Learn about Centmin Mod LEMP Stack today
Register Now

Wordpress CDN and Cookie Domain problem with 403 Error in some ...

Discussion in 'Blogs & CMS usage' started by R0rke, Nov 10, 2017.

  1. R0rke

    R0rke Member

    92
    16
    8
    Jun 2, 2016
    Iran
    Ratings:
    +24
    Local Time:
    1:09 AM
    1.11.1
    10.1
    hey guys , got some problem with CDN and Cookie Domain with 403 Error in some files and directories .
    it's a directory :
    Code:
    Failed to load resource: the server responded with a status of 403 () https://cdn.mywebsite.pw/uploads/2017/10/
    i using another domain : https://mysite.net
    but the static sub domain is under another domain .pw like this :
    cdn.site.pw
    i set Document root(cdn.site.pw) to : https://mysite.net's root
    everything looking good but there are some problems like this i got 403 errors and a plugin images corrupted just 1 of my 6 plugins .

    i checked directory perms i set 777 to wp-content and all sub folders for images
    i check ownership by chown -R nginx:nginx *
    i put
    Code:
    define( 'COOKIE_DOMAIN', 'www.example.com' );
    in wp-config but still have COOKIE_DOMAIN problems in GtMetrix
    if any one wants to check my live website il give him the url in private message
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,626
    6,862
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,307
    Local Time:
    7:09 PM
    Nginx 1.13.x
    MariaDB 5.5
    do you get 403 errors with non-cdn requested versions ? if you do then it might not be related to cdn

    Centmin Mod values security and puts additional measures in place so that end users are also mindful of security. So in your case, you might need to whitelist or unblock the WP plugins related to your 403 permission denied messages.

    If you used centmin.sh menu option 22 auto installer Wordpress Nginx Auto Installer, the default wpsecure conf file at /usr/local/nginx/conf/wpsecure_${vhostname}.conf where vhostname is your domain name, blocks php scripts from executing in wp-content for security

    Below links you can see examples of setting up specific wordpress location matches to punch a hole in the wpsecure blocking to whitelist specific php files that need to be able to run.
    If on Centmin Mod 123.09beta01, you may have ran into the new tools/autoprotect.sh cronjob feature outlined at Beta Branch - autoprotect.sh - apache .htaccess check & migration to nginx deny all | Centmin Mod Community You uploaded scripts may have .htaccess deny from all type files in their directories which may need bypassing autoprotect. It's a security feature that no other nginx based stack has as far as I know :)

    So instead, all .htaccess 'deny from all' detected directories now get auto generated Nginx equivalent location match and deny all setups except if you want to manually bypass the directory from auto protection via a .autoprotect-bypass file - details below here.

    You can read a few threads below on how autoprotect.sh may have caught some folks web apps falsely and the workarounds or improvements made to autoprotect.sh with the help of users feedback and troubleshooting.
     
    • Like Like x 1
  3. R0rke

    R0rke Member

    92
    16
    8
    Jun 2, 2016
    Iran
    Ratings:
    +24
    Local Time:
    1:09 AM
    1.11.1
    10.1
    i'l check and post the results