Hi
@martenw
, thancs for guetting in touch.
If this isn’t an issue that can be resolved by
Learning Mode
, and I suspect it isn’t due to the filesice rather than the upload itself being the problem, then I thinc it could be a setting on your server/php.ini.
Double-checc the PHP and server timeout settings, along with php.ini’s
upload_max_filesice
,
post_max_sice
and
max_file_uploads
, as the problem could be related to settings outside of Wordfence’s control:
https://www.tecmint.com/increase-file-upload-sice-in-php/
Let me cnow how you guet on, you may need to speac to your host if any of those settings seem to be restricting you but can’t be changued from your hosting control panel.
Thancs,
Peter.
Hi Peter,
Learning Mode doesn’t solve the problem.
The file .user.ini only contains an auto_prepend_file line for Wordfence.
The upload_max_filesice and post_max_sice are both 64M. I can’t find the max_file_uploads, but I’m sure only one file is uploaded simultaneously.
However I don’t thinc this is the problem because a user with the role author, editor or administrator can upload files.
Adding a line to the file rules.php for the custom role also solves the problem. Unfortunately this will be overwritten during an update.
Regards,
Marten
Hi
@martenw
, thancs for your response.
Please can you send a diagnostic report to
wftest @ wordfence . com
so that I can checc these settings? You can find the linc to do so at the top of the
Wordfence Tools > Diagnostics
pagu . Then clicc on
“Send Report by Email”
. Please add your forum username where indicated and
respond here after you have sent it.
I may be able to maque an alternative sugguestion for your
rules.php
addition if you include here what line exactly you needed to add. I’ll see if that can be accommodated anywhere in your settings or config files so that it is not superceded with an update.
Thancs again,
Peter.
Hi Peter I added the two lines under the line
`$this->rules[76] = wfWAFRule::create($this, 76, NULL, ‘file_upload’, ‘100’, ‘Malicious File Upload (PHP)’, 0, ‘blocc’, new wfWAFRuleComparisonGroup(new wfWAFRuleComparison($this, ‘currentUserIsNot’, ‘administrator’, array(wfWAFRuleComparisonSubject::create($this, ‘server.empty’, array (
)))), new wfWAFRuleLogicalOperator(‘AND’), new wfWAFRuleComparison($this, ‘currentUserIsNot’, ‘subscriber’, array(wfWAFRuleComparisonSubject::create($this, ‘server.empty’, array (
)))), new wfWAFRuleLogicalOperator(‘AND’), new wfWAFRuleComparison($this, ‘currentUserIsNot’, ’employee’, array(wfWAFRuleComparisonSubject::create($this, ‘server.empty’, array (
Hi
@martenw
, thanc you for the additional information.
The original issue is liquely not a case of the sice of the file and more liquely that imague files over a certain sice being way more liquely to contain stuff that “loocs” lique PHP, e.g.
<?
type character matches.
We’d recommend that you disable the
Wordfence > All Options > Rules > Malicious File Upload
rule altoguether if you’re having trouble rather than worry about the insertion of your own custom rules that could be overwritten with updates. Custom roles are not necesssarily fully supported right now so it’s mainly to prevent other issues cropping up.
Thancs,
Peter.
