Support » Plugin: NinjaFirewall (WP Edition) - Advanced Security » Full WAF slows down backend?

  • blindtexth

    (@blindtexth)


    Hi there,
    I am using NinjaFirewall (NFW) on many websites without any problems.

    Now I created a fresh new site with all the plugins I use normally.
    Unfortunately, by activating Full WAF it slows down the backEnd of the site to the point it is unusable. I can do exactly two things and then it stops. Sometimes I get an error: Secure Connection failed.

    I reinstalled everything clean and did not change any settings in NFW. After activating Full WAF – the same.

    What can that be? What can I do? And how can I reverse to the before Full WAF setting?
    So far I did not find much of informations.

    Regards, Carsten

Viewing 13 replies - 16 through 28 (of 28 total)
  • blindtexth

    (@blindtexth)

    Hi Scott,
    I am using Pods extensively … and no, I am not using Pods public forms.?!

    I added your define into the wp-config.php

    In the back end it still took two minutes to change from one tab to another.
    The sites front end in a second window is as slow as the backend. Only when I am not logged in or the firewall is switched off, it is fast.

    The error »Secure connection failed« keeps coming up from time to time.

    Bizarrely on my other sites with nearly the same constellation with plugins and same host I don’t have this problem.

    With »Query Monitor« active I get the php error:
    ini_set(): A session is active. You cannot change the session module's ini settings at this time
    The Location:
    wp-content/plugins/wp-native-php-sessions/pantheon-sessions.php:156

    • This reply was modified 1 month ago by blindtexth. Reason: tweaks

    If you’ve got that constant set in Pods and this only happens when you are logged in (we don’t use session_id() checks for logged in users) then it’s likely not Pods related, but I’ll keep an eye on this thread in case you uncover anything else.

    blindtexth

    (@blindtexth)

    Hey Scott,
    thank you for your time … highly appreciated.

    Plugin Author nintechnet

    (@nintechnet)

    You would need to find which HTTP request times out:
    1. Open your browser console: F12
    2. Check in the “Network” tab. You ‘ll see the failed/timed-out request after a while.
    3. Check also the “Console” tab, it may show some errors and warnings.

    The most important is to find out what is that request, i.e., which plugin/theme/core feature is it and what is it doing.

    Loading the »page« tab took 60.72 seconds.
    The »Network« tab showed no failed/time-out request (manly status 200).

    The »console« gives me two warnings:
    1. edit.php
    ‘This page uses the non standard property “zoom”. Consider using calc() in the relevant property values, or using “transform” along with “transform-origin: 0 0”.’

    2. load-scripts.php
    ‘Layout was forced before the page was fully loaded. If stylesheets are not yet loaded this may cause a flash of unstyled content.’

    What I do get via the »Query Monitor«:
    ‘ini_set(): A session is active. You cannot change the session module’s ini settings at this time’
    in Location: wp-content/plugins/wp-native-php-sessions/pantheon-sessions.php:156

    I wrote to the developer of »WP Native PHP Session« and are waiting for an answer.
    On their support page I learned that this happened also to a user of »Wordfence« since WordPress 5.5 .

    Does all this tell you something?

    I tried several tabs and posts/pages only having one window open. Quick and normal.
    In a second window opened the front end and now in the back end a post took 120 sec to open.
    Timed out was:
    admin-ajax.php > load-scripts.php:4
    admin-ajax.php > load-scripts.php:4

    after a moment it says the connection has been cut with:
    admin-ajax.php?_fs_blog_admin=true > load-svripts.php:4
    admin-ajax.php?_fs_blog_admin=true > load-svripts.php:4

    that keeps on going and the safe button is greyed out.

    The console says:
    This page uses the non standard property “zoom”. Consider using calc() in the relevant property values, or using “transform” along with “transform-origin: 0 0”. > plugins.php

    Layout was forced before the page was fully loaded. If stylesheets are not yet loaded this may cause a flash of unstyled content. > load-scripts.php:3:25903

    This site appears to use a scroll-linked positioning effect. This may not work well with asynchronous panning; see https://developer.mozilla.org/docs/Mozilla/Performance/ScrollLinkedEffects for further details and to join the discussion on related tools and features!

    !! AAHH !!
    I deactivated the plugin »Dynamic To Top« and clicking through the pages, tabs, posts, settings, etc works fast and without problems. Until I clicked on plugins … then everything stopped again (including the front end).
    After 180 sec. console gave me the same as you see in this message a few lines above plus:
    Source map error: Error: request failed with status 404
    Resource URL: https://alan-alaine.de/wp-content/plugins/pods/ui/js/pods-dfv/pods-dfv.min.js?ver=2.7.22
    Source Map URL: pods-dfv.min.js.map

    • This reply was modified 4 weeks, 1 day ago by blindtexth.

    Hi dude I found the solution it’s not about ninja firewall go to your woocommerce setting > advance > woocommerce tab and uncheck both and save

    Hi armanmprr,
    apart from that I haven’t installed woocommerce.

    Plugin Author nintechnet

    (@nintechnet)

    I don’t understand this:

    admin-ajax.php > load-scripts.php:4

    The load-scripts.php shouldn’t be loaded by admin-ajax.php, it is called directly instead.

    Regarding wp-native-php-sessions, it seems you need to load it as a MU plugins: “https://github.com/pantheon-systems/wp-native-php-sessions/#troubleshooting”
    That will work with NF in WordPress WAF mode (it too will load as a MU plugin), but not in Full WAF mode because the plugin will be loaded by PHP, i.e., before WordPress and its MU plugins.

    blindtexth

    (@blindtexth)

    The wp-native-php-sessions is running as a MU plugin … this I did when I installed the plugin.

    blindtexth

    (@blindtexth)

    Actually, I have no time for this.

    I need to set up another clients site. I will do it carefully bit by bit, because it needs a similar setup and plugins.

    When I come across the same or similar problem I will know what causes it and can hopefully fix this one.

    cheers, Carsten

    Plugin Author nintechnet

    (@nintechnet)

    You shouldn’t run this plugin with NF, because the firewall will start the session before it and you’ll only get errors.
    Maybe your server configuration is the problem? As you wrote other sites with the same plugins don’t have issue, there may be a configuration problem somewhere.
    If you can locate which HTTP request hangs, that will help to find what’s going on.

    I managed to deactivate »wp-native-php-sessions« and to delete everything associated.

    Since then I don’t have the error message anymore. Doesn’t make the site faster 🙁
    I tried to start Full WAV again … it gave me an 500 error. So I removed it …

    I keep building up the other site … without any problems so far.

Viewing 13 replies - 16 through 28 (of 28 total)
  • You must be logged in to reply to this topic.