Disable default www entry for all subdomains and hostname

Spork Schivago

Well-Known Member
Jan 21, 2016
597
64
28
corning, ny
cPanel Access Level
Root Administrator
Hello,

How would I turn off the automatic entry for the www in the DNS records? I'm running PowerDNS and in cPanel, I don't see anything listed. Here's what it shows:
Code:
; cPanel first:11.60.0.25 (update_time):1480148618 Cpanel::ZoneFile::VERSION:1.3 hostname:franklin.example.com latest:11.60.0.25
; Zone file for example.com
$TTL 14400
example.com.    86400    IN    SOA    ns1.example.com.    nslookup.example.com.    (
                        2016112524 ;Serial Number
                        3600       ;refresh
                        7200       ;retry
                        1209600    ;expire
                        86400      ;minimum
    )
example.com.         86400    IN    NS      ns1.example.com.
example.com.         86400    IN    NS      ns2.example.com.
ns1                  14400    IN    A       192.168.2.2
ns2                  14400    IN    A       192.168.2.2
example.com.         14400    IN    A       192.168.2.2
example.com.         14400    IN    MX  0   webmail.example.com.
www                  14400    IN    A       192.168.2.2
franklin             14400    IN    A       192.168.2.2
ipv4                 14400    IN    A       192.168.2.2
whm                  14400    IN    A       192.168.2.2
cpanel               14400    IN    A       192.168.2.2
webmail              14400    IN    A       192.168.2.2
webdisk              14400    IN    A       192.168.2.2
cpcalendars          14400    IN    A       192.168.2.2
cpcontacts           14400    IN    A       192.168.2.2
default._domainkey   14400    IN    TXT     <key>;
ns1                  14400    IN    AAAA    fe80::c971:25de:6618:2bab%18
ns2                  14400    IN    AAAA    fe80::c971:25de:6618:2bab%18
example.com.         14400    IN    AAAA    fe80::c971:25de:6618:2bab%18
www                  14400    IN    AAAA    fe80::c971:25de:6618:2bab%18
franklin             14400    IN    AAAA    fe80::c971:25de:6618:2bab%18
ipv6                 14400    IN    AAAA    fe80::c971:25de:6618:2bab%18
cpanel               14400    IN    AAAA    fe80::c971:25de:6618:2bab%18
whm                  14400    IN    AAAA    fe80::c971:25de:6618:2bab%18
webmail              14400    IN    AAAA    fe80::c971:25de:6618:2bab%18
webdisk              14400    IN    AAAA    fe80::c971:25de:6618:2bab%18
cpcalendars          14400    IN    AAAA    fe80::c971:25de:6618:2bab%18
cpcontacts           14400    IN    AAAA    fe80::c971:25de:6618:2bab%18
I've replaced my domain name with example.com, and I've replaced my IPv4 address with 192.168.2.2 and my IPv6 address with fe80::c971:25de:6618:2bab%18.

For some reason though, something's wrong with my DNS entries for the www. I want to be able to go to www.example.com and example.com, but I don't want to be able to go to www.webmail.example.com, www.hostname.example.com, etc. To me, the DNS records look correct. I added them manually, myself. But for some reason, I can still go to www.hostname.example.com and www.subdomain.example.com.

How would I turn those "off" so I can only go to subdomain.example.com and not www.subdomain.example.com?

Thanks!
 
Last edited:

Spork Schivago

Well-Known Member
Jan 21, 2016
597
64
28
corning, ny
cPanel Access Level
Root Administrator
I'll try to make this a little more technical so it's easier to understand.

ServerAlias's are being set in /etc/apache2/httpd.conf for the various VirtualHost entries. How do I prevent them from appearing?

For example,
Code:
VirtualHost 192.168.2.2:80 [fe80::c971:25de:6618:2bab%18]:80>
  ServerName cpcalendars.example.com
  ServerAlias www.cpcalendars.example.com
...
I don't want the ServerAlias www.cpcalendars.example.com in my Apache's httpd.conf file.

In cPanel, under Aliases, it shows no aliases are present for the account. I think this might be a cPanel bug.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
I don't want the ServerAlias www.cpcalendars.example.com in my Apache's httpd.conf file.
Hello,

Proxy subdomain entries in DNS zones and the Apache configuration file are based on the following options under the "Domains" tab in "WHM >> Tweak Settings":

Proxy subdomains
Proxy subdomain creation
Thunderbird and Outlook autodiscover and autoconfig support (enables proxy subdomain and SRV record creation)


However, that said, I can't reproduce the "www.cpcalendar" examples within VirtualHosts in the Apache configuration file when enabling those options. Do you see those specific entries, or is that simply an example of a URL that loads?

Thank you.
 

