• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • Our UX team believes in the in the power of direct feedback and would like to invite you to participate in interviews, tests, and surveys.
    To stay in the loop and never miss an opportunity to share your thoughts, please subscribe to our UX research program. If you were previously part of the Plesk UX research program, please re-subscribe to continue receiving our invitations.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Hotlink protection disables Expire headers

M

Mike99

Basic Pleskian
TITLE:
Hotlink protection disables Expire headers
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE:
Plesk Onyx , Version 17.8.11 Update #35, last updated on Dec 18, 2018 01:06 PM, ‪Ubuntu 16.04.5 LTS‬
PROBLEM DESCRIPTION:
When enabled Hotlink protection (can be reverted) in WordPress (extension) > Security Status, Expire headers like cache-control:max-age=31536000, public disappear from headers. If disabled Hotlink protection, they appear again.

This happens in both Nginx only hosting and with Nginx proxying Apache.

Not only​
STEPS TO REPRODUCE:
When enabled Hotlink protection (can be reverted) in WordPress (extension) > Security Status, Expire headers like cache-control:max-age=31536000, public disappear from headers. If disabled Hotlink protection, they appear again.

Additional Nginx directive: (the last line is optional does not work with or without)

location ~* .(js|jpg|jpeg|gif|png|css|tgz|gz|rar|bz2|doc|pdf|ppt|tar|wav|bmp|rtf|swf|ico|flv|txt|svg|mp4|m4v)$ {
etag on;
if_modified_since exact;
add_header Pragma "public";
add_header Cache-Control "max-age=31536000, public";
add_header Link "<$scheme://$http_host$request_uri>; rel=\"canonical\"";
}​
ACTUAL RESULT:
curl -I -c - https://www.example.com/wp-content/uploads/example.png -k
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 28 Dec 2018 16:11:23 GMT
Content-Type: image/png
Content-Length: 13335
Last-Modified: Tue, 18 Dec 2018 23:54:15 GMT
Connection: keep-alive
ETag: "5c1988a7-3417"
Accept-Ranges: bytes​
EXPECTED RESULT:
curl -I -c - https://www.example.com/wp-content/uploads/example.png -k
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 28 Dec 2018 16:11:23 GMT
Content-Type: image/png
Content-Length: 13335
Last-Modified: Tue, 18 Dec 2018 23:54:15 GMT
Connection: keep-alive
ETag: "5c1988a7-3417"
Pragma: public
Cache-Control: max-age=31536000, public
Link: <https://www.example.com/wp-content/uploads/example.png>; rel="canonical"
Accept-Ranges: bytes​
ANY ADDITIONAL INFORMATION:
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM:
Confirm bug
 
Thank you. The issue EXTWPTOOLK-2321 has been submitted.
 
WP Toolkit Version: 3.6.1-1603

Hi Plesk team, I just read that new WP Toolkit fix from 21 February should have fixed this issue, Hotlink Protection And Expire Headers: Hotlink Protection security measure no longer disables Expire headers. (EXTWPTOOLK-2321), but the problem still remains the same. I tried to uninstall WP Toolkit extension and install it back again, this did not help and even broke all my previous settings. The same operating system as above.
 
Hi Mike,

We had to temporarily disable all WPT 3.6 functionality (including bugfixes) to quickly address several critical issues. We're planning to release WPT 3.6.2 tomorrow, which should enable everything again, including the bugfixes you're waiting for. Sorry to keep you waiting!
 
You must log in or register to reply here.

Similar threads

P
Resolved Nginx HTTP3 cause invalid redirect on WordPress
Replies
2
Views
3K
Paulo_o
P
A
Question How to use Clear-Site-Data header rule to clear browser cache
Replies
2
Views
3K
AntoineW
A
D
Resolved rel="canonical" response header is lost between Apache and Nginx proxy
Replies
6
Views
2K
Deleted member 209767
D
C
Question Serve static assets with an efficient cache policy
Replies
1
Views
2K
Bitpalast
Bitpalast
T
Issue Host settings and htaccess behavior in nginx proxy mode
Replies
3
Views
3K
Peter Debik
P
Back
Top