Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Avoid landing page redirects for the following chain of redirected URLs.

Discussion in 'Security' started by Reiyad, Feb 24, 2018.

  1. Reiyad

    Reiyad Member

    Joined:
    Jan 20, 2017
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Jordan
    cPanel Access Level:
    Root Administrator
    Hello,

    Something is wrong, yesterday everything was working properly until today, I honestly can not remember if I changed anything, however I keep getting on google PageSpeed Insights "Avoid landing page redirects for the following chain of redirected URLs."

    I am using auto-signed SSL certificate provided by cPanel, there must be an option that is doing the redirect twice, what I am exactly getting is:

    Code:
    http://example.com
    https://example.com
    
    So what exactly happening is the page is getting redirected twice to http before it is forced to open with https.

    Please do not tell me htaccess I have developed hundreds of websites and never had such an error.

    Please help and thanks in advanced.
     
    #1 Reiyad, Feb 24, 2018
    Last edited by a moderator: Feb 24, 2018
  2. Reiyad

    Reiyad Member

    Joined:
    Jan 20, 2017
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Jordan
    cPanel Access Level:
    Root Administrator
    I figured what the problem is, the problem is that:

    Code:
    1. you go to: mywebsite.com
    2. the website gets redirected to mywebsite.com/ "notice the trailing slash at the end"
    3. it gets redirected to https://mywebsite.com/
    This is doable by htaccess, however I haven't done any changes, all I remember is I was configuring the server and all of sudden this happened, this must be doable from cpanel, isn't it?

    If it is not then it is fine I will do that on .htaccess

    Thanks
     
    #2 Reiyad, Feb 25, 2018
    Last edited: Feb 25, 2018
  3. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,749
    Likes Received:
    1,885
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Can you let us know the contents of any existing rules in the .htaccess file under the document root associated with this domain name? Also, can you verify if you've enabled any custom Apache include files, or if you are using a PHP application on this domain name that could possibly utilize functions that redirect traffic?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. Reiyad

    Reiyad Member

    Joined:
    Jan 20, 2017
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Jordan
    cPanel Access Level:
    Root Administrator
    Hi,

    The following is the .htaccess content:

    Code:
    ##
    # @package    Joomla
    # @copyright  Copyright (C) 2005 - 2018 Open Source Matters. All rights reserved.
    # @license    GNU General Public License version 2 or later; see LICENSE.txt
    ##
    
    ##
    # READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE!
    #
    # The line 'Options +FollowSymLinks' may cause problems with some server configurations.
    # It is required for the use of mod_rewrite, but it may have already been set by your
    # server administrator in a way that disallows changing it in this .htaccess file.
    # If using it causes your site to produce an error, comment it out (add # to the
    # beginning of the line), reload your site in your browser and test your sef urls. If
    # they work, then it has been set by your server administrator and you do not need to
    # set it here.
    ##
    
    ## No directory listings
    <IfModule autoindex>
      IndexIgnore *
    </IfModule>
    
    ## Can be commented out if causes errors, see notes above.
    Options +FollowSymlinks
    Options -Indexes
    
    ## Mod_rewrite in use.
    
    RewriteEngine On
    
    ## Begin - Rewrite rules to block out some common exploits.
    # If you experience problems on your site then comment out the operations listed
    # below by adding a # to the beginning of the line.
    # This attempts to block the most common type of exploit `attempts` on Joomla!
    #
    # Block any script trying to base64_encode data within the URL.
    RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
    # Block any script that includes a <script> tag in URL.
    RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
    # Block any script trying to set a PHP GLOBALS variable via URL.
    RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
    # Block any script trying to modify a _REQUEST variable via URL.
    RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
    # Return 403 Forbidden header and show the content of the root home page
    RewriteRule .* index.php [F]
    
    #
    ## End - Rewrite rules to block out some common exploits.
    
    ## Begin - Custom redirects
    #
    # If you need to redirect some pages, or set a canonical non-www to
    # www redirect (or vice versa), place that code here. Ensure those
    # redirects use the correct RewriteRule syntax and the [R=301,L] flags.
    #
    ## End - Custom redirects
    
    ##
    # Uncomment the following line if your webserver's URL
    # is not directly related to physical file paths.
    # Update Your Joomla! Directory (just / for root).
    ##
    
    # RewriteBase /
    
    ## Begin - Joomla! core SEF Section.
    #
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
    #
    # If the requested path and file is not /index.php and the request
    # has not already been internally rewritten to the index.php script
    RewriteCond %{REQUEST_URI} !^/index\.php
    # and the requested path and file doesn't directly match a physical file
    RewriteCond %{REQUEST_FILENAME} !-f
    # and the requested path and file doesn't directly match a physical folder
    RewriteCond %{REQUEST_FILENAME} !-d
    # internally rewrite the request to the index.php script
    RewriteRule .* index.php [L]
    #
    ## End - Joomla! core SEF Section.
    
