I stupidly posted the message below to the 000webhost services category instead of Community Support at the beginning of the week, and I fear it might have fallen down some black hole. This is a slightly shorther version, with apologies if I should not be so impatient, and I hope that I am not breaching the forum guidelines in posting to Community Support.
None of the .htaccess settings appear to work for my site (https://citationstudio2.000webhostapp.com/). I have double-checked that .htaccess exists (filename in lowercase, with a period and not misspelt), that it is in my public_html folder on 000webhost, that there is only one .htaccess in my file structure, and that it does not contain any syntax errors. The server generates an error if I insert some rubbish in my .htaccess file, so I know that the file itself is not ignored.
Of course I realize that there are limits on what I can set in .htaccess with a free account, but not a single setting in the file seems to work (with or without RewriteBase). The settings that really worry me are security and performance related:
-
automatic redirect from http to https
I have used the solution in https://www.hostinger.com/tutorials/ssl/forcing-https (updated 2022; same at How To Redirect HTTP to HTTPS Using .htaccess) but it does not work, so http://citationstudio2.000webhostapp.com/ remains as http (yet the htaccess tester at https://htaccess.madewithlove.com/ says that it should work). -
prevent directory listing
Options -Indexes does not work, so the directory listing is on public view when the filename is not specified in the URL for folders like /css /data and /js, e.g. https://citationstudio2.000webhostapp.com/css -
cache control
The settings for my homepage and my css, js and json files are ignored, and the Chrome Dev tools say “cache-control: no-cache” for all of them. -
automatic redirect from /index.html to /
I recently changed my homepage from /index.html to /index.php. I set a redirect from /index.html in 000webhost control panel, and this is reflected in .htaccess but it does not work, i.e. the browser stays at /index.html, yet the htaccess tester at https://htaccess.madewithlove.com/ says that it should work. As a desperate measure to circumvent this I have put a meta refresh to / in index.html to force the redirect, but I really hope that I don’t have to rely on this as a permanent solution.
I have also tried the following security settings, all in vain so I have deleted them for now, but I very much hope I can reinstate them when my .htaccess works again:
- HTTP Strict Transport Security (HSTS) header:
Header always set Strict-Transport-Security “max-age=31536000; includeSubDomains; preload” - Referrer-Policy:
Header always set Referrer-Policy “same-origin” - Set cookies with HttpOnly and Secure flags (adapted from Cookies warning appearing on website, using syntax at https://dev.to/shostarsson/security-headers-to-use-on-your-webserver-3id5; and https://blog.litespeedtech.com/2020/11/02/header-edit-set-cookie-alternative/):
<IfModule mod_headers.c>
Header always edit Set-Cookie (.*) “$1;HTTPOnly;Secure;SameSite=Strict”
</IfModule>
<IfModule LiteSpeed>
ForceSecureCookie httponly secure same_site_none
<IfModule>
I very much hope that my .htaccess file can be re-enabled in the Apache config. Thank you in advance for anything you might be able to do about this.
My .htaccess (in full):
# HTID:17363872: DO NOT REMOVE OR MODIFY THIS LINE AND THE LINES BELOW
php_value display_errors 1
# DO NOT REMOVE OR MODIFY THIS LINE AND THE LINES ABOVE HTID:17363872:
php_flag output_buffering on
# Redirect from http to https
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Provide Specific Index Page (Set the default handler)
DirectoryIndex index.php
# Prevent directory listing
Options -Indexes
# Set browser caching for all static files EXCEPT index.html
<FilesMatch “.(css|jpg|jpeg|png|gif|js|json|ico)$”>
Header set Cache-Control “max-age=8380800, public”
# Set 4 hours browser caching for index…php or url without index file specified
<FilesMatch “index.php$”>
Header set Cache-Control “max-age=14400, public”
# HTID:20277122: DO NOT REMOVE OR MODIFY THIS LINE AND THE LINES BELOW
Redirect 301 /index.html https://citationstudio2.000webhostapp.com/
# DO NOT REMOVE OR MODIFY THIS LINE AND THE LINES ABOVE HTID:20277122: