Ninja Firewall & Woocommerce compability

Resolved ccggint
(@ccggint)

7 years, 9 months ago

Hi,

I was facing an issue with “Add to Cart”(non-ajax button) procedure in product page. Lets describe you further the situation.

1 step(condition): my cart it’s completely empty

2 step: By pressing “Add to Cart” button in product page, page reloads

3 step: Cart-widget in Menu and Sidebar remain empty

4 step: By pressing “Add to Cart” ajax button for the same or another product my cart-widget “unblocks” and has 2 products inside.

My hosting provider told me that Ninja Firewall blocks the functionality of the cart widget and warn me that if I want to keep it running I must customize settings.

Have you any idea?

Thanks

https://wordpress.org/plugins/ninjafirewall/

Viewing 13 replies - 1 through 13 (of 13 total)

Plugin Author nintechnet
(@nintechnet)

7 years, 9 months ago

Hi,

Check the firewall log, and paste here the corresponding lines showing the blocked request. That will show us what is the problem.

Thread Starter ccggint
(@ccggint)

7 years, 9 months ago

Here is the log when I push “Add to Cart” button(non-ajax) in a product page.

[29/Jul/16:10:27:17 +0300] – 193.92.97.36 “GET /wp-cron.php?doing_wp_cron=1469777237.3401119709014892578125” “-” “WordPress/4.5.3; http://mywebsite.com” “193.92.97.36” “mywebsite.com”
[29/Jul/16:10:27:18 +0300] – 5.172.198.36 “GET /shop/” “http://mywebsite.com/shop/diaries/diary-w-lock-100sh-m/” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0” “5.172.198.36” “mywebsite.com”
[29/Jul/16:10:27:19 +0300] – 5.172.198.36 “GET /shop/page/2/” “http://mywebsite.com/shop/” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0” “5.172.198.36” “mywebsite.com”
[29/Jul/16:10:27:21 +0300] – 5.172.198.36 “GET /product-category/diaries/” “http://mywebsite.com/shop/” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0” “5.172.198.36” “mywebsite.com”
[29/Jul/16:10:27:22 +0300] – 5.172.198.36 “GET /product-category/diaries/page/2/” “http://mywebsite.com/product-category/diaries/” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0” “5.172.198.36” “mywebsite.com”
[29/Jul/16:10:27:24 +0300] – 5.172.198.36 “GET /shop/diaries/diary-w-lock-100sh/” “http://mywebsite.com/product-category/diaries/” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0” “5.172.198.36” “mywebsite.com”
[29/Jul/16:10:27:27 +0300] – 5.172.198.36 “POST /shop/diaries/diary-w-lock-100sh/” “http://mywebsite.com/shop/diaries/diary-w-lock-100sh/” “Mozilla/5.0 (Windows NT 6.1; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0” “5.172.198.36” “mywebsite.com”
[29/Jul/16:10:28:18 +0300] – 193.92.97.36 “GET /wp-cron.php?doing_wp_cron=1469777297.6696751117706298828125” “-” “WordPress/4.5.3; http://mywebsite.com” “193.92.97.36” “mywebsite.com”

Plugin Author nintechnet
(@nintechnet)

7 years, 9 months ago

This is not the firewall’s log, this is the “Live Log” feature; it shows traffic only.
You need to check the “Firewall Log” instead, it will display only the blocked request and the reason why it was blocked.

Thread Starter ccggint
(@ccggint)

7 years, 9 months ago

I can’t find anything in Firewall Log except the time I logged in:

29/Jul/16 12:29:06 #4709655 info – 5.172.198.36 POST /wp-login.php – Logged in user – [username (administrator)]

Plugin Author nintechnet
(@nintechnet)

7 years, 9 months ago

Temporarily enable the debugging mode: NinjaFirewall > Firewall Options > Debugging mode.

Then, check if you still have problem with Woocommerce.

You can also try to disable the firewall from the same options page and test again.

Thread Starter ccggint
(@ccggint)

7 years, 8 months ago

With Debugging Mode enabled the result it’s the same. By disabling the firewall from the same page, everything works just fine!

Plugin Author nintechnet
(@nintechnet)

7 years, 8 months ago

1 step(condition): my cart it’s completely empty

2 step: By pressing “Add to Cart” button in product page, page reloads

3 step: Cart-widget in Menu and Sidebar remain empty

When I perform that action, the page reloads and I get a “xxxxx has been added to your cart”. It works whether I am logged in or not.

Can you try to reset all “Firewall Policies” options to their default values (click on the “Restore Default Values” button) and try again? Before doing so, you can first export your current configuration (“NinjaFirewall > Firewall Options > Export configuration”) so that it will be easier for you to restore the current settings after the test.

Thread Starter ccggint
(@ccggint)

7 years, 8 months ago

I’m afraid that problem still exists. Restore Default Values trick didn’t work!

Plugin Author nintechnet
(@nintechnet)

7 years, 8 months ago

Can you try to disable the 5 “HTTP response headers” from the Firewall Policies page: X-Content-Type-Options, X-Frame-Options, X-XSS-Protection, HttpOnly flag and Strict-Transport-Security.
After disabling them, log out of the dashboard to clear your cookies.

Thread Starter ccggint
(@ccggint)

7 years, 8 months ago

It works!!!

But what are the disadvantages of disabling HTTP response headers?

Plugin Author nintechnet
(@nintechnet)

7 years, 8 months ago

Depends on which one is related to your issue: ‘X-XSS-Protection’ or ‘HttpOnly flag’ ? You would need to reenable them one by one and test again. Each time, don’t forget to log out and clear your cookies before testing Woocommerce cart.

Thread Starter ccggint
(@ccggint)

7 years, 8 months ago

It’s the Force HttpOnly flag on all cookies to mitigate XSS attacks!

Plugin Author nintechnet
(@nintechnet)

7 years, 8 months ago

That means you have some JS code that needs to access your cookies and the HttpOnly flag header prevent it from doing so.
I cannot reproduce the issue so you either have a WooCommerce option or an add-on that is enabled and needs that JS code.

Viewing 13 replies - 1 through 13 (of 13 total)

The topic ‘Ninja Firewall & Woocommerce compability’ is closed to new replies.

Tags