.htninja not visible for www access

Resolved PumpaXXL
(@pumpaxxl)

3 months, 1 week ago
Hi, NF is the best – thank you for this plugin!

I’m having an issue getting .htninja to work for www visits. It’s working fine for non-www (naked domain) visits, but once I add www, the .htninja seems to be invisible for the NF.

To explain the setup:
- I’m using auto_prepend_file = ninja-router.php which handles incoming traffic and routes it to four different domains.
- Since my hosting only allows one auto_prepend_file, this router distributes visits across four WordPress sites.
- This part is working fine.
However, I want all sites to use www only (non-www will eventually redirect). But at the moment, .htninja doesn’t seem to apply for www traffic.

How can I make NinjaFirewall (NF) work with .htninja on www visits as well?

Thanks a lot for any tips!

The page I need help with: [log in to see the link]

Viewing 9 replies - 1 through 9 (of 9 total)

Plugin Contributor bruandet
(@bruandet)

3 months ago

Is the firewall loaded when you access the www sites ? It looks like it is not.
What code did you use for the ninja-router.php script? Are you using $_SERVER['HTTP_HOST'] ?
Thread Starter PumpaXXL
(@pumpaxxl)

3 months ago
This is the ninja-router.php
```
<?php
// ninja-router.php – auto_prepend_file for 4 domains (no logging, full WAF loader)

// Domain constants (without www)
define('DOMAIN_1', 'darylbm.cz');
define('DOMAIN_2', 'tech.zivotpomrtvici.cz');
define('DOMAIN_3', 'hidradenitida.org');
define('DOMAIN_4', 'your-fourth-domain.cz'); // Replace with real domain

// Normalize HTTP_HOST (remove www.)
$rawHost = $_SERVER['HTTP_HOST'] ?? '';
$host = strtolower(preg_replace('/^www./i', '', $rawHost));

// Resolve firewall path if matched
$domains = [DOMAIN_1, DOMAIN_2, DOMAIN_3, DOMAIN_4];
if (in_array($host, $domains)) {
$firewallFile = DIR . "/domains/$host/wp-content/nfwlog/ninjafirewall.php";
if (file_exists($firewallFile)) {
require_once $firewallFile;
}
}
```
The wordpress home path is …/virtual/www/domains/darylbm.cz, meaning there is darylbm.cz in the path, not www.darylbm.cz if this has a meaning. It can not be changed.

The firewall is loaded, seems to be working normally but some HIGHs does not block, just adds to the log.
- This reply was modified 3 months ago by PumpaXXL.
Plugin Contributor bruandet
(@bruandet)

3 months ago

The code looks fine.
If you access the site with www, do you see if the firewall loaded the .htninja in the “NinjaFirewall > Dashboard” page?
Where is located the .htninja ?

Thread Starter PumpaXXL
(@pumpaxxl)

3 months ago

No, there is no note about loading config / .htninja in the Dashboard.

Thread Starter PumpaXXL
(@pumpaxxl)

3 months ago

… should .htninja use be shown in the Dashboard of the free Ninja Frewall version?

Plugin Contributor bruandet
(@bruandet)

3 months ago

Yes, it should be mentioned in the dashboard if it is loaded:

If it is not mentioned, it is not loaded.

The .htninja must be located in the document root folder ($_SERVER['DOCUMENT_ROOT']), of the folder above the document root folder.

Thread Starter PumpaXXL
(@pumpaxxl)

3 months ago

I found the problem so it is solved, it was on the hosting side.

One more thing if I may – are all items in Firewall Log blocked or only those who indicate that in their description like “WordPress: Blocked access to the WP REST API”. Some are listed without the word “Blocked”.

Thanks for all the help.

Plugin Contributor bruandet
(@bruandet)

3 months ago

Yes, as indicated below the log “The log shows all threats that were blocked by the firewall, unless stated otherwise…”. Everything that has a CRITICAL, HIGH or MEDIUM label was blocked.

Thread Starter PumpaXXL
(@pumpaxxl)

3 months ago

Thanks.

Viewing 9 replies - 1 through 9 (of 9 total)

You must be logged in to reply to this topic.

Tags