Score:0

What is wrong with this NGINX config that rewrites URLs is the user is not logged into WordPress?

eg flag

I have an NGINX config which is supposed to redirect a user to the WordPress login page if that user is not logged into WordPress, but it is not quite working correctly. Instead, it redirects all users to the login page, regardless of their logged in status...

set $bad_uri 0;
if ($request_uri ~* ((^/private-page-1/)|(^/private-page-2/)|(^/private-page-3/)|(^/private-page-4/))){
    set $bad_uri 1;
}
set $logged_in 0;
if ( $http_cookie ~* "wordpress_logged_in" ){
    set $logged_in 1;
}
set $pls_stop "$bad_uri:$logged_in";
if ( $pls_stop = "1:0" ){
    rewrite ^/* https://my-website.org/wp-login.php permanent;
}

On the other hand, I have another NGINX config that IS working correctly. Similar to the above, it is supposed to forbid access to any files under a specific directory, unless the user is logged into WordPress. This config works perfectly as intended...

set $bad_uri 0;
if ($request_uri ~* ^/wp-content/uploads/_private_directory/){
    set $bad_uri 1;
}
set $logged_in 0;
if ( $http_cookie ~* "wordpress_logged_in" ){
    set $logged_in 1;
}
set $pls_stop "$bad_uri:$logged_in";
if ( $pls_stop = "1:0" ){
    return 403;
}

Considering the fact that the basic logic for both configs is practically identical, then why is it that the the first one is only halfway working but the second one works just fine?

Ivan Shatsky avatar
gr flag
HTTP 301 permanent redirects are cached by most of the browsers, which means that after the non-logged user visit your private page and gets redirected, he will be redirected every time he visit the same page no matter will he be logged or not until the browser cache will be emptied. Use `rewrite ... redirect` for issuing HTTP 302 temporary redirection instead, or better use `return 302 https://my-website.org/wp-login.php` (avoid invoking regex library whenever you can).
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.