- Listing in DirectAdmin of domains and their PHP version would help.
Eg: grep php /usr/local/directadmin/data/users/*/domains/*.conf |more
- Since version 1.57.0: The ‘Force Redirect’ for www. or without, needs a change to work until after security headers.
The old choice can be correctly included in this way:
– None (default) / With www / Without www;
– Early rewrite (old) / Late 301 redirect / Late 302 redirect;
For the longstanding redirect being put at the bottom of .htaccess, consider to put them after httpd.
Current explanation by DirectAdmin:
Defect reproduction text issue no. 2:
http://www.webhostingtech.nl rewrites to https://webhostingtech.nl.
Security headers, such as HSTS, are required to work with the first domain name over HTTPS. So the rewriting called “Force Redirect” combined with the early rewriting to HTTPS has to be built in differently.
Please redesign the order; I think many scenarios are catched this way:
step 1. rewrite from HTTP to HTTPS by GUI DirectAdmin (works before reaching .htaccess)
step 2a. security headers in .htaccess if read
step 2b. security headers on webserver / httpd level
step 3. 301 / 302 redirect by GUI DirectAdmin in order to achieve with or without www.
(after any security header on webserver / httpd level)
– Own code is unnecessary if GUI DirectAdmin guarantees to do the same;
– Internet.nl: ‘Note that we consider HTTPS as a requirement for these security options.’.
Can be textual: ‘Security headers are required to work with the first domain name over HTTPS.’