Facebook
Twitter- Server operating system version
- Almalinux 10.1
- Plesk version and microupdate number
- Plesk Obsidian 18.0.77.1
Environment
- Plesk Obsidian 18.0.77.1 (AlmaLinux 10.1)
- nginx 1.28.3
- WordPress site with nginx caching enabled (Web Server Settings → Smart Static Files Processing / nginx cache)
Problem
In the domain's Apache & nginx settings → "nginx caching" → "Cache requests with cookies" I added common analytics cookies (_ga, _gid, _gat, _fbp, _fbc, _ga_N68HH2MJ1V, PHPSESSID, plesk_technical_domain) so that requests carrying only these cookies would still be served from cache.However, every request that contains any cookie — even a cookie that is in the whitelist — still returns x-cache-status: BYPASS. Only requests with no Cookieheader at all are cached (HIT).
Test results
# No cookies$ curl -sI https://example.tld/ | grep x-cache
x-cache-status: HIT
# Cookie that IS in the whitelist
$ curl -sI -b "_ga=test" https://example.tld/ | grep x-cache
x-cache-status: BYPASS
# Another whitelisted cookie
$ curl -sI -b "PHPSESSID=test" https://example.tld/ | grep x-cache
x-cache-status: BYPASS
Root cause (debug)
I added two temporary debug headers to the generated vhost config:add_header X-Debug-Cookie "$cache_cookie" always;
add_header X-Debug-NoCache "$no_cache" always;
Result for Cookie: _ga=test:
x-debug-cookie: _ga=test
x-debug-nocache: 1
So $cache_cookie is not stripped — none of the if ($cache_cookie ~ "...") blocks match, and $no_cache is set to 1, causing bypass.
The generated regexes look correct but don't match
The Plesk-generated config at /etc/nginx/plesk.conf.d/vhosts/<domain>.conf contains:set $cache_cookie $http_cookie;
if ($cache_cookie ~ "(.*)(?:^|
\\s*_ga=[^;]+(?:$|(.*)") {set $cache_cookie $1$2;
}
if ($cache_cookie ~ "(.*)(?:^|
\\s*PHPSESSID=[^;]+(?:$|(.*)") {set $cache_cookie $1$2;
}
...
if ($cache_cookie !~ "^\s*$") {
set $no_cache 1;
}
That regex matches _ga=test perfectly in PCRE/Python:
>>> import re
>>> re.match(r"(.*)(?:^|
\s*_ga=[^;]+(?:$|(.*)", "_ga=test").groups()('', '')
But in nginx the if block never triggers. I verified by temporarily replacing one of the blocks with a simple if ($cache_cookie ~* "_ga") { set $cache_cookie "STRIPPED"; } — that one does fire, so the if mechanism itself works. Only the Plesk-generated complex regex does not match.
Suspected issue
The $ inside (?:$| in a double-quoted nginx string may be consumed by nginx's variable interpolation (since $ followed by a non-identifier falls into an unclear/version-dependent behavior), resulting in the compiled regex being different from what is written.Also noted
Entering .* as a cookie name in the Plesk UI is escaped to \.\* in the generated config, producing:if ($cache_cookie ~ "(.*)(?:^|
\\s*\\.\\*=[^;]+(?:$|(.*)") { ... }— i.e. it looks for a cookie literally named .*. So there is no way through the UI to whitelist all cookies.
Question
- Is this a known bug with the cookie-stripping regex in the generated nginx vhost config?
- Is there a supported way to effectively disable cookie-based cache bypass (so that only specific cookies like wordpress_logged_in bypass the cache)?
- Can the "Cache requests with cookies" field be changed to accept a wildcard / regex pattern, or output a working regex?
Thanks.
