GoDaddy Support

Issues with Server-Side Includes and .htaccess Files

Date Submitted: 9-2-2011 by sean

Not what you're looking for?
We want your feedback!

Topic: Web Hosting

Customer security is one of, if not the, top priority for us. We continually look for new ways to ensure our customers are safe, as well as improving our existing technology. With that in mind, we’ve recently upgraded Apache® on our Web servers to implement tighter security standards—protecting our customers from potential compromises.

However, with this upgrade comes some changes to how our environment handles .htaccess files.

  • You do not need to enable Server-Side Includes for HTML files via .htaccess. They’re enabled by default from Apache 2.2 and onward, and enabling them results in an error.

    If you use use “Option Includes,” “Options -Includes,” or “Options +Includes” in your .htaccess file, your site might display a “500 – Internal Server Error.” To get more information, you can enable error logs to show you the cause of the error, which is similar to this:

    [Wed Aug 31 03:13:37 2011] [alert] [client 127.0.0.1] /home/content/45/12345/html/.htaccess: Option Includes not allowed here

    To resolve this issue, remove the version of “Options Include” you use in your .htaccess file.

  • If you override all “Options,” instead of appending the server’s default option, or if you use improper syntax, your site can become vulnerable and experience functionality issues—such as HTML Server-Side Includes not functioning.

    To append, enable, or disable options in your .htaccess file, we recommend adding a + or - before the item you want to modify. Without using + or -, our default (the most secure) Option replaces yours and, as a security precaution, Server-Side Includes become unavailable.

    For example:

    • “Options +Indexes” is the preferred way to enable directory browsing.
    • “Options -Indexes” is the preferred way to disable directory browsing. This is also the default behavior.
    • “Options Indexes” still enables directory browsing, but also breaks Server-Side Includes in HTML files.
      • If you do not use HTML Server-Side Includes, using “Options Indexes” probably won’t affect your site—but we encourage you to use the preferred method of enabling your .htaccess Options.

      NOTE: The Server-Side Includes described here do not affect including files with dynamic scripting languages, such as PHP, Perl, Python, or Ruby.

6 Comments on "Issues with Server-Side Includes and .htaccess Files"

  • by nacho on September 6th, 2011

    I have the same problem accessing the admin panel of my site. When you run a php script to upload images, an error 500:

    Internal Server Error

    The server encountered an internal error or misconfiguration and was unable to complete your request.
    Please contact the server administrator and inform them of the time the error occurred, and anything you might have done that may have caused the error.
    More information about this error may be available in the server error log.
    ________________________________________
    Apache Server at http://www.************.com Port 80

    Everything worked fine until yesterday and for 11 months in godaddy. Please i need help !

  • by ascully on September 7th, 2011

    Having an issue myself everything has worked fine on my site for the last 2 years on Godaddy then yesterday my wordpress is all broken. Anyone any tips?

  • by sean on September 7th, 2011

    @Nacho @ascully Have either of you modified your hosting account’s .htaccess file?

  • by nacho on September 8th, 2011

    Htaccess file I have not changed

  • by sean on September 8th, 2011

    @Nacho If you haven’t changed your .htaccess file, it’s possible that the application you’re using came with improper syntax. You can use the FTP File Manager to check the content of the file against our recommendations.

    We have a Help article to show you how to do that: http://support.godaddy.com/help/article/4217 – you’re looking for your account’s .htaccess file that’s probably in your root directory.

  • by seant on September 9th, 2011

    Chances are you are running into the same issue I came across early this week. I only have one SSI on my site and it stopped working suddenly. If you are using an “#exec cmd” or “#exec cgi” include statement in the .shtml file, you probably have seen the same issue. It had been working for a few years like that and the recent Apache updates (and undoubtedly some config changes) enforced a “NOEXEC” policy for SSI includes. All you need to do is use the “#include virtual” method instead, and everything should work again. (http://httpd.apache.org/docs/1.3/mod/mod_include.html)

NEED HELP? Call our award-winning support team 24/7 at (480) 505-8877
Submit

United States - English
Traffic Log Image