Deaktivering af HTTP komprimering via .htaccess
HejJeg har behov for midlertidigt at deaktivere HTTPP komprimering på mit webhotel. Mit webhotel er hostet hos Simply.com (tidligere UnoEuro).
Jeg har forsøgt på flere måder igennem en .htaccess-fil, men intet fungerer ordentligt.
1. Første udkast af .htaccess-filen:
<ifModule mod_deflate.c>
no-gzip dont-vary
</IfModule>
## Automatic 301 redirect to https
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
</IfModule>
## Additional security headers
<ifModule mod_headers.c>
# X Frame Options
Header always set X-Frame-Options "SAMEORIGIN"
# X XSS-Protection (deprecated)
Header set X-XSS-Protection "0"
# X Content-Type-Options
Header set X-Content-Type-Options "nosniff"
# X Permitted Cross Domain Policies
Header set X-Permitted-Cross-Domain-Policies "none"
# X-Powered-By and Server
Header unset X-Powered-By
Header unset Server
# Enable Strict Transport Security
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS
# Referrer Policy
Header set Referrer-Policy "strict-origin-when-cross-origin"
# Expect-CT (deprecated)
# Header set Expect-CT "max-age=86400, enforce" env=HTTPS
## Advanced policies - basic implementation
# Feature Policy (rudimentary policies supported by most browsers)
Header set Feature-Policy "microphone 'none'; camera 'none'"
# Permissions Policy (rudimentary policies supported by chrome and FF)
Header set Permissions-Policy "autoplay=(self), encrypted-media=(self), fullscreen=(self), geolocation=(self), midi=(self), payment=(self)"
# Content Security Policy (CSP - rudimentary policies enforcing https)
Header set Content-Security-Policy "default-src * data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'"
</IfModule>
---
2. Andet udkast af .htaccess-filen:
php_flag zlib.output_compression off
## Automatic 301 redirect to https
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
</IfModule>
## Additional security headers
<ifModule mod_headers.c>
# X Frame Options
Header always set X-Frame-Options "SAMEORIGIN"
# X XSS-Protection (deprecated)
Header set X-XSS-Protection "0"
# X Content-Type-Options
Header set X-Content-Type-Options "nosniff"
# X Permitted Cross Domain Policies
Header set X-Permitted-Cross-Domain-Policies "none"
# X-Powered-By and Server
Header unset X-Powered-By
Header unset Server
# Enable Strict Transport Security
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS
# Referrer Policy
Header set Referrer-Policy "strict-origin-when-cross-origin"
# Expect-CT (deprecated)
# Header set Expect-CT "max-age=86400, enforce" env=HTTPS
## Advanced policies - basic implementation
# Feature Policy (rudimentary policies supported by most browsers)
Header set Feature-Policy "microphone 'none'; camera 'none'"
# Permissions Policy (rudimentary policies supported by chrome and FF)
Header set Permissions-Policy "autoplay=(self), encrypted-media=(self), fullscreen=(self), geolocation=(self), midi=(self), payment=(self)"
# Content Security Policy (CSP - rudimentary policies enforcing https)
Header set Content-Security-Policy "default-src * data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'"
</IfModule>
---
3. Tredje udkast af .htaccess-filen:
# Disable HTTP compression START
SetEnv no-gzip 1
# Disable HTTP compression END
## Automatic 301 redirect to https
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
</IfModule>
## Additional security headers
<ifModule mod_headers.c>
# X Frame Options
Header always set X-Frame-Options "SAMEORIGIN"
# X XSS-Protection (deprecated)
Header set X-XSS-Protection "0"
# X Content-Type-Options
Header set X-Content-Type-Options "nosniff"
# X Permitted Cross Domain Policies
Header set X-Permitted-Cross-Domain-Policies "none"
# X-Powered-By and Server
Header unset X-Powered-By
Header unset Server
# Enable Strict Transport Security
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS
# Referrer Policy
Header set Referrer-Policy "strict-origin-when-cross-origin"
# Expect-CT (deprecated)
# Header set Expect-CT "max-age=86400, enforce" env=HTTPS
## Advanced policies - basic implementation
# Feature Policy (rudimentary policies supported by most browsers)
Header set Feature-Policy "microphone 'none'; camera 'none'"
# Permissions Policy (rudimentary policies supported by chrome and FF)
Header set Permissions-Policy "autoplay=(self), encrypted-media=(self), fullscreen=(self), geolocation=(self), midi=(self), payment=(self)"
# Content Security Policy (CSP - rudimentary policies enforcing https)
Header set Content-Security-Policy "default-src * data:; script-src https: data: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'"
</IfModule>
---
Når jeg tester via hjemmesiden https://http.dev/compression/test, står der, at hjemmesiden stadig benytter GZIP-komprimering, uanset hvordan, at jeg forsøger at slå det fra.
Er der nogle som ved, om det er muligt at deaktivere http komprimering på en anden måde via .htaccess, når de 3 ovenstående forsøg ikke fungerer?
På forhånd tak for svaret, og rigtig god dag.
Mvh Anders
