Enabling webp in Wordpress, mod_headers not installed?

Hi, i’m trying to enable webp support in Wordpress through the Webp Express plugin.

I encounter this error message:

`It seems your server setup does not support headers in *.htaccess*. You should either fix this (install *mod_headers*) *or* deactivate the "Enable direct redirection to existing converted images?" option. Otherwise the *Vary:Accept* header will not be added and this can result in problems for users behind proxy servers (ie used in larger companies)`

Should I have enabled this during installation or what’s the best way to enable it?
Isn’t it installed by default for security reasons?

This is my setup:
Proxy Server: nginx
Web Server: apache2
Backend Server: php-fpm

Thanks in advance!

Just install mod_headers.

The reason for not loading certain apache mods is that the team thinks that not enough users would need it and the panel should be as lean as possible.

a2enmod headers

Thank you @jlguerrero and @eris!

I enabled module headers with a2enmod headers after that I restarted apache2 and rebooted the server. Than I checked with sudo a2enmod headers with positive output: Module headers already enabled

Do I need to do something else? The error message isn’t gone yet.

I used Smush pro plugin for both compression and easy webp delivery configuration. Few lines in htaccess , removing webp from nginx, bulk compression and it indeed took around 20% from the images.

Thanks @badmarsh, yes there are other options although I need headers and rewrite for more stuff…

@jlguerrero and @eris It seems that “mod_rewrite” and “mod_headers” : could not be determined although they are loaded.

- .htaccess files enabled?: yes
- mod_rewrite working?: could not be determined
- mod_headers loaded?: yes
- mod_headers working (header set): no
- passing variables from .htaccess to PHP script through environment variable working?: yes
- Can run php test file in plugins/webp-express/wod/ ?: yes
- Can run php test file in plugins/webp-express/wod2/ ?: yes
- Directives for granting access like its done in wod/.htaccess allowed?: yes

The full system report of Webp Express:

System info:
- PHP version: 8.0.15
- OS: Linux
- Server software: Apache/2.4.52 (Ubuntu) mod_fcgid/2.3.9 OpenSSL/1.1.1f
- Document Root status: Available and its "realpath" is available too. Can be used for structuring cache dir.
- Document Root: /home/client-username/web/client-website.nl/public_html
- Document Root: Available and its "realpath" is available too. Can be used for structuring cache dir.
- Apache module "mod_rewrite" enabled?: could not be determined
- Apache module "mod_headers" enabled?: could not be determined
Wordpress info:
- Version: 5.9
- Multisite?: no
- Is wp-content moved?: no
- Is uploads moved out of wp-content?: no
- Is plugins moved out of wp-content?: no

Image roots (absolute paths)
uploads: /home/client-username/web/client-website.nl/public_html/wp-content/uploads
themes: /home/client-username/web/client-website.nl/public_html/wp-content/themes
plugins: /home/client-username/web/client-website.nl/public_html/wp-content/plugins
wp-content: /home/client-username/web/client-website.nl/public_html/wp-content
index: /home/client-username/web/client-website.nl/public_html
Image roots (relative to document root)
uploads: wp-content/uploads
themes: wp-content/themes
plugins: wp-content/plugins
wp-content: wp-content
index: .
Image roots (URLs)
uploads: https://client-website.nl/wp-content/uploads
themes: https://client-website.nl/wp-content/themes
plugins: https://client-website.nl/wp-content/plugins
wp-content: https://client-website.nl/wp-content
index: https://client-website.nl
WebP Express configuration info:
- Destination folder: separate
- Destination extension: append
- Destination structure: image-roots
(To view all configuration, take a look at the config file, which is stored in /home/client-username/web/client-website.nl/public_html/wp-content/webp-express/config/config.json)
Live tests of .htaccess capabilities / system configuration:
Unless noted otherwise, the tests are run in wp-content/webp-express/htaccess-capability-tester.
WebPExpress currently treats the results as they neccessarily applies to all scopes (upload, themes, etc),
but note that a server might be configured to have mod_rewrite disallowed in some folders and allowed in others.
- .htaccess files enabled?: yes
- mod_rewrite working?: could not be determined
- mod_headers loaded?: yes
- mod_headers working (header set): no
- passing variables from .htaccess to PHP script through environment variable working?: yes
- Can run php test file in plugins/webp-express/wod/ ?: yes
- Can run php test file in plugins/webp-express/wod2/ ?: yes
- Directives for granting access like its done in wod/.htaccess allowed?: yes
.htaccess files that WebP Express have placed rules in the following files:
- /home/client-username/web/client-website.nl/public_html/wp-content/uploads/.htaccess
- /home/client-username/web/client-website.nl/public_html/wp-content/themes/.htaccess
- /home/client-username/web/client-website.nl/public_html/wp-content/webp-express/webp-images/.htaccess```

I think I needed to install mod_headers a mod_expires
``

.htaccess:
:`

RewriteEngine On
RewriteCond %{DOCUMENT_ROOT}/wp-content/smush-webp/disable_smush_webp !-f
RewriteCond %{HTTP_ACCEPT} image/webp
RewriteCond %{DOCUMENT_ROOT}/wp-content/smush-webp/$1.webp -f
RewriteRule wp-content/uploads/(.*.(?:png|jpe?g))$ wp-content/smush-webp/$1.webp [NC,T=image/webp]

Smush Pro documentation

image686×518 14.7 KB

Thanks @badmarsh. I’m not sure how your code applies if I don’t want to use smush pro…

This is my .htaccess file:

# WPP Cache load start

<IfModule mod_headers.c>
Header append Vary: Accept-Encoding
</IfModule>

<IfModule mod_mime.c>
AddType text/html .html_gz .html_mobile_gz .html_amp_gz .html_mobile_amp_gz
AddEncoding gzip .html_gz .html_mobile_gz .html_amp_gz .html_mobile_amp_gz
</IfModule>
<IfModule mod_setenvif.c>
SetEnvIfNoCase Request_URI \.html_gz$ no-gzip
SetEnvIfNoCase Request_URI \.html_amp_gz$ no-gzip
SetEnvIfNoCase Request_URI \.html_mobile_gz$ no-gzip
SetEnvIfNoCase Request_URI \.html_mobile_amp_gz$ no-gzip
</IfModule>

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_USER_AGENT} Mobile [NC]
RewriteCond %{HTTP_USER_AGENT} Android [NC]
RewriteCond %{HTTP_USER_AGENT} Kindle [NC]
RewriteCond %{HTTP_USER_AGENT} BlackBerry [NC]
RewriteCond %{HTTP_USER_AGENT} Opera\sMini [NC]
RewriteCond %{HTTP_USER_AGENT} Opera\sMobi [NC]
RewriteRule .* - [E=WPP_MOBILE_EXT:_mobile]
RewriteCond %{REQUEST_URI} /amp/$ [NC]
RewriteRule .* - [E=WPP_AMP_EXT:_amp]
RewriteCond %{HTTP:Accept-Encoding} gzip
RewriteRule .* - [E=WPP_GZIP_EXT:_gz]
RewriteCond %{REQUEST_METHOD} GET
RewriteCond %{QUERY_STRING} =""
RewriteCond %{REQUEST_URI} !^(/wp-json/(.*))$ [NC]
RewriteCond %{HTTP:Cookie} !(wordpress_logged_in_|wp-postpass_|wptouch_switch_toggle|comment_author_|comment_author_email_) [NC]

RewriteCond "%{DOCUMENT_ROOT}/wp-content/cache/wpp-cache/%{HTTP_HOST}%{REQUEST_URI}/index.html%{ENV:WPP_MOBILE_EXT}%{ENV:WPP_AMP_EXT}%{ENV:WPP_GZIP_EXT}" -f
RewriteRule .* "/wp-content/cache/wpp-cache/%{HTTP_HOST}%{REQUEST_URI}/index.html%{ENV:WPP_MOBILE_EXT}%{ENV:WPP_AMP_EXT}%{ENV:WPP_GZIP_EXT}" [L]
</IfModule>

# WPP Cache load end

# BEGIN WordPress
# De richtlijnen (regels) tussen "BEGIN WordPress" en "END WordPress" worden
# dynamisch gegenereerd en zouden alleen aangepast mogen worden via WordPress filters.
# Alle wijzigingen aan de richtlijnen tussen deze markeringen worden overschreven.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

# WPP Expire start

<IfModule mod_headers.c>
Header unset ETag
</IfModule>

FileETag None

<IfModule mod_setenvif.c>

<IfModule mod_headers.c>
<FilesMatch "\.(cur|gif|png|jpe?g|svgz?|ico|webp|css|js)$">
SetEnvIf Origin ":" IS_CORS
Header set Access-Control-Allow-Origin "*" env=IS_CORS
</FilesMatch>
</IfModule>

<IfModule mod_headers.c>
Header append Vary: Accept-Encoding
</IfModule>

</IfModule>

<FilesMatch "\.(eot|otf|tt[cf]|woff2?)$">
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
</FilesMatch>

