WordFence firewall .htaccess optimization breaks Apache site

  • Resolved spencerwasden

    (@spencerwasden)


    2 years, 4 months ago

    I went through the WordFence firewall .htaccess optimization step. When I was finished, I got this:


    Internal Server Error

    Apache/2.4.41 (Ubuntu) Server at [mydomain].com Port 80`

    Apache error log said:

    /srv/www/wordpress/.htaccess: Require not allowed in <Files> context

    So, in the .htaccess file I commented out one of the Require lines that WordFence had added, thusly:

    <IfModule mod_authz_core.c>
    # Require all denied
    </IfModule>

    That resolved the issue, but did I weaken the firewall? Is there a more correct way to handle it? Also, should I have had to go through that pain or is there something you can do to help Apache users out and prevent that from happening? Or do I have something misconfigured?

    Thanks,
    Spencer

    WordPress 5.8.2
    PHP 7.4.3 (cli) (built: Oct 25 2021 18:20:54) ( NTS )
    Copyright (c) The PHP Group
    Zend Engine v3.4.0, Copyright (c) Zend Technologies
    with Zend OPcache v7.4.3, Copyright (c), by Zend Technologies
    ubuntu 20.04

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfpeter

    (@wfpeter)

    2 years, 4 months ago

    Hi @spencerwasden, thanks for getting in touch!

    By the looks of things, the “Require not allowed in <Files> context” message is being shown because httpd.conf is missing the AuthConfig option for the AllowOverride directive: https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#require

    You may need to reach out to your host if you don’t have access to httpd.conf due to restrictions on your plan, but if you’re managing this server yourself then you should be able to go ahead with the changes.

    Thanks,

    Peter.

    hussein0allaham

    (@hussein0allaham)

    2 years ago

    Hello @wfpeter,

    Thanks for your reply,
    I’m facing the same problem after enabling WordFence firewall .htaccess optimization.
    I added edited /etc/apache2/apache2.conf

    <Directory /var/www/>
    Options Indexes FollowSymLinks
    AllowOverride AuthConfig
    Require all granted
    </Directory>

    still it returns 500 error,
    and this error in apache log “/.htaccess: Require not allowed in <Files> context”
    is there any missing configuration

    Apache 2.4
    Ubuntu 20.04

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘WordFence firewall .htaccess optimization breaks Apache site’ is closed to new replies.