WordPress.org

Ready to get started?Download WordPress

Forums

Cookies for Comments
Nginx rules translation for Cookies For Comments (7 posts)

  1. GerryBot
    Member
    Posted 1 year ago #

    I recently added the Apache .htaccess rules for Cookies For Comments to one of my websites, and it has resulted in a majorly impressive reduction in spam.

    A couple of my other sites run on Nginx, and I'd love to translate the .htaccess rules so that spam can be blocked at the entry level. Unfortunately, I'm virtually illiterate in the ways of making Nginx rules. Here's what I've hacked together (where the string of XXXXXs are my CFC code in WordPress).

    location ~* wp-comments-post.php {
                    if ($http_cookie !~* "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX") {
                            return 403;
                            break;
                    }
            }

    Of course, it's far too strict - it seems to generate a 403 error when I try to post comments from Curl, but when I try to post comments as a regular user, using Firefox, it returns a 405 error. Stumped!

    Here's hoping somebody can help with this!

    http://wordpress.org/extend/plugins/cookies-for-comments/

  2. rahul286
    Member
    Posted 1 year ago #

    Rather than using...

    location ~* wp-comments-post.php {
                    if ($http_cookie !~* "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX") {
                            return 403;
                            break;
                    }
            }

    Just use...

    if ($http_cookie !~* "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX") {
                            return 403;
                    }

    Try to avoid using if and location directives together. Sometimes they lead to unexpected results.

  3. GerryBot
    Member
    Posted 1 year ago #

    Thanks for that! Would you suggest putting that directive up above the location blocks in my Nginx rules then, @rahul286?

  4. rahul286
    Member
    Posted 1 year ago #

    Order of directives doesn't matter mostly.

    AS far as I see you want to check 2 conditions. This can get tricky in nginx world!

    I generally follow this path...

    I will add a line like below

    set $rb_cookie "${request_method}${request_uri}${cookie_COOKIENAME}" ;

    This will set a variable with name "rb_cookie" with value "POST/wp-comments-post.phpXXXXXXXXXXXXXXXXXX"

    Assuming /wp-comments-post.php is present in root i.e. wordpress is not in subfolder otherwise value may slightly change

    Next, I will add a line like:

    if ( $rb_cookie ~ "POST/wp-comments-post.phpXXXXXXXXXXXXXXXXXX" ){
     	 	 	#do something
        }

    Above style saves me from evilness of if. Ref: http://wiki.nginx.org/IfIsEvil

  5. GerryBot
    Member
    Posted 1 year ago #

    Rahul: The earlier code sample runs a bit out of control since it's not directed at a specific resource it simply blocks all access to the site with a 403 Forbidden error.

    if ($http_cookie !~* "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX") {
                            return 403;
                    }

    Would it help to look at the Apache rules to see how the same effect is achieved? This is what they tell you to use in your .htaccess file.

    RewriteCond %{HTTP_COOKIE} !^.*xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.*$
    RewriteRule ^wp-comments-post.php - [F,L]
  6. rahul286
    Member
    Posted 1 year ago #

    Using if-set is better way. if and location mix many time leads to strange behaviour.

    Try...

    set $rb_cookie "clean";
    
    if ($http_cookie !~* "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX") {
                            set $rb_cookie "spam";
                    }
    
    set $rb_kick  "${request_uri}${rb_cookie}";
    
    if ($rb_kick = "/wp-comments-post.phpspam") {
                            return 403;
                    }

    Above is slightly longer way!

    Your original way should work also.

    Try....

    location ~* wp-comments-post.php {
                    if ($http_cookie !~* "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX") {
                            return 403;
                            break;
                    }
    
             ##copy some lines from location ~ .php$ {} block
    		include fastcgi_params;
                    fastcgi_pass unix:/var/run/php5-fpm.sock;
            }
  7. Ovidiu
    Member
    Posted 10 months ago #

    So what is the final solution?

    Is there a problem blocking access site wide if the cookie isn't present or should you really limit it to the wp-signup.php wp-login.php and wp-comments-post.php parts?

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic