Hi, I’m trying to add security headers on my site (recommended by a tool), and as I add the code to my .htaccess file, the site gives 500 internal error.
I followed two websites and none of the code seems to be working. Here is the error image and below are the site which I’m following.
https://www.webarxsecurity.com/https-security-headers-wp/ https://www.tripwire.com/state-of-security/risk-based-security-for-executives/risk-management/how-add-http-security-headers-wordpress/
Can anyone help in this matter?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Hello, @madhsudhan
The snippet of code might not be compatible with the installed version of Apache (2.2 or 2.4). What you can do is to add the code in the .htaccess file and then examine the apache error log to see the exact issue that is causing the problem.
You can examine the error log using this command:
tail -n 200 /var/log/apache2/error.log
This will print the last 200 logged rows in the error_Log file, if you do not see any errors you can increase the value and print more rows if needed. However if you add the snippet in the .htaccess file and then quickly access the site in order to produce the 500 error and then remove the code from the file you should be able to see the detailed error in the the log file using the command that I’ve provided.
Also you can check the Apache configuration for any syntax errors:
apachectl -t
or
apachectl configtest
Let me know how it goes.
Regards, Alex
Thanks, @alexdo for responding. There aren’t any syntax errors, but when I generate the logs, I get some messages printing. I don’t know how to copy the text from the console, but I have attached the screenshot of what it looks like. I’m using a plugin for now, but it would be great to learn to implement security header in .htaccess rather than installing a plugin.
Thanks, Alex. I did what you suggested, and installed the module. I don’t see any syntax errors, but by running:
apachectl -M | grep -i headers
I get the below message:
AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message headers_moudle (shared)
Also, I’m getting the same 500 internal server error.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.