Solve DirectAdmin issues

  1. To see PHP 7.4’s php.ini, editing was needed:
    DirectAdmin lists files for the file editor in the web-interface in
    ‘/usr/local/directadmin/data/templates/edit_files.txt’.
    Note: This seems to have been or is a bug in CustomBuild / DirectAdmin.
  2. Listing in DirectAdmin of domains and their PHP version would help.
    Eg: grep php /usr/local/directadmin/data/users/*/domains/*.conf |more
  3. Intermediate ssl_configuration in Custombuild, download: Proper-Cipher-Order.xlsx
  4. The new ‘Force Redirect‘ needs a change to work until after security headers.
    Thought after making the defect: The old choice can be correctly included in this way:
    – None (default) / With www / Without www;
    – Early rewrite (old) / Late 301 redirect / Late 302 redirect;
    For the longstanding redirect being put at the bottom of .htaccess, consider to put them after httpd.
    Current explanation by DirectAdmin:
    https://www.directadmin.com/features.php?id=2365
    (https://www.directadmin.com/features.php?id=2234)
Defect text issue no. 4:

Browse http://www.webtechsolutions.nl
The changes are: http://www.webtechsolutions.nl >>> https://www.webtechsolutions.nl >>> https://webtechsolutions.nl.

Security headers, such as HSTS, work with the first domain name via HTTPS.
So the introduced forced redirect, near the early rewrite to HTTPS, does not work.

100%: https://en.internet.nl/site/webtechsolutions.nl/653923/
97%: https://en.internet.nl/site/www.webtechsolutions.nl/653924/

Please redesign the order; I think many scenarios are catched this way:
step 1. rewrite from HTTP to HTTPS by GUI DirectAdmin (works before reaching .htaccess)
step 2a. security headers in .htaccess
step 2b. and / or security headers in httpd / on webserver level
step 3. 301 / 302 redirect by GUI DirectAdmin in order to achieve with or without www.
(after any security header on webserver level)

Notes:
– Own code is unnecessary if GUI DirectAdmin guarantees to do the same;
– Reported to internet.nl: ‘Note that we consider HTTPS as a requirement for these security options.’ is incorrect for the reported situation.
Textual proposal: ‘Security options work with the first domain name via HTTPS.’