• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Hotlink protection disables Expire headers

M

Mike99

Basic Pleskian
TITLE:
Hotlink protection disables Expire headers
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE:
Plesk Onyx , Version 17.8.11 Update #35, last updated on Dec 18, 2018 01:06 PM, ‪Ubuntu 16.04.5 LTS‬
PROBLEM DESCRIPTION:
When enabled Hotlink protection (can be reverted) in WordPress (extension) > Security Status, Expire headers like cache-control:max-age=31536000, public disappear from headers. If disabled Hotlink protection, they appear again.

This happens in both Nginx only hosting and with Nginx proxying Apache.

Not only​
STEPS TO REPRODUCE:
When enabled Hotlink protection (can be reverted) in WordPress (extension) > Security Status, Expire headers like cache-control:max-age=31536000, public disappear from headers. If disabled Hotlink protection, they appear again.

Additional Nginx directive: (the last line is optional does not work with or without)

location ~* .(js|jpg|jpeg|gif|png|css|tgz|gz|rar|bz2|doc|pdf|ppt|tar|wav|bmp|rtf|swf|ico|flv|txt|svg|mp4|m4v)$ {
etag on;
if_modified_since exact;
add_header Pragma "public";
add_header Cache-Control "max-age=31536000, public";
add_header Link "<$scheme://$http_host$request_uri>; rel=\"canonical\"";
}​
ACTUAL RESULT:
curl -I -c - https://www.example.com/wp-content/uploads/example.png -k
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 28 Dec 2018 16:11:23 GMT
Content-Type: image/png
Content-Length: 13335
Last-Modified: Tue, 18 Dec 2018 23:54:15 GMT
Connection: keep-alive
ETag: "5c1988a7-3417"
Accept-Ranges: bytes​
EXPECTED RESULT:
curl -I -c - https://www.example.com/wp-content/uploads/example.png -k
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 28 Dec 2018 16:11:23 GMT
Content-Type: image/png
Content-Length: 13335
Last-Modified: Tue, 18 Dec 2018 23:54:15 GMT
Connection: keep-alive
ETag: "5c1988a7-3417"
Pragma: public
Cache-Control: max-age=31536000, public
Link: <https://www.example.com/wp-content/uploads/example.png>; rel="canonical"
Accept-Ranges: bytes​
ANY ADDITIONAL INFORMATION:
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM:
Confirm bug
 
Thank you. The issue EXTWPTOOLK-2321 has been submitted.
 
WP Toolkit Version: 3.6.1-1603

Hi Plesk team, I just read that new WP Toolkit fix from 21 February should have fixed this issue, Hotlink Protection And Expire Headers: Hotlink Protection security measure no longer disables Expire headers. (EXTWPTOOLK-2321), but the problem still remains the same. I tried to uninstall WP Toolkit extension and install it back again, this did not help and even broke all my previous settings. The same operating system as above.
 
Hi Mike,

We had to temporarily disable all WPT 3.6 functionality (including bugfixes) to quickly address several critical issues. We're planning to release WPT 3.6.2 tomorrow, which should enable everything again, including the bugfixes you're waiting for. Sorry to keep you waiting!
 
You must log in or register to reply here.

Similar threads

A
Question How to use Clear-Site-Data header rule to clear browser cache
Replies
2
Views
849
AntoineW
A
D
Resolved rel="canonical" response header is lost between Apache and Nginx proxy
Replies
6
Views
1K
Deleted member 209767
D
C
Question Serve static assets with an efficient cache policy
Replies
1
Views
964
Bitpalast
Bitpalast
D
Input How to run Magento 2 on Plesk Obsidian 18 without Docker
Replies
6
Views
3K
WebHostingAce
WebHostingAce
F
Issue Edit response headers
Replies
1
Views
590
figevida
F
Back
Top