Config auto_prepend_file does not work.

I’m using CyberPanel with LiteSpeed Enterprise version to active a WAF using the PHP configuration:
auto_prepend_file=waf.php

But this configuration does not work.

I’m using the Ninja Firewall WAF for a couple of WordPress sites, and here’s what I have to do – maybe you can do the same thing, just point to your php file.

In CyberPanel you can go to Manage Website, and click on vHost Conf. Scroll down to “phpIniOverride {” or create it, and add your line inside the brackets:

php_value auto_prepend_file /home/yourdomain.com/public_html/path/to/waf.php

You can also enter this directive inside the OLS web panel if you’re using that, under the Virtual Host settings for this particular site. I believe it’s just a text field called “php.ini overrides”

Hi,
I am trying to figure this out, I entered as suggested by Ninja Firewall:
php_value auto_prepend_file “/home/mydomain.com/public_html/wp-content/nfwlog/ninjafirewall.php”
But it does not activate.
I am using the free LiteSpeed.
Anyone got it working?
Thanks

I think I figured it out: it actually works, but you must also add the phpIniOverride rule to every other add-on domain that will run Wordfence, as these settings are domain-specific.

So if you visit your site on a different domain than the main domain assigned to the website in CP, that’s probably what your problem is. Click ‘list domains’ to manage each add-on domain.

Also, I tested that:

  • it works with double quotes and no quotes at all, but not single quotes.
  • the path must be absolute (using ~ for site base dir won’t work)

It’s also good to know that the firewall won’t kick in when visiting add-on domains on a multisite setup if the rule hasn’t been set for these domains – and you’ll never know !