Comodo entries added to htaccess

Hi, is it possible to disable cPanel adding this rules?

I've a site with specials redirects and the auto added rules messed things that now don't work anymore.

 

I have a Cpanel server with AutoSSL with several accounts, all accounts have similar rewrite rules in htaccess, but only one htaccess includes these DCV rewrite conditions, and that file is updated everyday although the content does not change. Does this mean there is something wrong with the domain setup?

The fact that the htaccess file date changes everyday causes a false positive alert with a file scanner that checks for any changed files.

 

No not regularly adding domain names. Yes there are errors listed in the logs. From the first error message it seems it has trouble parsing the directive 'rewritecond' in lowercase. I've changed 'rewritecond' to 'RewriteCond'; I notice there is all lowercase used on another account without issue, I think the issue here was using a mix of 'rewritecond' and 'RewriteCond' before 'rerwiterule'.

Code:

WARN Failed to parse RewriteCond directive: “rewritecond %{http_host} ^mydomain.co.uk [nc] ”

The second error says:

Code:

WARN The domain “mydomain.co.uk” failed domain control validation: 
The system queried for a temporary file at “<a href="http://www.mydomain.co.uk/BD7EA736A32676F14436484DE48AC353.txt">http://www.mydomain.co.uk/BD7EA736A32676F14436484DE48AC353.txt</a>”, 
which was redirected from “<a href="http://mydomain.co.uk/BD7EA736A32676F14436484DE48AC353.txt">http://mydomain.co.uk/BD7EA736A32676F14436484DE48AC353.txt</a>”. 
The web server responded with the following error: 404 (Not Found). 
A <abbr title="Domain Name System">DNS</abbr> or web server misconfiguration may exist. 
The domain “mydomain.co.uk” resolved to an IP address “xx.xxx.xx.xx” that does not exist on this server. at bin/autossl_check.pl

The mydomain.co.uk redirection to www.mydomain.co.uk is a directive in .htaccess . Sounds like it also has an issue with the domain dns.

 

I would like to share my experience on the subject of Comodo rewrite rules added to .htaccess file.

Several days ago, using SSL certificates applet incPanel, I installed EV SSL certificate purchased from DigiCert. Since then my web application stopped working properly. I identified a reason to be the sessions acting in an unpredictable manner. More specifically, most often the values of session variables were not stored on the server. In efforts to get to the bottom of this issue, I switched session storage to the database, created my own session handler with open, close, read, write, destroy, and garbage collection functions equipped with debugging markers saving traces in the file. In the test script, I used only the service objects for database access and session handling, and the actual code only starting the session (session_start()) and assigning value to session variable ($_SESSION['foo']='bar'). Upon calling the script, the session record appeared in the database, but the data field was empty. The debugging markers indicated that session functions were called as follows:

open
read
write (session value successfully recorded here)
close
open
read (session value successfully read here)
write (session value recorded as null here)
close

This test indicated that a single call of session_start() caused two full cycles of accessing session storage, almost as the script was called twice. That prompted me to check the configuration of the server. At the initial phase of the project, I added a simple rewrite rule to the .thaccess file, which any string not being a call for file or a directory converted to a call for index.php with entire input string passed as one GET parameter. Here is the original code:

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)$ index.php?p=$1 [L]
</IfModule>

What I found in my .htaccess file was:

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^(.+)$ index.php?p=$1 [L]
</IfModule>

The two extra lines, related to domain control validation caused two effects:

1. Any file I called with HTTP was automatically redirected to HTTPS.
2. Session values were not being saved properly.

I contacted my hosting company. Tech support rep suggested that I should separate the domain control validation rules into a separate block at the top of my .htaccess file:

RewriteEngine on
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteEngine off

He mentioned, that these rules are not absolutely necessary at this point and I can comment them out if I want.

Secondly, he walked me through logging to WHM, accessing 'Add an A Entry for Your Hostname' applet, and re-submitting the IP address for the already existing hostname.

Since then the sessions work normally. Today, I tried to re-produce the issue by inserting the two extra lines back into my rewrite rules sequence, but that did not cause the same problem. That would indicate that the DNS A record for my server hostname had something to do with the initial issue. Perhaps it compounded with the two extra rewrite rules causing abnormal behavior. I can't tell.

I'm writing this in case someone begins to experience weird behavior of sessions after SSL certificate installation in the cPanel.