Hi @nanny7,
I think our IPs can be allowed as I’ve seen other issues over starting scans whilst running ModSecurity reach a successful resolution. Sometimes this has required the host to whitelist our IPs from their end though. It would be best to get an idea of your setup and maybe the specific error messages coming back from communication between our server and yours first.
Can you send a diagnostic report to wftest @ wordfence . com? You can find the link to do so at the top of the Wordfence Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.
Note: For the fastest response time, please make sure and add any information or questions directly to this topic and not the email address above unless asked.
Thanks,
Peter.
Thread Starter
nanny7
(@nanny7)
Hi I have sent it through, thanks.
Please let me know what I am to do.
The host said that there are no ip addresses blacklisted.
-
This reply was modified 2 years, 9 months ago by
nanny7.
Thread Starter
nanny7
(@nanny7)
It won’t even scan it stays the same all the time.
Thread Starter
nanny7
(@nanny7)
Hi I sent another one from one of my other clients sites is doing the same.
Hi @nanny7, thanks for your diagnostic.
I can see that there is a WP_PROXY_HOST value specified in your site, which we actually don’t see that often and can be problematic.
Some users have added curl_setopt($ch, CURLOPT_PROXY, WP_PROXY_HOST . ':' . WP_PROXY_PORT); to vendor/wordfence/wf-waf/src/lib/http.php but this will only fully work if the WAF is not optimized. The main reason that these constants aren’t currently useable out of the box is because Wordfence starts to run on your site before they are defined.
It may be possible in future to cache the value of the proxy host and port in Wordfence’s settings, so the WAF can see what they should be. However, I cannot comment here on the forums about potential development timescales on a feature such as this. It has already been submitted to the team through the correct channels for scheduling.
If the site can be set to make direct connections to noc4.wordfence.com without going through the proxy, this should make it work with no proxy involved for outbound requests.
We can cause cURL to try to connect to a different host/port by adding this to the beginning of wordfence-waf.php:
putenv('HTTPS_PROXY=https://ip_of_proxy:port_of_proxy');
putenv('NO_PROXY=yourhostsdomain.com');
Let me know how you get on!
Thanks again,
Peter.
Thread Starter
nanny7
(@nanny7)
Hi thanks,
I tried adding
Some users have added curl_setopt($ch, CURLOPT_PROXY, WP_PROXY_HOST . ':' . WP_PROXY_PORT); to vendor/wordfence/wf-waf/src/lib/http.php but that didn’t work.
I got these errors:
PHP Warning: Use of undefined constant WP_PROXY_HOST - assumed 'WP_PROXY_HOST'
PHP Warning: curl_setopt() expects parameter 1 to be resource, null given in...
So with putenv('HTTPS_PROXY=https://ip_of_proxy:port_of_proxy');
Do I specify an actual ip_of_proxy:port_of_proxy?
If so where do I find this?
I am also getting a lot of these blocks and not sure if there is an issue:
Type: Blocked
Activity Detail
An unknown location at IP 127.0.0.1 was blocked by firewall for LFI: Local File Inclusion in query string: --path=%2Fhome%2F......com.au at
22/07/2021 3:07:49 am (7 hours 57 mins ago)
IP: 127.0.0.1 Hostname: localhost
Human/Bot: Bot
Thanks
Hi @nanny7,
I received a supplementary diagnostics after your original submission where the proxy values are actually not there, and there also appear to be no connectivity issues between our servers and back to your site. Thanks for sending that over.
Removing the http.php code we added (as the proxy information is no longer relevant) should now remove that particular error. Also, your original diagnostic displayed a cURL error when connecting to our servers but this is also no longer present in your most recent version.
When 127.0.0.1 is seen, that is your own site internally being blocked. Just to confirm whether detection is an issue, if you look up your public facing IP address at: https://www.whatsmyip.org/ and visit Wordfence > Dashboard > Global Options > General Wordfence Options > How does Wordfence get IPs and cycle through the options, do any of the values match your IP address? If so, make sure to click SAVE if you have to change this.
You may find the “How does Wordfence get IPs” section informative on: https://www.wordfence.com/help/dashboard/options/#general-wordfence-options
It may also be worth adding 127.0.0.1 to Wordfence > All Options > Advanced Firewall Options > Allowlisted IP addresses that bypass all rules to see if this rectifies the issue. We don’t normally recommending allowlisting as Wordfence protection is bypassed entirely but I think worth trying in this case.
Thanks,
Peter.
