FastCGI always MISS when Wordfence is enabled.

May 18, 2017 3.5k views
WordPress Caching Nginx Ubuntu 16.04
C4f1151075b447779af31e99d6cf70e2c6eb47ac
By:
newbie

Hello,
yesterday i installed wordfence and then eanbled Nginx FastCGI. but FastCGI isnt working. all pages are maked as MISS.

then i disabled wordfence and everything is fine again. i contacted with wordfence auther but till now no answer.

is there anyone using Nginx FastCGI and wordfence together??

my FastCGI setup is pretty basic.

fastcgi_cache_path /var/run/nginx-cache levels=1:2 keys_zone=WORDPRESS:100m inactive=60m;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
fastcgi_cache_use_stale error timeout invalid_header http_500;

#fastcgi_cache start
set $no_cache 0;

# POST requests and urls with a query string should always go to PHP
if ($request_method = POST) {
        set $no_cache 1;
}   
if ($query_string != "") {
        set $no_cache 1;
}   

# Don't cache uris containing the following segments
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
        set $no_cache 1;
}   

# Don't use the cache for logged in users or recent commenters
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
        set $no_cache 1;
} 


 location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
                fastcgi_cache WORDPRESS;
                fastcgi_cache_valid 200 60m;
                fastcgi_cache_bypass $no_cache;
                fastcgi_no_cache $no_cache;
}
2 comments
  • newbie May 18, 2017

    @jtittle & @hansen
    also im always getting this in my nginx error.log when browsing my sub-domain which is installed in multisite level.

    2017/05/18 18:49:04 [error] 8293#8293: *1 FastCGI sent in stderr: "PHP message: Aq_Resize.process() error: $url parameter is required
PHP message: Aq_Resize.process() error: $url parameter is required" while reading upstream, client: 103.205.453.223, server: mysite.com, request: "GET /tutorials/ HTTP/2.0", upstream: "fastcgi://unix:/var/run/php/php7.0-fpm.sock:", host: "community.mysite.com", referrer: "https://community.mysite.com/forum/"
2017/05/18 18:49:04 [error] 8293#8293: *1 FastCGI sent in stderr: "PHP message: Aq_Resize.process() error: $url parameter is required
PHP message: Aq_Resize.process() error: $url parameter is required
PHP message: Aq_Resize.process() error: $url parameter is required
PHP message: Aq_Resize.process() error: $url parameter is required" while reading upstream, client: 103.205.453.223, server: mysite.com, request: "GET /tutorials/ HTTP/2.0", upstream: "fastcgi://unix:/var/run/php/php7.0-fpm.sock:", host: "community.mysite.com", referrer: "https://community.mysite.com/forum/"

    do u have any idea what is this error massage about??

    thanks in advance.

    edited by jleibowitz
  • newbie May 18, 2017

    Update to my first post regarding FastCGI & Wordfence

    i was testing since this afternoon to find out the cause. what i realized, pages thats been cached before enabling wordfence is HIT but pages which are not cached by FastCGI before enabling wordfence is MISS always.

    it seems, after enabling wordfence, nginx cant create any new file inside /var/run/nginx-cache folder which it can serve later on.

    whats the reason for this behavior can be?

Log In to Comment
1 Answer
jtittle1 May 18, 2017

@newbie

FastCGI Caching does full-page caching, which means changes to output won't take until the cache is flushed for the requested URI, or entirely (in some cases). Unfortunately, the plugin that used to work with NGINX to aid in flushing the cache has not been updated in a while which makes this a manual process.

Some plugins may work with FastCGI Cache, others may not -- there's really no guarantee as to what will and won't work unfortunately.

I've never ran in to issues with FastCGI (without caching) and WordFence -- though I rarely use FastCGI Caching unless there's a viable solution readily available for flushing the cache and it's tested across the platform to ensure that it works entirely. As of right now, it's a manual process, or a custom solution needs to be implemented to perform the flushing.

Enabling FastCGI caching, as you're experiencing, can have some odd and unintended results from time to time, which is why you really need to test it 100% in development before using it in production.

Reply
  • newbie May 19, 2017

    @jtittle
    thanks bro for the reply.

    i understand what u said. but its not about flushing the cache upon page update. when wordfence is enabled, it prevent nginx to create any new file into /var/run/nginx-cache folder. i empty the folder and saw when wordfence enabled, no directory is being created. though my pages are pre-made. but on the other hand, nginx serves cache files which are generated before. meaning when wordfence was not enabled.

    i dont know by flushing u mean purging or not. im using fastcgi for my main site which ill be rarely updated so i can do manual purging if required.

    another thing,
    on this thread you provided a sample config
    https://www.digitalocean.com/community/questions/question-regarding-ssl-setting?answer=35761

    i want to make sure of the following things,

        proxy_buffers 16 32k;
    proxy_buffer_size 64k;
    proxy_http_version 1.1;
    proxy_set_header Proxy '';
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Original-Request $request_uri;

    as im using wordpress, above lines will be inside httpof /etc/nginx/nginx.conf or in my server blocks location ~ \.php$ {

    • jtittle1 May 19, 2017

      @newbie

      The configuration that I provided in that comment is an example of how you can configure NGINX and keep your server blocks clean. It shows that most of what you would normally place in your server block can be placed in the http block to prevent redundancies.

      The proxy_* directives have no bearing on fastcgi_* directives, they exist for if/when you proxy a connection. You could actually remove them all if you won't be using NGINX as a proxy, though it's safe to keep them there.

      ...

      As for Wordfence, it works on the front end as well as the back end, so caching most likely does play a role, whether it seems like it would or not.

      To quote a post from Wordfence:

      The Wordfence firewall code executes before anything else, including WordPress

      This is under "How the Wordfence Firewall Works", under the infographic.

      https://www.wordfence.com/blog/2017/01/how-wordpress-firewall-works/

      So if that's the case and you have high level of caching that takes page output and puts it in binary format, and only serves that compressed binary format instead of running the normal queries that WordPress would run on page load, it may very well affect how Wordfence runs.

      FastCGI caching isn't like normal object caching. It doesn't just cache bit code like you'd see when using OPCache, APC, etc.

      When FastCGI caching caches a page, it caches it 100%. That means when a cached page is hit, the queries that would normally run when a WordPress page is hit are not executed and won't be as long as that page is cached.

      This can have an effect on how plugins work. Some may work with FastCGI caching, many will not in terms of working as they normally would with just object caching, or similar.

      Where object caching will cache frequently used objects, FastCGI caching runs at a much lower level before PHP even comes in to play. The only time FastCGI cache serves a dynamic page is when it's not already in cache.

      Since NGINX handles the request before it's handed off to PHP, it runs before Wordfence runs, thus it runs before WordPress runs, which means that binary file that's cached takes precedence and will always be served before anything else has a chance to run.

      • newbie May 19, 2017

        i really appreciate for that detail & in-depth explanation.

        than you very much.

Have another answer? Share your knowledge.

Related Questions