Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
litespeed_wiki:config:understanding_500 [2018/07/18 15:23]
Lisa Clarke [Example 1] 		litespeed_wiki:config:understanding_500 [2019/12/10 19:33] (current)
Lisa Clarke [Use Debug Logging to find out the real cause] Copyediting
Line 56: Line 56:
 To confirm whether a misconfiguration in ''​.htaccess''​ is the cause of the 500 Internal Server error, either remove or rename the .htaccess file temporarily and then try to reload the page. To confirm whether a misconfiguration in ''​.htaccess''​ is the cause of the 500 Internal Server error, either remove or rename the .htaccess file temporarily and then try to reload the page.
  
 +==== Example 3 ====
 +The following "​Alias"​ directive in .htaccess will cause 500 on Apache (LSWS will ignore it without returning 500) since "​Alias"​ directive is not allowed in .htaccess.
 +
 +  Alias "/"​ "/​home/​$USER1/​public_html/"​
 +  ​
 +==== Example 4 ====
 +Syntax is wrong for the followintg directive:
 +  Header always set Strict-Transport-Security:​ max-age=63072000;​ includeSubDomains;​ preload
 +
 +which will lead to "Too many arguments to directive"​ error in error_log:
 +
 +  [Tue Sep 11 19:​59:​40.864917 2018] [core:​alert] [pid 15738] [client 66.666.76.139:​64740] /​home/​example/​public_html/​.htaccess:​ Too many arguments to directive
 +
 +The correct syntax is the following and it should fix the 500 error for Apache:
 +  Header always set Strict-Transport-Security:​ "​max-age=63072000;​ includeSubDomains;​ preload"​
 +==== Example 5 ====
 +Syntax wrong for the following:
 +  Options All –Indexes
 +It should be:
 +  Options -Indexes
 +
 +==== Example 6 ====
 +''​php_value''​ and ''​php_flag''​ are for mod_php handler. Most of the time php-fpm or lsphp will be used and mod_php has been deprecated most of the time. When you use ''​php_value''​ or ''​php_flag'',​ Apache will return 500 error. However, lsphp supports php override in .htaccess without any problem and there is no 500 error when running LSWS.
 +   
 ===== Different level of Rewrite rules misplaced to the wrong level ===== ===== Different level of Rewrite rules misplaced to the wrong level =====
  
Line 82: Line 106:
  
 Request exceeded the limit of 10 internal redirects due to probable configuration error. Use ‘LimitInternalRecursion’ to increase the limit if necessary. Use ‘LogLevel debug’ to get a backtrace. Request exceeded the limit of 10 internal redirects due to probable configuration error. Use ‘LimitInternalRecursion’ to increase the limit if necessary. Use ‘LogLevel debug’ to get a backtrace.
 +
 +===== Incorrect Rewrite Rules misplace in differernt directories =====
 +The following rewrite rules in subfolder is incorrect and it will cause 500 for LiteSpeed.
 +/​home/​user1/​public_html/​subfolder1] vi .htaccess
 +  RewriteEngine On
 +  RewriteCond %{REQUEST_FILENAME} !-f
 +  RewriteCond %{REQUEST_FILENAME} !-d
 +  RewriteRule ^(.*)$ subfolder1/​index.php/​$1 [L]
 +
 +The correct rule should be:
 +/​home/​user1/​public_html/​subfolder1] vi .htaccess
 +  RewriteEngine On
 +  RewriteCond %{REQUEST_FILENAME} !-f
 +  RewriteCond %{REQUEST_FILENAME} !-d
 +  RewriteRule ^(.*)$ index.php/​$1 [L]
 =====  Improperly Configured php.ini ===== =====  Improperly Configured php.ini =====
 An improperly configured ''​php.ini''​ may lead to 500 error. ​ An improperly configured ''​php.ini''​ may lead to 500 error. ​
Line 99: Line 138:
 It will bring the website to 500 immediately. It will bring the website to 500 immediately.
 This is only one example. Many times, wrong PHP syntax will lead to a 500 error. This is only one example. Many times, wrong PHP syntax will lead to a 500 error.
 +
 +Another example is:
 +  <?php
 +  phpinfo():
 +  ?>
 +
 +A typing error '':''​ in phpinfo page , which should be '';'',​ will lead to 500 error. ​
 +
 +===== PHP Code with wrong php configuration settings =====
 +
 +Sometimes, a 500 error may be not easy to locate. If you move ''​.htaccess''​ to ''​.htaccess.bak''​ and move ''​php.ini''​ to ''​php.ini.bak'',​ and the 500 error still happens, it might mean there is something wrong in the PHP code. That can be hard to find. 
 +
 +We experienced a case with WHMCS. Someone placed an incorrect setting in ''​configuration.php'':​
 +  $display_errors = E_All;
 +
 +''​E_All''​ is an incorrect value for the PHP ''​$display_errors''​ setting. Rather, it is meant for the ''​$error_reporting''​ setting. ''​$display_errors''​ should be either ''​true''/''​false'',​ or ''​on''/''​off''​. We changed it to ''​true'',​ and that fixed the 500 error.
 +  $display_errors = true;
  
