• Hi, In my FW policies I leave “disallow uploads” as it is selected by default. In the user whitelist, I chose “Add all logged in users to the whitelist”. Yet still – and very often – users contact me telling me that they get an http-error when uploading files (jpgs and pngs). This happens *very* often.

    How can I find out, why these uploads receive a http error? (Turning off the firewall or the option to disallow uploads immediately results in uploads working again.)

Viewing 11 replies - 1 through 11 (of 11 total)
  • Plugin Author nintechnet

    (@nintechnet)

    Hi,

    Did you check the firewall log? Is it written “Blocked file upload attempt” for each of those attempts? If it is, go to the firewall “Overview” page and check if you have some error messages related to PHP session.

    Plugin Author nintechnet

    (@nintechnet)

    Any follow-up about this issue?

    It did not happen in the last week. Once it does, I will update this thread here. (But thanks for the – really appreciated! – follow-up-question!

    Hi,

    No error in PHP Session, but yet:

    01/Mar/17 15:04:07 #5142228 critical – 123.123.123.123 POST /wp-admin/async-upload.php – Blocked file upload attempt – [filename.png (56,508 bytes)] – domain.com

    …several such lines.

    Upload has been made not by admin, but by editor.

    Best,
    Michael

    …on a subsite of WP multisite!

    Plugin Author nintechnet

    (@nintechnet)

    Is the editor whitelisted on that subsite?
    If he or she is whitelisted on another site, that won’t apply to any subdomain or other domain from the network install.

    This setting is active: Add all logged in users to the whitelist.

    Plugin Author nintechnet

    (@nintechnet)

    It must be an issue with PHP session: the firewall relies on it to whitelist users.

    -Do you have a caching plugin?

    -Or another plugin/theme that could mess with session. You can scan your plugins and themes folders and search for the ‘session_’ substring to find out calls to PHP session_* functions.

    -You can also check your PHP session configuration:
    session.cache_expire : xxx
    session.gc_maxlifetime : xxx
    session.use_cookies: should be ‘on’
    session.save_path: should point to a valid writable directory.
    session.name: should not be empty

    Just happened again on a single wp install – again to an editor, not to me (admin). I use ACF and Yoast SEO. Template is Twenty Seventeen… Could not find anything session-related in my configs.

    Plugin Author nintechnet

    (@nintechnet)

    In the next release I will add a debugging option that will display the user whitelist status in the dashboard admin bar. That will help to debug this kind of issue because so far, I can’t reproduce it and cannot find anyone else facing the same problem.

    In the meantime you may want to enable uploads from the Firewall Policies (make sure you have File Guard and File Check enabled).

    Thanks! (I – the admin – never had this issue. Editors complain all the time…)

Viewing 11 replies - 1 through 11 (of 11 total)
  • The topic ‘Uploads blocked’ is closed to new replies.