Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

I found some weird code on my htaccess

Discussion in 'Security' started by SpaceCowboy, Jan 10, 2017.

  1. SpaceCowboy

    SpaceCowboy Well-Known Member

    Joined:
    Jan 18, 2014
    Messages:
    54
    Likes Received:
    4
    Trophy Points:
    8
    cPanel Access Level:
    Website Owner
    Today i wanted to add a rule to my htaccess and i found this code that wasn't there before. One line mentions cpanel so i figured must be something cpanel did automatically? What does this do? and why is there? Thanks!

    Code:
    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80
    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
    RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
    RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
    RewriteRule ^(.*)$ https://domain.com/$1 [L,R=301]
     
  2. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    15,769
    Likes Received:
    313
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
  3. SpaceCowboy

    SpaceCowboy Well-Known Member

    Joined:
    Jan 18, 2014
    Messages:
    54
    Likes Received:
    4
    Trophy Points:
    8
    cPanel Access Level:
    Website Owner
  4. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    15,769
    Likes Received:
    313
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I would think you'd be fine disabling AutoSSL for the account.
     
  5. SpaceCowboy

    SpaceCowboy Well-Known Member

    Joined:
    Jan 18, 2014
    Messages:
    54
    Likes Received:
    4
    Trophy Points:
    8
    cPanel Access Level:
    Website Owner
    AutoSSL disabled and removed the certificate for the domain on cpanel.
    https seems to be still working properly.

    Out of curiosity, was there any performance hit for having SSL enabled twice like my previous setup?

    EDIT: Spoke too soon.
    Disabling Auto SSL and deleting the current certificate takes the site offline. Don't do it!
     
  6. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    15,769
    Likes Received:
    313
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    I've got AutoSSL disabled on several domains without issue.
     
  7. SpaceCowboy

    SpaceCowboy Well-Known Member

    Joined:
    Jan 18, 2014
    Messages:
    54
    Likes Received:
    4
    Trophy Points:
    8
    cPanel Access Level:
    Website Owner
    And these domains force https?
     
  8. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    15,769
    Likes Received:
    313
    Trophy Points:
    433
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    No. AutoSSL was enabled and then I disabled via:
    WebHost Manager »SSL/TLS »Manage AutoSSL

    Is that what you did and your sites went down?
     
  9. SpaceCowboy

    SpaceCowboy Well-Known Member

    Joined:
    Jan 18, 2014
    Messages:
    54
    Likes Received:
    4
    Trophy Points:
    8
    cPanel Access Level:
    Website Owner
    I did that but also went to cpanel and deleted the current certificate.
    Because as far as understood that step only disables the renewal after the cert expires so unless you delete it manually you will nto notice any difference by disabling autoSSL at least until the cert expires.
     
Loading...

Share This Page