Hi,
Wordfence should work fine with Naxsi. Moving on to your question about Falcon cache:
Looks like we might have a bug. We do provide config rules for Falcon to let you run it using Nginx and a PHP app server rather than Apache. However we write the blocked IP’s to .htaccess which Nginx ignores. This seems to be a rather serious bug. So we need to either remove Nginx support for Falcon. Or we need to update an nginx config file with the blocked IP’s.
Honestly I’m tempted to yank Falcon support for Nginx because I’m not sure how many folks are using that config. Most are on hosting providers with apache and .htaccess files.
For now I would recommend disabling Falcon with your configuration, but leaving Wordfence in place and it should work fine with the Naxsi WAF you have in Nginx.
I’m filing a high priority bug to investigate this.
Regards,
Mark.
OK scratch that. As I was entering the bug I realized this isn’t a bug. So sure, Nginx doesn’t read .htaccess. But when you use Nginx with falcon and add the falcon rewrite rules to your nginx.conf, we do still block bad IP’s. We block it in the PHP application the way Wordfence normally does.
So to be clear: When using Apache with falcon, we write IP blocking rules to your .htaccess and blocking happens that way.
When using Nginx with Falcon, you set up your falcon rewrite rules in your nginx.conf and blocking happens at the application level which is not quite as performant, but it works great and you still get the benefit of fast caching and Wordfence security.
Hope that makes sense. It’s midnight here, hence the fuzzy brain. Sorry about that.
Again, I anticipate that Wordfence will work fine with Naxsi. So I think you’re all set.
Regards,
Mark.
cool… So what if you are not using falcon cache?
How dose it block IP’s if no data has been entered for you at the config level so the application level can use that to block?
Why would you remove falcon??? Seems like apache would not take true advantage of falcon while nginx would… simply put apache has to read the .htaccess file for every user/session times that by how many users are on your site and you have that many additional reads.. Nginx is configured from the ground so its always has half if not more than the reads required for apache…
This was my reason for choosing nginx… I hope more WP people do… I mean its running what we are writing on right now 🙂
Just to pipe in that I would definitely see continuing Nginx support on Falcon & Wordfence. In fact, Nginx + Falcon makes a lot of sense: Nginx is superfast at serving static files (compared to Apache) and it’s only logical to use Falcon to pre-generate those static files and serve them completely outside the PHP + MySQL + WordPress environment, something that is also possible under complex Apache configurations but way harder to setup.
Even people using Nginx as a proxy front-end to Apache would benefit from having properly Falcon-generated static files and let them be served right from the front-end (and let Apache + PHP + WordPress handle the rest).
I still have some issues with getting those Nginx rules being used 🙂 but that’s another story.
So, yes, please keep Nginx support in. It has already beaten Microsoft’s IIS in terms of active sites, as reported by Netcraft: http://news.netcraft.com/archives/2014/09/24/september-2014-web-server-survey.html Of course Apache still owns the lion’s share of the web server software market, and this is unlikely to change soon.
