• Dev log

  • wp-config.php file does not load properly in the file manager

Shaijee You need to provide more details. What kind of webserver is it?

      It's working fine for me. I'm running apache.

      AdamM It's happening for every server and site for me as I am using Cloudflare for the control panel. Every other files are loading fine, just the wp-config.php file.

      I believe EnhanceCP should fix this conflict with Cloudflare.

          Shaijee it's been brought up a few times before, I thought Adam said it was logged and would be fixed at some point.

            Yes it's definitely caused by CloudFlare. It might be possible to disable the rule somewhere in the Cloudflare admin panel.

            We are planning to slightly obfuscate the file name in the API request to avoid triggering the rule.

            I don't think there is an benefit to using the CloudFlare proxy on your control panel domain. You wouldn't want to cache any of the API responses and Enhance already has very robust protection against things like SQL injection that their WAF might otherwise protect you from.

              ivansalloum Perhaps for DDOS protection if they host content that attracts the crazies.

              In my opinion if a modern panel has vulns that CF WAF would block, its going to have larger security issues that CF simply can't block. Ie privledge escalation or isolation issues.

              @Shaijee I assume you are blocking traffic from non cloudflare IP's otherwise its quite trivial to get the control panel IP and access it directly, bypassing cloudflare.

                  Adam so many good reasons to put the panel behind Cloudflare, such as obfuscating the IP to help prevent DDOS, also to block bad bots, block countries, endless possibilities of Page Rules.

                  I could swear I already tested whitelisting the editor to prevent wp-config from possibly conflicting with Cloudflare. I thought in old convos it was said to be a security config on enhance's side that prevented wp-config from being edited?

                      twest JohnB I don’t find reasons to use CF for the panel if you have it on a separate server. It doesn’t help that much. And it may conflict with many things in the future.

                      This was my first question to @Adam if I need to use the proxy option or not and said no.

                          JohnB I assume you are blocking traffic from non cloudflare IP's otherwise its quite trivial to get the control panel IP and access it directly, bypassing cloudflare.

                          No, it's the default setup. I just enabled the Bot Protection and whitelisted the server IPs on Cloudflare.

                            If you want to use Cloudflare with panel you can disable the Cache for the subdomain of the panel in Cache Rules.

                              COLBYLICIOUS If you want to use Cloudflare with panel you can disable the Cache for the subdomain of the panel in Cache Rules.

                              Does not work.

                              Update:
                              P.S.: It's actually not a cache issue. The CF Firewall is blocking wp-config.php file. I found the solution and will share it soon.

                                21 days later

                                I have fixed the issue with Cloudflare for me. Also, whitelisted all IPs in the "IP Access Rules".

                                (http.request.uri contains "/fs/")

                                https://i.ibb.co/x8gzHD0/Screenshot-2024-05-16-at-3-46-57-AM.png

                                  a month later
                                  9 days later
                                  9 months later

                                  I recall reading somewhere (but now nowhere in release notes) that this was slated for v12.0.0
                                  I can’t find it on the roadmap now either.. did I miss something?

                                    xyzulu exactly. I already had ticket for this, because I thought it was fixed in v12 but apparently not. And it's not not roadmap even in planned.

                                        Follow @enhancecp