The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

AutoSSL override htaccess

Discussion in 'Security' started by Nirjonadda, Dec 31, 2016.

Tags:
  1. Nirjonadda

    Nirjonadda Well-Known Member

    Joined:
    May 8, 2013
    Messages:
    341
    Likes Received:
    8
    Trophy Points:
    18
    cPanel Access Level:
    Website Owner
    Does cPanel AutoSSL override htaccess ? Can i remove this rules from htaccess? Please let me know that can i still use this my

    My original htaccess is :

    Code:
    RewriteEngine On
    
    # Force SSL:
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
    
    # Force www:
    RewriteCond %{HTTP_HOST} !^$
    RewriteCond %{HTTP_HOST} !^www\. [NC]
    RewriteCond %{HTTPS}s ^on(s)|
    RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
    cPanel added:

    Code:
    RewriteEngine On
    
    RewriteCond %{HTTP_HOST} !^www\.example\.com
    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
    RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    RewriteRule (.*) http://www.example.com/$1 [R=301,L]
    
    RewriteCond %{HTTPS} off
    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
    RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
    
    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
    RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    
    RewriteCond %{QUERY_STRING} (^|\?|&)p=([0-9]+)($|&)
    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
    RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    RewriteRule ^showthread\.php$ /posts/%2/? [R=301,L]
    RewriteCond %{QUERY_STRING} (^|\?)([0-9]+)-[^/]+/page([0-9]+)$
    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
    RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    RewriteRule ^showthread\.php$ /threads/%2/page-%3? [R=301,L]
    RewriteCond %{QUERY_STRING} (^|\?)([0-9]+)-.*$
    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
    RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    RewriteRule ^showthread\.php$ /threads/%2/? [R=301,L]
    
     
    #1 Nirjonadda, Dec 31, 2016
    Last edited by a moderator: Dec 31, 2016
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    36,995
    Likes Received:
    1,275
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The following entries are automatically added before each RewriteRule in the .htaccess file when AutoSSL is enabled to ensure certificates validate successfully:

    Code:
    RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}.txt(?:\ Comodo\ DCV)?$
    RewriteCond %{REQUEST_URI} !^[0-9]+\..+\.cpaneldcv$
    These rules create exceptions (note the preceding !) so that matching REQUEST_URIs do not get rewritten, and should not prevent the existing rules from working.

    Are the rule additions causing any problems on the website?

    Thanks!
     
  3. Nahoo

    Nahoo Member

    Joined:
    Oct 7, 2004
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    151
    Just use this as the first rule in the .htaccess, then you don't need subsequent conditions....

    Code:
    RewriteCond %{REQUEST_URI} ^/(?:[0-9]+\..+\.cpaneldcv|[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?|\.well-known/acme-challenge/[0-9a-zA-Z_-]+)$
    RewriteRule .* - [L] 
     
  4. garconcn

    garconcn Well-Known Member

    Joined:
    Oct 29, 2009
    Messages:
    113
    Likes Received:
    4
    Trophy Points:
    68
    Our server has AutoSSL disabled, but still found the .htaccess was modified with this rewrite rule when client install the self-signed ssl in cpanel. This did cause a wordpress site down with error:


    Here's the .htaccess file:

    Code:
    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
    RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
    RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    RewriteRule . /index.php [L]
    </IfModule>
    
    # END WordPress
    RewriteCond %{HTTP_HOST} ^domainname\.com$ [OR]
    RewriteCond %{HTTP_HOST} ^www\.domainname\.com$
    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
    RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    RewriteRule ^/?$ "http\:\/\/domainname\.com\/wp" [R=301,L]
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    36,995
    Likes Received:
    1,275
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    As of cPanel version 64, you can remove those entries in favor of the following option under the "Domains" tab in "WHM >> Tweak Settings" if you prefer:

    Use a Global DCV rewrite exclude instead of .htaccess modification (requires Apache 2.4+, EA4)

    Here's the description for this option:

    When you enable this option, Apache adds global rewrite rules to the webserver configuration so that the system does not process additional rewrite rules for DCV filenames. These global rules make it unnecessary for cPanel & WHM to modify each account’s .htaccess file. Note: When you enable this option, the system receives a trivial performance penalty because all of the HTTP requests must be matched against the DCV filename regular expressions.

