NinjaFirewall causes Nginx FastCGI to not work

Resolved

(@k3nsai)

Hi,
I am using Nginx on my site, with FastCGI caching enabled. When installing Ninjafirewall, the caching stops.
It happens on WAF mode Only. Firewall works fine, but the nginx cache does not work anymore.
Here are the nginx lines that enable caching on my server:

fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=MYAPP:100m inactive=60m;
fastcgi_cache_key "$scheme$request_method$host$request_uri";

server {
...
...
        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
                fastcgi_cache MYAPP;
                fastcgi_cache_valid 200 60m;
        }

When firewall is disabled, the /etc/nginx/cache directory has cached files from nginx. When firewall is enabled, the directory is empty.

Here is the output of the troubleshooter with WAF off, WP mode on:

NinjaFirewall (WP edition) troubleshooter
HTTP server 	: 	nginx/1.18.0
PHP version 	: 	7.4.10
PHP SAPI 	: 	FPM-FCGI
 	 	 
auto_prepend_file 	: 	none
wp-config.php 	: 	found in /var/www/domain.com/wp-config.php
NinjaFirewall detection 	: 	NinjaFirewall WP Edition is loaded (WordPress WAF mode)
 	 	 
Loaded INI file 	: 	/etc/php/7.4/fpm/php.ini
user_ini.filename 	: 	.user.ini
user_ini.cache_ttl 	: 	300 seconds
User PHP INI 	: 	none found
 	 	 
DOCUMENT_ROOT 	: 	/var/www/domain.com
ABSPATH 	: 	/var/www/domain.com/
WordPress version 	: 	5.5.1
WP_CONTENT_DIR 	: 	/var/www/domain.com/wp-content
Plugins directory 	: 	/var/www/domain.com/wp-content/plugins
User Role 	: 	Administrator
User Capabilities 	: 	manage_options: OK - unfiltered_html: OK
Log dir permissions 	: 	/var/www/domain.com/wp-content/nfwlog dir is writable
Cache dir permissions 	: 	/var/www/domain.com/wp-content/nfwlog/cache dir is writable

And here is the output when WAF mode is on (cache not working)

NinjaFirewall (WP edition) troubleshooter
HTTP server 	: 	nginx/1.18.0
PHP version 	: 	7.4.10
PHP SAPI 	: 	FPM-FCGI
 	 	 
auto_prepend_file 	: 	/var/www/domain.com/wp-content/nfwlog/ninjafirewall.php
Loader's path to firewall 	: 	/var/www/domain.com/wp-content/plugins/ninjafirewall/lib/firewall.php
wp-config.php 	: 	found in /var/www/domain.com/wp-config.php
NinjaFirewall detection 	: 	NinjaFirewall WP Edition is loaded (Full WAF mode)
 	 	 
Loaded INI file 	: 	/etc/php/7.4/fpm/php.ini
user_ini.filename 	: 	.user.ini
user_ini.cache_ttl 	: 	300 seconds
User PHP INI 	: 	.user.ini found -
 	 	 
DOCUMENT_ROOT 	: 	/var/www/domain.com
ABSPATH 	: 	/var/www/domain.com/
WordPress version 	: 	5.5.1
WP_CONTENT_DIR 	: 	/var/www/domain.com/wp-content
Plugins directory 	: 	/var/www/domain.com/wp-content/plugins
User Role 	: 	Administrator
User Capabilities 	: 	manage_options: OK - unfiltered_html: OK
Log dir permissions 	: 	/var/www/domain.com/wp-content/nfwlog dir is writable
Cache dir permissions 	: 	/var/www/domain.com/wp-content/nfwlog/cache dir is writable

Please advise.

This topic was modified 3 years, 7 months ago by k3nsai.
This topic was modified 3 years, 7 months ago by k3nsai.

Viewing 3 replies - 1 through 3 (of 3 total)

Plugin Author

nintechnet

(@nintechnet)

3 years, 7 months ago

You don’t have a fastcgi_cache_bypass directive?
I use this configuration, which works with NF.

/etc/nginx/nginx.conf:

fastcgi_cache_path /dev/shm/nginx-cache levels=1:2 keys_zone=MYAPP:100m inactive=60m;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
fastcgi_cache_use_stale error timeout invalid_header http_500;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie Vary;

vhost:

server {
   ...
   ...
   # Don't cache POST requests
   if ( $request_method = POST ) {
      set $skip_cache 1;
   }
   # Don't query string
   if ( $query_string != '' ) {
      set $skip_cache 1;
   }
   # Don't cache WordPress specific URI
   if ( $request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
      set $skip_cache 1;
   }
   # Don't cache logged in users or recent commenters
   if ( $http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in" ) {
      set $skip_cache 1;
   }

   location ~ \.php$ {
      ...
      ...
      fastcgi_cache_bypass $skip_cache;
      fastcgi_no_cache $skip_cache;
      fastcgi_cache MYAPP;
      fastcgi_cache_valid 60m;
      add_header X-My-Cache $upstream_cache_status;
   }
}

Check if there’s no error:
nginx -t.
Reload nginx:
service nginx reload

Then check if your server returns the X-My-Cache header.

This reply was modified 3 years, 7 months ago by nintechnet.

Thread Starter

k3nsai

(@k3nsai)

3 years, 7 months ago

Thank you for your feedback, I have modified my config to mirror yours and it seems the cache is bypassed in Firefox, but works fine on Chrome:

..
x-my-cache: BYPASS
..

is the result I am getting in Firefox. When I use Chrome, there is no x-my-cache present, but the cache is populated!

After checking a bit more, I think there must be a problem with the following plugin that I am using to password protect my website:
https://wordpress.org/plugins/password-protected/.

In the plugin section it mentions:

Caching
Password Protected does not always work well with sites that use caching.
If your site uses a caching plugin or your web hosting uses server-side caching, you may need to configure your caching setup to disable caching for the Password Protected cookie:
Cookie Name: bid_1_password_protected_auth

Any ideas?

Plugin Author

nintechnet

(@nintechnet)

3 years, 7 months ago

You need to check with the plugin’s author so that they can give you the instructions you need.
Regarding NinjaFirewall, it works out of the box, there’s no other modifications to do. We use it on our blog with FastCGI caching.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘NinjaFirewall causes Nginx FastCGI to not work’ is closed to new replies.