I am using one wordpress site. In this wordpress URL I am using 2 load balancing URL in my production.
For Example My actual URL is
www.myurl.com
My load blancer URL's are
www.myurl01.drd.myurl.com
www.myurl02.drd.myurl.com
For wordpress current URL I am using the following function in function.php
function current_url() {
$pageURL = 'http';
if( isset($_SERVER["HTTPS"]) ) {
if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
}
$pageURL .= "://";
if ($_SERVER["SERVER_PORT"] != "80") {
$pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
} else {
$pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
}
return $pageURL;
}
This function returning www.myurl01.drd.myurl.com load balancer URL instead of www.myurl.com. how can get my actual URL using this function.
Any one please suggest
Your implementation of current_url() does not handle the case where WordPress is running behind a proxy. Values in the SERVER array corresponding to the keys: HTTPS, SERVER_PORT and SERVER_NAME relate to the back-end server only.
The front-end proxy server may set specific headers to enable the back-end to detect that it is running behind a proxy. The WordPress core functions already support these extra settings and you may wish to look at those implementations before you make changes to your code.
If you want a quick fix (and assuming that your proxy server sets the value correctly) using HTTP_HOST in the place of SERVER_NAME may solve the immediate problem.
For a complete fix, you may want to look at using HTTP_X_FORWARDED_PROTO and HTTP_X_FORWARDED_PORT. If these values are defined, they should be use instead of the local equivalent.
Related
I have a service that is hosted in an internal network that is receiving traffic in port 443 (via https) behind a custom loadbalancer both from the internet but also from the internal network.
Internal network requests are coming with an extra custom header, let's call it X-my-lb-header.
I want to block all external incoming traffic to all uris (return an http response code), except to some specific ones.
Eg, let's say that i want to allow traffic that is coming to two endpoints /endpoind1/ (preffix match) and /endpoint2 actual match.
What is the best way to achieve a behaviour like this?
If my understanding is correct I need something like (not correct syntax bellow)
location = /endpoind2 {
if ($http_x_my_lb_header not exists) {
pass
} else {
return 404
}
... the rest of the directives
}
location ~ / {
if ($http_x_my_lb_header) {
return 404;
}
... the rest of the directives
}
But since else is not supported in nginx, i cannot figure out to do it.
Any ideas?
So you need some logic like
if (header exists) {
if (request URI isn't whitelisted) {
block the request
}
}
or in another words
if ((header exists) AND (request URI isn't whitelisted)) {
block the request
}
Well, nginx don't allow nested if blocks (nor logical conditions). While some people inventing a really weird but creative solutions like this one (emulating AND) or even this one (emulating OR), a huge part of such a problems can be solved using map blocks (an extremely powerfull nginx feature).
Here is an example:
# get the $block variable using 'X-my-lb-header' value
map $http_x_my_lb_header $block {
# if 'X-my-lb-header doesn't exists, get the value from another map block
'' $endpoint;
# default value (if the 'X-my-lb-header' exists) will be an empty string
# (unless not explicitly defined using 'default' keyword)
}
# get the $endpoint variable using request URI
map $uri $endpoint {
# endpoint1 prefix matching (using regex)
~^/endpoint1 ''; don't block
# endpoint2 exact matching
/endpoint2 ''; don't block
default 1; # block everything other
}
Now you can use this check in your server block (don't put it to some location, use at the server context):
if ($block) { return 404; }
I need a way to log queries that go to wp-admin/admin-ajax.php (extra points if I can log specific queries). This will help to troubleshoot some stuff happening in production with my custom plugin.
Scenario
I’ve been working on a plugin which varies the message a user gets depending on the time on the server. The process also depends on other settings retrieved from the server.
The plugin uses javascript to call admin-ajax.php to do the magic. (due to the nature of the plugin, I don’t think I can or should use straight client-side JS for this).
In development it works reliably but in production there are definitely situations where the result returned is unexpected.
This has led me to think that the results of admin-ajax.php are sometimes cached, I need a way to validate my current guess by doing some logging of responses from the production server.
Put this code in you theme functions.php
A log file ajaxlog.txt will now be created in your template folder
add_action( 'admin_init', 'my_ajax_checker', 10, 2);
function my_ajax_checker() {
$file = dirname(__FILE__) . '/ajaxlog.txt';
$actual_link = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
$message = $actual_link . " - " . date('m/d/Y h:i:s a', time()) . " - " .$_SERVER['REMOTE_ADDR'] . "\r\n" ;
file_put_contents($file, $message, FILE_APPEND);
}
}
Send requests with a unique identifier and then count if they are all in the log.
I need Geo information from each users who visit my website in wordpress, in order to present correct current. After I use cloudfront, the WC_Geolocation doesn't work. I was thinking picking cloudfront-view-country header from cloudfront request to my server. The below two method I have test, but didn't get what i expected.