    Thank you.
     
    linux4me2 likes this.
  6. Nirjonadda

    Nirjonadda Well-Known Member

    Joined:
    May 8, 2013
    Messages:
    341
    Likes Received:
    8
    Trophy Points:
    18
    cPanel Access Level:
    Website Owner
    If we enable this option then will automatically remove this rules from htaccess? Where are create the Global DCV rewrite files? Still are using cPanel-generated handler and cPanel-generated php ini directives rules? Why not Global option for this rules?

    Code:
    # BEGIN cPanel-generated php ini directives, do not edit
    <IfModule php7_module>
       php_flag display_errors On
       php_value max_execution_time 360
       php_value max_input_time 240
       php_value max_input_vars 100000
       php_value memory_limit 4095M
       php_value session.gc_maxlifetime 1440
       php_value session.save_path "/var/cpanel/php/sessions/ea-php71"
       php_value upload_max_filesize 128M
    </IfModule>
    # END cPanel-generated php ini directives, do not edit
    
    # php -- BEGIN cPanel-generated handler, do not edit
    # Set the “ea-php71” package as the default “PHP” programming language.
    <IfModule mime_module>
      AddType application/x-httpd-php .php .php7 .phtml
    </IfModule>
    # php -- END cPanel-generated handler, do not edit
     
    linux4me2 likes this.
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    36,995
    Likes Received:
    1,275
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    The rewrite rules are added to the Apache configuration file (/etc/apache2/conf/httpd.conf) when the option is enabled. EX:

    Code:
    <IfModule rewrite_module>
    # Global DCV Exclude
    RewriteEngine on
    RewriteCond %{REQUEST_URI} ^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ [OR]
    RewriteCond %{REQUEST_URI} ^/[0-9]+\..+\.cpaneldcv$
    
    # Exclude proxy subdomains as we need rewrites to capture the DCV requests
    RewriteCond %{HTTP_HOST} !^(?:autoconfig|autodiscover|cpanel|cpcalendars|cpcontacts|webdisk|webmail|whm)\.
    RewriteRule ^ - [END]
    </IfModule>
    
    This is unrelated to the PHP configuration values in the .htaccess file. Please open a new thread if you'd like to inquire about those entries, as they relate to the MultiPHP INI Editor and not the AutoSSL rewrite rules.

    Thank you.
     
    linux4me2 likes this.
  8. Nirjonadda

    Nirjonadda Well-Known Member

    Joined:
    May 8, 2013
    Messages:
    341
    Likes Received:
    8
    Trophy Points:
    18
    cPanel Access Level:
    Website Owner
    If we enable this option then will automatically remove this rules from htaccess?
     
    linux4me2 likes this.
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    36,995
    Likes Received:
    1,275
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    No, the existing DCV exclusion rules in .htaccess files are not automatically removed.

    Thank you.
     
    linux4me2 likes this.
  10. Nirjonadda

    Nirjonadda Well-Known Member

    Joined:
    May 8, 2013
    Messages:
    341
    Likes Received:
    8
    Trophy Points:
    18
    cPanel Access Level:
    Website Owner
    If this, you are recommended to using Global DCV rewrite option?
     
    linux4me2 likes this.
  11. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    36,995
    Likes Received:
    1,275
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    The performance penalty is minimal. You are likely to not notice a difference.

    Thank you.
     
    linux4me2 likes this.
  12. Nirjonadda

    Nirjonadda Well-Known Member

    Joined:
    May 8, 2013
    Messages:
    341
    Likes Received:
    8
    Trophy Points:
    18
    cPanel Access Level:
    Website Owner
    If we disable this option then does auto remove this code and added to via htaccess?
     
    linux4me2 likes this.
  13. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    36,995
    Likes Received:
    1,275
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Disabling "Use a Global DCV rewrite exclude instead of .htaccess modification (requires Apache 2.4+, EA4)" automatically removes those rules in the Apache configuration file. The AutoSSL functionality would then add rules to the .htaccess files as needed during the domain validation process.

    Thank you.
     
    linux4me2 likes this.
  14. Nirjonadda

    Nirjonadda Well-Known Member

    Joined:
    May 8, 2013
    Messages:
    341
    Likes Received:
    8
    Trophy Points:
    18
    cPanel Access Level:
    Website Owner
    I have enabled "Use a Global DCV rewrite exclude instead of .htaccess modification (requires Apache 2.4+, EA4)" but still adding rules to the .htaccess files with Create a New Account.

    Code:
    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
    RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
     
  15. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    36,995
    Likes Received:
    1,275
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    I'm unable to reproduce this behavior. Could you open a support ticket using the link in my signature so we can take a closer look at the affected system?

    Thank you.
     
Loading...

Share This Page