WordPress.org

Support

Support » Plugins and Hacks » Nginx rules translation for Cookies For Comments

Nginx rules translation for Cookies For Comments

  • I recently added the Apache .htaccess rules for Cookies For Comments to one of my websites, and it has resulted in a majorly impressive reduction in spam.

    A couple of my other sites run on Nginx, and I’d love to translate the .htaccess rules so that spam can be blocked at the entry level. Unfortunately, I’m virtually illiterate in the ways of making Nginx rules. Here’s what I’ve hacked together (where the string of XXXXXs are my CFC code in WordPress).

    location ~* wp-comments-post.php {
                    if ($http_cookie !~* "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX") {
                            return 403;
                            break;
                    }
            }

    Of course, it’s far too strict – it seems to generate a 403 error when I try to post comments from Curl, but when I try to post comments as a regular user, using Firefox, it returns a 405 error. Stumped!

    Here’s hoping somebody can help with this!

    http://wordpress.org/extend/plugins/cookies-for-comments/

Viewing 6 replies - 1 through 6 (of 6 total)
  • Rather than using…

    location ~* wp-comments-post.php {
                    if ($http_cookie !~* "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX") {
                            return 403;
                            break;
                    }
            }

    Just use…

    if ($http_cookie !~* "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX") {
                            return 403;
                    }

    Try to avoid using if and location directives together. Sometimes they lead to unexpected results.

    Thanks for that! Would you suggest putting that directive up above the location blocks in my Nginx rules then, @rahul286?

    Order of directives doesn’t matter mostly.

    AS far as I see you want to check 2 conditions. This can get tricky in nginx world!

    I generally follow this path…

    I will add a line like below

    set $rb_cookie "${request_method}${request_uri}${cookie_COOKIENAME}" ;

    This will set a variable with name “rb_cookie” with value “POST/wp-comments-post.phpXXXXXXXXXXXXXXXXXX”

    Assuming /wp-comments-post.php is present in root i.e. wordpress is not in subfolder otherwise value may slightly change

    Next, I will add a line like:

    if ( $rb_cookie ~ "POST/wp-comments-post.phpXXXXXXXXXXXXXXXXXX" ){
     	 	 	#do something
        }

    Above style saves me from evilness of if. Ref: http://wiki.nginx.org/IfIsEvil

    Rahul: The earlier code sample runs a bit out of control since it’s not directed at a specific resource it simply blocks all access to the site with a 403 Forbidden error.

    if ($http_cookie !~* "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX") {
                            return 403;
                    }

    Would it help to look at the Apache rules to see how the same effect is achieved? This is what they tell you to use in your .htaccess file.

    RewriteCond %{HTTP_COOKIE} !^.*xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.*$
    RewriteRule ^wp-comments-post.php - [F,L]

    Using if-set is better way. if and location mix many time leads to strange behaviour.

    Try…

    set $rb_cookie "clean";
    
    if ($http_cookie !~* "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX") {
                            set $rb_cookie "spam";
                    }
    
    set $rb_kick  "${request_uri}${rb_cookie}";
    
    if ($rb_kick = "/wp-comments-post.phpspam") {
                            return 403;
                    }

    Above is slightly longer way!

    Your original way should work also.

    Try….

    location ~* wp-comments-post.php {
                    if ($http_cookie !~* "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX") {
                            return 403;
                            break;
                    }
    
             ##copy some lines from location ~ .php$ {} block
    		include fastcgi_params;
                    fastcgi_pass unix:/var/run/php5-fpm.sock;
            }

    So what is the final solution?

    Is there a problem blocking access site wide if the cookie isn’t present or should you really limit it to the wp-signup.php wp-login.php and wp-comments-post.php parts?

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Nginx rules translation for Cookies For Comments’ is closed to new replies.