Skip to main content

Migrated to EA4, mod_headers not working in .htaccess

Comments

18 comments

  • cPLevey
    Welcome to EasyApache 4! Personally, I have HSTS headers configured on my EasyApache 4 setup, using Virtual Host Include Files. Documentation for this can be found here:
    I hope this helps!
    0
  • fonginator
    Personally, I have HSTS headers configured on my EasyApache 4 setup, using Virtual Host Include Files. Documentation for this can be found here:
    0
  • linux4me2
    Unless I'm missing something, putting this in the .htaccess file should work which is the most troublesome aspect of this. I wish I could understand whether this is a bug or some sort of side effect of going from mod_php/mod_ruid2 in EA3 to an fcgi setup with EA4.

    I'm using EA4 (v. 58.0.32) with Event MPM and suPHP, and I can confirm that the "set" command is working on an account's .htaccess based on the results from testing it on observatory.mozilla.org:
    Header set Strict-Transport-Security "max-age=15768000"
    0
  • cPanelMichael
    Unless I'm missing something, putting this in the .htaccess file should work which is the most troublesome aspect of this. I wish I could understand whether this is a bug or some sort of side effect of going from mod_php/mod_ruid2 in EA3 to an fcgi setup with EA4.

    Hello @fonginator, Feel free to open a support ticket using the link in my signature so we can take a closer look. You can post the ticket number here so we can update this thread with the outcome. Thank you.
    0
  • DomineauX
    Was any solution ever found for this? Seeing the same issue when trying to use the following in .htaccess files under EasyApache 4: Header append X-FRAME-OPTIONS "SAMEORIGIN" Works for .html files, but not .php scripts.
    0
  • cPanelMichael
    Was any solution ever found for this? Seeing the same issue when trying to use the following in .htaccess files under EasyApache 4: Header append X-FRAME-OPTIONS "SAMEORIGIN" Works for .html files, but not .php scripts.

    Hello, Could you let us know which PHP version and handler is utilized for the accounts you are testing this with? Thank you.
    0
  • DomineauX
    Apache/2.4.23 prefork PHP 7.0.13 CGI Handler
    0
  • cPanelMichael
    Apache/2.4.23 prefork PHP 7.0.13 CGI Handler

    This is likely due to the use of the CGI handler for PHP. You can read more about the interaction between CGI and Mod_Headers at: Let us know if this helps. Thank you.
    0
  • DomineauX
    It was using SuPHP on EA3. After switching to SuPHP, it is now working.
    0
  • asuna123
    was any solution this problem? on .htaccess under EA4 Header Set Cache-Control"max_age=3600" this is not work Header Set Cache-Control"max-age=3600"
    0
  • cPanelMichael
    was any solution this problem? on .htaccess under EA4

    Could you let us know which PHP handler is enabled on the system? Thank you.
    0
  • yaashul
    I am facing this problem still. Running the latest easyapache 4. I am not able to set any header for the pages created by mod_rewrite or basically php pages. Rest of the images are showing the right headers. I am using FastCGI PHP FPM. Does anyone has ever found a solution for the same?
    0
  • cPanelMichael
    I am using FastCGI PHP FPM. Does anyone has ever found a solution for the same?

    Hello, Are you able to reproduce the issue when using a non-CGI handler such as DSO or suPHP? Thank you.
    0
  • John Napoletano
    This is likely due to the use of the CGI handler for PHP...

    Hi Michael. I believe I came up with an htaccess solution and wish for you to review it in case it will help others. I see your name on many posts including some of mine in the past.
    # Redirect to https RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] # Redirect to www RewriteCond %{HTTP_HOST} ^yourdomain\.com [NC] RewriteRule (.*) https://www.yourdomain.com/$1 [E=HTTPS,R=301,L] # Security header Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" env=HTTPS
    The env=HTTPS environment variable wasn't working as expected. So I used the E=HTTPS flag on the www redirect to set the env=HTTPS environment variable on the next request. My post and discussion In Progress - htaccess Header Set doesn't set
    0
  • Olof
    Same problem for me, using mod_mpm_prefork. I can set headers for regular http but not https.
    0
  • cPanelMichael
    Same problem for me, using mod_mpm_prefork. I can set headers for regular http but not https.

    Does the thread linked in the post above yours help? Thank you.
    0
  • Olof
    Does the thread linked in the post above yours help? Thank you.

    No.
    0
  • cPanelMichael
    Hi @Olof, Could you open a support ticket using the link in my signature so we can take a closer look? Thank you.
    0

Please sign in to leave a comment.