Skip to content

WAF: Generate ip rules when running the update rules cron #27215

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Nov 1, 2022
Merged

WAF: Generate ip rules when running the update rules cron #27215

merged 3 commits into from
Nov 1, 2022

Conversation

miguelxpn
Copy link
Contributor

@miguelxpn miguelxpn commented Nov 1, 2022
edited by samiff
Loading

Fixes #27209

Changes proposed in this Pull Request:

  • Regenerate the ip rules when running the cron that updates the waf rules

Other information:

  • Have you written new tests for your changes, if applicable?
  • Have you checked the E2E test CI results, and verified that your changes do not break them?

Jetpack product discussion

Does this pull request change what data or activity we track or use?

No.

Testing instructions:

  • Spin up a JN site with a Scan subscription.
  • Turn on the WAF module
  • SSH into the site and remove all the rules
  • Run the cron via wp cron event run jetpack_waf_rules_update_cron
  • Verify that both sets of rules were generated and that the site still works after the cron runs

@github-actions
Copy link
Contributor

github-actions bot commented Nov 1, 2022
edited
Loading

Thank you for your PR!

When contributing to Jetpack, we have a few suggestions that can help us test and review your patch:

  • ✅ Include a description of your PR changes.
  • ✅ All commits were linted before commit.
  • ✅ Add a "[Status]" label (In Progress, Needs Team Review, ...).
  • ✅ Add testing instructions.
  • ✅ Specify whether this PR includes any changes to data or privacy.
  • ✅ Add changelog entries to affected projects

This comment will be updated as you work on your PR and make changes. If you think that some of those checks are not needed for your PR, please explain why you think so. Thanks for cooperation 🤖

The e2e test report can be found here. Please note that it can take a few minutes after the e2e tests checks are complete for the report to be available.

Once your PR is ready for review, check one last time that all required checks (other than "Required review") appearing at the bottom of this PR are passing or skipped.
Then, add the "[Status] Needs Team review" label and ask someone from your team review the code.
Once you’ve done so, switch to the "[Status] Needs Review" label; someone from Jetpack Crew will then review this PR and merge it to be included in the next Jetpack release.

@github-actions github-actions bot added the [Status] Needs Author Reply We need more details from you. This label will be auto-added until the PR meets all requirements. label Nov 1, 2022
@github-actions
Copy link
Contributor

github-actions bot commented Nov 1, 2022
edited
Loading

Are you an Automattician? You can now test your Pull Request on WordPress.com. On your sandbox, run bin/jetpack-downloader test jetpack fix/waf-rule-cron to get started. More details: p9dueE-5Nn-p2

@miguelxpn miguelxpn added [Status] Needs Review This PR is ready for review. and removed [Status] Needs Author Reply We need more details from you. This label will be auto-added until the PR meets all requirements. labels Nov 1, 2022
@sdixon194 sdixon194 added this to the jetpack/11.5.1 milestone Nov 1, 2022
@anomiex
Copy link
Contributor

anomiex commented Nov 1, 2022

What about the code path via line 334?

Or maybe to better future-proof this, we should just move the call to generate_ip_rules inside generate_rules instead of relying on every caller to do it.

@miguelxpn
Copy link
Contributor Author

What about the code path via line 334?

Or maybe to better future-proof this, we should just move the call to generate_ip_rules inside generate_rules instead of relying on every caller to do it.

Good catch. Yeah I agree, that's part of what we'll do in a more elaborated patch. We also are going to add some better file handling around all file operations.

@samiff samiff self-requested a review November 1, 2022 21:29
samiff
samiff approved these changes Nov 1, 2022
View reviewed changes
Copy link
Contributor

@samiff samiff left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reproduced fatal pre-patch, and verified that this patch resolves the immediate issue 👍

@samiff samiff added [Status] Ready to Merge Go ahead, you can push that green button! and removed [Status] Needs Review This PR is ready for review. labels Nov 1, 2022
@samiff samiff merged commit 3c12329 into trunk Nov 1, 2022
@samiff samiff deleted the fix/waf-rule-cron branch November 1, 2022 21:59
@github-actions github-actions bot removed the [Status] Ready to Merge Go ahead, you can push that green button! label Nov 1, 2022
@samiff samiff mentioned this pull request Nov 1, 2022
Merged
2 tasks
coder-karen pushed a commit that referenced this pull request Nov 2, 2022
@miguelxpn @coder-karen
[not verified] WAF: Generate ip rules when running the update rules c…
d7fbae8 
…ron (#27215)

* WAF: Generate ip rules when running the update rules cron

* changelog

* Generate ip rules in update_waf codepath
@coder-karen
Copy link
Contributor

Cherry-picked to release branch in d7fbae8

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
1 more reviewer

@samiff samiff samiff approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees

@miguelxpn miguelxpn

Labels
[Package] WAF
Projects
None yet
Milestone
jetpack/11.5.1
Development

Successfully merging this pull request may close these issues.

Upgrade to 11.5 broke WAF
5 participants
@miguelxpn @anomiex @coder-karen @samiff @sdixon194