Join the community today
Register Now

Wordpress Autoptimize and default wpsecure include (403)

Discussion in 'Blogs & CMS usage' started by GamerJota, Jul 8, 2019.

  1. GamerJota

    GamerJota Member

    56
    7
    8
    Mar 1, 2016
    Chile
    Ratings:
    +18
    Local Time:
    3:50 PM
    Today I did a fresh Centminmod install, a new Wordpress site install and installed Autoptimize.

    It didn't work at first ending in 403 forbidden errors because Autoptimize uses .php files in "/wp-content/cache/autoptimize/" and I noticed there is not a whitelist exception by default at the "wpsecure" include created by centminmod.

    I had to add in "/usr/local/nginx/conf/wpincludes/example.com/wpsecure_example.com.conf" the following:

    Code:
    # Whitelist Exception for Autoptimize
    location ~ ^/wp-content/cache/autoptimize/ {
      include /usr/local/nginx/conf/php.conf;
      include /usr/local/nginx/conf/staticfiles.conf;
    }
    
    @eva2000 I suggest to add this by default to the whitelist exceptions.
     
  2. eva2000

    eva2000 Administrator Staff Member

    41,998
    9,471
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,575
    Local Time:
    4:50 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    This must be something new added by Autoptimise for .php files in there so that's for the heads up ? what was the specific php filenames ? just to confirm as i did a quick check on my installs and there is no php files in that directory so far

    you can check with command below for php files in that directory - changing yourdomain.com to your domain name
    Code (Text):
    find /home/nginx/domains/yourdomain.com/public/wp-content/cache/autoptimize -type f -name "*.php"
     
  3. GamerJota

    GamerJota Member

    56
    7
    8
    Mar 1, 2016
    Chile
    Ratings:
    +18
    Local Time:
    3:50 PM
    Code:
    /home/nginx/domains/example.com/public/wp-content/cache/autoptimize/autoptimize_single_ad10cd46a043368685a36a611490d08e.php
    /home/nginx/domains/example.com/public/wp-content/cache/autoptimize/autoptimize_single_fdd67d0316e33e8f57f8e3cbeaf5b490.php
    /home/nginx/domains/example.com/public/wp-content/cache/autoptimize/autoptimize_single_76591f91de8e1ba757c75f2ed652aa08.php
    /home/nginx/domains/example.com/public/wp-content/cache/autoptimize/autoptimize_single_abc35a4bde8dec6c6d73f14209355f11.php
    /home/nginx/domains/example.com/public/wp-content/cache/autoptimize/autoptimize_single_f77808009f1eae29a6a8c846052f73c2.php
    /home/nginx/domains/example.com/public/wp-content/cache/autoptimize/autoptimize_single_770afd24832e2d0e94a7b9c931f53a74.php
    /home/nginx/domains/example.com/public/wp-content/cache/autoptimize/autoptimize_single_fe41a3f2e56f9b6b35fe998980929b3b.php
    /home/nginx/domains/example.com/public/wp-content/cache/autoptimize/autoptimize_single_b544a41566826593bf1145e0c4c90d1e.php
    /home/nginx/domains/example.com/public/wp-content/cache/autoptimize/autoptimize_single_c0753a18f5f80d711e27e808db6ea442.php
    /home/nginx/domains/example.com/public/wp-content/cache/autoptimize/autoptimize_d41d8cd98f00b204e9800998ecf8427e.php
    /home/nginx/domains/example.com/public/wp-content/cache/autoptimize/autoptimize_single_16ae5d6ed880d1c6aa79cd4c7b6d7768.php
    /home/nginx/domains/example.com/public/wp-content/cache/autoptimize/autoptimize_single_a1ff06e5154f12492f76eed70f673334.php
    /home/nginx/domains/example.com/public/wp-content/cache/autoptimize/autoptimize_single_622aff7c3e7445f19bbbeb6374341688.php
    /home/nginx/domains/example.com/public/wp-content/cache/autoptimize/autoptimize_single_68825fd7eb65be21b1b63e5599cd6bfa.php
    /home/nginx/domains/example.com/public/wp-content/cache/autoptimize/autoptimize_single_2ef91305dc6b3a23de6a67f6bb775e86.php
    /home/nginx/domains/example.com/public/wp-content/cache/autoptimize/autoptimize_single_5bf2b216241ab5f72a7c65380b6737a4.php
    /home/nginx/domains/example.com/public/wp-content/cache/autoptimize/autoptimize_single_d494c1f56a2d929fa48a6e70b3de5e86.php
    /home/nginx/domains/example.com/public/wp-content/cache/autoptimize/autoptimize_single_9e3cabececb991c5a2bb5730f2efa452.php
    /home/nginx/domains/example.com/public/wp-content/cache/autoptimize/autoptimize_single_2a7b30a980d688ca833f68bcfe2ddfa9.php
    /home/nginx/domains/example.com/public/wp-content/cache/autoptimize/autoptimize_single_731f03c31740ee19500ea4fe74ead6b0.php
    /home/nginx/domains/example.com/public/wp-content/cache/autoptimize/autoptimize_single_0159ae675cfa1104544e2a579e024b7b.php
    Not whitelisting in wpsecure will result in getting 403 forbidden errors for those files when trying to visit the website and no javascript or styles will be rendered.
     
  4. eva2000

    eva2000 Administrator Staff Member

    41,998
    9,471
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,575
    Local Time:
    4:50 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    those are saved when saved autoptimize settings seem to mess up for some reason, just going into autoptimize settings and on settings page hit save and clear cache to clear it out as only thing should be saved there is .css and .js files
     
  5. GamerJota

    GamerJota Member

    56
    7
    8
    Mar 1, 2016
    Chile
    Ratings:
    +18
    Local Time:
    3:50 PM
    I actually tried that multiple times for but for some odd reason those files are still requested by the browser even after clearing caches in the site (KeyCDN Cache Enabler) and Cloudflare, even tried in incognito mode and other browsers.

    upload_2019-7-7_16-49-21.png
     
  6. eva2000

    eva2000 Administrator Staff Member

    41,998
    9,471
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,575
    Local Time:
    4:50 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    tried restarting nginx + php-fpm afterwards ?
    Code (Text):
    nprestart
     
  7. GamerJota

    GamerJota Member

    56
    7
    8
    Mar 1, 2016
    Chile
    Ratings:
    +18
    Local Time:
    3:50 PM
    Yeah, of course, I tried it and it's still the same.
     
  8. eva2000

    eva2000 Administrator Staff Member

    41,998
    9,471
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,575
    Local Time:
    4:50 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    what about

    1. clear keycdn cache
    2. clear autoptimize cache/save config settings
    3. disable autoptimize plugin and re-enable
     
  9. shevan

    shevan New Member

    13
    2
    3
    Nov 7, 2018
    Ratings:
    +4
    Local Time:
    8:50 PM
    Nginx 15.5
    MariaDB 10
    Check out the Autoptimize FAQ
    How can I force the aggregated files to be static CSS or JS instead of PHP?
     
    • Informative Informative x 1
  10. eva2000

    eva2000 Administrator Staff Member

    41,998
    9,471
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +14,575
    Local Time:
    4:50 AM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    yes that is meant to be checked = default