Rewrite Rule changing compression headers?

[jmtakahashi]

I'm a customer, not a webhost. But I'm posting here because my web host is being adamant about his server not being the problem...and this issue being my problem. So here is my question.

Are there security features in cPanel or Apache that will strip off Accept-Encoding headers for urls that are processed through a RewriteRule used for versioning static content?

Static content in my website is not being compressed on my live server. My RewriteRules and my htaccess files are setup properly and all works fine on my local machine. In fact the whole site works as expected on both local machine and live server. However, my contents is not being returned to the browser as compressed on my live server. Are there any security features that can affect the way a RewriteRule returns content back to the browser? My hosting provider only responds when I bring up point that I think he needs to check on.

Slightly more detailed, on my live server. My static versioning adds a "versionXXXXXXX" into the url of requested resources to break the cache in the users browser. My rewrite rule in htaccess direct the request to the content that actually resides on the server; removing the "versionXXXXXX". When I change the request to the actual content (by passing the rewriterule) it returns properly compressed.

On my local machine everything works proper with no problems; the requested URL is redirected and the static content is still returned compressed to the browser.

Here is my htaccess code in case anyone thinks there may be a problem with the htaccess file itself:

<IfModule mod_php5.c>
php_flag engine 0
</IfModule>

<IfModule mod_php7.c>
php_flag engine 0
</IfModule>

# To avoid situation when web server automatically adds extension to path
Options -MultiViews

<IfModule mod_rewrite.c>
    RewriteEngine On

    ## you can put here your pub/static folder path relative to web root
    RewriteBase /pub/static/

    # Remove signature of the static files that is used to overcome the browser cache
    RewriteRule ^version.+?/(.+)$ $1 [PT]

    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-l

    RewriteRule .* ../static.php?resource=$0 [L]
</IfModule>

############################################
## setting MIME types

# JavaScript
AddType application/javascript js jsonp
AddType application/json json

# CSS
AddType text/css css

# Images and icons
AddType image/x-icon ico
AddType image/gif gif
AddType image/png png
AddType image/jpeg jpg
AddType image/jpeg jpeg

# SVG
AddType image/svg+xml svg

# Fonts
AddType application/vnd.ms-fontobject eot
AddType application/x-font-ttf ttf
AddType application/x-font-otf otf
AddType application/x-font-woff woff
AddType application/font-woff2 woff2

# Flash
AddType application/x-shockwave-flash swf

# Archives and exports
AddType application/zip gzip
AddType application/x-gzip gz gzip
AddType application/x-bzip2 bz2
AddType text/csv csv
AddType application/xml xml


<IfModule mod_headers.c>

    <FilesMatch .*\.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$>
        Header append Cache-Control public
    </FilesMatch>

#    <FilesMatch .*\.(js|css|gzip|gz)$>
#       Header set Accept-Encoding gzip, deflate, br
#    </FilesMatch>

    <FilesMatch .*\.(zip|gz|gzip|bz2|csv|xml)$>
        Header append Cache-Control no-store
    </FilesMatch>

</IfModule>

<IfModule mod_expires.c>

############################################
## Add default Expires header
## http://developer.yahoo.com/performance/rules.html#expires

    ExpiresActive On

    # Data
    <FilesMatch \.(zip|gz|gzip|bz2|csv|xml)$>
        ExpiresDefault "access plus 0 seconds"
    </FilesMatch>
    ExpiresByType text/xml "access plus 0 seconds"
    ExpiresByType text/csv "access plus 0 seconds"
    ExpiresByType application/json "access plus 0 seconds"
    ExpiresByType application/zip "access plus 0 seconds"
    ExpiresByType application/x-gzip "access plus 0 seconds"
    ExpiresByType application/x-bzip2 "access plus 0 seconds"

    # CSS, JavaScript
    <FilesMatch \.(css|js)$>
        ExpiresDefault "access plus 1 year"
    </FilesMatch>
    ExpiresByType text/css "access plus 1 year"
    ExpiresByType application/javascript "access plus 1 year"

    # Favicon, images, flash
    <FilesMatch \.(ico|gif|png|jpg|jpeg|swf|svg)$>
        ExpiresDefault "access plus 1 year"
    </FilesMatch>
    ExpiresByType image/gif "access plus 1 year"
    ExpiresByType image/png "access plus 1 year"
    ExpiresByType image/jpg "access plus 1 year"
    ExpiresByType image/jpeg "access plus 1 year"
    ExpiresByType image/svg+xml "access plus 1 year"

    # Fonts
    <FilesMatch \.(eot|ttf|otf|svg|woff|woff2)$>
        ExpiresDefault "access plus 1 year"
    </FilesMatch>
    ExpiresByType application/vnd.ms-fontobject "access plus 1 year"
    ExpiresByType application/x-font-ttf "access plus 1 year"
    ExpiresByType application/x-font-otf "access plus 1 year"
    ExpiresByType application/x-font-woff "access plus 1 year"
    ExpiresByType application/font-woff2 "access plus 1 year"

</IfModule>

 

[cPanelLauren]

Hello @jmtakahashi

Are there security features in cPanel or Apache that will strip off Accept-Encoding headers for urls that are processed through a RewriteRule used for versioning static content?

I am unaware of anything as far a security implementation that would do this.

Ultimately this is something that goes beyond our ability to provide assistance for. I would though, like to point you to the forum posts here which might be helpful:

Gzip enabled - HTML compression Not working
Compression not working

 

[jmtakahashi]

Hello @jmtakahashi



I am unaware of anything as far a security implementation that would do this.

Ultimately this is something that goes beyond our ability to provide assistance for. I would though, like to point you to the forum posts here which might be helpful:

Gzip enabled - HTML compression Not working
Compression not working

After days of debugging it turns out that on my live server, running Apache and Cpanel, the RequestHeader for Set-Encoding was being stripped. This was not happening on my Apache setup on my local machine. My web host still has not give me an explanation why this was happening, nor do I know if it has to do with the htaccess file in the pub/static directory, but adding the RequestHeader set below:

    <IfModule mod_headers.c>
    Header set X-UA-Compatible "IE=edge"
    Header set Connection keep-alive
    #THE LINE BELOW THIS COMMENT
    RequestHeader set Accept-Encoding "gzip, deflate, br" 
    <FilesMatch "\.(appcache|atom|bbaw|bmp|crx|css|cur|eot|f4[abpv]|flv|geojson|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|topojson|tt[cf]|txt|vcard|vcf|vtt|webapp|web[mp]|webmanifest|woff2?|xloc|xml|xpi)$">
        Header unset X-UA-Compatible
    </FilesMatch>
    </IfModule>

to the htaccess file in the root of my Magento site fixed the issue with the compression.

If this is a server issue, I would like someone to comment below on what I might bring up with my webhost to address this. Otherwise, I'm going to submit an issue to the Magento github.

 

[cPanelLauren]

Hi @jmtakahashi

It's possible this could be in relation to a configuration you host has enabled though I'll leave that up to the rest of the community to speculate. The default configuration of cPanel/WHM doesn't have anything that will do this as far as I am aware.

Thanks!