SOLVED [CPANEL-22603] HTTPS Redirect Odd Behavior

MajorLancelot · Aug 30, 2018

Hi.

Please, I need your insight on this.

Problem:
HTTPS redirection is not working when it set using cPanel Redirects.

The generated rule looks like this:

Code:

RewriteEngine on
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-SSL} off
RewriteCond %{HTTP_HOST} ^example\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com$
RewriteRule ^(.*)$ "https\:\/\/example\.com\/$1" [R=301,L]

Temporary Solution:

For this to work, we remove: `RewriteCond %{HTTP:X-Forwarded-SSL} off` from the rule in .htaccess file.

Please, what could account for this?

Our assumption is that perhaps it is because Apache doesn’t have `X-Forwarded-SSL` variable and so cannot determine whether `RewriteCond %{HTTP:X-Forwarded-SSL}` is ON or OFF and thus give up.

Thanks a lot for your help!

cPanelLauren · Sep 4, 2018

Hi @MajorLancelot

I apologize for my delay in response to you. I was able to replicate this behavior and I subsequently opened an internal case on the matter CPANEL-22603

The only workaround I've found at this time is exactly what you noted as well - comment out the X-Forwarded-SSL line in the .htaccess.

I'll update this thread when there's more information on the internal case and/or once the issue is resolved.

Thanks!

MajorLancelot · Sep 4, 2018

cPanelLauren said:
Hi @MajorLancelot

... able to replicate this behavior

Thank you so much, Lauren!
Really glad that you were able to validate our experience.
Will be looking forward to a permanent fix.

cPanelLauren · Sep 5, 2018

Hi @MajorLancelot

You're most welcome, I'm looking forward to the same! I'll let you know any updates as soon as they're available.

Thanks!

AllanJ · Nov 1, 2018

Just encountered this issue on v74.0.4.

Aside from deleting the line manually, changing to "X-Forwarded-Proto: !https" as a conditition instead appears to work fine to take proxies into account. This is also the recommended syntax by Mozilla it appears.

cPanelLauren · Nov 9, 2018

Hi All,

I'm updating this thread to let you all know that this issue is marked as resolved for v76 you can see the change in our ChangeLogs here: 76 Change Log - Change Logs - cPanel Documentation

To resolve this issue please update to v76 - if you experience any issues whatsoever please let us know here!

Thanks!

Thread starter	Similar threads	Forum	Replies	Date
E	cPanel Restric Access for Specifi User	Security	1	Thursday at 3:36 PM
B	In Progress CPANEL-42515 - PCI Scan complaint about Web Server Predictable Session ID Vulnerability with port 2087 / tcp over ssl	Security	5	Mar 6, 2023
I	command line password generator from the whm/cpanel UI	Security	1	Mar 1, 2023
I	SOLVED CPANEL-42469 - New cPanel installs ModSec Tools Hits empty/stopped	Security	8	Feb 25, 2023
W	SOLVED CPANEL-42410 - ClamAV CVE-2023-20032 & CVE-2023-20052, RCE with 9.8 CVSS	Security	7	Feb 17, 2023

Search

Search

SOLVED [CPANEL-22603] HTTPS Redirect Odd Behavior

MajorLancelot

Well-Known Member

cPanelLauren

Product Owner II

MajorLancelot

Well-Known Member

cPanelLauren

Product Owner II

AllanJ

Registered

cPanelLauren

Product Owner II