Enhancement ensure-http-header was already set


#1

My domain is:
teppichbilliger.de

I ran this command:

sudo certbot --apache --agree-tos --email admin@teppichbilliger.de --redirect --hsts -d teppichbilliger.de -d www.teppichbilliger.de

It produced this output:


My prestashop.conf

<VirtualHost *:80>
     ServerAdmin admin@teppichbilliger.de
     DocumentRoot /var/www/html/prestashop/
     ServerName teppichbilliger.de
     ServerAlias www.teppichbilliger.de

     <Directory /var/www/html/prestashop/>
        Options +FollowSymlinks
        AllowOverride All
        Require all granted
     </Directory>

     ErrorLog ${APACHE_LOG_DIR}/error.log
     CustomLog ${APACHE_LOG_DIR}/access.log combined

RewriteEngine on
RewriteCond %{SERVER_NAME} =teppichbilliger.de [OR]
RewriteCond %{SERVER_NAME} =www.teppichbilliger.de
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

My prestashop-le-ssl.conf:

<IfModule mod_ssl.c>
<VirtualHost *:443>
     ServerAdmin admin@teppichbilliger.de
     DocumentRoot /var/www/html/prestashop/
     ServerName teppichbilliger.de
     ServerAlias www.teppichbilliger.de

     <Directory /var/www/html/prestashop/>
        Options +FollowSymlinks
        AllowOverride All
        Require all granted
     </Directory>

     ErrorLog ${APACHE_LOG_DIR}/error.log
     CustomLog ${APACHE_LOG_DIR}/access.log combined


Include /etc/letsencrypt/options-ssl-apache.conf
Header always set Strict-Transport-Security "max-age=31536000"
SSLCertificateFile /etc/letsencrypt/live/teppichbilliger.de/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/teppichbilliger.de/privkey.pem
</VirtualHost>
</IfModule>

`
My .htaccess

# ~~start~~ Do not remove this comment, Prestashop will keep automatically the code outside this comment when .htaccess will be generated again
# .htaccess automaticaly generated by PrestaShop e-commerce open-source solution
# http://www.prestashop.com - http://www.prestashop.com/forums

<IfModule mod_rewrite.c>
<IfModule mod_env.c>
SetEnv HTTP_MOD_REWRITE On
</IfModule>

RewriteEngine on
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule . - [E=HTTP_AUTHORIZATION:%1]



#Domain: 178.238.239.20
RewriteRule . - [E=REWRITEBASE:/]
RewriteRule ^api$ api/ [L]

RewriteRule ^api/(.*)$ %{ENV:REWRITEBASE}webservice/dispatcher.php?url=$1 [QSA,L]

# Images
RewriteCond %{HTTP_HOST} ^178.238.239.20$
RewriteRule ^([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$1$2$3.jpg [L]
RewriteCond %{HTTP_HOST} ^178.238.239.20$
RewriteRule ^([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$1$2$3$4.jpg [L]
RewriteCond %{HTTP_HOST} ^178.238.239.20$
RewriteRule ^([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$1$2$3$4$5.jpg [L]
RewriteCond %{HTTP_HOST} ^178.238.239.20$
RewriteRule ^([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg [L]
RewriteCond %{HTTP_HOST} ^178.238.239.20$
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg [L]
RewriteCond %{HTTP_HOST} ^178.238.239.20$
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg [L]
RewriteCond %{HTTP_HOST} ^178.238.239.20$
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg [L]
RewriteCond %{HTTP_HOST} ^178.238.239.20$
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg [L]
RewriteCond %{HTTP_HOST} ^178.238.239.20$
RewriteRule ^c/([0-9]+)(\-[\.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/c/$1$2$3.jpg [L]
RewriteCond %{HTTP_HOST} ^178.238.239.20$
RewriteRule ^c/([a-zA-Z_-]+)(-[0-9]+)?/.+\.jpg$ %{ENV:REWRITEBASE}img/c/$1$2.jpg [L]
# AlphaImageLoader for IE and fancybox
RewriteRule ^images_ie/?([^/]+)\.(jpe?g|png|gif)$ js/jquery/plugins/fancybox/images/$1.$2 [L]

# Dispatcher
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^.*$ %{ENV:REWRITEBASE}index.php [NC,L]
</IfModule>

AddType application/vnd.ms-fontobject .eot
AddType font/ttf .ttf
AddType font/otf .otf
AddType application/font-woff .woff
AddType font/woff2 .woff2
<IfModule mod_headers.c>
	<FilesMatch "\.(ttf|ttc|otf|eot|woff|woff2|svg)$">
		Header set Access-Control-Allow-Origin "*"
	</FilesMatch>
</IfModule>

#If rewrite mod isn't enabled
ErrorDocument 404 /index.php?controller=404

# ~~end~~ Do not remove this comment, Prestashop will keep automatically the code outside this comment when .htaccess will be generated again

When i call https://178.238.239.20/

Hacker k├Ânnten versuchen, Ihre Daten von  **178.238.239.20**  zu stehlen, zum Beispiel Passw├Ârter, Nachrichten oder Kreditkartendaten. 
NET::ERR_CERT_COMMON_NAME_INVALID  

When I call https://teppichbilliger.de i am redirected to http://178.238.239.20

My question is what i am doing FALSE


#2

Hi @v_golban,

There are two redirections trying to reach your domain:

$ curl -IkL teppichbilliger.de
HTTP/1.1 301 Moved Permanently
Date: Wed, 17 Oct 2018 14:23:18 GMT
Server: Apache/2.4.29 (Ubuntu)
Location: https://teppichbilliger.de/
Content-Type: text/html; charset=iso-8859-1

HTTP/1.0 302 Found
Date: Wed, 17 Oct 2018 14:23:19 GMT
Server: Apache/2.4.29 (Ubuntu)
Strict-Transport-Security: max-age=31536000
Location: http://178.238.239.20/
Connection: close
Content-Type: text/html; charset=utf-8

HTTP/1.1 200 OK
Date: Wed, 17 Oct 2018 14:23:19 GMT
Server: Apache/2.4.29 (Ubuntu)
Set-Cookie: PHPSESSID=a8ombuo4q89ogov8g5t9seq2f7; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Powered-By: PrestaShop
Set-Cookie: PrestaShop-975c51512534c59f200edc3d57559c0a=def5020084251d50163cbaf674453d5f3bc6d4c8adb351b0eb4fb324de61b0ac0889cfbcbef57e6f80e44175e1f07539b2fff2716a6d987f35aa9166f9f5be53c0c58862d8e5d82ba49c232a6c34a42d7195c8efdffb287e7849d7fa636b7875ef11265feb92e47c0f042b9d91d965b56bf98ca2eb70593df6771a20783c00bdc63a228a7e2749ff99d3da1dd5f3751f719c59d3750bd7c5426c1f95e833; expires=Tue, 06-Nov-2018 14:23:19 GMT; Max-Age=1728000; path=/; HttpOnly
Set-Cookie: PrestaShop-975c51512534c59f200edc3d57559c0a=def502003c6f3f81c01a24a17675dae5de8e4b8d1ddcadc3c08e8fda60278c5588e9d065f3c42ccc0169d17e9cd8807491eac8b2e86204febd37641748bc48b83261d76725ac1aefc1a30d118da2cc13abdba7284c25adac590b25e5f875722a3e4c303241c376dc2871429f785046ec19da98a82e4099366b35a3c0510a7e75441f4be316524d3612b29c690560a7cb7442e7f3c8a2e84649bdda158a5c0530806789dd8ddf95d6fe1ea245a2b5bbb38d3396821dfadb160b419bc15dda; expires=Tue, 06-Nov-2018 14:23:19 GMT; Max-Age=1728000; path=/; HttpOnly
Connection: close
Content-Type: text/html; charset=utf-8

The first one (301) is the one you have defined in your Apache conf and it is redirecting your domain to https so it is working fine. The second one (302) is the one that is redirecting to your ip but that redirection is not on your Apache conf so, or you have that redirection in some .htaccess files inside your DocumentRoot or prestashop is the one performing this redirection directly, you should double check it.

Cheers,
sahsanu


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.