    
    <IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/plain
    AddOutputFilterByType DEFLATE text/html
    AddOutputFilterByType DEFLATE text/xml
    AddOutputFilterByType DEFLATE text/css
    AddOutputFilterByType DEFLATE application/xml
    AddOutputFilterByType DEFLATE application/xhtml+xml
    AddOutputFilterByType DEFLATE application/rss+xml
    AddOutputFilterByType DEFLATE application/javascript
    AddOutputFilterByType DEFLATE application/x-javascript
    AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
    AddOutputFilterByType DEFLATE application/x-font
    AddOutputFilterByType DEFLATE application/x-font-opentype
    AddOutputFilterByType DEFLATE application/x-font-otf
    AddOutputFilterByType DEFLATE application/x-font-truetype
    AddOutputFilterByType DEFLATE application/x-font-ttf
    AddOutputFilterByType DEFLATE font/opentype
    AddOutputFilterByType DEFLATE font/otf
    AddOutputFilterByType DEFLATE font/ttf
    AddOutputFilterByType DEFLATE image/svg+xml
    AddOutputFilterByType DEFLATE image/x-icon
    AddOutputFilterByType DEFLATE text/javascript
    
    AddOutputFilter DEFLATE .shtml
    
    # Remove browser bugs (only needed for really old browsers)
    BrowserMatch ^Mozilla/4 gzip-only-text/html
    BrowserMatch ^Mozilla/4\.0[678] no-gzip
    BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
    Header append Vary User-Agent
    </IfModule>
    
    <ifModule mod_gzip.c>
    mod_gzip_on Yes
    mod_gzip_dechunk Yes
    mod_gzip_item_include file .(html?|txt|css|js|php|pl)$
    mod_gzip_item_include handler ^cgi-script$
    mod_gzip_item_include mime ^text/.*
    mod_gzip_item_include mime ^application/x-javascript.*
    mod_gzip_item_exclude mime ^image/.*
    mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
    </ifModule>
    
    # BEGIN Expire headers
    <IfModule mod_expires.c>
    # Enable expirations
    ExpiresActive On
    # Default directive
    ExpiresDefault "access plus 1 month"
    # My favicon
    ExpiresByType image/x-icon "access plus 1 year"
    # Images
    ExpiresByType image/gif "access plus 1 month"
    ExpiresByType image/png "access plus 1 month"
    ExpiresByType image/jpg "access plus 1 month"
    ExpiresByType image/jpeg "access plus 1 month"
    # CSS
    ExpiresByType text/css "access plus 1 month"
    # Javascript
    ExpiresByType application/javascript "access plus 1 year"
    
    ExpiresByType text/html "access plus 600 seconds"
    ExpiresByType application/xhtml+xml "access plus 600 seconds"
    # This part sets the expires for the fonts
    ExpiresByType application/vnd.ms-fontobject "access plus 1 year"
    ExpiresByType application/x-font-ttf "access plus 1 year"
    ExpiresByType application/x-font-opentype "access plus 1 year"
    ExpiresByType application/x-font-woff "access plus 1 year"
    ExpiresByType image/svg+xml "access plus 1 year"
    
    </IfModule>
    # END Expire headers
    
    
    
    # BEGIN Cache-Control Headers
    <ifModule mod_headers.c>
    Header set X-Frame-Options "SAMEORIGIN"
    Header set X-XSS-Protection "1; mode=block"
    Header set X-Content-Type-Options nosniff
    
    <FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|webmanifest|woff2?|xloc|xml|xpi)$">
     Header unset X-Frame-Options
    </FilesMatch>
    
    
    <FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$">
        Header set Cache-Control "max-age=2592000, public"
    </FilesMatch>
      <filesMatch "\.(ico|jpe?g|png|gif|swf)$">
        Header set Cache-Control "public"
      </filesMatch>
      <filesMatch "\.(css)$">
        Header set Cache-Control "public"
      </filesMatch>
      <filesMatch "\.(js)$">
        Header set Cache-Control "private"
      </filesMatch>
      <filesMatch "\.(x?html?|php)$">
        Header set Cache-Control "private, must-revalidate"
      </filesMatch>
     
     
     
    </ifModule>
    #Cache-Control:private, max-age=931
    
    Header set Strict-Transport-Security "max-age=31536000" env=HTTPS
    
    RewriteCond %{HTTPS} off [OR]
    RewriteCond %{HTTP_HOST} !^www\. [NC]
    RewriteCond %{HTTP_HOST} ^(www\.)?(.*)$ [NC]
    RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    
    I don't really remember if I installed additional modules, but all I remember is I was configuring the server enabling and disabling things, so not exactly sure where this went wrong.

    I don't use any application that redirect traffics, it is a little bit strange that this is the first time this happens to me but like I mentioned in my other post, I noticed the problem is in the trailing slash at the end of url "/"

    It is being added to the domain, I can do this from htaccess, but I still didn't test with applying any rewriting rules to .htaccess, so I am really not sure why this happened, but I remember when it started to happen it started to happen after I might have been enabled or disabled something but I can not remember what.

    Please let me know if you have any questions or if anything is not clear.

    I look forward to hearing your thoughts on this.

    Regards,
    Rei
     
  5. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,749
    Likes Received:
    1,885
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    Could you open a support ticket using the link in my signature so we can take a closer look?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice