Parameter Problems

  • Hi,

    Thank you for making this plugin.

    Have two issues with the URL variable ?swcfpc=1

    1. It shows up for non logged users.
    2. Sometimes it does not showup for logged in users and that means logged in users see cached pages inside WP Admin.

    Here are the headers of one of the page that shows ?swcfpc=1 for non logged in users. For some reason the cache is still hit (cf-cache-status: hit). But the variable is also in the URL.

    While other headers are:

    x-cache: MISS
    x-ua-compatible: IE=edge
    x-wp-cf-super-cache: no-cache
    x-wp-cf-super-cache-cache-control: no-store, no-cache, must-revalidate, max-age=0

    Request URL: https://securitygladiators.com/activism-cyber-attacks-2020/?swcfpc=1
Request Method: GET
Status Code: 200 
Remote Address: 104.26.5.206:443
Referrer Policy: no-referrer-when-downgrade
age: 43155
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-cache, must-revalidate, max-age=0
cf-cache-status: HIT
cf-h2-pushed: </wp-content/litespeed/cssjs/db075.css>,</wp-includes/js/jquery/jquery.js>,</wp-content/litespeed/cssjs/bc9b3.js>,</wp-content/litespeed/cssjs/75811.js>
cf-ray: 5a99cc779f13ca88-LHE
cf-request-id: 0393fe1ebf0000ca8883887200000001
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 26 Jun 2020 20:50:06 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: Wed, 11 Jan 1984 05:00:00 GMT
link: </wp-content/litespeed/cssjs/db075.css>; rel=preload; as=style,</wp-includes/js/jquery/jquery.js>; rel=preload; as=script,</wp-content/litespeed/cssjs/bc9b3.js>; rel=preload; as=script,</wp-content/litespeed/cssjs/75811.js>; rel=preload; as=script
pragma: no-cache
server: cloudflare
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-cache: MISS
x-ua-compatible: IE=edge
x-wp-cf-super-cache: no-cache
x-wp-cf-super-cache-cache-control: no-store, no-cache, must-revalidate, max-age=0
:authority: securitygladiators.com
:method: GET
:path: /activism-cyber-attacks-2020/?swcfpc=1
:scheme: https
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cache-control: max-age=0
cookie: _ga=GA1.2.141301900.1592968580; _gid=GA1.2.2065026278.1592968580; wordpress_test_cookie=WP+Cookie+check; PHPSESSID=i0rsli1ji4s1nvlqbb16vkr8e0; cf_use_ob=0; showExitIntent=false; wordpress_logged_in_048a01aa1a304e1ab1226f927432f022=emptypage654654%7C1593290221%7CupeNZ6ju7FncHNPH4jnoFzsRXBIldgebxBJP3v2pf5C%7C7da997855b722ea5f0c3a4d9e3c127ccd023042d3cf660b2d3ea12c4edfb9f33; wp-settings-7717=editor%3Dtinymce%26libraryContent%3Dbrowse%26urlbutton%3Dnone%26align%3Dright%26imgsize%3Dmedium%26advImgDetails%3Dshow%26post_dfw%3Doff%26posts_list_mode%3Dlist%26hidetb%3D1%26editor_plain_text_paste_warning%3D2; wp-settings-time-7717=1593158636; __cfduid=d58718b33ed3dc79ddbfb789ce22eec041593202790
dnt: 1
referer: https://securitygladiators.com/
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: same-origin
sec-fetch-user: ?1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Safari/537.36
swcfpc: 1

    Here is the backend headers where ?swcfpc=1 did not load in the URL.

    cf-cache-status: HIT
    x-cache: MISS
    x-wp-cf-super-cache: no-cache
    x-wp-cf-super-cache-cache-control: no-store, no-cache, must-revalidate, max-age=0

