Menu

Topic-icon HTTP Headers - Apache's (or Nginx) Header module must be installed to work

  • interstorm
  • interstorm's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
More
5 days 7 hours ago #7847 by interstorm
Hello -- I've installed this wonderful product and read the documentation. After going with the (mostly) basic configuration performed during installation, I checked the System Information > HTTP Headers Applied options and set the following values:
X-Frame Options: Sameorigin
Strict Transport Security: Yes
X-Xss-Protection: Yes

After saving, I noticed the banner error/warning "Apache's (or Nginx) Header module must be installed to work" (although I am not sure if that is specifically to my selections noted above). Once done I then performed a free web scan using Upgaurd.com and it noted that at least one of the items I had hoped would be corrected was still a problem (HTTP Strict Transport Security (HSTS) not enforced). See below:

www.upguard.com/webscan?c=https%3A%2F%2Fynmlist.com

In addition I used the Sucuri web scan to test these features and found similar alerts such as no website firewall being detected:

sitecheck.sucuri.net/results/https/ynmlist.com

Would you be able to confirm what the "Apache's (or Nginx) Header module must be installed to work" message means (I saw it noted in another message: securitycheck.protegetuordenador.com/for...be-installed-to-work ) and if anything needs to be updated for these items to take effect?

Thanks again and let me know if you need any further information from me.

Please Log in or Create an account to join the conversation.

More
5 days 6 hours ago #7848 by Jose
Hi interstorm,

First of all I want to thank you for your confidence in my extensions.

Would you be able to confirm what the "Apache's (or Nginx) Header module must be installed to work" message means (I saw it noted in another message: securitycheck.protegetuordenador.com/for...be-installed-to-work ) and if anything needs to be updated for these items to take effect?

The header module is usually installed in every site, so there should not be an extra step to take after applying the .htaccess protection. One question? After clicking on the "Save" button, did you also click on the "Protect" button? Protect button is the key here; if you didn't click on it protection was not appllied. If so, every rule applied into the .htaccess file should have a green box with the text "This option has been applied":


Also you can manually edit the .htaccess file into your root folder; there you should see something like this:

As you can see, headers will be applied if the headers module is installed; this is why I say "the Apache's (or Nginx) Header module must be installed to work".

Regards,
Jose
Attachments:

Please Log in or Create an account to join the conversation.

  • interstorm
  • interstorm's Avatar Topic Author
  • Offline
  • Fresh Boarder
  • Fresh Boarder
More
4 days 9 hours ago #7850 by interstorm
Yep -- that was it. Sorry for asking such a bad question but thank you for the quick reply! I can see everything is up and running as expected!

This request can be closed :)

Please Log in or Create an account to join the conversation.

More
4 days 9 hours ago #7851 by Jose
You're welcome! :)

Don't hesitate to ask me any other question ;)

Regards,
Jose

Please Log in or Create an account to join the conversation.

Time to create page: 0.110 seconds
Powered by Kunena Forum

Login or Sign In