Hi,
You can use the .htninja file for that purpose. It will require a little bit of coding, though.
For instance, assuming that you have this kind of line in the firewall log when you are attempting to upload a file but are blocked:
...critical... x.x.x.x ... POST /path/to/somefile.php - File upload attempt - [........]
POST is the $_SERVER[‘REQUEST_METHOD’].
path/to/somefile.php is the $_SERVER[‘SCRIPT_NAME’].
You can whitelist any attempt to send a POST request to that script:
<?php
/*
+=============================================================+
| NinjaFirewall optional configuration file |
| |
| See: http://ninjafirewall.com/wordpress/htninja/ |
+=============================================================+
*/
// Must be a POST request
if ( $_SERVER['REQUEST_METHOD'] == 'POST' &&
// Must be that script:
$_SERVER['SCRIPT_NAME'] == 'path/to/somefile.php' ) {
// Allow it:
return 'ALLOW';
}
You could also add some of the HTML form input fields to build a more accurate filter. For instance, if the name of the uploaded file field is ‘my_attachment’:
<input type="file" name="my_attachment">
That would give us:
<?php
/*
+=============================================================+
| NinjaFirewall optional configuration file |
| |
| See: http://ninjafirewall.com/wordpress/htninja/ |
+=============================================================+
*/
// Must be a POST request
if ( $_SERVER['REQUEST_METHOD'] == 'POST' &&
// Must be that script:
$_SERVER['SCRIPT_NAME'] == 'path/to/somefile.php' &&
// Must have the "my_attachment" FILE input field {
isset($_FILE['my_attachment']) ) {
// Allow it:
return 'ALLOW';
}
This is just an example. You can use any PHP variable and add any PHP code you want to that file.
Correction: it should be $_FILES not $_FILE.
Thread Starter
Anonymous User 13302461
(@anonymized-13302461)
Wow thanks for speedy and good response!
Thread Starter
Anonymous User 13302461
(@anonymized-13302461)
Hi. I am having trouble getting this to work.
when sending messages via the CRM I get the base64 injection error still but only sometimes! Which is very strange. And I even get blocked, click back and try again and it goes through!
my website is at site.com and web path is /var/www/html/site
but I have CRM software in a subdirectory which is nothing to do with the website
site.com/crm
and
/var/www/html/site/crm
I have added htninja and tried both relative and web root full directory path (which means adding a /)
.htninja is in web root /var/www/html
<?php
/*
+=============================================================+
| NinjaFirewall optional configuration file |
| |
| See: http://ninjafirewall.com/wordpress/htninja/ |
+=============================================================+
*/
// Must be a POST request
if ( $_SERVER[‘REQUEST_METHOD’] == ‘POST’ &&
// Must be that script:
$_SERVER[‘SCRIPT_NAME’] == ‘site/crm2/index.php’ ) {
// Allow it:
return ‘ALLOW’;
}
and also
<?php
/*
+=============================================================+
| NinjaFirewall optional configuration file |
| |
| See: http://ninjafirewall.com/wordpress/htninja/ |
+=============================================================+
*/
// Must be a POST request
if ( $_SERVER[‘REQUEST_METHOD’] == ‘POST’ &&
// Must be that script:
$_SERVER[‘SCRIPT_NAME’] == ‘/site/crm2/index.php’ ) {
// Allow it:
return ‘ALLOW’;
}
am I missing something?
Many thanks for great product and support!
Hi,
Can you try to create a PHP INI file in the CRM directory with only this line:
auto_prepend_file =
It is empty, and normally, should override the “auto_prepend_file” directive from the PHP INI used by NinjaFirewall in the parent folder.
Then, you can upload the following PHP script in the CRM folder to test whether it worked:
<?php
if ( $string = ini_get('auto_prepend_file')) {
echo 'auto_prepend_file is in used : ' . $string;
} else {
echo 'auto_prepend_file is empty';
}
?>
I don’t know if it is a typo, but you mentioned that the CRM was in “site.com/crm” however the .htninja script uses “/site/crm2/”.
Thread Starter
Anonymous User 13302461
(@anonymized-13302461)
Yes it is site/crm2, thanks.
Here’s the results, I’m confused now, is it good or bad?:
auto_prepend_file is in used : /var/www/html/site/wp-content/plugins/ninjafirewall/lib/firewall.php
For now I think excluding the entire CRM folder might bes best as it is very complex PHP and might cause lots of issues (Had XSS error earlier)
Is this accomplished by enabling file guard and exclude /crm2?
Thanks a lot
Hi,
File Guard is not the issue.
I am wondering if the .htninja is detected by the firewall ?
Can you try again, with the simple code below, using strpos() with “SCRIPT_FILENAME” instead of “SCRIPT_NAME”:
<?php
/*
+=============================================================+
| NinjaFirewall optional configuration file |
| |
| See: http://ninjafirewall.com/wordpress/htninja/ |
+=============================================================+
*/
if (strpos($_SERVER['SCRIPT_FILENAME'], '/crm2') !== FALSE) {
return 'ALLOW';
}
Then, log in to your WordPress dashbord, click on NinjaFirewall’s Overview page and check if it is detected like it is in that screenshot.
