Above the fold “Proxy” folder size increase unusually.

Hi Bluemad,

The proxy cache is currently fairly simple and there is no cleanup. It currently depends on the website admin / developer to proxy specific scripts. The cache will then remain stable and small.

If you use auto capture to proxy any script and if the website contains a script with a changing url, e.g. a timestamp query string, it would cause a new cache entry to be created every second. The configuration page shows a solution to capture such scripts using a JSON config object.

JSON Proxy Config Object
JSON config objects enable advanced file based proxy configuration. JSON objects can be used together with simple file entry and must be placed on one line (no spaces are allowed).
JSON config objects must contain a target url (the url that will be downloaded by the proxy). Regular expression enables to match a source URL in the HTML, e.g. an URL with a cache busting date string (?time) or an url on a different host. Valid parameters are url, regex, regex-flags, cdn and expire (expire time in seconds).
Example:
{"regex": "^https://app\\.analytics\\.com/file\\.js\\?\\d+$", "regex-flags":"i", "url": "https://app.analytics.com/file.js", "expire": "2592000"}

The regex in the example will capture scripts with the url https://app.analytics.com/file.js?123456789 and create 1 cache entry.

[ Signature moderated ]

• This reply was modified 7 years, 10 months ago by Jan Dembowski.

Hi,

According to Vaultpress there’s a lot of Suspicious Code in /wp-content/uploads/abovethefold/proxy/. This is what they say:

VaultPress has detected code which forcefully adds an HTML “iframe” or “script” tag to your site. This tag may allow an attacker to load dangerous or malicious code on your site, possibly infecting visitors or sending them to another site.

Can I ignore this threat?

Regards,
Koen

Hi Koen,

The proxy (or Above The Fold Plugin) does not ‘create’ javascript code in that location. It simply stores javascript content from captured scripts.

For example, when Google Analytics analytics.js is injected, the proxy will store the javascript contents in the proxy cache directory.

It may be that your website contains a plugin or virus that injects a malicious script. It would then be captured by the proxy and stored in the cache directory. The storage of the javascript content does not pose a direct security threat (the mime type is verified by the proxy so it will be plain text or javascript content), however, if it is malicious code it does mean that a malicious script is being served to your visitors.

[ Signature moderated ]

• This reply was modified 7 years, 10 months ago by Jan Dembowski.

Could you please tell me from where should I edit “JSON config object”.

Some more examples of uses of the JSON object would be really useful!

Hi Bluemad and Sergeantash,

I’ve replied to the question on Github:

https://github.com/optimalisatie/above-the-fold-optimization/issues/11

Regarding the original question, the proxy cache directory has been moved to /wp-content/cache/ and now contains an auto-cleanup and monitor since v2.7.7.

The proxy will be improved greatly in our new plugin that should be ready in a few months.

Defamation by WordPress management

Regarding my signatures in this and over 100 other topics being replaced with a link to anti-spam, it was “regards, name, email”. The replacement is slander by WordPress management with a yet unknown motive.

– no previous warning
– no communication until now
– moderator expresses angry attitude
– my reply to the moderator was first censored and later removed
– the exact same signature is used by many users and has been ignored (he targeted me specifically)
– I never advertised anything on WordPress forums
– I was providing quality free support
– I provide a quality free service to the WordPress platform

I am sorry for bothering you with this, but I want to make it clear to anyone reading this forum and noticing the link to anti-spam under my posts.