• Questions

  • How to exclude Cart/checkout page from being cached?

Hello

we are using Nginx’s fastcgi_cache on site.

I just noted that Cart/ checkout page are being cached, as I note customer information on the checkout page, and here is a screenshot:

When I try wo site edit mysite.com:

`server {

# Uncomment the following line for domain mapping
# listen 80 default_server;

server_name mysite.com *.mysite.com;

# Uncomment the following line for domain mapping
#server_name_in_redirect off;

access_log /var/log/nginx/lovcour.com.access.log rt_cache;
error_log /var/log/nginx/lovcour.com.error.log;


root /var/www/mysite.com/htdocs;

index index.php index.html index.htm;


include common/wpfc-php81.conf;

include common/wpcommon-php81.conf;
include common/locations-wo.conf;
include /var/www/lovcour.com/conf/nginx/*.conf;

}

`

I checked locations-wo.conf, it show:

# NGINX CONFIGURATION FOR COMMON LOCATION - WordOps 3.16.3
# DO NOT MODIFY, ALL CHANGES WILL BE LOST AFTER AN WordOps (wo) UPDATE
# Basic locations files
location = /favicon.ico {
    try_files /wp-content/uploads/fbrfg/favicon.ico $uri $uri/ /index.php?$args @empty_gif;
    access_log off;
    log_not_found off;
    expires max;
}
location @empty_gif {
    empty_gif;
}
# Cache static files
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|woff2|ttf|m4a|mp4|ttf|rss|atom|jpe?g|gif|cur|heic|png|tiff|ico|webm|mp3|aac|tgz|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp|json|webmanifest|cast)$ {
    more_set_headers 'Access-Control-Allow-Origin : *';
    more_set_headers  "Cache-Control : public, no-transform";
    access_log off;
    log_not_found off;
    expires max;
}
# Cache css & js files
location ~* \.(?:css(\.map)?|js(\.map)?)$ {
    more_set_headers 'Access-Control-Allow-Origin : *';
    more_set_headers  "Cache-Control : public, no-transform";
    access_log off;
    log_not_found off;
    expires 30d;
}
# Security settings for better privacy
# Deny hidden files
location ~ /\.(?!well-known\/) {
    deny all;
}
# letsencrypt validation
location /.well-known/acme-challenge/ {
   alias /var/www/html/.well-known/acme-challenge/;
   allow all;
   auth_basic off;
}
# Private Prefetch Proxy
# https://developer.chrome.com/blog/private-prefetch-proxy/
location /.well-known/traffic-advice {
   types { } default_type "application/trafficadvice+json; charset=utf-8";
   return 200 "[{\n  \"user_agent\": \"prefetch-proxy\",\n  \"google_prefetch_proxy_eap\": {\n    \"fraction\": 1.0\n  }\n}]";
   allow all;
}
# Return 403 forbidden for readme.(txt|html) or license.(txt|html) or example.(txt|html) or other common git repository files
location ~*  "/(^$|readme|license|example|README|LEGALNOTICE|INSTALLATION|CHANGELOG)\.(txt|html|md)" {
    deny all;
}
# Deny backup extensions & log files and return 403 forbidden
location ~* "\.(old|orig|original|php#|php~|php_bak|save|swo|aspx?|tpl|sh|bash|bak?|cfg|cgi|dll|exe|git|hg|ini|jsp|log|mdb|out|sql|svn|swp|tar|rdf|gz|zip|bz2|7z|pem|asc|conf|dump)$" {
    deny all;
}
location ~* "/(=|\$&|_mm|(wp-)?config\.|cgi-|etc/passwd|muieblack)" {
    deny all;
}

# block base64_encoded content
location ~* "(base64_encode)(.*)(\()" {
    deny all;
}

# block javascript eval()
location ~* "(eval\()" {
    deny all;
}

# Additional security settings

location ~* "(127\.0\.0\.1)" {
    deny all;
}
location ~* "([a-z0-9]{2000})" {
    deny all;
}
location ~* "(javascript\:)(.*)(\;)" {
    deny all;
}
location ~* "(GLOBALS|REQUEST)(=|\[|%)" {
    deny all;
}
location ~* "(<|%3C).*script.*(>|%3)" {
    deny all;
}
location ~ "(\\|\.\.\.|\.\./|~|`|<|>|\|)" {
    deny all;
}
location ~* "(boot\.ini|etc/passwd|self/environ)" {
    deny all;
}
location ~* "(thumbs?(_editor|open)?|tim(thumb)?)\.php" {
    deny all;
}
location ~* "(\'|\")(.*)(drop|insert|md5|select|union)" {
    deny all;
}
location ~* "(https?|ftp|php):/" {
    deny all;
}
location ~* "(=\\\'|=\\%27|/\\\'/?)\." {
    deny all;
}
location ~ "(\{0\}|\(/\(|\.\.\.|\+\+\+|\\\"\\\")" {
    deny all;
}
location ~ "(~|`|<|>|:|;|%|\\|\s|\{|\}|\[|\]|\|)" {
    deny all;
}

Could you please let me know which conf file I should touch and check if the Cart/checkout page are excluded from being cached?