Spork Schivago

Well-Known Member
Jan 21, 2016
597
64
28
corning, ny
cPanel Access Level
Root Administrator
I don't use the Proxy subdomains for various reasons. I could explain it, but it gets a bit difficult and the only way I could do what I wanted to do with my server was by turning off the proxy subdomains and manually creating the subdomains.

In my httpd.conf file, under the VirtualHosts entry, I see:
Code:
<VirtualHost <server_ipv4>:80 [<server_ipv6>]:80>
  ServerName cpcalendars.mydomain.com
  ServerAlias www.cpcalendars.mydomain.com
All the sub-domains have that ServerAlias www.subdomain.mydomain.com entry. That's what I don't want. I don't want a ServerAlias with the www entry for all the sub-domains.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
All the sub-domains have that ServerAlias www.subdomain.mydomain.com entry. That's what I don't want. I don't want a ServerAlias with the www entry for all the sub-domains.
Per our documentation, EasyApache builds each virtualhost tag from the following components:

• Any custom templates in the subdirectories in the /var/cpanel/templates/2_4/ directory.
• Account information for each domain — When you make a configuration change to an account or domain in the cPanel or WHM interfaces, cPanel & WHM changes the content of the appropriate file in the /etc/apache2/conf.d/userdata/ directory.
• Additional templates for each domain — EasyApache includes the files in the appropriate /etc/apache2/conf.d/userdata/ directory for each domain to build the configuration of each virtualhost tag.
You can use the guide on the following document to create a custom VirualHost for one of those subdomains that excludes the ServerAlias entry for the www prefix:

Modify Apache Virtual Hosts with Include Files - EasyApache 4 - cPanel Documentation

Let us know if this helps.

Thanks!
 

Spork Schivago

Well-Known Member
Jan 21, 2016
597
64
28
corning, ny
cPanel Access Level
Root Administrator
I think I understand, let me make sure I have this correct.

I see in /var/cpanel/templates/apache2_4/vhost.default and ssl_vhost.default,
Code:
[% IF vhost.serveralias_array.size -%]
[% FOREACH alias IN vhost.serveralias_array -%]
  ServerAlias [% alias %]
This is where the:
Code:
ServerAlias www.mysubdomain.mydomain.com
is being set.

I would create /etc/apache2/conf.d/userdata/no_serveralias.conf and add something like:
Code:
ServerAlias
When /scripts/rebuildhttpdconf file, /var/cpanel/templates/apache2_4/vhost.default and /var/cpanel/templates/apache2_4/ssl_vhost.default will add the ServerAlias www.mysubdomain.mydomain.com to the Apache configuration file, but the /etc/apache2/conf.d/userdata/no_serveralias.conf's blank ServerAlias directive will unset the directive, essentially cancelling it out.

Is that correct?
 

Spork Schivago

Well-Known Member
Jan 21, 2016
597
64
28
corning, ny
cPanel Access Level
Root Administrator
If so, that did not work. I created the /etc/apache2/conf.d/userdata/no_serveralias.conf file. From the link you pointed me to, it says:

Code:
Apply to all virtual hosts on the system       

With and without SSL
/etc/apache2/conf.d/userdata/$includename.conf
I don't want any ServerAlias's, regardless of whether SSL is used or not, so I feel the file is in the correct place. But after putting a blank ServerAlias directive in that no_serveralias.conf file and running /scripts/rebuildhttpdconf

I can still go to www.mysubdomain.mydomain.com. I've ruled out the browser using cache, although that shouldn't be a problem right now. I tried connecting from the actual server using Lynx. It was still able to connect.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
I don't want any ServerAlias's, regardless of whether SSL is used or not, so I feel the file is in the correct place. But after putting a blank ServerAlias directive in that no_serveralias.conf file and running /scripts/rebuildhttpdconf
Hello,

If you wanted to eliminate the ServerAlias entry completely for all domain names, you'd run the following commands:

Code:
cp /var/cpanel/templates/apache2_4/vhost.default /var/cpanel/templates/apache2_4/vhost.local
cp /var/cpanel/templates/apache2_4/ssl_vhost.default /var/cpanel/templates/apache2_4/ssl_vhost.local
After that, edit the /var/cpanel/templates/apache2_4/vhost.local and /var/cpanel/templates/apache2_4/ssl_vhost.local files and replace these entries:

Code:
[% FOREACH alias IN vhost.serveralias_array -%]
  ServerAlias [% alias %]
[% END -%]
[% ELSE -%]
  ServerAlias [% vhost.serveralias %]
With:

Code:
[% FOREACH alias IN vhost.serveralias_array -%]
  #ServerAlias [% alias %]
[% END -%]
[% ELSE -%]
  #ServerAlias [% vhost.serveralias %]
Then, rebuild the Apache configuration file via "/scripts/rebuildhttpdconf". Keep in mind this will disable all ServerAlias entries.

Thank you.
 
