WordPress.org

Ready to get started?Download WordPress

Forums

Nginx + W3 Total Cache + 403 Forbidden Error (4 posts)

  1. s.fox
    Member
    Posted 1 year ago #

    I'm trying to setup w3 total cache on my brand new Nginx server, but after my most recent changes I now receive a 403 error for all pages.

    I archived my config file at each successful stage of installation. By comparing a confirmed working version against my current, I've isolated the issue down to a single line:

    location ^~ /wp-content/w3tc- { deny all; access_log off; log_not_found off; }

    If I add that line the server returns 403. This was of course taken directly from tutorials, so I'm wondering where a mistake was made? Either on my part somehow, the W3 Total Cache plugin which added blocks of code on its' own, or one of the tutorials I've found.

    The overall purpose of the config file is to allow subdomains, rewrite file paths so sites in my network can upload/access their files appropriately, and implement code to support caching methods.

    If someone could look at that line and through my config file and tell me what I did wrong, I would greatly appreciate it.

    Thanks.

    map $http_host $blogid {
        default       -999;
        include /var/www/wordpress/wp-content/plugins/nginx-helper/map.conf ;
    }
    
    server {
    	listen   80; ## listen for ipv4; this line is default and implied
    	#listen   [::]:80 default ipv6only=on; ## listen for ipv6
    
    	root /var/www/wordpress;
    	index index.php index.html index.htm;
    
    	# Make site accessible from http://localhost/
    	server_name domain.com *.domain.com admin.domain.com;
    
    	location / {
    		index index.php index.html index.htm;
    		# First attempt to serve request as file, then
    		# as directory, then fall back to index.html
    		try_files $uri $uri/ /index.php?q=$uri&$args;
    		# Uncomment to enable naxsi on this location
    		# include /etc/nginx/naxsi.rules
    	}
    
    	location /doc/ {
    		alias /usr/share/doc/;
    		autoindex on;
    		allow 127.0.0.1;
    		deny all;
    	}
    
    	# Only for nginx-naxsi : process denied requests
    	#location /RequestDenied {
    		# For example, return an error code
    		#return 418;
    	#}
    
    	#error_page 404 /404.html;
    
    	# redirect server error pages to the static page /50x.html
    	#
    	error_page 500 502 503 504 /50x.html;
    	location = /50x.html {
    		root /usr/share/nginx/www;
    	}
    
    	# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    	#
    	location ~ \.php$ {
    		fastcgi_split_path_info ^(.+\.php)(/.+)$;
    		# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
    
    		# With php5-cgi alone:
    		fastcgi_pass 127.0.0.1:9000;
    		# With php5-fpm:
    	#	fastcgi_pass unix:/var/run/php5-fpm.sock;
    		fastcgi_index index.php;
    		include fastcgi_params;
    	}
    
