wuboys

Pleas also send me premium information.

I can’t submit ticket to your support page. It keeps telling me “That action is currently not allowed.”

@rad Sand,

Thanks for your response, it really helps me understand what’s your concern. I think you should add it back. This is the first thread appear when I search “nginx” “wp-spamshield” together by Google. Leave your semi-long response here may help other people.

I am not here to debate anything. Just a poor guy who want to make things work ?? . It’s in deed a “support forum”, and your response supports me to understand more on web server infrastructure. Thanks for your great work and excellent plugin.

And sure, I am curious about how you can set up a hybrid envrionment. I will send you mail on your support page. Thank you.

btw, the broken link from nginx team is:
https://www.nginx.com/resources/wiki/start/topics/examples/likeapache-htaccess/

First, I have to clear that, I am not the author of that article. I am just some guy try to use your plugin without luck since I use standalone nginx.

The real issue though is that Nginx does not allow for a directory level configuration file, whereas, Apache does. (Even IIS has this.) This is a significant advantage of Apache over Nginx. Plugins are much more powerful when they can use this feature.

Yes, nginx doesn’t provide directory level configuration. So the real question here is:
Do we really need a directory level configuration for our webserver?

If you are running your application on a web hosting service, then the answer is yes since you can’t touch the global configuration file in apache.

However, if you are running it in a VPS or your own server. You have full control over configuration.In what situation do you need a directory level configuration?
You can always set up everything you need in your virtual host server configuration block, including rewrite, deny, and cache (http header) control rules.
The only situation only .htaccess can do is banning IP function because you may write denying ip rule into .htaccess file and you need hot-activation without restarting web server , so I suggest not to use it. But except that, I think most of functions are still workable.

IMHO, it’s just a conceptual disagreement between apache and nginx. NGINX doesn’t have .htaccess file not because it can’t implement it, it’s just not a good solution for nginx design concept. You can read “> this article for an official explanation from nginx. It compares the performance and telling you DON’T USE IT.

The distributed(directory level) configuration has it’s own pros and cons. Yes, it can load your rule immediately without restarting web server, but it’s slow because apache has to check the .htaccess file and apply the rules to the directory for EVERY request. Also, it give you directory level configuration which will override global configuration. It’s good for virtual host, but what if the owner use .htaccess file incorrectly? It may expose more security issue. I believe those who maintain a .htaccess file is merely a web developer, not an expert to administrate the server security and reliability.

Let’s go back to the question: Do we really need a directory level configuration for our webserver?

I use W3 Total cache plugin and apply the nginx configuration rule they provided in my standalone nginx server, it works fine. Maybe all we need from you is just a suggestion of configuration for wp-spamshield in nginx.

According to this great article: Standalone Nginx servers and WordPress – you decide?

I believe it’s not a problem to run wp-spamshield on nginx standalone server.
I haven’t fully tested all the functions of wp-spamsheild, but I think it basically runs fine except for banning ip with .htaccess file method. (comments will still put into trash but request will send to server).

If you are BRAVE enough and want to try it out. Just modify wp-spamshield.php line 8152 (version 1.9.9) and remove “&& FALSE === $is_nginx“

if( ( $inst_plugins_get_test_1 === $get_page || TRUE === $activation ) && file_exists( $inst_file_test_0 ) && file_exists( $inst_file_test_3 ) && FALSE === $jscripts_blocked && $js_status != '500' ) {
    update_option( 'spamshield_install_status', 'correct' ); return TRUE;
} else {
    update_option( 'spamshield_install_status', 'incorrect' ); return FALSE;
}

after change, please deactivate and activate wp-spamshield plugin again. It will show ” Installation Status: Installed Correctly” now.

However, without .htaccess file, you should still deny sensitive file access via nginx configuration, in case insecure access to your configuration files like wp-config.php.