Technical consultation (W3TC vs htaccess)

Hello @atutrabajocoach

Thank you for reaching out and I am happy to help!
What W3 Total Cache does is, once the settings for the Browser Cache are set, it writes the .htaccess file in the website folder. So the only .htaccess file that W3TC is using for the directives is in the public_html/atutrabajo.org/ folder (please note that this is an example of the folder structure as it can be different on your server)
If the settings that are set in the W3 Total Cache – Browser cache settings are applied to the mentioned .htaccess folder, and you are seeing different headers, it means that something else is determining those rules.

By default, the W3 Total Cache Browser cache settings (cache control) are set to 1 year. This is for static files like images and CSS/JS files.
As I can see on your website, the images have public, max-age=604800 (7 days as you mentioned), and the JS/CSS public, max-age=15552000 (180 days or 6 months)
If those are not reflecting the .htaccess rules in your website folder set by the W3 Total Cache, it means that as I’ve mentioned, something else is setting the rules.
There are a couple of things that you should check

• Upper lever config files – Make sure to check any configuration files in the upper level of your server folder structure as any directives set there will override the directives set in the website folder
• Duplicate .htaccess rules – Make sure there are not any additional rules set in the .htaccess besides the W3 Total Cache rules to avoid conflict
• CDN – I can see that you are using Cloudflare so you should check in the Cloudflare dashboard if the Browser Cache TTL is set to respect the origin headers, or change the rules accordingly.

Now if you are using Open Litespeed, there may be some additional steps you need to take as you can see in this article.
If you are using Enterprise Litespeed, you can ignore the article as it’s utilizing the .htaccess.

I hope this helps!

Hello Marko Vasiljevic.
As always, thanks for responding.
Having said that…
Several things regarding what you mention:
1) As for…
…”What W3 Total Cache does is that, once the browser cache settings are set, it writes the .htaccess file to the website folder. So the only .htaccess file that W3TC is using for directives is in the folder public_html/atutrabajo.org/ (note that this is an example of the folder structure, as it may be different on your server.) in W3 Total Cache: The browser’s cache settings are applied to the .htaccess folder mentioned and you see different headers, it means something else is determining those rules”…
Maybe it was NOT understood but in: public_html/.htaccess there is NO W3TC directive
On the other hand, IF they are…
1.1) The classic WordPress BEGIN WordPress The directives (lines) between “BEGIN WordPress” and “END WordPress” are dynamically generated, and should only be modified using WordPress filters. Any changes to the directives between those markers will be overwritten.

RewriteEngine On RewriteRule .* – [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] RewriteBase / RewriteRule ^index.php$ – [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] END WordPress

1.2) One from LiteSpeed BEGIN LiteSpeed The directives (lines) between “BEGIN LiteSpeed” and “END LiteSpeed” are dynamically generated, and should only be modified using WordPress filters. Any changes to the directives between those markers will be overwritten.

SetEnv noabort 1 END LiteSpeed

1.3) And these others
Header set Connection keep-alive Really Simple SSL

Header always set Strict-Transport-Security: “max-age=31536000” env=HTTPS
Header always set Content-Security-Policy “upgrade-insecure-requests”
Header always set X-Content-Type-Options “nosniff”
Header always set X-XSS-Protection “1; mode=block”
Header always set Expect-CT “max-age=7776000, enforce”
Header always set X-Frame-Options: “SAMEORIGIN”
Header always set Permissions-Policy: “” End Really Simple SSL Additional Security Measures Do not allow editing content (or browsing directories) from browsers

Options-Indexes START XML RPC BLOCK (To prevent remote connections)

Order Deny,Allow Deny from all END XML RPC BLOCK Protect wp-config.php Order deny,allow Deny from all Access Protection to Htaccesses order allow,deny deny from all

satisfy all
Protection against sql injection

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (\<|%3C).script.(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L] Block unwanted trackers

RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} Baiduspider [OR]
RewriteCond %{HTTP_USER_AGENT} Baiduspider/2.0 [OR]
RewriteCond %{HTTP_USER_AGENT} Baiduspider/3.0 [OR]
RewriteCond %{HTTP_USER_AGENT} MJ12bot/v1.4.5 [OR]
RewriteCond %{HTTP_USER_AGENT} MJ12 [OR]
RewriteCond %{HTTP_USER_AGENT} AhrefsBot/5.1 [OR]
RewriteCond %{HTTP_USER_AGENT} YandexBot/3.0 [OR]
RewriteCond %{HTTP_USER_AGENT} YandexImages/3.0 [OR]
RewriteCond %{HTTP_USER_AGENT} YandexBot
RewriteRule . – [F,L]

order allow,deny allow from all Deny Access to Requests without References (Prevents Comment Spam)

RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post.php*
RewriteCond %{HTTP_REFERER} !.atutrabajo.org. [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^https://%{REMOTE_ADDR}/$ [R=301,L] Block access to debug.log (Generated by Wordfence)

RewriteEngine On RewriteCond %{REQUEST_URI} ^/?wp-content/+debug.log$ RewriteRule .* – [F,L,NC]
Require all denied
Order deny,allow Deny from all

BEGIN cPanel-generated php ini directives, do not edit Manual editing of this file may result in unexpected behavior. To make changes to this file, use the cPanel MultiPHP INI Editor (Home >> Software >> MultiPHP INI Editor) For more information, read our documentation (https://go.cpanel.net/EA4ModifyINI)

php_flag display_errors Off php_value max_execution_time 300 php_value max_input_time 600 php_value max_input_vars 2000 php_value memory_limit 1024M php_value post_max_size 512M php_value session.gc_maxlifetime 1440 php_value session.save_path “/opt/alt/php81/var/lib/php/session” php_value upload_max_filesize 512M php_flag zlib.output_compression Off
php_flag display_errors Off php_value max_execution_time 300 php_value max_input_time 600 php_value max_input_vars 2000 php_value memory_limit 1024M php_value post_max_size 512M php_value session.gc_maxlifetime 1440 php_value session.save_path “/opt/alt/php81/var/lib/php/session” php_value upload_max_filesize 512M php_flag zlib.output_compression Off END cPanel-generated php ini directives, do not edit php — BEGIN cPanel-generated handler, do not edit Set the “alt-php82” package as the default “PHP” programming language.

AddHandler application/x-httpd-alt-php82___lsphp .php .php8 .phtml php — END cPanel-generated handler, do not edit

And before all this, there is a long list of 301 redirects () () Because I recently re-uploaded my redesigned site

Do you see anything that catches your attention and/or that may be preventing W3TC directives?

2) Regarding that…
…”By default, the W3 Total Cache browser cache setting (cache control) is set to 1 year. This is for static files like images and CSS/JS files. As I can see on your website, the images have public, max age = 604800 (7 days as you mentioned), and JS/CSS public, max age = 15552000 (180 days or 6 months)”…
This is the configuration I set within W3TC for CSS & JS
? Set Last-Modified of the header
? Set header expiration
Header expiration: 15552000 seconds
? Set the header control cache
Cache control policy: max-age cache (“public, max-age=EXPIRES_SECONDS”)
? Set entity tag (eTag)
? Set the W3 total header cache
? Enable HTTP compression (gzip)
? Prevent caching of objects after settings have been changed
? Disable cookies for static files

And this one for Media and Other Files
? Set Last-Modified of the header
? Set header expiration
Header expiration: 15552000 seconds
? Set the header control cache
Cache control policy: max-age cache (“public, max-age=EXPIRES_SECONDS”)
? Set entity tag (eTag)
? Set the W3 total header cache
? Enable HTTP compression (gzip)
? Prevent caching of objects after settings have been changed
? Disable cookies for static files

That is to say, they are EXACTLY the same!

And then? How do you explain the 7 (seven) days for .jpg files and/or other media?

Aside from the fact that, in truth, according to Pagespeed, even the 1st. .js files are 7 days old () () In fact, they are NOT ALL the .jpg/.css/.js files but rather the 1st ones. 7 to 10 of c/page/entry

3) As for…
…”If they don’t reflect the .htaccess rules in your website folder set by W3 Total Cache, it means that, as I mentioned, something else is setting the rules”…
I have no idea what it could be. And I already checked ALL the files from the root. But nothing.
However, when I put htaccess in the search engine, the following appear:
3.1) /.htaccess
Which ONLY contains the following;

