Disabling .htaccess completely

GoWilkes

Well-Known Member
Sep 26, 2006
495
12
168
cPanel Access Level
Root Administrator
I would like to pursue the idea of disabling .htaccess completely for the sake of gaining a few microseconds on each page load. I know that it's mostly irrelevant, but I've found that every fraction of a second that I can save will result in a more pageviews per session, so it can't really hurt either.

I remember modifying httpd.conf manually a long time ago, and then some update along the way wiped out all of my settings! So I think it's best if I stick to modifying it through WHM, unless you guys tell me otherwise.

So my questions are:

1. When I compress the site using cPanel's "optimize", it plugs in <IfModule mod_deflate.c> data at /home/example/.htaccess. All of my accounts have the same compression settings, though (and always will), so can I set this globally for all accounts? Or does it have to be for each account manually? If I can set it globally, then where do I copy it?

2. Similarly, I want all of my sites to be forced to use HTTPS. Where do I set this globally? I know that I can do it for each account, but it's unnecessary work if I can just do it globally.

3. I have customized .htaccess data at /home/example/public_html/.htaccess that I should be able to easily modify and plug in to Apache. But I don't see anywhere in WHM or cPanel to do this for each account, I only have Pre Main Include, Pre VirtualHost Include, and Post VirtualHost Include.

I found this:


Does this mean that I'm going to have to do it manually, anyway?

If so, looking at the documentation, the paths mentioned don't exist; I have /etc/apache2/conf.d, but the only directories after that are /includes, /modsec, /ssl.crt, and /ssl.key. Do I manually create /userdata/includename.conf (the actual word "userdata", I assume) and plug in global data there, then reboot and it will automagically recognize it?

Further, the documentation says that I can plug in domain-specific data at /etc/apache2/conf.d/userdata/ssl/2_4/user/domain/includename.conf. But the fact that it uses the Apache version in the path is a concern, what happens next time I update Apache? Do I have to modify the data for every single domain?

And am I correct that I would then have 2 copies of the data; one at /etc/apache2/conf.d/userdata/ssl/2_4/user/domain/includename.conf and another at /etc/apache2/conf.d/userdata/std/2_4/user/domain/includename.conf (one for SSL and one for STD)?

Finally, since it specifies the domain in the path, would the file here apply to all parked domains, too? Or do I have to create a separate file for every parked domain? Or would this be a case where I would use /etc/apache2/conf.d/userdata/ssl/2_4/user/includename.conf and set it for the user instead of the domain?


Are there any other issues I should know about before going further down this rabbit hole?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,202
363
Hello @GoWilkes,

Are there any other issues I should know about before going further down this rabbit hole?
cPanel & WHM relies on the .htaccess file throughout the product. This includes, but is not limited to, the following features:

• MultiPHP (in both cPanel & WHM)
• AutoSSL (on servers that are not using the Global DCV Passthrough option in WHM >> Tweak Settings)
• cPanel >> Directory Privacy
• WHM >> Tweak Settings >> Depth to recurse for .htaccess checks (Minimum: 0)
• cPanel >> Redirects
• cPanel >> Mime Types
• cPanel >> HotLink Protection
• cPanel >> Leech Protection
• cPanel >> Optimize Website
• cPanel >> Error Pages
• cPanel >> Index Manager
• cPanel >> Error Pages
• cPanel >> Apache Handlers

Removing the reliance on the .htaccess file would be a significant undertaking and is not something we support or recommend. Opening a feature request is the best approach if you'd like to see this change in the product . If you do that, and share the link here, I can share the link internally with Development.

That said, I've provided answers to your additional questions below in-case you decide to customize the Apache configuration in the future:

I remember modifying httpd.conf manually a long time ago, and then some update along the way wiped out all of my settings! So I think it's best if I stick to modifying it through WHM, unless you guys tell me otherwise.
3. I have customized .htaccess data at /home/example/public_html/.htaccess that I should be able to easily modify and plug in to Apache. But I don't see anywhere in WHM or cPanel to do this for each account, I only have Pre Main Include, Pre VirtualHost Include, and Post VirtualHost Include.
WHM Home » Service Configuration » Apache Configuration » Include Editor let's you modify the default Apache configurations globally, however you must use the command line instructions on the link below to customize the virtual hosts in your Apache configuration.