Add the cloudfront-view-country to Whitelist Headers. Use getallheaders() to read the request headers in the wordpress in functions.php, but didn't find the expected header cloudfront-view-country.
snippet in the functions.php
$headers = getallheaders();
foreach($headers as $key=>$val){
echo $key . ': ' . $val . '<br>'
}
I use lambda + API gateway, pass CloudFront-Viewer-Country to lambda in Body Mapping Templates
detect_countryCode": "$input.params('CloudFront-Viewer-Country')
catch the countryCode with event in lambda
exports.handler = (event, context, callback) => {
let countryCode = event.detect_countryCode;
callback(null, countryCode)
};
When I test with API in a browser, it did show the right country code. However, after I use wp_remote_get() to integrated this API in wordpress. It always shows "US" which is my server's locationi. I believe the logic is wrong in the second method. It is my server invoke the API, of course it will return the country code of my server which is in "US".
Any comments would be appreciated.
Thank you.
I am using woo-commerce plugin for word press. I recently installed first data payment gateway extension(premium extension) into my wordpress.
It throws the following error:
FirstData GGe4 Error: Credit card data cannot be entered unless you are using an SSL secured connection.
I am not sure what is SSL, how can I connect SSL with first data gateway.
you have to take SSL licence from your web hoster for yor site
After installation if that will not work then try to add below code in your function.php of theme for particular page with ssl
add_action('wp_head', 'apply_ssl_to_specific_page');
add_action('admin_head', 'apply_ssl_to_specific_page');
add_action('login_head', 'apply_ssl_to_specific_page');
function apply_ssl_to_specific_page(){
<?php
if ( is_page('your-checkout-page-slug') ) {
if($_SERVER['SERVER_PORT'] != '443')
header('Location: https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
} else {
if($_SERVER['SERVER_PORT'] == '443')
header('Location: http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
}
}
replace your-checkout-page-slug with your page slug
I have a WordPress site in two languages (Hebrew and English) and I need it to redirect according to browser language. I'm using qTranslate plugin to create the content in both languages. This plugin also has a redirection functionality but it creates a redirection only for the homepage and I need the redirection to happen for internal pages as well as the homepage.
Another developer wrote this code for me to create the redirection, but for some reason it creates a funny redirect. It happens only when switching language to Hebrew, then leaving the site and trying to enter directly to http://domain.com/en/ and it redirects you to http://domain.com/domain.com/ (Does not happen when switching to english).
I tried playing with the "header (Location: )" that creates the redirection for Hebrew, but couldn't figure out how to make it work - I tried using the full path instead of relative path, or removing the "/" between $_SERVER['SERVER_NAME'] and $_SERVER['REQUEST_URI'] but got recursive url or url with double "/" (http://domain.com// and also for internal pages http://domain.com//page).
The url structure is:
domain.com/ for Hebrew
domain.com/en/ for English
and when switching language then the parameter $lang=en or $lang=he is being added.
Hope this makes sense, and thanks a lot!
this is the code that is responsible for the redirection:
<?php
if (!isset($_COOKIE["uln"])) :
$lang = substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2);
setcookie('uln', $lang, time()+86400*365, '/', '.domain.com'); // cookie stored for a year
$_COOKIE['uln'] = $lang;
endif;
//if lang=(value) is not empty
if(isset($_GET['lang'])) {
$lang = $_GET['lang'];
setcookie('uln', $lang, time()-1, '/', '.domain.com'); //this unsets the cookie for random language selection
//set the cookie "uln" again with the selected language.
setcookie('uln', $lang, time()+86400*365, '/', '.domain.com'); // cookie stored for a year
$_COOKIE['uln'] = $lang;
}
if(($_COOKIE["uln"]) == "en") {
$matched = strncmp("/en/", $_SERVER['REDIRECT_URL'], 3);
if ($matched !== 0) :
header('Location: /en'.$_SERVER['REQUEST_URI']);
endif;
} elseif(($_COOKIE["uln"]) == "he") {
$matched = strncmp("/en/", $_SERVER['REDIRECT_URL'], 3);
if ($matched === 0) :
header('Location: '.$_SERVER['SERVER_NAME'].'/'.$_SERVER['REQUEST_URI']);
endif;
}
?>
instead of
header('Location: '.$_SERVER['SERVER_NAME'].'/'.$_SERVER['REQUEST_URI']);
try
header("Location: http://{$_SERVER['SERVER_NAME']}{$_SERVER['REQUEST_URI']}");
URLs, especially those in Location headers, should include a protocol and domain name. I believe relative URLs in Location headers are a violation of the HTTP RFCs.
By omitting a protocol, you're unintentionally specifying a relative url instead of an absolute one.
Edit: REQUEST_URI is already prefixed with a / so including one in the concat is unnecessary.
You're missing an http:// somewhere, probably in the English -> Hebrew redirect code.
Change
header('Location: '.$_SERVER['SERVER_NAME'].'/'.$_SERVER['REQUEST_URI']);
to
header('Location: http://'.$_SERVER['SERVER_NAME'].'/'.$_SERVER['REQUEST_URI']);