SetOutputFilter DEFLATE

# Netscape 4.x has some problems…
BrowserMatch ^Mozilla/4 gzip-only-text/html

    # Netscape 4.06-4.08 have some more problems
    BrowserMatch ^Mozilla/4\.0[678] no-gzip

    # MSIE masquerades as Netscape, but it is fine
    # BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

    # NOTE: Due to a bug in mod_setenvif up to Apache 2.0.48
    # the above regex won't work. You can use the following
    # workaround to get the desired effect:
    BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html

    # Don't compress images
    SetEnvIfNoCase Request_URI .(?:gif|jpe?g|png)$ no-gzip dont-vary
</IfModule>

<IfModule mod_headers.c>
    # Make sure proxies don't deliver the wrong content
    Header append Vary User-Agent env=!dont-vary
</IfModule>

3.2) public_html/.htaccess
That ONLY contains what I already mentioned

And then EVERYONE else, they are “lower” level.

For example this…
3.3) /public_html/wp-content/wflogs/.htaccess
Which ONLY contains the following;

Require all denied
Order deny,allow Deny from all

Or this other one…
3.4) /public_html/wp-content/ai1wm-backups/.htaccess
Which ONLY contains the following;

AddType application/octet-stream .wpress
DirectoryIndex index.php
Options-Indexes

And there are several more. But, as I mentioned, they are of “lower” levels.

Do you see in all this something that could be (as you say) “setting the rules”?

Finally. It should be noted that the htaccess file mentioned before (and that I deleted) was the only one that contained the W3TC directives but from July/23!

So I ask you:
What happens if I create an htaccess (without a dot) and copy everything in the .htaccess (with a dot)?
And if it works (that W3TC loads its directives there), what would happen to ALL the others?
That is, will they work in htaccess without a period at the beginning?

4) In relation to…
…”There are a couple of things you should check”…
4.1)…”Top level configuration files: Make sure you check all configuration files at the top level of your server folder structure, as any directives set there will override the directives set in the website folder “…
Apply what I just mentioned in point 3.

4.2)…”Duplicate .htaccess rules – Make sure there are no additional rules set in .htaccess in addition to the W3 Total Cache rules to avoid conflicts”…
There are piles of them. But NONE contain directives from or for W3TC.
Note: If it helps, I can send you a list of ALL of them.
But, as I already mentioned, they are of “lower” levels () () I reviewed them ALL and they DON’T say ANYTHING about W3TC

4.3)…”CDN: I see you are using Cloudflare, so you should check in the Cloudflare dashboard if the browser cache TTL is set to respect origin headers or change the rules accordingly”…
Yeah. Indeed. My CDN is set to “Respect existing headers”.

Lastly and as for…
5)…”Now if you are using Open Litespeed, you may need to follow some additional steps, as you can see in this article (https://www.boldgrid.com/support/w3-total-cache/openlitespeed -setup/ ). If you are using Enterprise Litespeed, you can ignore the article since it uses .htaccess”…
Frankly, I read the article and I understood NOTHING, heh.
But what I do understand is the following:
5.1) This is what my Administration Panel/Tools/Site Health/Information says
Regarding the Server I am using…
Linux Server Architecture 4.18.0-425.19.2.lve.el8.x86_64 x86_64
LiteSpeed ??Web Server
PHP Version 8.2.13 (64bit Compatible)
PHP SAPI litespeed
PHP max input variables 2000
PHP 300 time limit
PHP memory limit 1024M
PHP 600 time limit
Maximum file size to upload 512M
PHP post max size 512M
cURL version 7.87.0 OpenSSL/1.1.1w
Is SUHOSIN installed? No
Is Imagick library available? Yeah
Does it support friendly permalinks? Yeah
.htaccess rules Added custom rules to your .htaccess file.
Current time 2023-12-22T05:26:11+00:00
Current time UTC Friday, 22-Dec-23 05:26:11 UTC
Current server time 2023-12-22T02:26:01-03:00

That is to say. I don’t see ANYTHING that says Open Litespeed or anything similar.

On the other hand, in the article whose link you sent me it says that…
…”As root, modify the OpenLiteSpeed ??virtual host configuration file (usr/local/lsws/conf/vhosts/example.com/vhconf.confo a similar path) to add a line that includes the litespeed. conffile generated by W3 Total Cache.
include /home/someuser/public_html/litespeed.conf”…

But frankly, I went through my ENTIRE cPanel, and I can’t find ANYTHING where I can do this.

