PHP Defender/snuffleupagus fecks up PHP

Hi,

The new feature within the security center (PHP Defender) with PHP-FPM 7.4 in my case on BASIC kills PHP

This results in contacting a Website and you just get a File to Download instead of the Site.

It is working for a while maybe a few hours an suddenly a minute later the error kicks in.

I found this Error Message in the PHP-FPM Selector Status for 7.4:

Code: [Select]

Started The PHP FastCGI Process Manager.
Mar 01 23:24:11 srv1.xxxx php-fpm[1046]: [01-Mar-2021 23:24:11] NOTICE: PHP message: PHP Fatal error:  [snuffleupagus][0.0.0.0][config][log] Could not open configuration file /usr/local/cwpsrv/htdocs/resources/admin/include/modules/security_center/defender_rules/cwp_php_defender_basic.rules : No such file or directory in Unknown on line 0
after restarting php it works again, but it took me some time to figure out whats wrong.

In PHP Defender you can see this for all domains on the Server:

Code: [Select]

Invalid configuration file
File: Unknown (0')
Action: config
This happened 2 times now on my CWP.

I uninstalled PHP Defender for now, maybe there is a bit more work to do before releasing it.

Again my details:

PHP-FPM 7.4
CWPpro version: 0.9.8.1048

thanks

Does no one else recorgnized this problem or is something missing in my topic? Or maybe i wrote it to complicated?

Thanks

Devs are working on it

Is it fixed already? Can we use PHP Defender now?

As you never provide a changelog, we never know whats done and whats not.

Still the same Problem.

Activated PHP Defender today because there was another update to the .51 version.

So PHP-Defender on Basic, and now 2 hours later all sites with errors.

Uninstalled PHP-Defender, restarted PHP-FPM and all fine

Will be fixed in a future version.

Is it already fixed so we can use it?

Thanks

Is it already fixed so we can use it?

Thanks

Solved!

I faced another problem with PHPDefender. It can be installed well. But I cant change the rule at all.
The path for the rule is: /usr/local/cwp/.conf/phpdefender/rules/
When installed I choose intermediate.
One of my site got blocked with the reason: fatal error because of usage ini_set("display_errors").
Then I open the  cwp_php_defender_interm.rules
I change the line:
sp.disable_function.function("ini_set").param("varname").value_r("display_errors").drop()
to
#sp.disable_function.function("ini_set").param("varname").value_r("display_errors").drop() --> add comment sign, so it is ignored.

Restarting apache, but still get the same error. Then change that line to:
sp.disable_function.function("ini_set").param("varname").value_r("display_errors").allow()

But still gave the same error.
So, where is actually PHPdefender store the log data and is there any file contains the locked domain, so it kept giving the same error, even when I have removed PHPdefender, the same error still show up.
And which the rules file that PHPdefender execute for real?

It is really confusing, and there is no complete documentation at CWP. Opening the site snuffleupagus.readthedocs.io does not give any useful information.

Has CWP developer tested it before launching this feature?

Thanks.

I have tried today to install it too, on a CWP Pro 0.9.8.1135, Rocky Linux 8.5, Webserver main Nginx,varnish,apache, and site config is nginx, php-fpm. I tried the basic php defender configuration and i got 502 bad getaway error. If i delete the config and reload the page it`s working.

I have tried today to install it too, on a CWP Pro 0.9.8.1135, Rocky Linux 8.5, Webserver main Nginx,varnish,apache, and site config is nginx, php-fpm. I tried the basic php defender configuration and i got 502 bad getaway error. If i delete the config and reload the page it`s working.

Check the error domlogs for which rule is making you get a 502, and then remove/disable that specific rule or whitelist the specific file that is getting flagged by snuffleupagus