400 Errors - GET /?amp_validate%5Bcache_bust%5D AND GET /?amp_validate%5Bnonce%5D - WordPress on NGINX

[jimgarrigan]

I have been attempting to resolve issues that are generating messages in the access log ...

Feel free to ask for more information. I am an IT guy (on-premises Windows Server products) supporting an Internet site for my job search.

Feb	9	23:06:08	vm_hostname	nginx:	2001:xxx:xxxx::99	-	-	[09/Feb/2025:23:06:08	-0500]	GET /?amp_validate%5Bcache_bust%5D=4011087422&amp_validate%5Bnonce%5D=e7f54949726f4ceb09357995fa94edc1 HTTP/1.1	400	89	-	WordPress/6.6.2; https://staging.mydomain.com	2001:xxx:xxxx::99, 127.0.0.1	~^(.*mydomainname.*)$	GET http://staging.mydomain.com	[DNT	-]	_MobileDevice-No_	path_info	fastcgi_script_name	/index.php	document_root	/path-to-data/staging.mydomain.com	http_x_f_proto https	fp on	Harden 	limit_req -																			

Feb	9	23:06:08	vm_hostname	nginx:	2001:xxx:xxxx::99	-	-	[09/Feb/2025:23:06:08	-0500]	GET /?amp_validate%5Bnonce%5D=e7f54949726f4ceb09357995fa94edc1&amp_validate%5Bcache_bust%5D=4011087422 HTTP/1.1	400	89	-	WordPress/6.6.2; https://staging.mydomain.com	-	~^(.*mydomainname.*)$	GET https://staging.mydomain.com	[DNT	-]	_MobileDevice-No_	path_info	fastcgi_script_name	/	document_root	/path-to-data/staging.mydomain.com	http_x_f_proto -	fp 	Harden 	limit_req -																			

Feb	9	23:16:09	vm_hostname	nginx:	2001:xxx:xxxx::99	-	-	[09/Feb/2025:23:16:08	-0500]	GET /?amp_validate%5Bcache_bust%5D=444474196&amp_validate%5Bnonce%5D=e7f54949726f4ceb09357995fa94edc1 HTTP/1.1	400	89	-	WordPress/6.6.2; https://staging.mydomain.com	2001:xxx:xxxx::99, 127.0.0.1	~^(.*mydomainname.*)$	GET http://staging.mydomain.com	[DNT	-]	_MobileDevice-No_	path_info	fastcgi_script_name	/index.php	document_root	/path-to-data/staging.mydomain.com	http_x_f_proto https	fp on	Harden 	limit_req -																			

Feb	9	23:16:09	vm_hostname	nginx:	2001:xxx:xxxx::99	-	-	[09/Feb/2025:23:16:08	-0500]	GET /?amp_validate%5Bnonce%5D=e7f54949726f4ceb09357995fa94edc1&amp_validate%5Bcache_bust%5D=444474196 HTTP/1.1	400	89	-	WordPress/6.6.2; https://staging.mydomain.com	-	~^(.*mydomainname.*)$	GET https://staging.mydomain.com	[DNT	-]	_MobileDevice-No_	path_info	fastcgi_script_name	/	document_root	/path-to-data/staging.mydomain.com	http_x_f_proto -	fp 	Harden 	limit_req -																			

Feb	10	0:05:08		vm_hostname	nginx:	2001:xxx:xxxx::99	-	-	[10/Feb/2025:00:05:08	-0500]	GET /?amp_validate%5Bcache_bust%5D=3286314457&amp_validate%5Bnonce%5D=e7f54949726f4ceb09357995fa94edc1 HTTP/1.1	400	89	-	WordPress/6.6.2; https://staging.mydomain.com	2001:xxx:xxxx::99, 127.0.0.1	~^(.*mydomainname.*)$	GET http://staging.mydomain.com	[DNT	-]	_MobileDevice-No_	path_info	fastcgi_script_name	/index.php	document_root	/path-to-data/staging.mydomain.com	http_x_f_proto https	fp on	Harden 	limit_req -																			

Feb	10	0:05:08		vm_hostname	nginx:	2001:xxx:xxxx::99	-	-	[10/Feb/2025:00:05:08	-0500]	GET /?amp_validate%5Bnonce%5D=e7f54949726f4ceb09357995fa94edc1&amp_validate%5Bcache_bust%5D=3286314457 HTTP/1.1	400	89	-	WordPress/6.6.2; https://staging.mydomain.com	-	~^(.*mydomainname.*)$	GET https://staging.mydomain.com	[DNT	-]	_MobileDevice-No_	path_info	fastcgi_script_name	/	document_root	/path-to-data/staging.mydomain.com	http_x_f_proto -	fp 	Harden 	limit_req -																			

[westonruter]

Hummm. What happens when you try replaying those requests without the added query parameters? Do you have some security layer that is blocking requests containing a given parameter? What is the response body of the 400 responses? Does that indicate what is a problem with the requests?