<IfModule mod_expires.c>
ExpiresActive on
ExpiresDefault                                      "access plus 1 month"
ExpiresByType text/css                              "access plus 1 year"
ExpiresByType application/atom+xml                  "access plus 1 hour"
ExpiresByType application/rdf+xml                   "access plus 1 hour"
ExpiresByType application/rss+xml                   "access plus 1 hour"
ExpiresByType application/json                      "access plus 0 seconds"
ExpiresByType application/ld+json                   "access plus 0 seconds"
ExpiresByType application/schema+json               "access plus 0 seconds"
ExpiresByType application/vnd.geo+json              "access plus 0 seconds"
ExpiresByType application/xml                       "access plus 0 seconds"
ExpiresByType text/xml                              "access plus 0 seconds"
ExpiresByType image/vnd.microsoft.icon              "access plus 1 week"
ExpiresByType image/x-icon                          "access plus 1 week"
ExpiresByType text/html                             "access plus 0 seconds"
ExpiresByType application/javascript                "access plus 1 year"
ExpiresByType application/x-javascript              "access plus 1 year"
ExpiresByType text/javascript                       "access plus 1 year"
ExpiresByType application/manifest+json             "access plus 1 week"
ExpiresByType application/x-web-app-manifest+json   "access plus 0 seconds"
ExpiresByType text/cache-manifest                   "access plus 0 seconds"
ExpiresByType audio/ogg                             "access plus 1 month"
ExpiresByType image/bmp                             "access plus 1 month"
ExpiresByType image/gif                             "access plus 1 month"
ExpiresByType image/jpeg                            "access plus 1 month"
ExpiresByType image/png                             "access plus 1 month"
ExpiresByType image/svg+xml                         "access plus 1 month"
ExpiresByType image/webp                            "access plus 1 month"
ExpiresByType video/mp4                             "access plus 1 month"
ExpiresByType video/ogg                             "access plus 1 month"
ExpiresByType video/webm                            "access plus 1 month"
ExpiresByType application/vnd.ms-fontobject         "access plus 1 month"
ExpiresByType font/eot                              "access plus 1 month"
ExpiresByType font/opentype                         "access plus 1 month"
ExpiresByType application/x-font-ttf                "access plus 1 month"
ExpiresByType application/font-woff                 "access plus 1 month"
ExpiresByType application/x-font-woff               "access plus 1 month"
ExpiresByType font/woff                             "access plus 1 month"
ExpiresByType application/font-woff2                "access plus 1 month"
ExpiresByType text/x-cross-domain-policy            "access plus 1 week"
</IfModule>

# WPP Expire end

# WPP GZIP start

<IfModule mod_deflate.c>

SetOutputFilter DEFLATE

<IfModule mod_setenvif.c>
<IfModule mod_headers.c>
SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
SetEnvIfNoCase Request_URI \
\.(?:gif|jpe?g|png|rar|zip|exe|flv|mov|wma|mp3|avi|swf|mp?g|mp4|webm|webp|pdf)$ no-gzip dont-vary
</IfModule>
</IfModule>

<IfModule mod_filter.c>
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css

AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/json
AddOutputFilterByType DEFLATE application/ld+json
AddOutputFilterByType DEFLATE application/manifest+json
AddOutputFilterByType DEFLATE application/schema+json
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/rdf+xml
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE x-web-app-manifest+json

AddOutputFilterByType DEFLATE font/collection
AddOutputFilterByType DEFLATE font/eot
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE font/otf
AddOutputFilterByType DEFLATE font/ttf

AddOutputFilterByType DEFLATE image/bmp
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE image/vnd.microsoft.icon
AddOutputFilterByType DEFLATE image/x-icon

</IfModule>
<IfModule mod_mime.c>
AddEncoding gzip              svgz
</IfModule>
</IfModule>

# WPP GZIP end

These are my modules:

sudo apachectl -t -D DUMP_MODULES
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using host.MYDOMAIN.com. Set the 'ServerName' directive globally to suppress this message
Loaded Modules:
 core_module (static)
 so_module (static)
 watchdog_module (static)
 http_module (static)
 log_config_module (static)
 logio_module (static)
 version_module (static)
 unixd_module (static)
 access_compat_module (shared)
 actions_module (shared)
 alias_module (shared)
 auth_basic_module (shared)
 authn_core_module (shared)
 authn_file_module (shared)
 authz_core_module (shared)
 authz_host_module (shared)
 authz_user_module (shared)
 autoindex_module (shared)
 deflate_module (shared)
 dir_module (shared)
 env_module (shared)
 fcgid_module (shared)
 filter_module (shared)
 headers_module (shared)
 status_module (shared)
 mime_module (shared)
 mpm_event_module (shared)
 negotiation_module (shared)
 proxy_module (shared)
 proxy_fcgi_module (shared)
 remoteip_module (shared)
 reqtimeout_module (shared)
 rewrite_module (shared)
 rpaf_module (shared)
 setenvif_module (shared)
 socache_shmcb_module (shared)
 ssl_module (shared)
 suexec_module (shared)

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.