By Evotech
I’m currently trying to setup my content security policy via the .htaccess file.
As for the script-src I’ve got things working pretty nicely so far with:
Header always set Content-Security-Policy-Report-Only: " script-src 'unsafe-inline' 'unsafe-eval' https://example.com:443 https://ajax.googleapis.com:443 https://ajax.cloudflare.com:443 https://v2.zopim.com:443"
However, the pagespeed static files such as https://example.com/pagespeed_static/js_defer.I4cHjq6EEP.js aren’t included despite the fact that scripts like https://v2.zopim.com/bin/v/widget_v2.257.js are also included and also placed in subfolders while I only list the root domain in the security policy.
Does this have to do with the fact that the folder /pagespeed_static/ doesn’t really exist on my server? It at least doesn’t via ftp.
How do I go about fixing this?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Hi @Evotech,
It sounds like the mod_pagespeed module hasn’t been properly configured.
Let me start from the beginning, how to install it and then configure it
Instalation
Before getting started as usual, you’ll need to update your system.
apt-get update -y
You will need to download the latest version of Mod_pagespeed from their official website. You can do it with the following command:
wget https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_amd64.deb
Once the download is completed, install it by running the following command:
dpkg -i mod-pagespeed-stable_current_amd64.deb
Once the installation has been completed successfully, restart Apache service to apply all the changes:
systemctl restart apache2
Now the installation has been completed and we can continue onto the Configuration part
Configure Mod_pagespeed Web Interface
Mod_pagespeed module provides a simple and user-friendly web interface to view server state. You can enable Mod_pagespeed web interface by creating /pagespeed.conf file:
nano /etc/apache2/mods-available/pagespeed.conf
You’ll need to add the following lines
<Location /pagespeed_admin>
Order allow,deny
Allow from localhost
Allow from 127.0.0.1
Allow from all
SetHandler pagespeed_admin
</Location>
<Location /pagespeed_global_admin>
Order allow,deny
Allow from localhost
Allow from 127.0.0.1
Allow from all
SetHandler pagespeed_global_admin
</Location>
Save and close the file, when you are finished. Then, restart Apache service to apply all the changes:
systemctl restart apache2
Please follow these steps, check if ModPageSpeed actually is used on your Application and see if the issues would still appear.
Regards, KDSys
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and AI-native businesses
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.