• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Hotlink protection disables Expire headers

M

Mike99

Basic Pleskian
TITLE:
Hotlink protection disables Expire headers
PRODUCT, VERSION, OPERATING SYSTEM, ARCHITECTURE:
Plesk Onyx , Version 17.8.11 Update #35, last updated on Dec 18, 2018 01:06 PM, ‪Ubuntu 16.04.5 LTS‬
PROBLEM DESCRIPTION:
When enabled Hotlink protection (can be reverted) in WordPress (extension) > Security Status, Expire headers like cache-control:max-age=31536000, public disappear from headers. If disabled Hotlink protection, they appear again.

This happens in both Nginx only hosting and with Nginx proxying Apache.

Not only​
STEPS TO REPRODUCE:
When enabled Hotlink protection (can be reverted) in WordPress (extension) > Security Status, Expire headers like cache-control:max-age=31536000, public disappear from headers. If disabled Hotlink protection, they appear again.

Additional Nginx directive: (the last line is optional does not work with or without)

location ~* .(js|jpg|jpeg|gif|png|css|tgz|gz|rar|bz2|doc|pdf|ppt|tar|wav|bmp|rtf|swf|ico|flv|txt|svg|mp4|m4v)$ {
etag on;
if_modified_since exact;
add_header Pragma "public";
add_header Cache-Control "max-age=31536000, public";
add_header Link "<$scheme://$http_host$request_uri>; rel=\"canonical\"";
}​
ACTUAL RESULT:
curl -I -c - https://www.example.com/wp-content/uploads/example.png -k
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 28 Dec 2018 16:11:23 GMT
Content-Type: image/png
Content-Length: 13335
Last-Modified: Tue, 18 Dec 2018 23:54:15 GMT
Connection: keep-alive
ETag: "5c1988a7-3417"
Accept-Ranges: bytes​
EXPECTED RESULT:
curl -I -c - https://www.example.com/wp-content/uploads/example.png -k
HTTP/1.1 200 OK
Server: nginx
Date: Fri, 28 Dec 2018 16:11:23 GMT
Content-Type: image/png
Content-Length: 13335
Last-Modified: Tue, 18 Dec 2018 23:54:15 GMT
Connection: keep-alive
ETag: "5c1988a7-3417"
Pragma: public
Cache-Control: max-age=31536000, public
Link: <https://www.example.com/wp-content/uploads/example.png>; rel="canonical"
Accept-Ranges: bytes​
ANY ADDITIONAL INFORMATION:
YOUR EXPECTATIONS FROM PLESK SERVICE TEAM:
Confirm bug
 
Thank you. The issue EXTWPTOOLK-2321 has been submitted.
 
WP Toolkit Version: 3.6.1-1603

Hi Plesk team, I just read that new WP Toolkit fix from 21 February should have fixed this issue, Hotlink Protection And Expire Headers: Hotlink Protection security measure no longer disables Expire headers. (EXTWPTOOLK-2321), but the problem still remains the same. I tried to uninstall WP Toolkit extension and install it back again, this did not help and even broke all my previous settings. The same operating system as above.
 
Hi Mike,

We had to temporarily disable all WPT 3.6 functionality (including bugfixes) to quickly address several critical issues. We're planning to release WPT 3.6.2 tomorrow, which should enable everything again, including the bugfixes you're waiting for. Sorry to keep you waiting!
 
You must log in or register to reply here.

Similar threads

P
Resolved Nginx HTTP3 cause invalid redirect on WordPress
Replies
2
Views
3K
Paulo_o
P
A
Question How to use Clear-Site-Data header rule to clear browser cache
Replies
2
Views
3K
AntoineW
A
D
Resolved rel="canonical" response header is lost between Apache and Nginx proxy
Replies
6
Views
2K
Deleted member 209767
D
C
Question Serve static assets with an efficient cache policy
Replies
1
Views
2K
Bitpalast
Bitpalast
T
Issue Host settings and htaccess behavior in nginx proxy mode
Replies
3
Views
3K
Peter Debik
P
Back
Top