Solve DirectAdmin issues

  1. To see PHP 7.4’s php.ini, editing was needed:
    DirectAdmin lists files for the file editor in the web-interface in
    ‘/usr/local/directadmin/data/templates/edit_files.txt’.
    Note: This seems to be or was a bug in CustomBuild / DirectAdmin.
  2. Listing in DirectAdmin of domains and their PHP version would help.
    Eg: grep php /usr/local/directadmin/data/users/*/domains/*.conf |more
  3. Intermediate ssl_configuration in Custombuild, download: Proper-Cipher-Order.xlsx
  4. The new ‘Force Redirect‘ needs a change to work until after security headers.
    Thought after making the defect: The old choice can be correctly included in this way:
    – None (default) / With www / Without www;
    – Early rewrite (old) / Late 301 redirect / Late 302 redirect;
    The redirect as usual is added at the bottom of .htaccess. DA may consider: after httpd.
    Current explanation by DirectAdmin:
    https://www.directadmin.com/features.php?id=2365
    (https://www.directadmin.com/features.php?id=2234)

If you go to http://www.webtechsolutions.nl, the changes are: http://www.webtechsolutions.nl >>> https://www.webtechsolutions.nl >>> https://webtechsolutions.nl.

Security headers, such as HSTS, work with the first domain name via HTTPS. So the recent design by DirectAdmin called forced redirect near the early rewrite to HTTPS, does not work.

100%: https://en.internet.nl/site/webtechsolutions.nl/653923/
97%: https://en.internet.nl/site/www.webtechsolutions.nl/653924/

Please redesign the order; I think many scenarios are catched this way:
step 1. rewrite from HTTP to HTTPS by GUI DirectAdmin (works before reaching .htaccess)
step 2a. security headers in .htaccess
step 2b. and / or security headers in httpd / on webserver level
step 3. 301 / 302 redirect by GUI DirectAdmin in order to achieve with or without www.
(after any security header on webserver level)

Notes:
– Own code is unnecessary if GUI DirectAdmin guarantees to do the same;
– Reported to internet.nl: ‘Note that we consider HTTPS as a requirement for these security options.’ is incorrect for the reported situation.
Textual proposal: ‘Security options work with the first domain name via HTTPS.’