    	# deny access to .htaccess files, if Apache's document root
    	# concurs with nginx's one
    	#
    
    # BEGIN W3TC Page Cache cache
    location ~ /wp-content/w3tc.*?/pgcache.*html$ {
        expires modified 3600s;
        add_header X-Powered-By "W3 Total Cache/0.9.2.4";
        add_header Vary "Accept-Encoding, Cookie";
    }
    location ~ /wp-content/w3tc.*?/pgcache.*gzip$ {
        gzip off;
        types {}
        default_type text/html;
        expires modified 3600s;
        add_header X-Powered-By "W3 Total Cache/0.9.2.4";
        add_header Vary "Accept-Encoding, Cookie";
        add_header Content-Encoding gzip;
    }
    # END W3TC Page Cache cache
    # BEGIN W3TC Browser Cache
    gzip on;
    gzip_types text/css application/x-javascript text/x-component text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;
    location ~ \.(css|js|htc)$ {
        expires 31536000s;
        add_header X-Powered-By "W3 Total Cache/0.9.2.4";
    }
    location ~ \.(html|htm|rtf|rtx|svg|svgz|txt|xsd|xsl|xml)$ {
        expires 3600s;
        add_header X-Powered-By "W3 Total Cache/0.9.2.4";
    }
    location ~ \.(asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|otf|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|tif|tiff|ttf|ttc|wav|wma|wri|xla|xls|xlsx|xlt|xlw|zip)$ {
        expires 31536000s;
        add_header X-Powered-By "W3 Total Cache/0.9.2.4";
    }
    # END W3TC Browser Cache
    # BEGIN W3TC Page Cache core
    rewrite ^(.*\/)?w3tc_rewrite_test$ $1?w3tc_rewrite_test=1 last;
    set $w3tc_rewrite 1;
    if ($request_method = POST) {
        set $w3tc_rewrite 0;
    }
    if ($query_string != "") {
        set $w3tc_rewrite 0;
    }
    if ($http_host != "domain.com") {
        set $w3tc_rewrite 0;
    }
    set $w3tc_rewrite2 1;
    if ($request_uri !~ \/$) {
        set $w3tc_rewrite2 0;
    }
    if ($request_uri ~* "(sitemap(_index)?\.xml(\.gz)?|[a-z0-9_\-]+-sitemap([0-9]+)?\.xml(\.gz)?)") {
        set $w3tc_rewrite2 1;
    }
    if ($w3tc_rewrite2 != 1) {
        set $w3tc_rewrite 0;
    }
    set $w3tc_rewrite3 1;
    if ($request_uri ~* "(\/wp-admin\/|\/xmlrpc.php|\/wp-(app|cron|login|register|mail)\.php|\/feed\/|wp-.*\.php|index\.php)") {
        set $w3tc_rewrite3 0;
    }
    if ($request_uri ~* "(wp\-comments\-popup\.php|wp\-links\-opml\.php|wp\-locations\.php)") {
        set $w3tc_rewrite3 1;
    }
    if ($w3tc_rewrite3 != 1) {
        set $w3tc_rewrite 0;
    }
    if ($http_cookie ~* "(comment_author|wp\-postpass|wordpress_\[a\-f0\-9\]\+|wordpress_logged_in)") {
        set $w3tc_rewrite 0;
    }
    if ($http_user_agent ~* "(W3\ Total\ Cache/0\.9\.2\.4)") {
        set $w3tc_rewrite 0;
    }
    set $w3tc_domain "";
    if ($http_host ~ ^(www\.)?([a-z0-9\-\.]+\.[a-z]+)\.?(:[0-9]+)?$) {
        set $w3tc_domain $2;
    }
    set $w3tc_ua "";
    set $w3tc_ref "";
    set $w3tc_ssl "";
    set $w3tc_enc "";
    if ($http_accept_encoding ~ gzip) {
        set $w3tc_enc _gzip;
    }
    set $w3tc_ext "";
    if (-f "$document_root/wp-content/w3tc-$w3tc_domain/pgcache/$request_uri/_index$w3tc_ua$w3tc_ref$w3tc_ssl.html$w3tc_enc") {
        set $w3tc_ext .html;
    }
    if ($w3tc_ext = "") {
      set $w3tc_rewrite 0;
    }
    if ($w3tc_rewrite = 1) {
        rewrite .* "/wp-content/w3tc-$w3tc_domain/pgcache/$request_uri/_index$w3tc_ua$w3tc_ref$w3tc_ssl$w3tc_ext$w3tc_enc" last;
    }
    # END W3TC Page Cache core
    
    #WPMU Files
            if ($request_uri ~* "\/files\/(.*)"){
                    set $rtfile $1;
            }
    
            location ^~ /files {
                    try_files /wp-content/blogs.dir/$blogid/$uri /wp-includes/ms-files.php?file=$rtfile ;
                    access_log off; log_not_found off;      expires max;
            }
    
            #WPMU x-sendfile to avoid php readfile()
            location ^~ /blogs.dir {
                    internal;
                    alias /var/www/wordpress/wp-content/blogs.dir;
                    access_log off; log_not_found off;      expires max;
            }
    
            location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
                    access_log off; log_not_found off; expires max;
            }
    
            location = /favicon.php { access_log off; log_not_found off; }
            location = /robots.txt { access_log off; log_not_found off; }
            location ~ /\. { deny  all; access_log off; log_not_found off; }
            location ^~ /wp-content/w3tc- { deny  all; access_log off; log_not_found off; }#THIS IS THE PROBLEM LINE
    
    	location ~ /\.ht {
    		deny all;
    	}
    }
  2. rahul286
    Member
    Posted 1 year ago #

    Looks like you are using Nginx-helper plugin's map feature and part of my config published here - http://rtcamp.com/tutorials/nginx-wordpress-multisite-subdomains-domain-mapping-w3-total-cache/

    I will recommend trying with config present in above article only first.
    Once it works you can start adding additional rules...

    Also, you can try replacing following line:

    location ^~ /wp-content/w3tc- { deny  all; access_log off; log_not_found off; }#THIS IS THE PROBLEM LINE

    With line:

    location ~ /wp-content/w3tc- { deny  all; access_log off; log_not_found off; }

    OR

    location ^~ /wp-content/w3tc- { internal; access_log off; log_not_found off; }

    It may fix your problem.

  3. s.fox
    Member
    Posted 1 year ago #

    Sorry it took so long to reply. Removing the carrot "^" in your first example to become location ~ /wp-content/w3tc- did work. But to be honest, I don't understand what it signifies. Could you enlighten me?

    I'm also going to try using your published config as you recommended tomorrow. I'll update this thread again with the results.

  4. rahul286
    Member
    Posted 1 year ago #

    carrot "^" changes order in which nginx location blocks processed

    Because of carrot prefix location ^~ /wp-content/w3tc- block was getting executed directly for any request that starts with "/wp-content/w3tc"

    You can find more details and better explanation here: http://wiki.nginx.org/HttpCoreModule#location :-)

Topic Closed

This topic has been closed to new replies.

About this Topic