[jimgarrigan]

Hi Weston, I will try to do so, but it is not within my area of expertise. For testing, I will revert to a virtual machine snapshot with a simpler configuration. Jim From: Weston Ruter ***@***.***> Sent: Monday, February 10, 2025 1:56 PM To: ampproject/amp-wp ***@***.***> Cc: James Garrigan ***@***.***>; Author ***@***.***> Subject: Re: [ampproject/amp-wp] 400 Errors - GET /?amp_validate%5Bcache_bust%5D AND GET /?amp_validate%5Bnonce%5D - WordPress on NGINX (Issue #7984) Hummm. What happens when you try replaying those requests without the added query parameters? Do you have some security layer that is blocking requests containing a given parameter? What is the response body of the 400 responses? Does that indicate what is a problem with the requests? - Reply to this email directly, view it on GitHub<#7984 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/A2J6EFNLVNHIRV3D37T253L2PDY2TAVCNFSM6AAAAABWZWSGK2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDMNBYHE2TGMZZGQ>. You are receiving this because you authored the thread.Message ID: ***@***.******@***.***>>

[jimgarrigan]

I am working from the reverted VM snapshot forwards until I see the issue.

Unrelated question: Is the WordFence compatibility plugin still required? amp-wordfence-compat.php

 * AMP Wordfence Compat plugin bootstrap.
 *
 * @package   Google\AMP_Wordfence_Compat
 * @author    Weston Ruter, Google
 * @license   GPL-2.0-or-later
 * @copyright 2020 Google Inc.

Thank you

[westonruter]

@jimgarrigan that compatibility plugin is probably still worthwhile if you're using Wordfence. Come to think of it, Wordfence may be responsible for the 400 status errors if it seems the additional query vars added by the AMP plugin to not be legitimate.

[jimgarrigan]

Hi Weston, I went down the rabbit hole. This VM snapshot does not have Wordfence installed. I do not see the issue within this snapshot.. My issue might be related to Varnish and all URL's that begin as GET /?. If I can prevent NGINX from sending GET /? to varnish, then I will copy that configuration to the problematic VM snapshot. I am experimenting now.

[jimgarrigan]

Hi Weston,

My ideas did not produce positive results, but I do have information to share with you. I attached four images.

Perhaps these issues are "nothing to write home about". The subject matter is not within my area of expertise.

I put the URL into Firefox. All of the similar URL's produce the same result
/?amp_validate%5Bnonce%5D=8be8326e0ffd48faf7f2f6bda4bae5d4&amp_validate%5Bcache_bust%5D=221726971

{
  "code": "AMP_NOT_REQUESTED",
  "message": "The requested URL is not an AMP page."
}

Feb 11 14:25:29 vm_hostname nginx: 2001:xxx:xxxx:0:xxxx:xxxx:xxx:xxxx - - [11/Feb/2025:14:25:29 -0500] "GET /?amp_validate%5Bnonce%5D=8be8326e0ffd48faf7f2f6bda4bae5d4&amp_validate%5Bcache_bust%5D=221726971 HTTP/2.0" 400 78 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:135.0) Gecko/20100101 Firefox/135.0" "-" ~^(.*garrigan.*)$ "GET https://staging.mydomain.com" [DNT -] _MobileDevice-No_ path_info  fastcgi_script_name / document_root /path-to-www-data-files "http_x_f_proto -" "fp " "Harden " "limit_req -" "hereiam "

The referenced attachments are screen images from Firefox.

[westonruter]

OK, that is quite helpful. That indicates that this method is running:

amp-wp/includes/validation/class-amp-validation-manager.php

Lines 536 to 554 in ec0aa58

	/**
	* Short-circuit validation requests which are for URLs that are not AMP pages.
	*
	* @since 2.1
	*/
	public static function maybe_fail_validate_request() {
	if ( ! self::is_validate_request() || amp_is_request() ) {
	return;
	}
	if ( ! amp_is_available() ) {
	$code = 'AMP_NOT_AVAILABLE';
	$message = __( 'The requested URL is not an AMP page. AMP may have been disabled for the URL. If so, you can forget the Validated URL.', 'amp' );
	} else {
	$code = 'AMP_NOT_REQUESTED';
	$message = __( 'The requested URL is not an AMP page.', 'amp' );
	}
	wp_send_json( compact( 'code', 'message' ), 400 );
	}

So apparently the request being made results in amp_is_request() returning false. The requests you shared were to the homepage. So do you not have AMP enabled on your homepage?

What template mode do you have the AMP plugin configured in? Standard, Transitional, or Reader?

[jimgarrigan]

I have AMP enabled for the homepage and it is configured as Transitional.

The attachment shows the top of the page when viewed via AMP browsing within the WordPress Administrative pages.

[westonruter]

Very strange. I'm not sure what is happening. So if you try hovering on AMP menu item in the admin bar you should see a "Validate URL" menu item. When you do that, I suppose it shows an error as well? Note that this is one way to cause those amp_validate requests to be made. Another way is to edit a post or to activate a plugin.

I suggest deactivating all plugins except for AMP and then see if the issue still happens. Then try reactivating one-by-one. You can use the Health Check & Troubleshooting plugin to facilitate this.

[jimgarrigan]

Hi Weston,

When I hover on the AMP menu item in the admin bar I see a "Validate URL" menu item.

I will deactivate all plugins except for AMP ...

Thank you

[jimgarrigan]

Hi Weston, I am testing combinations ... I hope to have more information within a week.