Reduce Comment Spam Module valid_referer

  • shubhamgulati91

    (@shubhamgulati91)


    6 years, 2 months ago

    Below is the code from my nginx config file generated by plugin.
    Am I missing something? Users are facing 403 on posting comments.

    # Reduce Comment Spam – Security > Settings > WordPress Tweaks > Comment Spam
    location = /wp-comments-post.php {
    limit_except POST { deny all; }
    if ($http_user_agent ~ “^$”) { return 403; }
    valid_referers server_names jetpack.wordpress.com/jetpack-comment/;
    if ($invalid_referer) { return 403; }
    }

    When I change it to:
    valid_referers server_names jetpack.wordpress.com/jetpack-comment/ *.mysite.com;
    Post Comment works. Update: still doesnt work. I have to disable Reduce comment spam to allow legit user comments.

    Do I explicitly need to add *.mysite.com?
    Ofcourse mysite.com implies the domain and is not the actual URL.

    Server is nginx.

Viewing 3 replies - 1 through 3 (of 3 total)
  • nlpro

    (@nlpro)

    6 years, 2 months ago

    Are you sure 403 is returned because of an invalid referer ?

    Perhaps it’s returning 403 because of the user_agent.

    To prevent any confusion, I’m not iThemes.

    Thread Starter shubhamgulati91

    (@shubhamgulati91)

    6 years, 2 months ago

    Thanks, but I tried removing conditions one by one, in combinations and even adding *.mysite.com as
    valid_referers server_names jetpack.wordpress.com/jetpack-comment/ *.mysite.com;
    Nothing has worked so far except for disabling the module.

    nlpro

    (@nlpro)

    6 years, 2 months ago

    Can you confirm there are no 403’s when temporarily removing the last line:

    if ($invalid_referer) { return 403; }

    from the nginx config file ?

    If so I would try and figure out what value(s) server_names returns.

    What nginx version are you using ?

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Reduce Comment Spam Module valid_referer’ is closed to new replies.