Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Comodo entries added to htaccess

Discussion in 'Security' started by canou83, Nov 17, 2016.

Tags:
  1. canou83

    canou83 Well-Known Member

    Joined:
    Jul 20, 2016
    Messages:
    74
    Likes Received:
    7
    Trophy Points:
    8
    Location:
    France
    cPanel Access Level:
    Website Owner
    Hi. I need your clarification. My .htacesse looks like this according to my different sites with regards to the RewriteEngine. Out of all my sites, Cpanel has added in number:
    Code:
    ]
    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
    RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    
    # SEO URL Settings
    RewriteEngine On
    # If your opencart installation does not run on the main web folder make sure you folder it does run in ie. / becomes /shop/
    
    RewriteBase /
        RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
        RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
        RewriteRule ^sitemap.xml$ index.php?route=feed/google_sitemap [L]
    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
    RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
        RewriteRule ^googlebase.xml$ index.php?route=feed/google_base [L]
    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
    RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
        RewriteRule ^download/(.*) index.php?route=error/not_found [L]
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteCond %{REQUEST_FILENAME} !-d
        RewriteCond %{REQUEST_URI} !.*\.(ico|gif|jpg|jpeg|png|js|css)
    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
    RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
        RewriteRule ^([^?]*) index.php?_route_=$1 [L,QSA]
        RewriteCond %{HTTP_HOST} ^example.com$
    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
    RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
        RewriteRule ^(.*) [URL]http://www.example.com/$1[/URL] [QSA,L,R=301]
        RewriteCond %{QUERY_STRING} ^(.*)common/home(.*)$
    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
    RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
        RewriteRule ^index\.php$ http://www.example.com/? [L,R=301]
    
    I do not understand what these two lines are and why do they come so many times?

    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
    RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$

    Thank you for your help.
     
    #1 canou83, Nov 17, 2016
    Last edited by a moderator: Nov 17, 2016
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,659
    Likes Received:
    1,428
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    We now automatically update .htaccess files to exclude DCV checks from HTTP redirections so that the DCV checks complete successfully. This resolves issues that some customers reported with AutoSSL and cPanel Market purchases.

    Reference: 60 Release Notes - Documentation - cPanel Documentation

    Thank you.
     
  3. canou83

    canou83 Well-Known Member

    Joined:
    Jul 20, 2016
    Messages:
    74
    Likes Received:
    7
    Trophy Points:
    8
    Location:
    France
    cPanel Access Level:
    Website Owner
    hi, OK but why x 6 in my .htaccess ?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,659
    Likes Received:
    1,428
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Those lines are added before every “RewriteRule” directive to ensure that domain control validation (DCV) will avoid redirects.

    Thank you.
     
  5. canou83

    canou83 Well-Known Member

    Joined:
    Jul 20, 2016
    Messages:
    74
    Likes Received:
    7
    Trophy Points:
    8
    Location:
    France
    cPanel Access Level:
    Website Owner
    HI cPanelMichael and thank you for these explanations. Everything is normal then. Perfect and thank you.
     
    cPanelMichael likes this.
  6. Lizardhr

    Lizardhr Registered

    Joined:
    Sep 14, 2015
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Brazil
    cPanel Access Level:
    Reseller Owner
    Hi, is it possible to disable cPanel adding this rules?

    I've a site with specials redirects and the auto added rules messed things that now don't work anymore.
     
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,659
    Likes Received:
    1,428
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    It's not possible, however I encourage you to review the comments on the following feature request where this topic is discussed:

    Ability to prevent autossl editing .htaccess fles

    Also, feel free to open a support ticket so we can review how the rules are preventing your website from working and determine if an internal case to account for those custom rules is necessary.

    Thank you.
     
  8. nickwuk

    nickwuk Member

    Joined:
    Jul 18, 2009
    Messages:
    18
    Likes Received:
    1
    Trophy Points:
    53
    I have a Cpanel server with AutoSSL with several accounts, all accounts have similar rewrite rules in htaccess, but only one htaccess includes these DCV rewrite conditions, and that file is updated everyday although the content does not change. Does this mean there is something wrong with the domain setup?

    The fact that the htaccess file date changes everyday causes a false positive alert with a file scanner that checks for any changed files.
     
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,659
    Likes Received:
    1,428
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Are you adding new domain names to the account on a regular basis that would result in AutoSSL initiating the validation process? If not, do you notice any error messages for this account under the "Logs" tab in "WHM >> Manage AutoSSL"?

    Thank you.
     
