Hi,
Can you enable the WP_DEBUG constant and see if there is any error messages when you log in?
1. Open the wp-config.php and locate this line:
define('WP_DEBUG', false);
2. Replace it with:
define('WP_DEBUG', true);
Hello, thanks for the fast reply.
No error message, see excerpt:
[24/Mar/2017:20:26:08 +0100] “POST /nextcloud/index.php/login HTTP/1.1” 303 – “-” “Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0” 1509 1286
[24/Mar/2017:20:26:08 +0100] “GET /nextcloud/index.php/apps/files/ HTTP/1.1” 303 – “-” “Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0” 693 1045
[24/Mar/2017:20:26:09 +0100] “GET /nextcloud/index.php/login?redirect_url=/nextcloud/index.php/apps/files/ HTTP/1.1” 200 23771 “-” “Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0” 693 24831
[24/Mar/2017:20:26:09 +0100] “GET /nextcloud/apps/gallery/css/slideshow.css?v=afc7ab9bc4e13e38dbea66e164c982e7 HTTP/1.1” 200 3720 “-” “Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0” 645 4314
Same with disables Ninjafirewall:
[24/Mar/2017:20:40:05 +0100] “POST /nextcloud/index.php/login HTTP/1.1” 303 – “-” “Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0” 1861 1190
[24/Mar/2017:20:40:06 +0100] “GET /nextcloud/apps/notifications/css/styles.css?v=afc7ab9bc4e13e38dbea66e164c982e7 HTTP/1.1” 200 3118 “-” “Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0” 1013 3722
[24/Mar/2017:20:40:06 +0100] “GET /nextcloud/index.php/apps/files/ HTTP/1.1” 200 60983 “-” “Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0” 1605 62250
Can you try to change these firewalloptions?
1. “Event Notifications > WordPress admin dashboard > Send me an alert whenever”: set it to “No, thanks (not recommended)”.
2. “Firewall Policies > HTTP response headers”: set all 7 options from this section to “No”.
3. “Login Protection > Enable brute force attack protection”: set it to “No (default)”.
Did es described, no change. Still beeing redirected to login page of nextcloud.
one additional finding, setting the firewall in Debug-Mode shows no entry in the log but login is still not possible.
Disabling Firewall allows login.
BR
Do you have any other plugins dealing with the login process or the login page (security plugin, captcha, theme etc)?
It looks like you have a conflict with another plugin that is not happy when NinjaFirewall is enabled and redirects you to the login page.
not obviously:
contact form 7
feed them social (at the initial post this plugin was not installed)
ninja firewall
thats all.
Is it possible to exclude a specific directory ? As said, WP is in /web, Nextcloud resides in /web/nextcloud
BR
You can exclude a directory from the firewall (see: The .htninja configuration file), but because it works before WordPress, I don’t think it is the issue. Your problem seems more related to the plugin part of NinjaFirewall.
-You can try to disable NinjaFirewall from the “NinjaFirewall > Firewall Options > Firewall protection ” menu, instead of the “Plugins” page. Does it make a difference?
-You can try to disable the firewall only, not the plugin part: if you run it in “Full WAF mode”, rename the PHP INI file. If you run it in “WordPress WAF mode”, comment out the firewall lines of code that were added to your wp-config.php file. Does it make a difference?
just checked the possibility with .htninja –> it worked ! Placed the file in document root, pointing to /nextcloud.
Does this make any sense to you ?
Btw., when I disabled Ninjafirewall in the posts above, this was always done by “NinjaFirewall > Firewall Options > Firewall protection ”
BR
Make sure the firewall is still protecting your site:
1. Log out of WordPress
2. Go to http://YOUR-DOMAIN/index.php?test=%00
If you are blocked by the firewall, then it is fine.
Yes, this is still blocked.
Are you interested in a deeper investigation, e.g. that not the whole directory /nextcloud has to be excluded, maybe only the string which causes the redirection to login page ?
If yes, I can offer you a temporarily account on this nextcloud instance. Maybe this is interesting for your customers which also use nextcloud / owncloud.
BR
That’s fine: if you are blocked, that means it works (I don’t have the time to investigate this issue outside this support forum).
