Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Migrated to EA4, mod_headers not working in .htaccess

Discussion in 'EasyApache' started by fonginator, Oct 19, 2016.

Tags:
  1. fonginator

    fonginator Registered

    Joined:
    Oct 19, 2016
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    76
    Location:
    Montreal, Canada
    cPanel Access Level:
    Root Administrator
    Hi,

    I took the plunge and migrated to EasyApache 4 last night. Everything mostly went smoothly, but I am noticing now that my sites' HSTS headers (which are set in their respective .htaccess files) are no longer being sent.

    This is what used to work under my EasyApache 3 setup:

    <IfModule mod_headers.c>
    Header add Strict-Transport-Security "max-age=31536000"
    </IfModule>

    But no matter what I try (Header always add, Header set, Header always set...), this header never gets sent. Everything else in the .htaccess files seems to be getting parsed and I can trigger an HTTP 500 error if I create a syntax error in one of these files so I know they are being processed. Removing the <IfModule></IfModule> conditional doesn't help either, and I can confirm that mod_headers is activated in Apache.

    Any ideas how to resolve this problem?
     
    #1 fonginator, Oct 19, 2016
  2. cPLevey

    cPLevey Technical Analyst Supervisor
    Staff Member

    Joined:
    Dec 3, 2015
    Messages:
    44
    Likes Received:
    8
    Trophy Points:
    83
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Welcome to EasyApache 4!

    Personally, I have HSTS headers configured on my EasyApache 4 setup, using Virtual Host Include Files. Documentation for this can be found here: Modify Apache Virtual Hosts with Include Files

    For individual domains that you wish to add the HSTS headers to, you can simply add the configuration rule(s) to: /etc/apache2/conf.d/userdata/ssl/2_4/$user/$domain/$includename.conf

    For example:
    Code:
    [/etc/apache2/conf.d/userdata/ssl/2_4/forumuser/forumuser.io]# cat hsts.conf
Header always set Strict-Transport-Security "max-age=31536000"
    I hope this helps!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #2 cPLevey, Oct 19, 2016
  3. fonginator

    fonginator Registered

    Joined:
    Oct 19, 2016
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    76
    Location:
    Montreal, Canada
    cPanel Access Level:
    Root Administrator
    Hi David,

    This is ultimately what I ended up having to do, but I find it to be less convenient since it requires root access (something which I don't necessarily have on all of the cPanel servers I plan to help roll out EA4 on) and breaks existing EA3 configurations.

    Unless I'm missing something, putting this in the .htaccess file should work which is the most troublesome aspect of this. I wish I could understand whether this is a bug or some sort of side effect of going from mod_php/mod_ruid2 in EA3 to an fcgi setup with EA4.
     
    #3 fonginator, Oct 20, 2016
  4. linux4me2

    linux4me2 Well-Known Member

    Joined:
    Aug 21, 2015
    Messages:
    198
    Likes Received:
    46
    Trophy Points:
    28
    Location:
    USA
    cPanel Access Level:
    Root Administrator
    I'm using EA4 (v. 58.0.32) with Event MPM and suPHP, and I can confirm that the "set" command is working on an account's .htaccess based on the results from testing it on observatory.mozilla.org:
    Code:
    <IfModule mod_headers.c>
  Header set Strict-Transport-Security "max-age=15768000"
</IfModule>
     
    #4 linux4me2, Oct 20, 2016
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,633
    Likes Received:
    1,787
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello @fonginator,

    Feel free to open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #5 cPanelMichael, Oct 25, 2016
  6. DomineauX

    DomineauX Well-Known Member
    PartnerNOC

    Joined:
    Apr 12, 2003
    Messages:
    423
    Likes Received:
    7
    Trophy Points:
    168
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Was any solution ever found for this?
    Seeing the same issue when trying to use the following in .htaccess files under EasyApache 4:

    Header append X-FRAME-OPTIONS "SAMEORIGIN"

    Works for .html files, but not .php scripts.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #6 DomineauX, Nov 23, 2016
  7. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,633
    Likes Received:
    1,787
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Could you let us know which PHP version and handler is utilized for the accounts you are testing this with?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #7 cPanelMichael, Nov 23, 2016
  8. DomineauX

    DomineauX Well-Known Member
    PartnerNOC

    Joined:
    Apr 12, 2003
    Messages:
    423
    Likes Received:
    7
    Trophy Points:
    168
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Apache/2.4.23 prefork
    PHP 7.0.13
    CGI Handler
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #8 DomineauX, Nov 23, 2016
  9. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,633
    Likes Received:
    1,787
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    This is likely due to the use of the CGI handler for PHP. You can read more about the interaction between CGI and Mod_Headers at:

    mod_headers - Apache HTTP Server Version 2.4

    Were you using CGI as the PHP handler before the conversion to EasyApache 4? If not, you should consider changing it back to the previously configured PHP handler. Information on changing the PHP handler is available at:

    PHP Handlers - EasyApache 4 - cPanel Documentation

    Let us know if this helps.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #9 cPanelMichael, Nov 23, 2016
  10. DomineauX

    DomineauX Well-Known Member
    PartnerNOC

    Joined:
    Apr 12, 2003
    Messages:
    423
    Likes Received:
    7
    Trophy Points:
    168
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    It was using SuPHP on EA3.
    After switching to SuPHP, it is now working.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #10 DomineauX, Nov 23, 2016
    cPanelMichael likes this.
  11. asuna123

    asuna123 Registered

    Joined:
    Jan 16, 2017
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    indonesia
    cPanel Access Level:
    Website Owner
    was any solution this problem?
    on .htaccess under EA4

    <IfModule mod_header.c>
    Header Set Cache-Control"max_age=3600"
    <IfModule>

    this is not work

    <IfModule mod_header.c>
    Header Set Cache-Control"max-age=3600"
    <IfModule>
     
    #11 asuna123, Jan 16, 2017
  12. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,633
    Likes Received:
    1,787
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Could you let us know which PHP handler is enabled on the system?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #12 cPanelMichael, Jan 23, 2017
  13. yaashul

    yaashul Registered

    Joined:
    May 3, 2017
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    India
    cPanel Access Level:
    Root Administrator
    I am facing this problem still. Running the latest easyapache 4.

    I am not able to set any header for the pages created by mod_rewrite or basically php pages. Rest of the images are showing the right headers. I am using FastCGI PHP FPM. Does anyone has ever found a solution for the same?
     
    #13 yaashul, May 3, 2017
  14. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,633
    Likes Received:
    1,787
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Are you able to reproduce the issue when using a non-CGI handler such as DSO or suPHP?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #14 cPanelMichael, May 4, 2017
  15. John Napoletano

    John Napoletano Member

    Joined:
    Mar 17, 2016
    Messages:
    15
    Likes Received:
    1
    Trophy Points:
    3
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hi Michael. I believe I came up with an htaccess solution and wish for you to review it in case it will help others. I see your name on many posts including some of mine in the past.

    Code:
    # Redirect to https
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

# Redirect to www
RewriteCond %{HTTP_HOST} ^yourdomain\.com [NC]
RewriteRule (.*) https://www.yourdomain.com/$1 [E=HTTPS,R=301,L]

# Security header
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" env=HTTPS
    The env=HTTPS environment variable wasn't working as expected. So I used the E=HTTPS flag on the www redirect to set the env=HTTPS environment variable on the next request.

    My post and discussion
    In Progress - htaccess Header Set doesn't set
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #15 John Napoletano, Oct 22, 2017
  16. Olof

    Olof Member

    Joined:
    Jan 18, 2016
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    stockholm, sweden
    cPanel Access Level:
    Root Administrator
    Same problem for me, using mod_mpm_prefork. I can set headers for regular http but not https.
     
    #16 Olof, Oct 23, 2017
  17. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,633
    Likes Received:
    1,787
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Does the thread linked in the post above yours help?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #17 cPanelMichael, Oct 27, 2017
  18. Olof

    Olof Member

    Joined:
    Jan 18, 2016
    Messages:
    11
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    stockholm, sweden
    cPanel Access Level:
    Root Administrator
    No.
     
    #18 Olof, Oct 29, 2017
  19. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    43,633
    Likes Received:
    1,787
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hi @Olof,

    Could you open a support ticket using the link in my signature so we can take a closer look?

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    #19 cPanelMichael, Oct 30, 2017
(You must log in or sign up to post here.)
Loading...
Similar Threads - Migrated mod_headers working
  1. jazee

    Anyone Migrated from Local Email to 3rd Party Email Hosting?

    jazee, Mar 30, 2018, in forum: E-mail Discussion
    Replies:
    2
    Views:
    133
    cPanelMichael
    Apr 2, 2018
  2. NovemberRain

    migrated-from-my.cnf-settings service file is marked world-inaccessible

    NovemberRain, Jan 28, 2018, in forum: Security
    Replies:
    3
    Views:
    328
    cPanelMichael
    Feb 19, 2018
  3. splaquet

    Easiest method to identify and remove migrated sites in bulk

    splaquet, Dec 20, 2017, in forum: Data Protection
    Replies:
    1
    Views:
    219
    cPanelMichael
    Dec 22, 2017
  4. Diggster

    Migrated domain emails not working

    Diggster, Feb 27, 2017, in forum: E-mail Discussion
    Replies:
    7
    Views:
    1,022
    Infopro
    Feb 28, 2017
  5. webhostuk

    Database is not migrated correctly

    webhostuk, Jun 21, 2016, in forum: Data Protection
    Replies:
    2
    Views:
    676
    cPanelMichael
    Jun 22, 2016

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...
    Dismiss Notice