AutoSSL override htaccess
Does cPanel AutoSSL override htaccess ? Can i remove this rules from htaccess? Please let me know that can i still use this my
My original htaccess is :
cPanel added:
RewriteEngine On
# Force SSL:
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# Force www:
RewriteCond %{HTTP_HOST} !^$
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]cPanel added:
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.example\.com
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule (.*) http://www.example.com/$1 [R=301,L]
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteCond %{QUERY_STRING} (^|\?|&)p=([0-9]+)($|&)
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^showthread\.php$ /posts/%2/? [R=301,L]
RewriteCond %{QUERY_STRING} (^|\?)([0-9]+)-[^/]+/page([0-9]+)$
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^showthread\.php$ /threads/%2/page-%3? [R=301,L]
RewriteCond %{QUERY_STRING} (^|\?)([0-9]+)-.*$
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^showthread\.php$ /threads/%2/? [R=301,L]
-
Hello, The following entries are automatically added before each RewriteRule in the .htaccess file when AutoSSL is enabled to ensure certificates validate successfully: RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}.txt(?:\ Comodo\ DCV)?$ RewriteCond %{REQUEST_URI} !^[0-9]+\..+\.cpaneldcv$
These rules create exceptions (note the preceding !) so that matching REQUEST_URIs do not get rewritten, and should not prevent the existing rules from working. Are the rule additions causing any problems on the website? Thanks!0 -
Just use this as the first rule in the .htaccess, then you don't need subsequent conditions.... RewriteCond %{REQUEST_URI} ^/(?:[0-9]+\..+\.cpaneldcv|[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?|\.well-known/acme-challenge/[0-9a-zA-Z_-]+)$ RewriteRule .* - [L]0 -
Hello, The following entries are automatically added before each RewriteRule in the .htaccess file when AutoSSL is enabled to ensure certificates validate successfully:
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}.txt(?:\ Comodo\ DCV)?$ RewriteCond %{REQUEST_URI} !^[0-9]+\..+\.cpaneldcv$
These rules create exceptions (note the preceding !) so that matching REQUEST_URIs do not get rewritten, and should not prevent the existing rules from working. Are the rule additions causing any problems on the website? Thanks!
Our server has AutoSSL disabled, but still found the .htaccess was modified with this rewrite rule when client install the self-signed ssl in cpanel. This did cause a wordpress site down with error: xxxxx.com didn"t send any data. ERR_EMPTY_RESPONSE
Here's the .htaccess file:# BEGIN WordPress RewriteEngine On RewriteBase / RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteRule . /index.php [L] # END WordPress RewriteCond %{HTTP_HOST} ^domainname\.com$ [OR] RewriteCond %{HTTP_HOST} ^www\.domainname\.com$ RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteRule ^/?$ "http\:\/\/domainname\.com\/wp" [R=301,L]0 -
Hello, As of cPanel version 64, you can remove those entries in favor of the following option under the "Domains" tab in "WHM >> Tweak Settings" if you prefer: Use a Global DCV rewrite exclude instead of .htaccess modification (requires Apache 2.4+, EA4) Here's the description for this option: When you enable this option, Apache adds global rewrite rules to the webserver configuration so that the system does not process additional rewrite rules for DCV filenames. These global rules make it unnecessary for cPanel & WHM to modify each account"s .htaccess file. Note: When you enable this option, the system receives a trivial performance penalty because all of the HTTP requests must be matched against the DCV filename regular expressions. Thank you. 0 -
Hello, As of cPanel version 64, you can remove those entries in favor of the following option under the "Domains" tab in "WHM >> Tweak Settings" if you prefer: Use a Global DCV rewrite exclude instead of .htaccess modification (requires Apache 2.4+, EA4) Here's the description for this option: When you enable this option, Apache adds global rewrite rules to the webserver configuration so that the system does not process additional rewrite rules for DCV filenames. These global rules make it unnecessary for cPanel & WHM to modify each account"s .htaccess file. Note: When you enable this option, the system receives a trivial performance penalty because all of the HTTP requests must be matched against the DCV filename regular expressions. Thank you.
If we enable this option then will automatically remove this rules from htaccess? Where are create the Global DCV rewrite files? Still are using cPanel-generated handler and cPanel-generated php ini directives rules? Why not Global option for this rules?# BEGIN cPanel-generated php ini directives, do not edit php_flag display_errors On php_value max_execution_time 360 php_value max_input_time 240 php_value max_input_vars 100000 php_value memory_limit 4095M php_value session.gc_maxlifetime 1440 php_value session.save_path "/var/cpanel/php/sessions/ea-php71" php_value upload_max_filesize 128M # END cPanel-generated php ini directives, do not edit # php -- BEGIN cPanel-generated handler, do not edit # Set the "ea-php71" package as the default "PHP" programming language. AddType application/x-httpd-php .php .php7 .phtml # php -- END cPanel-generated handler, do not edit0 -
If we enable this option then will automatically remove this rules from htaccess? Where are create the Global DCV rewrite files? Still are using cPanel-generated handler and cPanel-generated php ini directives rules? Why not Global option for this rules?
The rewrite rules are added to the Apache configuration file (/etc/apache2/conf/httpd.conf) when the option is enabled. EX:# Global DCV Exclude RewriteEngine on RewriteCond %{REQUEST_URI} ^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ [OR] RewriteCond %{REQUEST_URI} ^/[0-9]+\..+\.cpaneldcv$ # Exclude proxy subdomains as we need rewrites to capture the DCV requests RewriteCond %{HTTP_HOST} !^(?:autoconfig|autodiscover|cpanel|cpcalendars|cpcontacts|webdisk|webmail|whm)\. RewriteRule ^ - [END]
This is unrelated to the PHP configuration values in the .htaccess file. Please open a new thread if you'd like to inquire about those entries, as they relate to the MultiPHP INI Editor and not the AutoSSL rewrite rules. Thank you.0 -
The rewrite rules are added to the Apache configuration file (/etc/apache2/conf/httpd.conf) when the option is enabled.
If we enable this option then will automatically remove this rules from htaccess?0 -
If we enable this option then will automatically remove this rules from htaccess?
No, the existing DCV exclusion rules in .htaccess files are not automatically removed. Thank you.0 -
system receives a trivial performance penalty
If this, you are recommended to using Global DCV rewrite option?0 -
If this, you are recommended to using Global DCV rewrite option?
The performance penalty is minimal. You are likely to not notice a difference. Thank you.0 -
The rewrite rules are added to the Apache configuration file (/etc/apache2/conf/httpd.conf) when the option is enabled. EX:
If we disable this option then does auto remove this code and added to via htaccess?0 -
If we disable this option then does auto remove this code and added to via htaccess?
Disabling "Use a Global DCV rewrite exclude instead of .htaccess modification (requires Apache 2.4+, EA4)" automatically removes those rules in the Apache configuration file. The AutoSSL functionality would then add rules to the .htaccess files as needed during the domain validation process. Thank you.0 -
Use a Global DCV rewrite exclude instead of .htaccess modification (requires Apache 2.4+, EA4)"
I have enabled "Use a Global DCV rewrite exclude instead of .htaccess modification (requires Apache 2.4+, EA4)" but still adding rules to the .htaccess files with Create a New Account.RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$0 -
I have enabled "Use a Global DCV rewrite exclude instead of .htaccess modification (requires Apache 2.4+, EA4)" but still adding rules to the .htaccess files with Create a New Account.
Hello, I'm unable to reproduce this behavior. Could you open a support ticket using the link in my signature so we can take a closer look at the affected system? Thank you.0
Please sign in to leave a comment.
Comments
14 comments