SOLVED [CPANEL-22603] HTTPS Redirect Odd Behavior

MajorLancelot · Aug 30, 2018

Hi.

Please, I need your insight on this.

Problem:
HTTPS redirection is not working when it set using cPanel Redirects.

The generated rule looks like this:

Code:

RewriteEngine on
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-SSL} off
RewriteCond %{HTTP_HOST} ^example\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com$
RewriteRule ^(.*)$ "https\:\/\/example\.com\/$1" [R=301,L]

Temporary Solution:

For this to work, we remove: `RewriteCond %{HTTP:X-Forwarded-SSL} off` from the rule in .htaccess file.

Please, what could account for this?

Our assumption is that perhaps it is because Apache doesn’t have `X-Forwarded-SSL` variable and so cannot determine whether `RewriteCond %{HTTP:X-Forwarded-SSL}` is ON or OFF and thus give up.

Thanks a lot for your help!

cPanelLauren · Sep 4, 2018

Hi @MajorLancelot

I apologize for my delay in response to you. I was able to replicate this behavior and I subsequently opened an internal case on the matter CPANEL-22603

The only workaround I've found at this time is exactly what you noted as well - comment out the X-Forwarded-SSL line in the .htaccess.

I'll update this thread when there's more information on the internal case and/or once the issue is resolved.

Thanks!

MajorLancelot · Sep 4, 2018

cPanelLauren said:
Hi @MajorLancelot

... able to replicate this behavior

Thank you so much, Lauren!
Really glad that you were able to validate our experience.
Will be looking forward to a permanent fix.

cPanelLauren · Sep 5, 2018

Hi @MajorLancelot

You're most welcome, I'm looking forward to the same! I'll let you know any updates as soon as they're available.

Thanks!

AllanJ · Nov 1, 2018

Just encountered this issue on v74.0.4.

Aside from deleting the line manually, changing to "X-Forwarded-Proto: !https" as a conditition instead appears to work fine to take proxies into account. This is also the recommended syntax by Mozilla it appears.

cPanelLauren · Nov 9, 2018

Hi All,

I'm updating this thread to let you all know that this issue is marked as resolved for v76 you can see the change in our ChangeLogs here: 76 Change Log - Change Logs - cPanel Documentation

To resolve this issue please update to v76 - if you experience any issues whatsoever please let us know here!

Thanks!

Thread starter	Similar threads	Forum	Replies	Date
C	Malware scanners for cPanel - what options do I have right now?	Security	5	Aug 31, 2023
J	In Progress CPANEL-43160 - cPHulk database issues leading to high cpu user for /usr/sbin/nft --json list ruleset	Security	2	Aug 24, 2023
K	Modsecurity and cpanel questions	Security	3	Aug 19, 2023
N	malicious attacks that changed my cpanel password	Security	3	Jul 27, 2023
E	Script to get cpanel access logs through email	Security	2	Jul 12, 2023

Search

Search

SOLVED [CPANEL-22603] HTTPS Redirect Odd Behavior

MajorLancelot

Well-Known Member

cPanelLauren

Product Owner II

MajorLancelot

Well-Known Member

cPanelLauren

Product Owner II

AllanJ

Registered

cPanelLauren

Product Owner II