So I ask you, the type of instructions you send me…

• Is it for the type of server I’m using?
• Do I need assistance from my hosting?

Finally…
Any other idea?

I await your comments.

And again, thank you for your patience.

Greetings.

Hello @atutrabajocoach

Thank you for your detailed answer.

Can you please check the path for the rules in the Performance>Install tab and also, try adding those rules there to the .htaccess file in the folder where the website is installed and let me know if it helps!
Thanks!

Hello. Thanks for answering () () My gratitude is double for doing it this holiday season, heh.
Having said that…
1) As for…
…”You can check the path of the rules in the Performance>Install tab”…
I see 3(three) things…
1.1) It says…
…”Set wp-content/ permissions back to 755, for example: chmod 755 /var/www/vhosts/domain.com/httpdocs/wp-content/”…

I don’t know if it has anything to do with it but…
1.1.a) I CAN’T find ANYTHING that starts with /var/
1.1.b) Neither a vhosts nor, much less, httpdocs
1.1.c) My wp-content/ is located in public_html/wp-content
Spot.

2) Regarding…
…”try adding those rules there to the .htaccess file in the folder where the website is installed and let me know if it helps”…
2.1) Those of the 1st. block, that is, the one in…
/home/atutra19/public_html/litespeed.conf:
It was the same. Only the last stretch was missing. That is to say… START WEBP W3TC

Rewrite engine on RewriteCond %{HTTP_ACCEPT} image/webp RewriteCond %{REQUEST_FILENAME} (.+).(jpe?g|png|gif)$ RewriteCond %1.webp -f RewriteCond %{QUERY_STRING} !type=original RewriteRule (.+).(jpe?g|png|gif)$ $1.webp [NC,T=image/webp,E=webp,L]
Add header Vary OK
Add type image/webp .webp END W3TC WEBP

But as you can see…
2.1.a) The entire block that interests me, that is, the one that is between… BEGIN W3TC Browser Cache

AND END W3TC Browser Cache

It was ALREADY installed and is EXACTLY the same (The one shown in Performance>Install)
2.1.b) What was missing ONLY mentions things related to WEBP files
Which, honestly, is the LEAST of my problems because, I don’t have ANY, heh () () Anyway, like I said, I already copied and pasted it.

2.2) The 2nd. block, that is, the one in…
/home/atutra19/public_html/wp-content/cache/minify/.htaccess:
It was ALREADY installed and is EXACTLY the same as what appears in Performance/Install

Any other idea?

I await your comments.

Greetings.

Hello @atutrabajocoach

Please add those rules in the Install tab to the .htaccess file located in the website folder.

Please let me know if this helps

Thanks!

Hello Marko.

First of all, my apologies for not having responded to you sooner.

But I was doing lots of testing, to “discover” the following:

1) The 1st. part of the code you mention (the one between # BEGIN W3TC Browser Cache and # END W3TC Browser Cache) WORKS.

I installed it, tested it, and it ended up solving the problem that gave rise to this ticket (The one that caused my assets to be cached for “just” 7 days).

Buuut…

The other section of the code (the one between # BEGIN W3TC Minify cache and # END W3TC Minify core) caused me more problems than solutions.

For example:
1) IT WOULD NOT let me enter my “Editor with Elementor”) (*)

(*) By “luck” I only use Elementor on my Main Page, heh.

2) When I wanted it to be from my Administration Panel, the “box” where the Username and Password are loaded was “misconfigured” (it was “stretched” across the entire screen).

Etc.

Conclusion:
I ended up removing that part of the code from my .htaccess and soooo! Everything returned to normal.

Finally, as for the part of the code that is between # BEGIN W3TC WEBP and # END W3TC WEBP, I also uninstalled it. Why? Simple.
a) Because I DIDN’T know if I was part of the “problem.”

b) I do NOT have ANY webp (nor am I interested) and, from the little I understood of the code, it talks about “rewriting” and, “Add type image/webp .webp”.

So, just in case, I will NOT be installing it, heh.

That being said, I ask you…

What will happen the day you – as we say here – “find the way” so that your plugin automatically installs these codes in my .htaccess?

Will it rewrite what I have or will it have to be uploaded (again) manually?

