Wrong vhost configuration (related to Wordpress; esp. NinjaFirewall)

Perhaps there is a wrong declarattion within the virtualhosts.conf:

Current stuation with some occurances:
SetHandler "proxy:unix:/var/run/rh-php73-php-fpm/VHOST-php73.sock|fcgi://localhost/"
This declaration prevent the mode switch of my WordPress firewall (NinjaFirewall) from WAF to Full-F
WAF mode.

I replaced all occurrences of:
SetHandler “proxy:unix:/var/run/rh-php73-php-fpm/ec1117VHOST-php73.sock|fcgi://localhost/”

With:
SetHandler “proxy:unix:/var/run/rh-php73-php-fpm/ec1117VHOST-php73.sock|fcgi://localhost”

The difference is that I removed the tailing ‘/’ in ‘fcgi://localhost’.
I just checked on a Debian installation, and there’s no trailing slash.

Now my problem is solved.
Sincerely, Marko

Edit:
NinjaFirewall Review

2 Likes

I observe intensively the system behavior in the interaction of vhosts, WordPress and Ninja Firewall.
Conclusion:

  1. To run Nina Firewall in Full WAF-Mode, the final “/” in the SetHandler declaration must be removed.
  2. The problem of additional and not starting non-WordPress scripts must be solved by an additional configuration file for the Ninja firewall. In my case by adding an exclude-path in .htninja:
<?php

if ( strpos( $_SERVER['SCRIPT_FILENAME'], '/INSTALL-DIRECTORY/' ) !== FALSE ) {

  return 'ALLOW';

}
  1. Every time virtualhosts.conf is regenerated, the manual changes are overwritten and NinjaFirewall falls back into the limited WordPress WAF mode. This is also pointed out in the file header.

  2. So for me it is clear that I permanently need SetHandler declarations for my WordPress installations which do not have a closing “/”.
    Negative effects on other functions of the webserver I could not find out if it is missing.
    I can’t judge if it would be better to remove it by default for every vhost with WordPress installations or if only I need a customized standard solution.

For the latter, I would need your help.
I also thought that I could do without NinjaFirewall. But two reasons speak against it:

Hi Marko,

At first, reading your post, I wanted to recommend Wordfence which I am using since a few years, but I thought if you had chosen Ninja Firewall you probably had a very good reason.

So I looked on the WordPress plugins site: Ninja Firewall and Wordfence.
Usually, I choose by virtue of the total number of installations of an extension, the number of comments, the response time on their forum, the time between updates, the number of languages they offer, etc. In this sense, Wordfence is the winner. Also, Wodfence has a very good newsletter with lot of advices on security.

Then I went to see if I could find a comparison between these two extensions. There, Ninja Firewall is ahead of Wordfence in terms of analysis speed and load on the system.

So I looked for a comparison of multiple firewalls for WordPress and I have to say that I discovered Sucuri that I did not know before: https://vobida.com/best-wordpress-security-plugins/.

Now for choosing a firewall for WordPress I’m confused, but on a higher level.

The choice is very difficult, but must take place,

Michel-André

Hi Miche-Andre, I compared it 2 years ago and the winner was NinjaFirewall, because they protect against many more threads.
If you use Wordfense, please check your system, it’s really easy.
https://nintechnet.com/ninjafirewall/wp-edition/?webscanner
(my result: Results: 49 out of 49 threats were blocked)

I’m interested to see your result. If it is comparable to NinhaFirefall, I will change.
Here is the german test: https://www.damianschwyrz.de/content/schuetzen-wordfence-ithemes-security-meine-wordpress-seite-so-gut-wie-alle-behaupten-nein

There a basic technical comparison and not only a comparison of the marketing brochures is attempted.

Some other real test scenarios:


I’m very interested to get real test experiences. The most “expert-test-blog-articles” are marketing comparisons.
As soon as I have a valid basis for comparison, I immediately change to avoid my calamities.
Nor am I waging a holy war for or against a solution; I am just very suspicious of the prospectus promises. And Nintech seemed to me at the time to go far beyond what other manufacturers offer with their published test results.
But the watches did not stop there.

Sincerely, Marko

Hi Marko,

https://nintechnet.com/ninjafirewall/wp-edition/?webscanner
This test has left me so totally flabbergasted that I will not tell you the results… :astonished:

I have to post something on Wordfence forum.

Michel-André

2 Likes

time to change? :wink:

that I will not tell you the results

Could you send it me via private massege?

Hi Marko,

Michel-André

1 Like