 ===== PHP Handler Not Set ===== ===== PHP Handler Not Set =====
Line 105: Line 161:
 ===== CloudLinux LVE Limit Reached ===== ===== CloudLinux LVE Limit Reached =====
 When using CloudLinux, If the site is limited by memory or process limits, then the user may receive 500 errors because the server cannot execute the script. [[https://​docs.cloudlinux.com/​index.html?​lve.html| Learn more.]] When using CloudLinux, If the site is limited by memory or process limits, then the user may receive 500 errors because the server cannot execute the script. [[https://​docs.cloudlinux.com/​index.html?​lve.html| Learn more.]]
 +
 +For example, ​ you might see some error like the following:
 +
 +  2019-01-11 00:​14:​23.330946 [ERROR] [APVH_xsrvnecw_Sulsphp56:​]:​ Failed to start one instance. Resource limit reached!
 +
 +The above indicates an Error by Cloudlinux. Increasing the LVE for that user may fix the issue.
 +
  
 ===== PHP Upgrade ===== ===== PHP Upgrade =====
Line 204: Line 267:
 </​code>​ </​code>​
 You can check the example [[https://​users.cs.cf.ac.uk/​Dave.Marshall/​PERL/​node196.html|here]]. You can check the example [[https://​users.cs.cf.ac.uk/​Dave.Marshall/​PERL/​node196.html|here]].
 +
 +===== OWASP ModSecurity rule set may trigger 500 when using Imunify360 together =====
 +If you use LSWS ealier than 5.4.1 build 7, you may see 500 error when both OWASP and Imunify360 used at the same time. LSWS 5.4.1 and above version should have fixed this issue and LiteSpeed user can use both rule sets at the same time. 
 +
 +OWASP rule set may conflict with the Imunify360 default rule set on a server running LiteSpeed Web Server. Please choose only one mod_security rule set. 
 +
 +For OWASP rulesets, in crs-setup.conf:​
 +  SecAction "​id:​900990,​ phase:1, nolog, pass, t:none, setvar:​tx.crs_setup_version=302"​
 +  ​
 +in /​etc/​apache2/​conf.d/​modsec_vendor_configs/​OWASP3/​rules/​REQUEST-901-INITIALIZATION.conf
 +  SecRule &​TX:​crs_setup_version "@eq 0" "​id:​901001,​ phase:1, auditlog, log, deny, status:500, severity:​CRITICAL,​ msg:'​ModSecurity Core Rule Set is deployed without configuration! Please copy the crs-setup.conf.example template to crs-setup.conf,​ and include the crs-setup.conf file in your webserver configuration before including the CRS rules. See the INSTALL file in the CRS directory for detailed instructions.'"​
 +
 +crs-setup.conf has to be loaded first then the rest of rules including REQUEST-901-INITIALIZATION.conf.
 +
 +Imunify360 could break the loading order of the above rule set and lead to "​500"​ errors.
 +  ​
 +===== Use Debug Logging =====
 +Debug logging is helpful when looking for the cause of 500 errors. To begin capturing debug logs, please see [[ https://​www.litespeedtech.com/​support/​wiki/​doku.php/​litespeed_wiki:​config:​bug-reporting#​how_to_toggle_debug_logging_and_capture_output|How to Toggle Debug Logging]].
 +
 +You can investigate these logs further, or you can forward them to our Support Team for assistance.
  • Admin
  • Last modified: 2018/07/18 15:23
  • by Lisa Clarke