使用 wordpress 的清漆配置上的 cookie 问题
cookie issue on varnish config with wordpress
我正在一个带有清漆配置的 wordpress 网站上工作 setup.for 安全问题我使用 ithemes 安全插件并激活隐藏 wp-login 并添加了自定义登录 url.my 自定义 url是 我的网站。com/secret-login
所以当我使用这个 url 登录到 wp-admin
ERROR: Cookies are blocked or not supported by your browser. You must
enable cookies to use WordPress.
正在获取。
所以我联系了插件所有者,他是这样说的
The issue is likely caused by your Varnish config. The config is
likely set to allow and recognize cookies when the URL matches
wp-login or wp-admin while dropping cookies elsewhere.
所以我将不得不编辑我的清漆 config.But 我不知道应该如何配置它以匹配上面的内容。
这是我的dafault.vcl清漆
vcl 4.0;
backend default {
.host = "127.0.0.1";
.port = "8080";
.connect_timeout = 600s;
.first_byte_timeout = 600s;
.between_bytes_timeout = 600s;
}
backend master {
.host = "127.0.0.1";
.port = "8080";
}
acl purge {
"localhost";
}
sub vcl_recv {
if (req.method == "PURGE") {
if (!client.ip ~ purge) {
return(synth(405, "Not allowed."));
}
return(hash);
}
if (req.restarts == 0) {
if (req.http.x-forwarded-for) {
set req.http.X-Forwarded-For =
req.http.X-Forwarded-For + ", " + client.ip;
} else {
set req.http.X-Forwarded-For = client.ip;
}
}
### do not cache these files:
##never cache the admin pages, or the server-status page
if (req.url ~ "wp-(admin|login)" || req.http.Content-Type ~ "multipart/form-data")
{
set req.backend_hint = master;
return(pass);
}
## always cache these images & static assets
if (req.method == "GET" && req.url ~ "\.(css|js|gif|jpg|jpeg|bmp|png|ico|img|tga|wmf)$") {
unset req.http.cookie;
return(hash);
}
if (req.method == "GET" && req.url ~ "(xmlrpc.php|wlmanifest.xml)") {
unset req.http.cookie;
return(hash);
}
#never cache POST requests
if (req.method == "POST")
{
return(pass);
}
#DO cache this ajax request
if(req.http.X-Requested-With == "XMLHttpRequest" && req.url ~ "recent_reviews")
{
return (hash);
}
#dont cache ajax requests
if(req.http.X-Requested-With == "XMLHttpRequest" || req.url ~ "nocache" || req.url ~ "(control.php|wp-comments-post.php|wp-login.php|bb-login.php|bb-reset-password.php|register.php)")
{
return (pass);
}
if (req.http.Cookie && req.http.Cookie ~ "wordpress_") {
set req.http.Cookie = regsuball(req.http.Cookie, "wordpress_test_cookie=", "; wpjunk=");
}
### don't cache authenticated sessions
if (req.http.Cookie && req.http.Cookie ~ "(wordpress_|PHPSESSID)") {
return(pass);
}
### parse accept encoding rulesets to make it look nice
if (req.http.Accept-Encoding) {
if (req.http.Accept-Encoding ~ "gzip") {
set req.http.Accept-Encoding = "gzip";
} elsif (req.http.Accept-Encoding ~ "deflate") {
set req.http.Accept-Encoding = "deflate";
} else {
# unkown algorithm
unset req.http.Accept-Encoding;
}
}
if (req.http.Cookie)
{
set req.http.Cookie = ";" + req.http.Cookie;
set req.http.Cookie = regsuball(req.http.Cookie, "; +", ";");
set req.http.Cookie = regsuball(req.http.Cookie, ";(vendor_region|PHPSESSID|themetype2)=", "; =");
set req.http.Cookie = regsuball(req.http.Cookie, ";[^ ][^;]*", "");
set req.http.Cookie = regsuball(req.http.Cookie, "^[; ]+|[; ]+$", "");
if (req.http.Cookie == "") {
unset req.http.Cookie;
}
}
if (req.url ~ "^/$") {
unset req.http.cookie;
}
return(hash);
}
sub vcl_miss {
if (req.method == "PURGE") {
return (synth(404, "Not in cache."));
}
if (!(req.url ~ "wp-(login|admin)")) {
unset req.http.cookie;
}
if (req.url ~ "^/[^?]+.(jpeg|jpg|png|gif|ico|js|css|txt|gz|zip|lzma|bz2|tgz|tbz|html|htm)(\?.|)$") {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.$", "");
}
if (req.url ~ "^/$") {
unset req.http.cookie;
}
}
sub vcl_backend_response {
if (bereq.url ~ "^/$") {
unset beresp.http.set-cookie;
}
if (!(bereq.url ~ "wp-(login|admin)")) {
unset beresp.http.set-cookie;
}
if (bereq.method == "PURGE") {
set beresp.ttl = 0s;
}
}
sub vcl_deliver {
if (obj.hits > 0) {
set resp.http.X-Cache = "HIT";
} else {
set resp.http.X-Cache = "MISS";
}
}
请建议我配置它并工作。
if ( !( req.url ~ ^/secret-login/) ) {
unset req.http.Cookie;
}
上面的代码行得通吗?但我不知道我应该在哪里添加 this.Please help
添加如下并且有效
里面
sub vcl_miss {
if (!(req.url ~ "wp-(login|admin)" || req.url ~ "(secret-login)")) {
unset req.http.cookie;
}
}
和
sub vcl_backend_response {
if (!(bereq.url ~ "wp-(login|admin)" || bereq.url ~ "(secret-login)")) {
unset beresp.http.set-cookie;
}
}
成功了!!
