Apache HTTPD web server is returning internal server error code 500 when attempting to visit a website, with the following message:

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, root@localhost and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

500 Internal Server Error

In Apache error log, entry similar to the following is recorded:

[crit] [client 192.168.1.7] configuration error: couldn’t perform authentication. AuthType not set!: /techjourney.html

The error commonly happens after migrating or moving of websites to another environment or host, and normally involving different versions of Apache HTTPD web server running on the system.

Cause

The cause of the issue is due to enhanced security since Apache version 2.4 which supports different configuration options and directives. The specific directive causing the problem is Require. For example,

<Directory “/var/www/html”>
AllowOverride None
Require all granted
</Directory>

The above Apache configuration works only in Apache 2.4 and newer, as Apache 2.4 and newer versions use a new authentication mechanisms rather than Order, Allow, Deny, and Satisfy access control idioms in Apache 2.2 and older versions.

Solution

To fix the 500 Internal Server Error caused by AuthType not set error, just remove complete all Require directives in httpd.conf or apache2.conf when running in Apache 2.2 or older.

Tip
If you want to build a Apache config file which works with both Apache version <= 2.2 and Apache version >= 2.4, the the clause will help. For example:

<IfVersion < 2.3>
Allow from all
</IfVersion>
<IfVersion >= 2.4>
Require all granted
</IfVersion>

Note that the trick above requires version module enabled in Apache HTTPD server. To enable it, you can insert the line “LoadModule version_module modules/mod_version.so” (without quotes) in httpd.conf or apache2.conf, or run the “a2enmod version” (without quotes) command.

Note
If you want to maintain the same access control and authentication setup between Apache version <= 2.2 and >= 2.4, Apache provides several examples below.

Deny All Requests

2.2 configuration:

Order deny,allow
Deny from all

2.4 configuration:

Require all denied

Allow All Requests

2.2 configuration:

Order allow,deny
Allow from all

2.4 configuration:

Require all granted

Allow Only Hosts in example.org, Deny All Others

2.2 configuration:

Order Deny,Allow
Deny from all
Allow from example.org

2.4 configuration:

Require host example.org