Conflict with Security Header Plugin

  • Antah

    (@aditferza)


    3 years ago

    Hello Boldgrid team,

    We have a problem on our website. Currently, we’re using some security header plugin (XSS, HSTS, etc) to handle… security header.

    Unfortunately, when we activating W3 Total Cache page cache, the security header configuration that already validated before is gone and undetected. Its strange because the security snippet code in .htaccess is already there but the security header audit apps cant detect it. And now, when we deactivate the W3 page cache, the audit can detect those code again

    What should we do? Thank you

    The page I need help with: [log in to see the link]

Viewing 11 replies - 1 through 11 (of 11 total)
  • Plugin Contributor Marko Vasiljevic

    (@vmarko)

    3 years ago

    Hello @aditferza

    Thank you for reaching out and I am happy to assist you with this.

    Have you also enabled those settings in the W3 Total Cache Browser Cache settings?
    Try disabling the Browser Cache in the General settings and let me know if this helps!

    Thanks!

    Thread Starter Antah

    (@aditferza)

    3 years ago

    Hello Boldgrid Team,

    At this time we only activated Page Cache on W3 Total Cache. There are no other features that has been activated. But we have some strange configuration when we try setup guide

    Looks like there are no difference when enable and disable browser cache. Is there any problem on my configuration?

    Here is the screenshot if this helps https://prnt.sc/_YH2GFsQkLX7

    Thanks

    Plugin Contributor Marko Vasiljevic

    (@vmarko)

    3 years ago

    Hello @aditferza

    Thank you for your feedback.

    Can you please check if those rules for security headers are at the top of the .htaccess and let me know which plugin you are using for this?

    Can you please also share why you are using another plugin when you can enable security headers in the W3 Total Cache Browser Cache settings?

    Thanks!

    Thread Starter Antah

    (@aditferza)

    3 years ago

    Hello Boldgrid team

    Apologize for my mistake, we haven’t checked all the features that W3 Total Cache provide since we’re focusing on Cache and Minify. We thought that from previous screenshot which told that there are no differences when enabling object cache.

    We’ll try to enable browser cache and check how’s our website performance

    Thanks again

    • This reply was modified 3 years ago by Antah.
    Thread Starter Antah

    (@aditferza)

    2 years, 12 months ago

    Hello Boldgrid Team

    We have enabled browser cache and security header settings from W3 Total Cache only. However, when we check the header with 3rd party auditor, it says that the security header code has not been found.

    When we check the .htaccess, the code is there and already on the early row. Can we directly contact you to upload the .htaccess to Boldgrid team so that Boldgrid team can check it?

    Thanks

    Plugin Contributor Marko Vasiljevic

    (@vmarko)

    2 years, 11 months ago

    Hello @aditferza

    Sorry for the late reply.

    Can you please share the screenshot of the Performance>Browser Cache>Security headers section of the plugin?

    Thanks!

    Thread Starter Antah

    (@aditferza)

    2 years, 11 months ago

    Hello Boldgrid team.

    Here is the screenshot of our configuration —> https://prnt.sc/uxQPkXzOIDBD

    Hope this helps, as a reminder the pic is quite long to scroll 😛

    Thank you

    Plugin Contributor Marko Vasiljevic

    (@vmarko)

    2 years, 11 months ago

    Hello @aditferza

    Thank you for your feedback.

    Can you please share your .htaccess file so I can check for any duplicate rules?

    Thanks!

    Thread Starter Antah

    (@aditferza)

    2 years, 11 months ago

    Hello Boldgrid Team,

    Sure, here is our .htaccess file. Since the source code is quite long. You can check it via pastebin here —> https://pastebin.com/w2LwABrn

    Thank you again

    Plugin Contributor Marko Vasiljevic

    (@vmarko)

    2 years, 11 months ago

    Hello @aditferza

    Thank you for your feedback.

    The rules are ok. Are you using Nginx+Apache and if you are using only Apache can you please check if you have some rules in the upper level of you website folder structure or in the main httpd.conf file?

    Thanks!

    Thread Starter Antah

    (@aditferza)

    2 years, 11 months ago

    Hello Boldgrid team,

    After asking our technical team, our website is using apache only. But there are no httpd.conf file. The configuration file that we have is apache2.conf and (maybe unrelated) other .conf file.

    Should we create new httpd.conf file or does boldgrid team want to see our apache2.conf?

    Thank you

Viewing 11 replies - 1 through 11 (of 11 total)

The topic ‘Conflict with Security Header Plugin’ is closed to new replies.