trogau

I was just looking to do the exact same thing.

I’m not an Apache configuration expert but I think the Require all granted in the .htaccess will override the Require valid-user in all cases.

There might be some advanced configuration possible to override it – interested if anyone has any ideas.

I have simply disabled Configure->Lockouts->Ban Users->Enable ban lists checkbox, which removes the Require all from the .htaccess section; this is OK for me as I only have a small handful of known users with access via the AuthUserFile, but it may not be suitable in all circumstances.

This issue is fixed for me with the latest HHVM v3.26.1-1 in Debian.

Pretty sure this is related to this bug: https://github.com/facebook/hhvm/issues/8185

I wrote about a quick fix for it: https://hhvm.trawg.com/2018/05/08/hhvm-3-26-0-1jessie/ , but basically just set hhvm.hack_compiler_default=false in HHVM’s server.ini

I just noticed I was getting a lot of pingback errors in my auth.log, but they weren’t getting blocked properly.

Upon inspection, I noticed that the format of the line in auth.log looked a little weird:

Apr 7 03:13:13 trog 33 generated from 185.130.5.165[3913]: Pingback error 33 generated from x.x.x.x

The line in wp-fail2ban.php responsible for this is:

\syslog(LOG_NOTICE,'Pingback error '.$ixr_error->code.' generated from '.remote_addr());

Nothing obviously wrong with it. I changed the quotes from single quotes to double quotes, a la:

\syslog(LOG_NOTICE,"Pingback error $errcode generated from ".remote_addr());

… (with $errcode populated in another line) and now it logs correctly, a la:

Apr 7 03:13:18 trog wordpress(103.16.128.201)[3913]: Pingback error 33 generated from x.x.x.x

Weird. But it works fine like this.

Actually, I just noticed that with https://example.com/missing/ – while it does get served from the cache, it gets served with an HTTP 200 – not a 404. Doh!

@sstillwell, I’m just using it for a test WordPress instance: https://hhvm.trawg.com . Default WP out of the box seems to be working fine, but I haven’t done much with it. Default config though stands up extremely nicely to apachebench even under really high concurrency. Looking forward to testing more.

@wordfence, I’m running under HHVM, so I am probably an edge case at the moment compared to the majority of Nginx users.

I’m happy to help test if there’s a generic Nginx config though to see how it goes. What I am using now is basically just the stock default config installed as part of the Debian package.

A bunch of the other plugin functionality seemed to work OK for me in Nginx, but as noted the caching doesn’t activate.

I had a quick crack at writing some Nginx rules for it but I’m a new convert to Nginx and not intricately familiar with the format.

Without knowing too much about it I suspect it just needs someone to create compatible rules from the .htaccess that is written by Wordfence to enable caching.

In case it’s not clear I’m talking about this in the context of the Custom Field Template plugin!