Admin blocked by NF!?

  • Resolved wpprup

    (@wppraesenz)


    6 years ago

    Hello NF authors,
    after installing NF successfully I opened “Overview” and got this disturbing message without any help (and unfortunately did not find any help in the faqs etc.):

    “It seems the user session was not set by the firewall script or may have been destroyed by another plugin. You may get blocked by the firewall while working from the WordPress administration dashboard.”

    Fine! I deactivated NF now immediately in the admin console, at least this was still working… But I do not want to experiment further, because being no code specialist I would not really know what to do when being blocked. So it is not very calming not getting a hand directly in the window that displays this information.

    I do not have a second security plugin. What should I do now to run NF safe without being blocked for myself?
    thanks!

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author nintechnet

    (@nintechnet)

    6 years ago

    Hi,

    Try to reload the “Overview” page again and see if the message goes away. Often, it will appear from time to time only because another plugin or theme may have destroyed the PHP session.

    You will not be blocked from accessing your dashboard but if you try for instance to inject Javascript code into your post or page, the firewall could block the request if you aren’t whitelisted.

    Thread Starter wpprup

    (@wppraesenz)

    6 years ago

    Thanks for your quick answer, this is calming… the idea of being unable to lock in is not very nice… 🙂 🙂
    I will activate again and see… edit: yes, at first it was still there and after refreshing the overview page it disappeared.

    Which plugins can be responsible for that?
    More important: What do I do when my actions are blocked because NF “forgot” me?
    Thanks again,
    Ulf

    Plugin Author nintechnet

    (@nintechnet)

    6 years ago

    It could be a plugin, a theme, or even PHP (sessions are managed by PHP). It’s very hard to say. If you don’t see anything wrong, or error, you can simply ignore this issue. The message may appear from time to time. As long as it is not permanently, that’s fine.

    What do I do when my actions are blocked because NF “forgot” me?

    You can click your browser “Back” button.

    Thread Starter wpprup

    (@wppraesenz)

    6 years ago

    Thank you very much for your answer.
    Now I face the next problem, very probable that it is connected to the installation of NF. I have this error message today from Matomo/Piwik when trying to log in, Matomo is installed in a file in my website file:

    “Error: Starting of a session is not possible. Please check that the web server has enough permission to write to these files/directories:
    For example, on a GNU/Linux server if your Apache httpd user is webXXXXXXX, you can try to execute:
    chown -R webXXXXXX:psacln /var/www/vhosts/webXXXXXXXX.info/httpdocs/praesenz-web/piwik/tmp/sessions
    chmod -R 0755 /var/www/vhosts/webXXXXXXXXXXX.info/httpdocs/praesenz-web/piwik/tmp/sessions

    If you still experience issues after trying these changes, we recommend that you enable database session storage.

    Debug: the original error was
    session has already been started by session.auto-start or session_start()”

    Is NF responsible for that? (I cannot write this server code anywhere, the page is not self hosted and I am not a code specialist…) And if so, are there settings to set in NF to prevent that?
    Thanks for help!
    Edit: I disabled NF and my login in Matomo worked perfectly.

    • This reply was modified 6 years ago by wpprup.
    • This reply was modified 6 years ago by wpprup.
    Plugin Author nintechnet

    (@nintechnet)

    6 years ago

    This is a known issue with Piwik, there are several discussions on this forum about it (here and there for instance).
    The issue comes from the PHP framework used by Piwik: it tries to start a PHP session without checking if one was already started. Because NinjaFirewall already started a session, you’ll get all those error messages.
    The best solution is to whitelist the Piwik folder with NinjaFirewall’s .htninja configuration script:

    1. Create a file named “.htninja”
    2. Add this code to it:

    <?php
/*
 +===================================================================+
 | NinjaFirewall optional configuration file                         |
 |                                                                   |
 | See:https://nintechnet.com/ninjafirewall/wp-edition/help/?htninja |
 +===================================================================+
*/

if (strpos($_SERVER['SCRIPT_FILENAME'], '/piwik/') !== FALSE) {
   return 'ALLOW';
}

    Note: Replace “/piwik/” with the folder where Piwik is installed (default is “/piwik/”).

    3. With your FTP client, upload the “.htninja” file into your WordPress root folder.

    4. Try to access Piwik: there should be no more error.
    Also, log in to WP dashboard, click on NinjaFirewall “Overview” page and it should be printed that the “.htninja” was detected and successfully loaded.

    Thread Starter wpprup

    (@wppraesenz)

    6 years ago

    Thank you very much! It works fine now. I did not give 5 stars too early… 🙂

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Admin blocked by NF!?’ is closed to new replies.

Tags