    
Request URL: https://securitygladiators.com/wp-admin/
Request Method: GET
Status Code: 200 
Remote Address: 104.26.5.206:443
Referrer Policy: strict-origin-when-cross-origin
age: 287
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
cf-cache-status: HIT
cf-ray: 5a99d4e40d0bca88-LHE
cf-request-id: 03940362800000ca8883ba6200000001
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 26 Jun 2020 20:55:51 GMT
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
expires: Wed, 11 Jan 1984 05:00:00 GMT
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
status: 200
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-cache: MISS
x-frame-options: SAMEORIGIN
x-wp-cf-super-cache: no-cache
x-wp-cf-super-cache-cache-control: no-store, no-cache, must-revalidate, max-age=0
:authority: securitygladiators.com
:method: GET
:path: /wp-admin/
:scheme: https
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cache-control: max-age=0
cookie: breeze_active_tab=basic; litespeed_tab=settings_media; wordpress_sec_048a01aa1a304e1ab1226f927432f022=emptypage654654%7C1593377743%7C8gKcvsgyG1iYPAGSiKAidMisf5QKhVVbfb9zaRLxXTl%7Cc629c81c9921f11a6870be43968939b07a613f4605224ff763a8485a1d0ca886; _ga=GA1.2.141301900.1592968580; _gid=GA1.2.2065026278.1592968580; wordpress_test_cookie=WP+Cookie+check; PHPSESSID=i0rsli1ji4s1nvlqbb16vkr8e0; cf_use_ob=0; showExitIntent=false; wp-settings-7717=editor%3Dtinymce%26libraryContent%3Dbrowse%26urlbutton%3Dnone%26align%3Dright%26imgsize%3Dmedium%26advImgDetails%3Dshow%26post_dfw%3Doff%26posts_list_mode%3Dlist%26hidetb%3D1%26editor_plain_text_paste_warning%3D2; wp-settings-time-7717=1593158636; __cfduid=d58718b33ed3dc79ddbfb789ce22eec041593202790; _lscache_vary=1b89ff39fd82e7590e80b502d3b17711; wfwaf-authcookie-ca1e5ea19c96f2e161c197c71e77ff61=7717%7Cadministrator%7Ca9ba83f3b5f9151eaa9fa5f045e3f58e495d02622a4e0f9dd986ecd02163110c; wordpress_logged_in_048a01aa1a304e1ab1226f927432f022=emptypage654654%7C1593377743%7C8gKcvsgyG1iYPAGSiKAidMisf5QKhVVbfb9zaRLxXTl%7C2d7dcc62e249f97645daf23ea8c9b133ddb7fdd62e8e807ea1c92359f0495d3e
dnt: 1
referer: https://securitygladiators.com/wp-admin/?loggedout=true&wp_lang=en_US
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: same-origin
sec-fetch-user: ?1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Safari/537.36

    Can you please help and make sense of this?

    Thank you.

    • This topic was modified 4 years, 4 months ago by Greyleg.
    • This topic was modified 4 years, 4 months ago by Greyleg. Reason: Removing custom URL
Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Contributor Salvatore Fresta

    (@salvatorefresta)

    Hi,
    it seems a conflict with another page caching system you are using on the same website. Please start by using only 1 page cache (the cloudflare one) and re-check.

    Let me know ??

    Thread Starter Greyleg

    (@odeskumair)

    Thanks for the reply.

    The other caching plugin is Breeze from Cloudways hosting.

    If Breeze is turned off then Varnish will not be cleared when new content is published.

    Also, if WordPress is not locally cached then won’t that increase server load ?

    Plugin Contributor Salvatore Fresta

    (@salvatorefresta)

    Hi,
    when the page is cached on Cloudflare, your origin server is totally skipped so any cache you have enabled on it, will not be hitted anymore. This means a huge bandwidth save!

    On the version currently in beta testing, I added an option to enable a fallback cache, a traditional page cache to use when the page cache on Cloudflare expires prematurely for some reason. Only in this case, a server-side page cache is useful ??

    The difference between this fallback cache and other page caches is that this is 100% compatible and follows the same caching logic of the main one.

    Thread Starter Greyleg

    (@odeskumair)

    Thanks for the reply. The Breeze plugin was disabled few days ago and still logged out user can see ?swcfpc=1 for some URLs.

    your origin server is totally skipped so any cache you have enabled on it, will not be hitted anymore.

    Cloudflare stats show 100% visitors don’t hit Cloudflare cache and some of them are sent to origin server.

    E.g.
    Cached Requests
    Last 24 hours
    64,731

    Uncached Requests
    Last 24 hours
    59,948

    May be this is because some of the non logged-in users have that cache breaking parameter in the URL.

    What do you think?

    P.S.

    Awesome news that you’re developing new version of the plugin with fall back origin server cache that is 100% compatible with CF.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Parameter Problems’ is closed to new replies.