I have an NGINX config which is supposed to redirect a user to the WordPress login page if that user is not logged into WordPress, but it is not quite working correctly. Instead, it redirects all users to the login page, regardless of their logged in status...
set $bad_uri 0;
if ($request_uri ~* ((^/private-page-1/)|(^/private-page-2/)|(^/private-page-3/)|(^/private-page-4/))){
set $bad_uri 1;
}
set $logged_in 0;
if ( $http_cookie ~* "wordpress_logged_in" ){
set $logged_in 1;
}
set $pls_stop "$bad_uri:$logged_in";
if ( $pls_stop = "1:0" ){
rewrite ^/* https://my-website.org/wp-login.php permanent;
}
On the other hand, I have another NGINX config that IS working correctly. Similar to the above, it is supposed to forbid access to any files under a specific directory, unless the user is logged into WordPress. This config works perfectly as intended...
set $bad_uri 0;
if ($request_uri ~* ^/wp-content/uploads/_private_directory/){
set $bad_uri 1;
}
set $logged_in 0;
if ( $http_cookie ~* "wordpress_logged_in" ){
set $logged_in 1;
}
set $pls_stop "$bad_uri:$logged_in";
if ( $pls_stop = "1:0" ){
return 403;
}
Considering the fact that the basic logic for both configs is practically identical, then why is it that the the first one is only halfway working but the second one works just fine?