Thanks

It seems that the cache configration is in include common/wpfc-php81.conf:

But, it point to etc/nginx/conf.d/map-wp.conf:

# WPFC NGINX CONFIGURATION - WordOps 3.16.3
# DO NOT MODIFY, ALL CHANGES WILL BE LOST AFTER AN WordOps (wo) UPDATE
# $skip_cache variable set in /etc/nginx/conf.d/map-wp.conf

add_header X-fastcgi-cache $upstream_cache_status;
# Use cached or actual file if they exists, Otherwise pass request to WordPress
location / {
  try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
  try_files $uri =404;
  include fastcgi_params;
  fastcgi_pass php81;
  fastcgi_cache_bypass $skip_cache;
  fastcgi_no_cache $skip_cache;
  fastcgi_cache WORDPRESS;
}
location ~ /purge(/.*) {
  fastcgi_cache_purge WORDPRESS "$scheme$request_method$host$1";
  access_log off;
}

`

and in etc/nginx/conf.d/map-wp.conf:

`# NGINX CONFIGURATION FOR FASTCGI_CACHE EXCEPTION - WordOps 3.16.3
# DO NOT MODIFY, ALL CHANGES WILL BE LOST AFTER AN WordOps (wo) UPDATE

# do not cache xhtml request
map $http_x_requested_with $http_request_no_cache {
    default 0;
    XMLHttpRequest 1;
}

# do not cache requests on cookies
map $http_cookie $cookie_no_cache {
    default 0;
    "~*wordpress_[a-f0-9]+" 1;
    "~*wp-postpass" 1;
    "~*wordpress_logged_in" 1;
    "~*wordpress_no_cache" 1;
    "~*comment_author" 1;
    "~*woocommerce_items_in_cart" 1;
    "~*edd_items_in_cart" 1;
    "~*woocommerce_cart_hash" 1;
    "~*wptouch_switch_toogle" 1;
    "~*comment_author_email_" 1;
    "~*wptouch_switch_toggle" 1;
    "~*edd" 1;
}

# do not cache the following uri
map $request_uri $uri_no_cache {
    default 0;
    "~*/wp-admin/" 1;
    "~*/wp-[a-zA-Z0-9-]+\.php" 1;
    "~*/feed/" 1;
    "~*/index\.php" 1;
    "~*/[a-z0-9_-]+-sitemap([0-9]+)?\.xml" 1;
    "~*/sitemap(_index)?\.xml" 1;
    "~*/wp-comments-popup\.php" 1;
    "~*/wp-links-opml\.php" 1;
    "~*/xmlrpc\.php" 1;
    "~*/edd-sl/.*" 1;
    "~*/add_to_cart/" 1;
    "~*/cart/" 1;
    "~*/account/" 1;
    "~*/my-account/" 1;
    "~*/checkout/" 1;
    "~*/addons/" 1;
    "~*/wc-api/.*" 1;
    "~*/logout/" 1;
    "~*/lost-password/" 1;
    "~*/panier/" 1;
    "~*/mon-compte/" 1;
    "~*/embed" 1;
    "~*/commande/" 1;
    "~*/resetpass/" 1;
    "~*/wp.serviceworker" 1;
}
# mobile_prefix needed for WP-Rocket
map $http_user_agent $mobile_prefix {
    default "";
    "~*iphone" -mobile;
    "~*android" -mobile;
}

# do not cache requests with query strings
map $is_args $is_args_no_cache {
    default 1;
    "" 0;
}

# cache requests with query string related to analytics
map $args $args_to_cache {
    default 0;
    "~*utm_" 1;
    "~*fbclid" 1;
}

# do not cache requests with query strings excepted analytics related queries
map $is_args_no_cache$args_to_cache $query_no_cache {
    defaut 1;
    00 0;
    11 0;
}

# if all previous check are passed, $skip_cache = 0
map $http_request_no_cache$cookie_no_cache$uri_no_cache$query_no_cache $skip_cache {
    default 1;
    0000 0;
}

# map $skip_cache with $cache_uri for --wpsc --wpce & --wprocket stack
map $skip_cache $cache_uri {
    0 $request_uri;
    default 'null cache';
}

# http_prefix needed for WP-Rocket
map $https $https_prefix {
    default "";
    on "-https";
}

# needed to proxy web-socket connections
map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

Is this a workable confirgration method please?

11 days later

Well, I believe there is issue with Nginx Fastcgi Cache, it always cache those page that should be excluded.

I switch the cache to be Redis cache, and then swtich back to the Nginx Fastcgi, it seems can temporarily fix it, but I am not sure how long the issue will happen again.

In your original screenshot the header says x-fastcgi-cache = bypass, therefore the page served has not been cached by Nginx. The exclusion is working.

18 days later

Still not sure what cause the issue, sometimes the issue will happens

Hosted by VirtuBox