- Shared Web Hosting
My PHP files all display a 500 Internal server error. How can I fix this?
If you are running a PHP-based script on your site and are receiving a 500 and/or 404 errors on your pages, it is likely you have one or more of the following occurring:
1. You are attempting to access PHP files through the temp-URL https://www.croweb.host/~username. PHP on our servers requires a fully qualified domain name. You may have to wait until your domain has been pointed and resolves here.
2. The permissions on some of the folders or files are 777 or 666. If this is the case, change them to either 755 or 644 in Virtualminl's File Manager (or using your local FTP client).
3. The files and/or folders are not owned by you. Certain applications having been run under php as an apache module may have files owned by the apache user of nobody. An indication that you don't own the files would be if you are unable to change their file permissions. To correct this, please contact support provide your username and provide the location of the folder or files that need to have your ownership.
4. Your .htaccess file has php_values or php_flags in it. This causes a 500 Internal server error when attempting to execute the script.
The php_values and php_flags will need to be removed from your .htaccess file (please make a backup of the .htaccess by copying its contents and saving it on your desktop as htaccess.txt). Take the contents removed from .htaccess and place it into a file you create called php.ini. Remember to remove the php_flag and php_value part before the directives as php.ini files do not require those in front of the values. You can always make the changes and ask us if the changed files are correct.
Because php.ini values are not shared across directories, you would need a separate php.ini file in each folder that has .htaccess or that requires the php_values or php_flags. In order to avoid doing this, you can place a line in the .htaccess file in your public_html folder to have all values in your public_html php.ini to be shared across all folder. This line would be the following:
suPHP_ConfigPath /home/username/public_html
Finally, to explain in depth why suPHP requires these changes to the file permissions, please note that suPHP runs scripts with the permissions of their owners. Regular PHP executes scripts under the permissions of the system user running the web server, which means that your script runs with different permissions than your own user account and makes it very hard to use a PHP script to modify and create files without giving everyone on the server access to your files (this means that on regular PHP you provide write or execute access to group and world even for some files). Since SuPHP makes your PHP scripts run with the same permissions as your regular user account, you do not need group or world write access or execute access for files and suPHP will even prevent files from running that are group or world writable or executable as a security precaution.
666 equals the following:
Code:
Mode User Group World
Read 4 4 4 (all checked)
Write 2 2 2 (all checked)
Execute(none checked)
This makes group and world able to write to the file, a security risk
777 equals the following:
Code:
Mode User Group World
Read 4 4 4 (all checked)
Write 2 2 2 (all checked)
Execute 1 1 1 (all checked)
This makes group and world able to write and execute the file, a very large security risk.
Basically, suPHP is more secure, and preventing scripts from running as 666 or 777 prevents group or world from maliciously writing to the files and hacking your scripts.
As this all may seem very confusing, please let us know if you ever have questions.
--
Please wait... it will take a second!