russelyeti
Forum Replies Created
-
Thanks!
Hi,
in my case phpinfo() displays
Server API LiteSpeed V6.9The hosting company says they use Apache/suPHP without supporting .user.ini, neither changes to php variables or custom php.ini.
Still wondering if
simply adding
php_value auto_prepend_file "/path_to_file/wordfence-waf.php"
at the end of .htaccess (that works) is a good solution.Maybe the plugin’s developer can add another configuration item in the drop down list for this case.
Hi,
The support team of my hosting company confirms that they use Apache/suPHP but on shared hosting they do not support .user.ini, neither changes to php variables or custom php.ini.
So the guided setup is not completing successfully and the alternative solutions proposed in the official WAF wiki page are not working.
I tried the solution proposed by pierrer:
just add
php_value auto_prepend_file "/path_to_file/wordfence-waf.php"
at the end of .htaccess, and it works.@ WFMattR: like pierrer I’m wondering if this is a good solution, it works but it seems to bee too easy/basic that make me think I’m missing something :). Can you confirm and or explain better?
Thanks!
ok, agree.
Thank you for your replyHi,
I guess that the hosting company has disabled such function because of actual security issues with it… you can read more here, for example: http://baesystemsdetica.blogspot.it/2013/11/security-issues-with-using-phps.htmlAlso a hosting company where I have some sites disables escapeshellarg…
A solution proposed for similar problem can be found here: http://stackoverflow.com/questions/14095339/codeigniter-escapeshellarg-has-been-disabled-for-security-reasons
David, maybe you can provide a switch in your plugin that allows to choose between the standard escapeshellarg and a rewritten one :), or to automatically use the rewritten one in case the standard function is not available…
Hope this helps.