Support » Plugin: NinjaFirewall (WP Edition) - Advanced Security » Ninjafirewall WP+ Edition and nfwlog/cache

  • Resolved wplike75

    (@wplike75)


    Hello Nintechnet,

    In 3 days, into my nfwlog/cache folder, there is now 8000 files rl.mywebsite.com.xx.xxx.xx.xxx.php

    Is all Ip are recorded ? and for wath ?

    In somes days, this folder will be so big, can I trash this files ?

    Regards.

Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Hi

    Those files are used by the “Rate-limit” option from the “Access Control” page.
    They are deleted automatically by the firewall when the banning period is over. If you are under attack from a lot of IPs, use preferably a short banning period.
    NinjaFirewall does not store this kind of data in the DB, it stores them to disk because that’s much faster.

    Hi,

    I understand, but I think there is a problem here because.

    In my log journal firewall I have 150 attack journalised, not 8000.

    And in my Rate limit, I have period for 900 seconds (15mn).

    So it can’t be more than 8000 ip registerd in the cache in 15 minutes, and it’s like they are not deleted automatically.

    Also in the journal firewall I have many of this :

    Bogus user-agent signature – [SERVER:HTTP_USER_AGENT = Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705)]

    Bogus user-agent signature – [SERVER:HTTP_USER_AGENT = Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; FSL 7.0.6.01001)]

    Sanitising user input – [HTTP_USER_AGENT: Mozilla/5.0 (Linux; Android 4.4.4; 9.4” FFF Build/KTU84Q) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.83 Safari/537.36]

    Do I think I need to disable some rules ?

    And yes storing this files in disk is great.

    Best regards.

    Plugin Author nintechnet

    (@nintechnet)

    Go to the “Access Control” page, scroll down to the bottom of the page and click on the “Save” button. That should force all “rl.*” files to be deleted from the cache.

    Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705)]

    This is a bot: IE 6.0 was released in 2001 and nobody is using it.

    Hello Nintechnet,

    thank you very much for your answers, your help and fast reply, you are great !!

    Please do you know a rule to put in htaccess to definitively block these IE 6.0 bot ?

    Thanks again, sincerely.

    Hi,

    the nfwlog/cache folder is all IP visiting my web site ?

    Or all are IP blocked by Ninja Firewal ?

    And to block the MSIE 6.0 bot, I have put in my htaccess this :

    <ifmodule mod_rewrite.c>
    RewriteEngine on
    RewriteCond %{HTTP_USER_AGENT} “MSIE [1-7]\.” [NC]
    RewriteRule . http://127.0.0.1 [L]
    </ifmodule>

    and

    <ifmodule mod_rewrite.c>
    RewriteEngine on
    RewriteCond %{HTTP_USER_AGENT} “MSIE [1-7]” [NC]
    RewriteRule ^(.*)$ http://127.0.0.1 [L]
    </ifmodule>

    but I do not know witch one is the good one for Apache 2.2.23, please do you know the good one of this 2 rewrite rules ?

    Regards.

    Plugin Author nintechnet

    (@nintechnet)

    This should be enough to block them:

    RewriteEngine On
    RewriteCond %{HTTP_USER_AGENT} "MSIE [1-7]\." [NC]
    RewriteRule . - [F,L]
    

    IPs in the cache folder are those that were blocked by the rate-limit option.

    Hi,

    thank you for your response Nintechnet.

    I have disabled the rate limiting, there is something wrong, 8000 Ip bloked every 15mn, it’s like the rate limiting is blocking everybody.

    If one day you will do a new wordpress plugins, only to rate limiting, light and speed, I will be happy to buy it.

    Best regards.

    Plugin Author nintechnet

    (@nintechnet)

    Those IPs were not blocked: they are currently monitored by the rate-limit option. NinjaFirewall needs to track all IPs, hence it writes them to its cache for a while.

    Blocked IPs are written to the firewall log, so if you want to know which ones were really blocked, you need to check the log, not the cache folder.

    Ah great, thanks for the clarify and I understand now.

    I was confused because your precedent answer that say “IPs in the cache folder are those that were blocked by the rate-limit option.”

    And please think about creating a light wordpress plugins to only manage rate limiting, this will be so great for protecting all wordpress users, and I’m not the only one who will want buy a plugins like this.

    Thanks for your help,

    regards.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Ninjafirewall WP+ Edition and nfwlog/cache’ is closed to new replies.