  • Like
Reactions: Spork Schivago

Spork Schivago

Well-Known Member
Jan 21, 2016
597
64
28
corning, ny
cPanel Access Level
Root Administrator
Thank you. I was under the impression cPanel was phasing out those Apache templates. Is that not the case? For some reason, I seem to remember a conversation about how we're supposed to use the pre and post include files now instead of the templates. Is cPanel planning on changing stuff to the point where in the near future modifying the vhost.local template won't work at all?

**EDIT: Okay, I followed your instructions, and they're definitely commented out in /etc/apache2/conf/httpd.conf. I've restarted Apache using:
Code:
systemctl restart httpd
I go to: www.webmail.mydomain.com in Chrome expecting not to be able to go, but sure enough, it takes me there, giving me a message about the SSL cert is invalid. So, I thought maybe it was a caching issue, even though, right now, caching should be disabled on the entire server for all browsers.

I start an incognito window and go there, same message. So maybe it's something now with my DNS records. I have an A record:
Code:
www        14400       IN     A     192.168.1.2
I also have an IPv6 AAAA record for www as well. I just want the A and AAAA record to work with just mydomain.com, not the subdomains. I thought that was the correct way of doing it. Am I doing something wrong with the DNS? Or is there maybe something else going on now?

I've looked through the .htaccess files. I've modified them over time. Originally, there were some that were modified by cPanel that had rewrite conditions for www.subdomain.mydomain.com (ie, www.webmail.mydomain.com) but I renamed them to .htaccess.cpanel a long time ago and the .htaccess files do NOT have those rewrite conditions. I highly doubt Apache is reading the .htaccess.cpanel files as well as the .htaccess files. So I think I'm safe there.

Even though there was a ServerAlias directive in httpd.conf originally, do you think somehow the DNS servers knew about it and it just has to take some time for the changes to propagate?

Hrmm, it seems I can go to places like:
Code:
www.completelymadeupgibberish.mydomain.com
and get the same results. Even though there's no DNS records and nothing in Apache's httpd.conf file for www.completelymadeupgibberish.mydomain.com

Almost like there's a catch-all, but instead of being for e-mail, it's for my Apache server. That is very odd, isn't it?

Any other suggestions?

Thanks!
 
Last edited:

Spork Schivago

Well-Known Member
Jan 21, 2016
597
64
28
corning, ny
cPanel Access Level
Root Administrator
This is definitely worrisome! When I go to www.jetson.mydomain.com in Chrome, it gives me the SSL error message, because I have strict HTTP Transport Security enabled and Forward Secrecy and all that jazz. Because my generated SSL cert doesn't include the subdomain www.jetson.mydomain.com, I can't actually go to the page, Chrome blocks me.

I wonder if the Let's Encrypt SSL certs have something to do with this? Maybe Chrome connects to mydomain.com, and first checks the SSL cert to see if www.jetson.mydomain.com is a valid common name, and because it's not, it refuses to even try to connect, and never relizes it's a not valid domain name or ServerAlias?

What's even weirder, in Chrome, I go to www.jetson.mydomain.com, and click on the certificate to view the details and I see a common name of www.bing.com!

What the heck!
 
Last edited:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Thank you. I was under the impression cPanel was phasing out those Apache templates. Is that not the case? For some reason, I seem to remember a conversation about how we're supposed to use the pre and post include files now instead of the templates. Is cPanel planning on changing stuff to the point where in the near future modifying the vhost.local template won't work at all?
This method of making custom changes is supported and documented at:

Advanced Apache Configuration - EasyApache 4 - cPanel Documentation

There are no plans to end support for this method, but we'll update the above document if that changes.

Regarding the behavior noticed after making those changes, would you mind opening a support ticket so we can take a closer look and see what's happening?

Thanks!
 

Spork Schivago

Well-Known Member
Jan 21, 2016
597
64
28
corning, ny
cPanel Access Level
Root Administrator
Okay, but I want to ask something real quick. I just noticed this only happens on my Linux box running Chrome. On my wife's Windows 10 machine running Chrome, I cannot go to those sites.

Now this makes me wonder if this is in fact a problem with the server or maybe with my local PC? I wish I knew someone else running Linux who could try going to something like www.gibberish.mydomain.com to see if they got the same error. Should I still create the ticket?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Now this makes me wonder if this is in fact a problem with the server or maybe with my local PC? I wish I knew someone else running Linux who could try going to something like www.gibberish.mydomain.com to see if they got the same error. Should I still create the ticket?
Try clearing the browser and DNS cache on that specific machine and open a ticket if that doesn't help:

How To Clear Your DNS Cache - cPanel Knowledge Base - cPanel Documentation

If you're using Ubuntu, this third-party URL may also help:

How do I clear the DNS cache?

Thanks!
 

