)

    9 years, 11 months ago

    Hello Greg,
    sorry you didn’t get the reply you were hoping for. As long as you are aware of the addition of “Wordfence WAF” definitions in .htaccess and .user.ini you should be fine. The worst thing that can happen is that it doesn’t enable (Indicator still says “Basic” protection instead of “Extended” protection). If that happens, let me know and I’ll try to help.

    Thread Starter Greg Marshall

    (@timeassistant)

    9 years, 11 months ago

    Ok thanks,

    I tried 2 methods on 2 sites, Apache + suPHP (as recommended) and Apache + FCGI

    both seem to be working so I’m not really sure which is best now 😀

    wfasa

    (@wfasa)

    9 years, 11 months ago

    The configuration can basically happen in two ways. Either “Wordfence WAF” directives are added to .htaccess or they are added to a .user.ini. I don’t think either of them are better or worse it’s just that some systems allow some ways of configuring and some others. Glad to hear it’s working for you!

    Thread Starter Greg Marshall

    (@timeassistant)

    9 years, 11 months ago

    Ok fair enough then, thanks 🙂

Viewing 8 replies - 1 through 8 (of 8 total)

The topic ‘WAF Settings & locked out’ is closed to new replies.