Apache headers not being sent
So, I'm using WHM 58.0 (build 24) with:
Up until some time ago, all my headers I was setting up were working. I'm using html5 boilerplate apache server configs, so take this directive for example
This doesn't work anymore, i.e. I don't see the header being sent in any of the sites hosted on the server.
```
root@host [~]# httpd -M && httpd -V
Loaded Modules:
core_module (static)
so_module (static)
http_module (static)
mpm_prefork_module (shared)
cgi_module (shared)
access_compat_module (shared)
actions_module (shared)
alias_module (shared)
auth_basic_module (shared)
authn_core_module (shared)
authn_file_module (shared)
authz_core_module (shared)
authz_groupfile_module (shared)
authz_host_module (shared)
authz_user_module (shared)
autoindex_module (shared)
deflate_module (shared)
dir_module (shared)
expires_module (shared)
filter_module (shared)
headers_module (shared)
include_module (shared)
log_config_module (shared)
logio_module (shared)
mime_module (shared)
negotiation_module (shared)
proxy_module (shared)
proxy_fcgi_module (shared)
proxy_http_module (shared)
rewrite_module (shared)
setenvif_module (shared)
slotmem_shm_module (shared)
socache_dbm_module (shared)
socache_shmcb_module (shared)
status_module (shared)
unique_id_module (shared)
unixd_module (shared)
userdir_module (shared)
version_module (shared)
ssl_module (shared)
bwlimited_module (shared)
security2_module (shared)
ruid2_module (shared)
Server version: Apache/2.4.23 (cPanel)
Server built: Aug 6 2016 16:06:17
Server's Module Magic Number: 20120211:61
Server loaded: APR 1.5.2, APR-UTIL 1.5.2
Compiled using: APR 1.5.2, APR-UTIL 1.5.2
Architecture: 64-bit
Server MPM: prefork
threaded: no
forked: yes (variable process count)
Server compiled with....
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses disabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=256
-D HTTPD_ROOT="/etc/apache2"
-D SUEXEC_BIN="/usr/sbin/suexec"
-D DEFAULT_PIDLOG="/var/run/apache2/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
```
Up until some time ago, all my headers I was setting up were working. I'm using html5 boilerplate apache server configs, so take this directive for example
```
# (1) (2)
Header set X-XSS-Protection "1; mode=block"
# `mod_headers` cannot match based on the content-type, however,
# the `X-XSS-Protection` response header should be send only for
# HTML documents and not for the other resources.
Header unset X-XSS-Protection
```
This doesn't work anymore, i.e. I don't see the header being sent in any of the sites hosted on the server.
```
HTTP/2 200
date: Thu, 25 Aug 2016 15:32:43 GMT
content-type: text/html; charset=utf-8
set-cookie: __cfduid=foo; expires=Fri, 25-Aug-17 15:32:43 GMT; path=/; domain=.foo.bar; HttpOnly
x-drupal-cache: HIT
content-language: el
x-frame-options: SAMEORIGIN
x-generator: Drupal 7 (Drupal - Open Source CMS | Drupal.org)
link: <
-
Hello, Could you open a support ticket using the link in my signature so we can take a closer look? You can post the ticket number here so we can update this thread with the outcome. Thank you. 0 -
The problem happens when the pages are served with PHP. If I use a pure index.html file I get all the headers as expected. So it's something with PHP and Apache modules. I created Ticket ID: 7639003 0
Please sign in to leave a comment.
Comments
2 comments