I hope everyone enjoyed the holidays! After months of periodic troubleshooting, I finally solved my gzip compression mystery. The strange part is that it worked fine on all my websites for the root domain/homepage. However, any other page besides the homepage would result in no compression. It was a painstakingly tedious process of elimination. Usually, I can find an answer to a technical problem by scouring Google. And while I did come across a few other folks who described the same issue I was having, there were no solutions. Before I dive into my own solution, I’ll explain what GZIP does and why it is so important.
Gzip in a nutshell
As it relates to web hosting and server administration, gzip is a form of HTTP compression. Files and even pages themselves are compressed and served to visitors on websites with gzip enabled. You can expect to save a maximum of 75% – 80% of data being transferred vs. an uncompressed page. In the age of broadband, most users are not going to be impressed with trimming a 46.3 kb page down to 11.3 kb. However, Google and other search engines DO care. The speed of a website does contribute to its’ overall ranking factor in organic search results. Another consideration is to appease the mobile user. Connections can be spotty for some in certain locations. Compressing a page and serving it faster for those with weak connections can improve the odds that they will stay on your website.
Gzip compression example – tested on checkgzipcompression.com
As shown in the above screenshot, you can test to see if gzip is working on your website with checkgzipcompression.com or similar gzip checker tools. If you do not see compression being used it may simply mean that it is not enabled. There are far too many server configurations and variables to explain how to do this. Your best bet is to search google with your configuration and how to enable gzip. I guarantee you someone has written a tutorial for your specific needs.
How I resolved my Gzip woes
If you’ve followed the proper steps to enable gzip, there is a good chance you won’t have any issues with it working properly. However, if you have some exotic server configuration or are using experimental software, problems may arise. After going around in circles troubleshooting in Webhosting Manager, Cpanel, and .htaccess, a thought occurred to me. Of course, I have tested gzip on many of my websites with different WordPress themes, all plugins disabled, different versions of PHP, with PHP-FPM toggled on/off. Nothing seemed to work. It dawned on me that perhaps I should disable clean or “pretty” permalinks. It’s the URL structure that makes use of mod_rewrite to show a nice clean URL such as /my-example-page.html. Instead of the plain and ugly structure of /?p=123. And what do you know? Gzip finally worked outside of the home page on all of my sites! My theory is that compression was taking place before mod_rewrite had a chance to convert the URL. Perhaps breaking the compression process. But why?
Some ModSecurity configuration options
Taking a look at my security plugins
I started to look at my security and firewall plugins. Specifically, ModSecurity – an application for Web Hosting Manager that helps prevent attacks on your web server. It is a great firewall application and a must have if you are running WHM in my opinion. Interestingly enough, I noticed that if I disabled the Rules Processing engine compression, would work WITH pretty permalinks. This led me to where the rules came from. Which happens to be Pxysoft Anti Malware, another great plugin which I plan to review later. So I went through the rules directives located in the file modsec2.antimalware.conf (where the rules came from). I started commenting out every option and rule and then toggling the rules engine on and off – one by one. I did this by connecting via SSH. Which if you’re not familiar with, you really should read in-depth tutorials before messing around. Anyways, I came across the option SecDisableBackendCompression On and commented it out. After restarting the rules engine, gzip worked on all URLs! Finally!
Editing the Pyxsoft Anti Malware Rules File through SSH
Even though Backend Compression was enabled in the main ModSecurity Configuration page in WHM, the directive in the Pyxsoft Anti-Malware file overrode it. It remains to be seen whether my changes will be overwritten in the next Anti Malware update. At least, for now, my pages are all compressed and I can concentrate my efforts elsewhere. For anyone else who has this issue but doesn’t have Pxysoft Anti-Malware, try enabling Backend Compression in ModSecurity if it isn’t already.