1. When I compress the site using cPanel's "optimize", it plugs in <IfModule mod_deflate.c> data at /home/example/.htaccess. All of my accounts have the same compression settings, though (and always will), so can I set this globally for all accounts? Or does it have to be for each account manually? If I can set it globally, then where do I copy it?
You can find proof-of-concept of how to do this at:


Note: Use cPanel >> Optimize Website on a test account to verify the updated syntax populated to the .htaccess file (the entries in the thread above are a couple of years old).

2. Similarly, I want all of my sites to be forced to use HTTPS. Where do I set this globally? I know that I can do it for each account, but it's unnecessary work if I can just do it globally.
As you noted, this is possible on a per-account basis as of cPanel & WHM version 80 when we added the Force HTTPS Redirect feature to cPanel's Domains interface.

Notes from Domains - Version 84 Documentation - cPanel Documentation:

  • You can only enable redirection on main domains that have a valid SSL certificate.
  • The toggle will not appear for aliases.
There's no global feature available to enable it for all accounts, but the following UAPI functions exist should you want to develop a custom script to perform this action:

  • SSL::can_ssl_redirect — This function determines whether the system can automatically redirect domains on a cPanel account to use SSL.
  • SSL::toggle_ssl_redirects_for_domains — This function enables or disables secure redirects (HTTPS) for the cPanel account's domains that you specify.
If so, looking at the documentation, the paths mentioned don't exist; I have /etc/apache2/conf.d, but the only directories after that are /includes, /modsec, /ssl.crt, and /ssl.key. Do I manually create /userdata/includename.conf (the actual word "userdata", I assume) and plug in global data there, then reboot and it will automagically recognize it?
And am I correct that I would then have 2 copies of the data; one at /etc/apache2/conf.d/userdata/ssl/2_4/user/domain/includename.conf and another at /etc/apache2/conf.d/userdata/std/2_4/user/domain/includename.conf (one for SSL and one for STD)?
Yes, you must create both directories (one for SSL, another for STD) using commands like the ones below:

mkdir -p /etc/apache2/conf.d/userdata/std/2_4/<useraccount>/<vhost>
mkdir -p /etc/apache2/conf.d/userdata/ssl/2_4/<useraccount>/<vhost>
Once you do that, see: Modify Apache Virtual Hosts with Include Files - EasyApache 4 - cPanel Documentation

Further, the documentation says that I can plug in domain-specific data at /etc/apache2/conf.d/userdata/ssl/2_4/user/domain/includename.conf. But the fact that it uses the Apache version in the path is a concern, what happens next time I update Apache? Do I have to modify the data for every single domain?
Apache version 2.4 is a major Apache version. Updates to the minor Apache version (e.g. Apache 2.4.41) do not require a path change. In the future, you may need to update the paths when the major Apache version changes to ensure your customizations are active, though with such a significnat change it's likely we'd send notifications ahead of time if that change was required.

Finally, since it specifies the domain in the path, would the file here apply to all parked domains, too? Or do I have to create a separate file for every parked domain? Or would this be a case where I would use /etc/apache2/conf.d/userdata/ssl/2_4/user/includename.conf and set it for the user instead of the domain?
Aliases (parked domains) do not have their own virtual hosts. The virtual host of the domain they are aliased to applies to them:


Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,202
363
Hello @GoWilkes,

Note the upcoming changes in cPanel & WHM version 84:

Apache configuration file changes
In cPanel & WHM version 84, we created the /etc/cpanel/ea4/ea4.conf file. This file consolidates all of your webserver's options into a single JSON file. This file replaces the /var/cpanel/conf/apache/local and /var/cpanel/conf/apache/main files. The system will back up the current contents of these files to the root-home-dir/legacy_ea3_distiller_files-timestamp.tar.gz file, where root-home-dir represents the root user's home directory and timestamp represents a timestamp.

The WHM interface provides several ways to customize your Apache configuration:

  • cPanel & WHM sets several Apache directives by default. These directives affect the whole server. To change these directives, use WHM's Global Configuration interface (WHM >> Home >> Service Configuration >> Apache Configuration >> Global Configuration).
  • To modify the Apache configuration's include files through WHM, use WHM's Include Editor interface (WHM >> Home >> Service Configuration >> Apache Configuration >> Include Editor).
We provide several other methods to customize your system. You can use one of the following methods to create custom configurations:

For more information, read our Advanced Apache Configuration documentation.

If you are a third-party integrator who wants a custom Apache configuration, read our Guide to Perl in cPanel - Apache Configuration documentation for more information.
Thank you.