我正在一个带有清漆配置的 wordpress 网站上工作 setup.for 安全问题我使用 ithemes 安全插件并激活隐藏 wp-login 并添加了自定义登录 url.my 自定义 url是 我的网站。com/secret-login 所以当我使用这个 url 登录到 wp-admin
ERROR: Cookies are blocked or not supported by your browser. You must enable cookies to use WordPress.
正在获取。 所以我联系了插件所有者,他是这样说的
The issue is likely caused by your Varnish config. The config is likely set to allow and recognize cookies when the URL matches wp-login or wp-admin while dropping cookies elsewhere.
所以我将不得不编辑我的清漆 config.But 我不知道应该如何配置它以匹配上面的内容。 这是我的dafault.vcl清漆
vcl 4.0;
backend default {
.host = "127.0.0.1";
.port = "8080";
.connect_timeout = 600s;
.first_byte_timeout = 600s;
.between_bytes_timeout = 600s;
}
backend master {
.host = "127.0.0.1";
.port = "8080";
}
acl purge {
"localhost";
}
sub vcl_recv {
if (req.method == "PURGE") {
if (!client.ip ~ purge) {
return(synth(405, "Not allowed."));
}
return(hash);
}
if (req.restarts == 0) {
if (req.http.x-forwarded-for) {
set req.http.X-Forwarded-For =
req.http.X-Forwarded-For + ", " + client.ip;
} else {
set req.http.X-Forwarded-For = client.ip;
}
}
### do not cache these files:
##never cache the admin pages, or the server-status page
if (req.url ~ "wp-(admin|login)" || req.http.Content-Type ~ "multipart/form-data")
{
set req.backend_hint = master;
return(pass);
}
## always cache these images & static assets
if (req.method == "GET" && req.url ~ "\.(css|js|gif|jpg|jpeg|bmp|png|ico|img|tga|wmf)$") {
unset req.http.cookie;
return(hash);
}
if (req.method == "GET" && req.url ~ "(xmlrpc.php|wlmanifest.xml)") {
unset req.http.cookie;
return(hash);
}
#never cache POST requests
if (req.method == "POST")
{
return(pass);
}
#DO cache this ajax request
if(req.http.X-Requested-With == "XMLHttpRequest" && req.url ~ "recent_reviews")
{
return (hash);
}
#dont cache ajax requests
if(req.http.X-Requested-With == "XMLHttpRequest" || req.url ~ "nocache" || req.url ~ "(control.php|wp-comments-post.php|wp-login.php|bb-login.php|bb-reset-password.php|register.php)")
{
return (pass);
}
if (req.http.Cookie && req.http.Cookie ~ "wordpress_") {
set req.http.Cookie = regsuball(req.http.Cookie, "wordpress_test_cookie=", "; wpjunk=");
}
### don't cache authenticated sessions
if (req.http.Cookie && req.http.Cookie ~ "(wordpress_|PHPSESSID)") {
return(pass);
}
### parse accept encoding rulesets to make it look nice
if (req.http.Accept-Encoding) {
if (req.http.Accept-Encoding ~ "gzip") {
set req.http.Accept-Encoding = "gzip";
} elsif (req.http.Accept-Encoding ~ "deflate") {
set req.http.Accept-Encoding = "deflate";
} else {
# unkown algorithm
unset req.http.Accept-Encoding;
}
}
if (req.http.Cookie)
{
set req.http.Cookie = ";" + req.http.Cookie;
set req.http.Cookie = regsuball(req.http.Cookie, "; +", ";");
set req.http.Cookie = regsuball(req.http.Cookie, ";(vendor_region|PHPSESSID|themetype2)=", "; =");
set req.http.Cookie = regsuball(req.http.Cookie, ";[^ ][^;]*", "");
set req.http.Cookie = regsuball(req.http.Cookie, "^[; ]+|[; ]+$", "");
if (req.http.Cookie == "") {
unset req.http.Cookie;
}
}
if (req.url ~ "^/$") {
unset req.http.cookie;
}
return(hash);
}
sub vcl_miss {
if (req.method == "PURGE") {
return (synth(404, "Not in cache."));
}
if (!(req.url ~ "wp-(login|admin)")) {
unset req.http.cookie;
}
if (req.url ~ "^/[^?]+.(jpeg|jpg|png|gif|ico|js|css|txt|gz|zip|lzma|bz2|tgz|tbz|html|htm)(\?.|)$") {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.$", "");
}
if (req.url ~ "^/$") {
unset req.http.cookie;
}
}
sub vcl_backend_response {
if (bereq.url ~ "^/$") {
unset beresp.http.set-cookie;
}
if (!(bereq.url ~ "wp-(login|admin)")) {
unset beresp.http.set-cookie;
}
if (bereq.method == "PURGE") {
set beresp.ttl = 0s;
}
}
sub vcl_deliver {
if (obj.hits > 0) {
set resp.http.X-Cache = "HIT";
} else {
set resp.http.X-Cache = "MISS";
}
}
请建议我配置它并工作。
if ( !( req.url ~ ^/secret-login/) ) {
unset req.http.Cookie;
}
上面的代码行得通吗?但我不知道我应该在哪里添加 this.Please help
添加如下并且有效
里面
sub vcl_miss {
if (!(req.url ~ "wp-(login|admin)" || req.url ~ "(secret-login)")) {
unset req.http.cookie;
}
}
和
sub vcl_backend_response {
if (!(bereq.url ~ "wp-(login|admin)" || bereq.url ~ "(secret-login)")) {
unset beresp.http.set-cookie;
}
}
成功了!!