Topics

request

Varnish with secure AWS S3 bucket as backend

Serving static contents from S3 is common, but using Varnish in front is a bit tricky. Especially if you want to keep the bucket secure and only serve from Varnish, here is a simple Varnish file to solve this problem.

First secure your bucket via IP policy:

{
  "Version": "2012-10-17",
  "Id": "S3PolicyId1",
  "Statement": [
    {
      "Sid": "IPAllow",
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::example.bucket/*",
      "Condition": {
        "IpAddress": {
          "aws:SourceIp": [
            "5.6.7.8/32"  //varnish ip
          ]
        }
      }
    },
    {
      "Sid": "Explicit deny to ensure requests are allowed only from specific referer.",
      "Effect": "Deny",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::example.bucket/*",
      "Condition": {
        "StringNotLike": {
          "aws:Referer": [
            "https://example.com/*"
          ]
        }
      }
    }
  ]
}

Fix W3 Total Cache W3_Plugin_TotalCache::ob_callback() expected to be a reference

Around a year ago I was playing with W3 Total Cache plugin on HHVM while I got an annoying warning

Warning: Parameter 1 to W3_Plugin_TotalCache::ob_callback() expected to be a reference, value given in /wp-includes/functions.php on line 3269

The funny part is that one of the functions was passing by reference which I still could not find the reason for it, maybe it was a limitation in PHP 4.3. Removing one character “&” fixed the issue so I submitted a pull request to the author although the repository currently does not accept pull request. Later on as PHP 7.0 was released, the issue started to show on PHP as well which brought more attention to this small fix. The users comments included anger such as user @kmob2 who said

this is becoming a running gag

Even more user @pratham2003 proposed a one line bash command to solve the problem

sed -i.bak 's/function ob_callback(&/function ob_callback(/g' /path/to/public_html/wp-content/plugins/w3-total-cache/lib/W3/Plugin/TotalCache.php

I hope that the developers will finally listen to the users and fix it soon!

Limit requests per IP on Nginx using HttpLimitZoneModule and HttpLimitReqModule except whitelist

– Make sure to check Nginx, PHP posts for information on Nginx and PHP setup and configuration.

Nginx offers two modules, HttpLimitReqModule and HttpLimitZoneModule, to limit simultaneous connections for the assigned session and the number of requests for a given session from one IP address. Basically these modules are built to protect the web server from possible DDos attacks; For example, this configuration limits remote clients to no more than 20 concurrently “open” connections per remote ip address:

http{
    limit_conn_zone  $binary_remote_addr zone=concurrent:10m;
    limit_conn_log_level warn;
    limit_conn  concurrent  20;

Disqus problem with wordpress “unable to connect to the disqus api servers”

I recently installed Disqus plugin for WordPress; however, I have been receiving this message “unable to connect to the disqus api servers.” By looking into the source code, it looks like curl is the problem! more specifically the _dsq_curl_urlopen() function, but I did not investigate this error further. As fortunately, we can easily switch to the alternative function _dsq_fsockopen_urlopen().