The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Apache headers not being sent

Discussion in 'EasyApache' started by chem456r, Aug 25, 2016.

  1. chem456r

    chem456r Member

    Joined:
    Aug 25, 2016
    Messages:
    6
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Greece
    cPanel Access Level:
    Root Administrator
    So, I'm using WHM 58.0 (build 24) with:

    Code:
    ```
    root@host [~]# httpd -M && httpd -V
    Loaded Modules:
    core_module (static)
    so_module (static)
    http_module (static)
    mpm_prefork_module (shared)
    cgi_module (shared)
    access_compat_module (shared)
    actions_module (shared)
    alias_module (shared)
    auth_basic_module (shared)
    authn_core_module (shared)
    authn_file_module (shared)
    authz_core_module (shared)
    authz_groupfile_module (shared)
    authz_host_module (shared)
    authz_user_module (shared)
    autoindex_module (shared)
    deflate_module (shared)
    dir_module (shared)
    expires_module (shared)
    filter_module (shared)
    headers_module (shared)
    include_module (shared)
    log_config_module (shared)
    logio_module (shared)
    mime_module (shared)
    negotiation_module (shared)
    proxy_module (shared)
    proxy_fcgi_module (shared)
    proxy_http_module (shared)
    rewrite_module (shared)
    setenvif_module (shared)
    slotmem_shm_module (shared)
    socache_dbm_module (shared)
    socache_shmcb_module (shared)
    status_module (shared)
    unique_id_module (shared)
    unixd_module (shared)
    userdir_module (shared)
    version_module (shared)
    ssl_module (shared)
    bwlimited_module (shared)
    security2_module (shared)
    ruid2_module (shared)
    Server version: Apache/2.4.23 (cPanel)
    Server built:   Aug  6 2016 16:06:17
    Server's Module Magic Number: 20120211:61
    Server loaded:  APR 1.5.2, APR-UTIL 1.5.2
    Compiled using: APR 1.5.2, APR-UTIL 1.5.2
    Architecture:   64-bit
    Server MPM:     prefork
      threaded:     no
        forked:     yes (variable process count)
    Server compiled with....
    -D APR_HAS_SENDFILE
    -D APR_HAS_MMAP
    -D APR_HAVE_IPV6 (IPv4-mapped addresses disabled)
    -D APR_USE_SYSVSEM_SERIALIZE
    -D APR_USE_PTHREAD_SERIALIZE
    -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
    -D APR_HAS_OTHER_CHILD
    -D AP_HAVE_RELIABLE_PIPED_LOGS
    -D DYNAMIC_MODULE_LIMIT=256
    -D HTTPD_ROOT="/etc/apache2"
    -D SUEXEC_BIN="/usr/sbin/suexec"
    -D DEFAULT_PIDLOG="/var/run/apache2/httpd.pid"
    -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
    -D DEFAULT_ERRORLOG="logs/error_log"
    -D AP_TYPES_CONFIG_FILE="conf/mime.types"
    -D SERVER_CONFIG_FILE="conf/httpd.conf"
    ```
    
    Up until some time ago, all my headers I was setting up were working. I'm using html5 boilerplate apache server configs, so take this directive for example

    Code:
    
    ```
    <IfModule mod_headers.c>
    
      #  (1)  (2)
      Header set X-XSS-Protection "1; mode=block"
    
      # `mod_headers` cannot match based on the content-type, however,
      # the `X-XSS-Protection` response header should be send only for
      # HTML documents and not for the other resources.
    
      <FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|webmanifest|woff2?|xloc|xml|xpi)$">
      Header unset X-XSS-Protection
      </FilesMatch>
    
    </IfModule>
    ```
    
    This doesn't work anymore, i.e. I don't see the header being sent in any of the sites hosted on the server.

    Code:
    ```
    HTTP/2 200
    date: Thu, 25 Aug 2016 15:32:43 GMT
    content-type: text/html; charset=utf-8
    set-cookie: __cfduid=foo; expires=Fri, 25-Aug-17 15:32:43 GMT; path=/; domain=.foo.bar; HttpOnly
    x-drupal-cache: HIT
    content-language: el
    x-frame-options: SAMEORIGIN
    x-generator: Drupal 7 ([URL='http://drupal.org']Drupal - Open Source CMS | Drupal.org[/URL])
    link: <[URL]https://foo.bar/>;[/URL] rel="canonical",<[URL]https://foo.bar/>;[/URL] rel="shortlink"
    cache-control: public, max-age=10800
    expires: Sun, 19 Nov 1978 05:00:00 GMT
    vary: Cookie,Accept-Encoding
    last-modified: Thu, 25 Aug 2016 15:16:52 GMT
    strict-transport-security: max-age=15552000; preload
    x-content-type-options: nosniff
    server: cloudflare-nginx
    cf-ray: 2d80192af5c93608-LHR
    ```
    
    
     
    #1 chem456r, Aug 25, 2016
    Last edited by a moderator: Aug 25, 2016
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    653
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
  3. chem456r

    chem456r Member

    Joined:
    Aug 25, 2016
    Messages:
    6
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Greece
    cPanel Access Level:
    Root Administrator
    The problem happens when the pages are served with PHP.

    If I use a pure index.html file I get all the headers as expected. So it's something with PHP and Apache modules.

    I created Ticket ID: 7639003
     
Loading...

Share This Page