  10. nickwuk

    nickwuk Member

    Joined:
    Jul 18, 2009
    Messages:
    18
    Likes Received:
    1
    Trophy Points:
    53
    No not regularly adding domain names. Yes there are errors listed in the logs. From the first error message it seems it has trouble parsing the directive 'rewritecond' in lowercase. I've changed 'rewritecond' to 'RewriteCond'; I notice there is all lowercase used on another account without issue, I think the issue here was using a mix of 'rewritecond' and 'RewriteCond' before 'rerwiterule'.

    Code:
    WARN Failed to parse RewriteCond directive: “rewritecond %{http_host} ^mydomain.co.uk [nc] ”
    The second error says:

    Code:
    WARN The domain “mydomain.co.uk” failed domain control validation: 
    The system queried for a temporary file at “<a href="http://www.mydomain.co.uk/BD7EA736A32676F14436484DE48AC353.txt">http://www.mydomain.co.uk/BD7EA736A32676F14436484DE48AC353.txt</a>”, 
    which was redirected from “<a href="http://mydomain.co.uk/BD7EA736A32676F14436484DE48AC353.txt">http://mydomain.co.uk/BD7EA736A32676F14436484DE48AC353.txt</a>”. 
    The web server responded with the following error: 404 (Not Found). 
    A <abbr title="Domain Name System">DNS</abbr> or web server misconfiguration may exist. 
    The domain “mydomain.co.uk” resolved to an IP address “xx.xxx.xx.xx” that does not exist on this server. at bin/autossl_check.pl
    The mydomain.co.uk redirection to www.mydomain.co.uk is a directive in .htaccess . Sounds like it also has an issue with the domain dns.
     
  11. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,659
    Likes Received:
    1,428
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Could you verify if the domain name resolves to the IP address associated with the cPanel account it's associated with? It needs to resolve to the cPanel server in order for the domain validation process to succeed. If it does, please feel free to open a support ticket using the link in my signature so we can take a closer look.

    Thank you.
     
  12. cnisvcs

    cnisvcs Registered

    Joined:
    Jun 2, 2017
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Chicago
    cPanel Access Level:
    Website Owner
    I would like to share my experience on the subject of Comodo rewrite rules added to .htaccess file.

    Several days ago, using SSL certificates applet incPanel, I installed EV SSL certificate purchased from DigiCert. Since then my web application stopped working properly. I identified a reason to be the sessions acting in an unpredictable manner. More specifically, most often the values of session variables were not stored on the server. In efforts to get to the bottom of this issue, I switched session storage to the database, created my own session handler with open, close, read, write, destroy, and garbage collection functions equipped with debugging markers saving traces in the file. In the test script, I used only the service objects for database access and session handling, and the actual code only starting the session (session_start()) and assigning value to session variable ($_SESSION['foo']='bar'). Upon calling the script, the session record appeared in the database, but the data field was empty. The debugging markers indicated that session functions were called as follows:

    open
    read
    write (session value successfully recorded here)
    close
    open
    read (session value successfully read here)
    write (session value recorded as null here)
    close

    This test indicated that a single call of session_start() caused two full cycles of accessing session storage, almost as the script was called twice. That prompted me to check the configuration of the server. At the initial phase of the project, I added a simple rewrite rule to the .thaccess file, which any string not being a call for file or a directory converted to a call for index.php with entire input string passed as one GET parameter. Here is the original code:

    <IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.+)$ index.php?p=$1 [L]
    </IfModule>

    What I found in my .htaccess file was:

    <IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
    RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    RewriteRule ^(.+)$ index.php?p=$1 [L]
    </IfModule>

    The two extra lines, related to domain control validation caused two effects:

    1. Any file I called with HTTP was automatically redirected to HTTPS.
    2. Session values were not being saved properly.

    I contacted my hosting company. Tech support rep suggested that I should separate the domain control validation rules into a separate block at the top of my .htaccess file:

    RewriteEngine on
    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
    RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    RewriteEngine off

    He mentioned, that these rules are not absolutely necessary at this point and I can comment them out if I want.

    Secondly, he walked me through logging to WHM, accessing 'Add an A Entry for Your Hostname' applet, and re-submitting the IP address for the already existing hostname.

    Since then the sessions work normally. Today, I tried to re-produce the issue by inserting the two extra lines back into my rewrite rules sequence, but that did not cause the same problem. That would indicate that the DNS A record for my server hostname had something to do with the initial issue. Perhaps it compounded with the two extra rewrite rules causing abnormal behavior. I can't tell.

    I'm writing this in case someone begins to experience weird behavior of sessions after SSL certificate installation in the cPanel.
     
Loading...

Share This Page