You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am evaluating querywall and like its premise. However, am experiencing complete lockouts, including to admin, by the plugin with resulting 403 error.
Steps to reproduce problem:
Install querywall on WP 5.4.1 under cpanel
Activate
Add multiple rules to test to first rules panel that should not conflict with any actual operations nor have possibility of being triggered eg:
abracadabra.php
pillowvirus.php
(Note: the above two filenames do not exist in the file system)
Save
This results in immediately being locked out with a 403 error
The plugin must then be manually disabled.
Removing and reinstalling the plugin results immediately in the 403 error again.
I can confirm that removing the plugin does the following:
a) removes the files from plugin directory /wp-content/plugins/querywall/
b) removes the table cpaneldbprefix_qwall_monitor
I cannot see where the firewall settings data for querywall are stored. eg: doing a text search in files for “abracadabra” after adding it as a rule does not provide any hits, neither does searching the all of the tables in the database.
Would someone please advise where the rules are stored and how to ensure that all custom rules are being removed for querywall so a completely clean install can be performed?
Hi 4ley. Thank you for the prompt reply.
LiteSpeed V7.6
PHP Version 7.2.30
They were entered into the first tab panel of the settings.
I can't recall what it was called now and am unable to reactivate the plugin to check as it gives 403 error as soon as activated now.
Cheers for information on the IP blocking. It sounds like a promising project.
Unfortunately I can't reproduce the error. I tested on Apache with PHP 7.2.31. Rules are stored in WP options under qwall_avc_{qwall_attack_vector} like qwall_avc_request_uri
I am evaluating querywall and like its premise. However, am experiencing complete lockouts, including to admin, by the plugin with resulting 403 error.
Steps to reproduce problem:
abracadabra.php
pillowvirus.php
(Note: the above two filenames do not exist in the file system)
This results in immediately being locked out with a 403 error
The plugin must then be manually disabled.
Removing and reinstalling the plugin results immediately in the 403 error again.
I can confirm that removing the plugin does the following:
a) removes the files from plugin directory /wp-content/plugins/querywall/
b) removes the table cpaneldbprefix_qwall_monitor
I cannot see where the firewall settings data for querywall are stored. eg: doing a text search in files for “abracadabra” after adding it as a rule does not provide any hits, neither does searching the all of the tables in the database.
Would someone please advise where the rules are stored and how to ensure that all custom rules are being removed for querywall so a completely clean install can be performed?
(Note: Also posted issue at relevant section for wordpress https://wordpress.org/support/topic/403-error-from-adding-custom-rule-require-clean-data/)
And can anyone confirm that querywall is working ok under WordPress 5.4.1 with custom rules added?
Finally, is it possible with querywall to blacklist IP addresses that break the firewall rules for a period of time?
Thank you
The text was updated successfully, but these errors were encountered: