No way to enable Extended Protection

  • Resolved oktalv

    (@oktalv)


    7 years ago

    Apache 2.4, PHP 5.6.30, Server API FPM/FastCGI.
    Installed Wordfence like tens of times so far, but when trying to swich to Extended protection, WF detects FCGI, edits/adds lines in .htaccess, creates and populate .user.ini, creates wordfence-waf.php. PHPINFO among other says auto_prepend_file /home/XXXXXXX/public_html/wordfence-waf.php, and user_ini.filename .user.ini.
    But extended protection never activates. Message on top of firewal remaians “The changes have not yet taken effect. If you are using LiteSpeed or IIS as your web server or CGI/FastCGI interface, you may need to wait a few minutes for the changes to take effect since the configuration files are sometimes cached. You also may need to select a different server configuration in order to complete this step, but wait for a few minutes before trying. You can try refreshing this page.”

    Compared with several other sites on same shared hosting, line by line, step by step. Nothing diferent but on this newest site no way to activate extended protection. checked on onother site without wordfence till now and there also cannot enable extended firewall.

    Only change is that host migrated from Apache 2.2 to 2.4, with multi PHP otpion.

Viewing 3 replies - 16 through 18 (of 18 total)
1 2
  • Thread Starter oktalv

    (@oktalv)

    7 years ago

    Solution if I could say so.
    Hosting disabled FPM on my site (unwillingly from both sides), and everything started to work normally. We will investigate further and I will follow up.

    wfalaa

    (@wfalaa)

    7 years ago

    Thanks @inveress for sharing your solution!

    @oktalv I’ve tested enabling firewall “Extended Protection” on two separate installations of mine with “Apache + PHP-FPM” and “Nginx + PHP-FPM” and both worked fine, the problem here -in my opinion- is the way every hosting provider configures the server your website is hosted on, allowing separate php.ini file per user/virtual-host is something doable on shared hosting. I would appreciate if you can follow up with your web host to get this issue sorted out, then we can add their workaround to our docs in case similar situations happened with other users with same server configuration and for sure we would welcome any suggestion from them as well that can be done from our side.

    Thanks.

    jomo

    (@jonathanmoorebcsorg)

    7 years ago

    @inveress the instructions in your post have got mangled by the formatting with angled quotes and lost double dash, let me try:

    2.
    Add the line:
    php_admin_value_auto_prepend_file: { name: 'php_admin_value[auto_prepend_file]', value: '/home/[user]/public_html/wordfence-waf.php' }

    3.
    Rebuild the PHP-FPM config for that domain by running:
    /scripts/php_fpm_config --rebuild --domain=[domain]

    this does appear to work but note that the values will be deleted from .yaml if the pool settings are changed in WHM, the .conf files are also managed via WHM.
    (it also requires setting manually for each domain, and doesn’t solve the problem of the local .ini files not being applied)
    CPANEL have some internal calls open about this CPANEL-11563 + EA-5425

    • This reply was modified 7 years ago by jomo.
Viewing 3 replies - 16 through 18 (of 18 total)
1 2
  • The topic ‘No way to enable Extended Protection’ is closed to new replies.