Spork Schivago

Well-Known Member
Jan 21, 2016
597
64
28
corning, ny
cPanel Access Level
Root Administrator
I thought I updated this thread but must have forgotten to. By clearing Google Chrome's cache on my Linux box (OpenSuSE), the problem was fixed. I didn't fully understand why though, because using Google Chrome in the incognito mode showed the same symptoms as running Google Chrome in normal mode. Maybe by clearing the cache, the DNS cache got cleared as well?

I was thinking of how this might have happened to begin with. To my knowledge, Apache doesn't really have a catch all for subdomains. I don't think there's a configuration option in there to automatically redirect all invalid subdomains to a valid subdomain. A while ago, I was messing with Mod_Rewrite. I didn't have it configured correctly. I think maybe one of the rules I tried might had caused the problem.

On my system, the subdomains are manually created so I can do some special stuff with Let's Encrypt that I can't seem to do with the auto-SSL that cPanel provides. So I manually create my SSL certs using a crontab entry. I use rewrite rules to direct the traffic when someone goes to something like cpanel.mydomain.com to mydomain.com:2083. I noticed though that certain things weren't directing, like trying to go to https://cpanel.mydomain.com, instead of just going to http://cpanel.mydomain.com, or going to www.cpanel.mydomain.com (although I didn't want the www, it was there at the time). So I played with the mod_rewrites but didn't do it right at first. Maybe I inadvertently created a catch-all subdomain rewrite, where any invalid subdomain would get redirected. Maybe that's what caused this to happen.

Anyway, the problem is now solved so this topic can be closed. Thanks!
 
  • Like
Reactions: cPanelMichael

Spork Schivago

Well-Known Member
Jan 21, 2016
597
64
28
corning, ny
cPanel Access Level
Root Administrator
I just wanted to add something to this incase other people have a similar situation. Commenting out the ServerAlias in the ssl_vhost.local and vhost.local files broke Let's Encrypt for me, because there was no ServerName www.mydomain.com, just ServerName mydomain.com. The ServerAlias for mydomain.com was commented out. I had to do some fancy footwork with the ssl_vhost.local and vhost.local files. I share what how I modified them. This is how ssl_vhost.default looked:
Code:
[% IF vhost.serveralias_array.size -%]
[% FOREACH alias IN vhost.serveralias_array -%]
  ServerAlias [% alias %]
[% END -%]
[% ELSE -%]
  ServerAlias [% vhost.serveralias %]
[% END -%]
This is how I modified it.
Code:
[% IF vhost.serveralias_array.size -%]
[% FOREACH alias IN vhost.serveralias_array -%]
[% IF vhost.servername == 'mydomain.com' -%]
  ServerAlias [% alias %]
[% ELSE -%]
#  ServerAlias [% alias %]
[% END -%]
[% END -%]
[% ELSE -%]
[% IF vhost.servername == 'mydomain.com' -%]
  ServerAlias [% vhost.serveralias %]
[% ELSE -%]
#  ServerAlias [% vhost.serveralias %]
[% END -%]
[% END -%]
This is how vhost.default looked:
Code:
[% IF vhost.serveralias_array.size -%]
[% FOREACH alias IN vhost.serveralias_array -%]
  ServerAlias [% alias %]
[% END -%]
[% ELSE -%]
  ServerAlias [% vhost.serveralias %]
[% END -%]
This is how I modified it:
Code:
[% IF vhost.serveralias_array.size -%]
[% FOREACH alias IN vhost.serveralias_array -%]
[% IF vhost.servername == 'mydomain.com' -%]
  ServerAlias [% alias %]
[% ELSE -%]
#  ServerAlias [% alias %]
[% END -%]
[% END -%]
[% ELSE -%]
[% IF vhost.servername == 'mydomain.com' -%]
  ServerAlias [% vhost.serveralias %]
[% ELSE -%]
#  ServerAlias [% vhost.serveralias %]
[% END -%]
[% END -%]

I'm not sure what the difference between vhost.serveralias and just alias are, but I changed both. This way, only my main domain has a server alias, and not all the subdomains. I think this is the way it's supposed to be. Generally, on the net, we don't have a www.subdomain.mydomain.com or www.myhostname.domain.com. Too bad there wasn't a way to find a variable that had the root domain in it, so then cPanel could just modify the templates for everyone. Do you see what I'm saying?

We could have something like:
Code:
[% IF vhost.serveralias_array.size -%]
[% FOREACH alias IN vhost.serveralias_array -%]
[% IF vhost.servername == vhost.rootdomain -%]
  ServerAlias [% alias %]
[% ELSE -%]
[% END -%]
[% END -%]
[% ELSE -%]
[% IF vhost.servername == vhost.rootdomain -%]
  ServerAlias [% vhost.serveralias %]
[% ELSE -%]
[% END -%]
[% END -%]
It's just a thought. I really don't think the subdomains and hostnames are supposed to be having the www serveralias there.

Thanks!