And finally…
Too bad about the Minified.

Anyway, remember that I already have EVERYTHING minified through the panel in question within W3TC.

In fact, in ALL tools (Pagespeed, WebPagetest, etc.) ALL my files, “look” minified.

Isn’t that why installing it “separately” in my .htaccess causes these conflicts?

Any other idea?

I await your comments.

Greetings.

Hello @atutrabajocoach

Thank you for your feedback. Awesome! Glad to know it works now.
This is related to the server configuration and how the server is handling the configuration files.

As for the Minify, please make sure that the option “Disable Minify for logged in users” is enabled in the Performance>Minify section of the plugin.

Thanks!

Hello. I regret to inform you that what you suggest DOES NOT work!

Anyway, to help you in your analysis, I am going to try to summarize the “step by step” that I followed:
1) Before starting, I double-checked that EVERYTHING was working OK.
2) Then (as always) I made a backup of my ENTIRE installation.
3) Later, I went to my Panel and marked what you say.
That is to say…
…”Disable minimize for logged in users
Identified users will not receive minified pages if this option is activated”…
Just in case, I tell you that I had that unchecked because I (also) wanted to SEE.
And if, as I said there…”I did NOT receive minified pages”… I wouldn’t know what they looked like, don’t you think?
Anyway.
The point is that, following your recommendations, I proceeded with…
3.1) I checked the box in question
3.2) I cleared ALL caches
3.3) I tried EVERYTHING again
So far everything is OK.
Butoo…
Just in case, I exited my Admin Panel and cleared ALL browser cache.

4) I went to my cPanel/File Manager/.htaccess and uploaded the code. This is… BEGIN W3TC Minify cache

FileETag MTime Size
AddType text/css .css_gzip AddEncoding gzip .css_gzip AddType application/x-javascript .js_gzip AddEncoding gzip .js_gzip
SetEnvIfNoCase Request_URI .css_gzip$ no-gzip SetEnvIfNoCase Request_URI .js_gzip$ no-gzip

ExpiresActive On ExpiresByType text/css A15552000 ExpiresByType application/x-javascript A15552000
Header set X-Powered-By “W3 Total Cache/2.6.1” Header set Vary “Accept-Encoding” Header set Pragma “public” Header append Cache-Control “public” END W3TC Minify cache BEGIN W3TC Minify core

RewriteEngine On RewriteBase /wp-content/cache/minify/ RewriteCond %{HTTP:Accept-Encoding} gzip RewriteRule .* – [E=APPEND_EXT:_gzip] RewriteCond %{REQUEST_FILENAME}%{ENV:APPEND_EXT} -f RewriteRule (.*) $1%{ENV:APPEND_EXT} [L] RewriteRule ^(.+.(css|js))$ /index.php [L] END W3TC Minify core

5) I saved everything/quit and just in case, I cleared my browser again.
I let a while pass (in case that’s what it was) and when I came back, Boom!

For example:
This is what the box looked like to enter the Username and Password to enter my Panel;
https://ibb.co/SQ24WT6


And, just in case, this is how it should look;
https://ibb.co/QNmbk3Y

Needless to say, (again) I could NOT access my Elementor Editor.

It’s more. It didn’t even get fixed when I deleted the .htaccess code.
I had to go back to my cPanel and install the backup. Including…
…”Delete existing files/folders
If checked, existing files/folders will be deleted and then backup files will be restored.
Note: Make sure you have chosen Full Backup when creating this backup”… () () Making sure… is what I ALWAYS do, heh.

And yes, just in case, before I go back to my Administration Panel (yes, you guessed it:)…
I cleaned my browser again,

Finally.
I went to my box to enter username and password (which already looked good) / I entered my Panel / I tried EVERYTHING and Soooo!

So, honestly, I DO NOT want to keep trying because every time I clear the browser caches (just in case) ALL the keys for different platforms (Facebook, Twitter, Google, Etc.) are deleted.

Any other idea?

I await your comments.

Greetings.

Hello @atutrabajocoach

Sorry for the late reply.
I am honestly not quite sure what the issue is and where the issue is and as I can see in your comments, you’ve placed the rules in the wrong .htaccess.

Due to the complexity of this report. please drop us a note directly via the plugin in Performance>Support.

Thanks!