WP-SpamShield with Dreampress – Varnish

  • Resolved outpost33

    (@outpost33)


    8 years, 1 month ago

    Hi,

    I love the plugin, but unfortunately in my case it broke Varnish caching. I have the plugin in Compatibility Mode, but this isn’t helping.

    Here is the response from Dreamhost Dreampress support:

    The site is currently not serving up cached pages via Varnish. Varnish is
    the server side caching service that is supposed to make DreamPress fast.
    The is being caused by a PHP session being served up to anonymous site
    visitors.

    Set-Cookie: PHPSESSID=H3RVf8FQfKIrCgH9fgmrB0; path=/

    You need to find the plugin that is causing the cookie to be served and
    disable it. This will then allow varnish to cache pages

    Any ideas about what I should be asking Dreamhost to change on the server side?

Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Contributor redsand

    (@redsand)

    Hi outpost33,

    At the top of the support forum there is a sticky post that we ask users to read first because it guides you to excellent troubleshooting options we have already put together for our plugin users.

    We will be happy to help you. You will need to take the following steps:

    1. The Troubleshooting Guide and FAQs are the place to start.

      Please take a few minutes to work through these, as they solve over 90% of issues users have. (Please be sure to follow all the steps, not just read through them.)

      Once you have gone through the Troubleshooting Guide and FAQs, if that doesn’t solve the issue, we’ll need a bit more info from you on the specifics, and we’ll need to email back and forth, so you should move on to the next step.

    2. Submit a support request at the WP-SpamShield Support Form, our main support channel for the plugin. We have an excellent diagnostic process.

    That will allow us to help you diagnose this, find out what the real issue is, and get things working right for you.

    – Scott

    Please note that the WP-SpamShield Support page is our main support venue, not the WordPress forums here, so that will always be the best way to get a quick response and resolve any tech support issues.

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    Hi @outpost33 – I work for DreamHost and specifically on the DreamPress stuff right now.

    The issue is that the way we set up Varnish, it trusts you when you put down cookies. Basically, if you put down a cookie to indicate a unique user, Varnish says “Oh hai! Unique users shouldn’t get cache!”

    The problem here is that the way SpamShield appears to work, it uses cookies to determine if your visitors are spammers or not… which means it wants to mark each user as unique. And that means it runs at odds with Varnish ?? They’re just incompatible with their intentions. As long as SpamShield insists on using a cookie, varnish will insist on treating the cookie’d user as unique and will not cache the page for them.

    I’m not sure if there’s a way around it, except MAYBE if you only used SpamShield on registration pages and not on comment pages. We don’t cache wp-admin/login pages.

    Plugin Contributor redsand

    (@redsand)

    Hi @ipstenu,

    The problem here is that the way SpamShield appears to work, it uses cookies to determine if your visitors are spammers or not… which means it wants to mark each user as unique. And that means it runs at odds with Varnish

    That setup breaks PHP functionality. Cookies aren’t something that should have to be disabled for websites to work properly. Cookies are a standard PHP function. In essence you’re saying that not all PHP functionality is available to your users.

    As long as SpamShield insists on using a cookie…

    “Insist on using a cookie”…? That’s implying that there is an issue with code. There is absolutely nothing wrong with using this standard PHP functionality.

    I’m not sure if there’s a way around it, except MAYBE if you only used SpamShield on registration pages and not on comment pages. We don’t cache wp-admin/login pages.

    It’s an anti-spam plugin…it needs to be used on comment pages. That’s sort of the point.

    @ipstenu I greatly respect your work as a moderator, but I think in this case responding as a representative of Dreamhost presents an obvious conflict of interest, and makes this response a bit inappropriate. I think it would be best if you hand this off to another Dreamhost rep. Please contact me offline for further discussion.

    – Scott

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    Scott, I was answering as a DH rep, which is why I was upfront and direct about this. A conflict of interests would be me deleting or editing your posts, which I would never do.

    Please read ‘insists’ as a technical word and not a pejorative. Swap it with ‘requires’ and it’s the same intent. I did not mean this as a ‘diss’ to your project. I think WP SpamShield is a nifty product, but I think it’s at odds with the way DreamPress set up Varnish. Which SUCKS. Unless you know of a way to not use PHPSessions to set cookies and have the same effect. Which… I’m pretty sure doesn’t exist.

    You misunderstood my meaning, which means I explained it poorly. Let me try again…

    Cookies are not ‘disabled.’ Varnish is set up to treat every anon-visitor as ‘the same’ unless you tell it otherwise. Which your plugin is doing via the use of the cookie/PHPSession method. You rely on unique cookies to determine who people are. Varnish relies on them to know when it should and shouldn’t deliver cached pages.

    Tl;dr: Unique visitors, as determined by cookies and PHP sessions, do not get cached pages on Varnish at DreamPress.

    Which is exactly what your plugin is doing.

    It’s neither good nor bad, it’s just what it is. And the choice sadly is to use your plugin, knowing it will break DreamPress’ varnish caching, or not to use it at all (where it is equal to either DP or WPSS). Which is a pretty annoying choice. And I can’t make it for the users, but I can educate them.

    Plugin Contributor redsand

    (@redsand)

    @ipstenu,

    thanks for the follow up. That sounds more like you. ??

    Ok, I understand. Thanks for clarifying.

    I think WP SpamShield is a nifty product, but I think it’s at odds with the way DreamPress set up Varnish. Which SUCKS.

    Thanks…we appreciate that. ?? I hear you.

    Well, if you guys do want to get in touch with me, we can make a compatibility bridge. It does detect Varnish and adapt, so it may just have compatibility issues on DH. We’ve seen it work fine on other hosts with Varnish.

    You rely on unique cookies to determine who people are.

    That’s only partially true. There are some tweaks in compatibility mode that make it work around this.

    There are ways to configure Varnish so it doesn’t have this issue. We’ve worked with a number of web hosts to consult on both security and performance issues. We’d be happy to work with you guys too. I’m pretty sure we can find a solution. You’ve got my email or you can contact me through slack if you like.

    – Scott

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    There are ways to configure Varnish so it doesn’t have this issue.

    THAT is news to me ?? I’ll drop you a line from my work email ([email protected]) if I can remember how to grab emails from this silly forum upgrade…

    Plugin Contributor redsand

    (@redsand)

    Right on! I’ll be in touch. ??

    Thread Starter outpost33

    (@outpost33)

    This is great news! Thanks for these responses from Mika and Scott, some nice collaborative work going on here.

    Thanks also for the separate responses I’ve received from SpamShield Tech Support, very helpful indeed.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘WP-SpamShield with Dreampress – Varnish’ is closed to new replies.