Skip to content

Instantly share code, notes, and snippets.

@tonykwon
Created August 11, 2014 18:47
Show Gist options
  • Save tonykwon/7cb5c1bcf37983ae0da4 to your computer and use it in GitHub Desktop.
Save tonykwon/7cb5c1bcf37983ae0da4 to your computer and use it in GitHub Desktop.
Falcon Engine rewrite example for nginx - from http://www.wordfence.com/blog/nginxConf.txt
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '[$time_local] $remote_addr - $remote_user - $server_name to: $upstream_addr: $request upstream_response_time $upstream_response_time msec $msec request_time $request_time status $status bytes $body_bytes_sent';
#Uncomment to debug rewrite rules
#rewrite_log on;
server {
listen 80;
server_name test1.com;
access_log logs/test1.access.log main;
#Uncomment to debug rewrite rules
#error_log logs/rewrite.log notice;
root /usr/local/test1;
index index.php;
# WORDFENCE FALCON ENGINE CODE
#Match on gzip first because ordering matters.
location ~ "/site/wp-content/wfcache/.*gzip$" {
gzip off;
types {}
default_type text/html;
add_header Vary "Accept-Encoding, Cookie";
add_header Content-Encoding gzip;
}
#If the previous matched, the following location won't be executed.
location ~ /site/wp-content/wfcache/.* {
add_header Vary "Accept-Encoding, Cookie";
}
set $wordfenceCacheOn 1;
#Don't cache form submissions.
if ($request_method = POST) {
set $wordfenceCacheOn 0;
}
#Allow caching of /?123=123 because this is a common DDoS to override caches.
if ($query_string !~ "^(?:\d+=\d+)?$") {
set $wordfenceCacheOn 0;
}
#Only cache URL's ending in /
if ($request_uri !~ \/$) {
set $wordfenceCacheOn 0;
}
#Don't cache any cookies with this in their names e.g. users who are logged in.
if ($http_cookie ~* "(comment_author|wp\-postpass|wf_logout|wordpress_logged_in|wptouch_switch_toggle|wpmp_switcher)") {
set $wordfenceCacheOn 0;
}
set $wordfenceEncoding "";
#Oh, you want gzipped content?
if ($http_accept_encoding ~ gzip) {
set $wordfenceEncoding _gzip;
}
set $wordfenceHTTPS "";
if ($scheme = 'https'){
#If you want to ENABLE HTTPS caching, comment out the next line.
set $wordfenceCacheOn 0; #Comment this line out to enable HTTPS caching.
set $wordfenceHTTPS '_https'; #Uncomment this line to enable HTTPS caching.
}
#The main purpose of this line is to capture the URL components into variables.
if ($request_uri !~ "^\/*(?<wfone>[^\/]*)\/*(?<wftwo>[^\/]*)\/*(?<wfthree>[^\/]*)\/*(?<wffour>[^\/]*)\/*(?<wffive>[^\/]*)(?<wfsix>.*)$"){
set $wordfenceCacheOn 0;
}
#If the file doesn't exist then don't serve from cache.
if (!-f "$document_root/site/wp-content/wfcache/${http_host}_${wfone}/${wftwo}~${wfthree}~${wffour}~${wffive}~${wfsix}_wfcache${wordfenceHTTPS}.html${wordfenceEncoding}") {
set $wordfenceCacheOn 0;
}
if ($wordfenceCacheOn = 1) {
rewrite .* "/site/wp-content/wfcache/${http_host}_${wfone}/${wftwo}~${wfthree}~${wffour}~${wffive}~${wfsix}_wfcache${wordfenceHTTPS}.html${wordfenceEncoding}" last;
}
# END Wordfence Rules
location / {
try_files $uri $uri/ /index.php?$args ;
}
location ~ .php$ {
try_files $uri /index.php;
include fastcgi_params;
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_script_name;
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
}
}
@sureshjoshi
Copy link

This section doesn't make sense - as neither of these lines are commented. Also, should "site" be replaced with anything?

    if ($scheme = 'https'){
        #If you want to ENABLE HTTPS caching, comment out the next line.
        set $wordfenceCacheOn 0; #Comment this line out to enable HTTPS caching.

        set $wordfenceHTTPS '_https'; #Uncomment this line to enable HTTPS caching. 
    }

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment