Migrated to EA4, mod_headers not working in .htaccess

fonginator · Oct 19, 2016

Hi,

I took the plunge and migrated to EasyApache 4 last night. Everything mostly went smoothly, but I am noticing now that my sites' HSTS headers (which are set in their respective .htaccess files) are no longer being sent.

This is what used to work under my EasyApache 3 setup:

<IfModule mod_headers.c>
Header add Strict-Transport-Security "max-age=31536000"
</IfModule>

But no matter what I try (Header always add, Header set, Header always set...), this header never gets sent. Everything else in the .htaccess files seems to be getting parsed and I can trigger an HTTP 500 error if I create a syntax error in one of these files so I know they are being processed. Removing the <IfModule></IfModule> conditional doesn't help either, and I can confirm that mod_headers is activated in Apache.

Any ideas how to resolve this problem?

cPLevey · Oct 19, 2016

Welcome to EasyApache 4!

Personally, I have HSTS headers configured on my EasyApache 4 setup, using Virtual Host Include Files. Documentation for this can be found here: Modify Apache Virtual Hosts with Include Files

For individual domains that you wish to add the HSTS headers to, you can simply add the configuration rule(s) to: /etc/apache2/conf.d/userdata/ssl/2_4/$user/$domain/$includename.conf

For example:
Code:
[/etc/apache2/conf.d/userdata/ssl/2_4/forumuser/forumuser.io]# cat hsts.conf
Header always set Strict-Transport-Security "max-age=31536000"
I hope this helps!

fonginator · Oct 20, 2016

cPLevey said: ↑

Personally, I have HSTS headers configured on my EasyApache 4 setup, using Virtual Host Include Files. Documentation for this can be found here: Modify Apache Virtual Hosts with Include Files

For individual domains that you wish to add the HSTS headers to, you can simply add the configuration rule(s) to: /etc/apache2/conf.d/userdata/ssl/2_4/$user/$domain/$includename.conf
Click to expand...

Hi David,

This is ultimately what I ended up having to do, but I find it to be less convenient since it requires root access (something which I don't necessarily have on all of the cPanel servers I plan to help roll out EA4 on) and breaks existing EA3 configurations.

Unless I'm missing something, putting this in the .htaccess file should work which is the most troublesome aspect of this. I wish I could understand whether this is a bug or some sort of side effect of going from mod_php/mod_ruid2 in EA3 to an fcgi setup with EA4.

linux4me2 · Oct 20, 2016

fonginator said: ↑

Unless I'm missing something, putting this in the .htaccess file should work which is the most troublesome aspect of this. I wish I could understand whether this is a bug or some sort of side effect of going from mod_php/mod_ruid2 in EA3 to an fcgi setup with EA4.
Click to expand...

I'm using EA4 (v. 58.0.32) with Event MPM and suPHP, and I can confirm that the "set" command is working on an account's .htaccess based on the results from testing it on observatory.mozilla.org:
Code:
<IfModule mod_headers.c>
  Header set Strict-Transport-Security "max-age=15768000"
</IfModule>

cPanelMichael · Oct 25, 2016

fonginator said: ↑

Unless I'm missing something, putting this in the .htaccess file should work which is the most troublesome aspect of this. I wish I could understand whether this is a bug or some sort of side effect of going from mod_php/mod_ruid2 in EA3 to an fcgi setup with EA4.
Click to expand...

Hello @fonginator,

Feel free to open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome.

Thank you.

DomineauX · Nov 23, 2016

Was any solution ever found for this?
Seeing the same issue when trying to use the following in .htaccess files under EasyApache 4:

Header append X-FRAME-OPTIONS "SAMEORIGIN"

Works for .html files, but not .php scripts.

cPanelMichael · Nov 23, 2016

DomineauX said: ↑

Was any solution ever found for this?
Seeing the same issue when trying to use the following in .htaccess files under EasyApache 4:

Header append X-FRAME-OPTIONS "SAMEORIGIN"

Works for .html files, but not .php scripts.
Click to expand...

Hello,

Could you let us know which PHP version and handler is utilized for the accounts you are testing this with?

Thank you.

DomineauX · Nov 23, 2016

Apache/2.4.23 prefork
PHP 7.0.13
CGI Handler

cPanelMichael · Nov 23, 2016

DomineauX said: ↑

Apache/2.4.23 prefork
PHP 7.0.13
CGI Handler
Click to expand...

This is likely due to the use of the CGI handler for PHP. You can read more about the interaction between CGI and Mod_Headers at:

mod_headers - Apache HTTP Server Version 2.4

Were you using CGI as the PHP handler before the conversion to EasyApache 4? If not, you should consider changing it back to the previously configured PHP handler. Information on changing the PHP handler is available at:

PHP Handlers - EasyApache 4 - cPanel Documentation

Let us know if this helps.

Thank you.

DomineauX · Nov 23, 2016

It was using SuPHP on EA3.
After switching to SuPHP, it is now working.

asuna123 · Jan 16, 2017

was any solution this problem?
on .htaccess under EA4

<IfModule mod_header.c>
Header Set Cache-Control"max_age=3600"
<IfModule>

this is not work

<IfModule mod_header.c>
Header Set Cache-Control"max-age=3600"
<IfModule>

cPanelMichael · Jan 23, 2017

asuna123 said: ↑

was any solution this problem?
on .htaccess under EA4
Click to expand...

Could you let us know which PHP handler is enabled on the system?

Thank you.

yaashul · May 3, 2017

I am facing this problem still. Running the latest easyapache 4.

I am not able to set any header for the pages created by mod_rewrite or basically php pages. Rest of the images are showing the right headers. I am using FastCGI PHP FPM. Does anyone has ever found a solution for the same?

cPanelMichael · May 4, 2017

yaashul said: ↑

I am using FastCGI PHP FPM. Does anyone has ever found a solution for the same?
Click to expand...

Hello,

Are you able to reproduce the issue when using a non-CGI handler such as DSO or suPHP?

Thank you.

Forums

The Community Forums

Interact with an entire community of cPanel & WHM users!

Migrated to EA4, mod_headers not working in .htaccess

fonginator Registered

cPLevey Technical Analyst Supervisor
Staff Member

fonginator Registered

linux4me2 Well-Known Member

cPanelMichael Forums Analyst
Staff Member

DomineauX Well-Known Member
PartnerNOC

cPanelMichael Forums Analyst
Staff Member

DomineauX Well-Known Member
PartnerNOC

cPanelMichael Forums Analyst
Staff Member

DomineauX Well-Known Member
PartnerNOC

asuna123 Registered

cPanelMichael Forums Analyst
Staff Member

yaashul Registered

cPanelMichael Forums Analyst
Staff Member

Migrated domain emails not working

Database is not migrated correctly

Migrated accounts, lost some email

migrated to new server

Server migrated

Share This Page

Useful Searches

The Community Forums

Interact with an entire community of cPanel & WHM users!

Migrated to EA4, mod_headers not working in .htaccess

fonginator Registered

cPLevey Technical Analyst Supervisor Staff Member

fonginator Registered

linux4me2 Well-Known Member

cPanelMichael Forums Analyst Staff Member

DomineauX Well-Known Member PartnerNOC

cPanelMichael Forums Analyst Staff Member

DomineauX Well-Known Member PartnerNOC

cPanelMichael Forums Analyst Staff Member

DomineauX Well-Known Member PartnerNOC

asuna123 Registered

cPanelMichael Forums Analyst Staff Member

yaashul Registered

cPanelMichael Forums Analyst Staff Member

Migrated domain emails not working

Database is not migrated correctly

Migrated accounts, lost some email

migrated to new server

Server migrated

Share This Page

cPLevey Technical Analyst Supervisor
Staff Member

cPanelMichael Forums Analyst
Staff Member

DomineauX Well-Known Member
PartnerNOC

cPanelMichael Forums Analyst
Staff Member

DomineauX Well-Known Member
PartnerNOC

cPanelMichael Forums Analyst
Staff Member

DomineauX Well-Known Member
PartnerNOC

cPanelMichael Forums Analyst
Staff Member

cPanelMichael Forums Analyst
Staff Member