Commands
Learn how to configure etcd with SSL/TLS on RHEL 8 or CentOS 8 for secure communication. This step-by-step guide covers everything from generating certificates to
Learn how to fix the Apache error “Invalid command ‘Header'” when configuring a web server. Step-by-step guide with CLI commands, configuration examples, and troubleshooting tips to get your Apache server running smoothly.
When running a web server, nothing is more frustrating than Apache failing to start because of a cryptic configuration error. A common issue faced by many system administrators is:
Invalid command 'Header', perhaps misspelled or defined by a module not included in the server configuration
This problem often occurs when setting up a new virtual host, like example.com, or after making modifications to Apache’s configuration files. The error points directly to the use of the Header directive inside a site configuration file, but it also tells you that Apache does not recognize the command.
In this guide, we’ll walk through why this happens, how to fix it, and how to prevent it in the future. You’ll also see practical command-line examples, troubleshooting tips, and configuration snippets to help you get your server running smoothly.
The Header directive in Apache is provided by the mod_headers module. If this module isn’t enabled or loaded into Apache, any attempt to use Header in a virtual host configuration (like /etc/apache2/sites-enabled/example.com.conf) will result in a syntax error.
Here’s what happens:
|
<VirtualHost *:80>
ServerName example.com
DocumentRoot /var/www/example.com/public_html
<IfModule mod_headers.c>
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "SAMEORIGIN"
</IfModule>
</VirtualHost>
|
🔁 Step 1: Confirm the Error |
When Apache fails, always check the system logs. On Ubuntu or Debian-based systems:
sudo journalctl -xeu apache2.service
Typical output might look like this:
Aug 31 05:17:34 example systemd[1]: Starting The Apache HTTP Server...
Aug 31 05:17:34 example apachectl[1580]: AH00526: Syntax error on line 45 of /etc/apache2/sites-enabled/example.com.conf:
Aug 31 05:17:34 example apachectl[1580]: Invalid command 'Header', perhaps misspelled or defined by a module not included in the server configuration
Aug 31 05:17:34 example apachectl[1577]: Action 'start' failed.
This confirms that the Header directive is causing Apache to crash.
🔁 Step 2: Enable the mod_headers Module |
On Ubuntu/Debian systems, enabling the module is simple:
sudo a2enmod headers
sudo systemctl restart apache2
On RHEL/CentOS/Fedora/AlmaLinux/Rocky Linux, edit the Apache configuration and make sure the following line is present:
LoadModule headers_module modules/mod_headers.so
Then restart Apache:
sudo systemctl restart httpd
If the module loads correctly, Apache should now recognize the Header directive.
🔁 Step 3: Validate the Configuration |
Before restarting, always validate Apache’s configuration to catch syntax errors:
sudo apachectl configtest
Expected output:
Syntax OK
If you still see errors, double-check the module load path or confirm that mod_headers.so exists on your system. On most Linux servers, the module is included by default.
🔁 Step 4: Properly Configuring Headers for Security |
Once mod_headers is active, you can add security headers to your example.com virtual host. Common headers include:
<VirtualHost *:80>
ServerName example.com
DocumentRoot /var/www/example.com/public_html
<IfModule mod_headers.c>
Header always set X-Content-Type-Options "nosniff"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set Referrer-Policy "strict-origin-when-cross-origin"
Header always set X-XSS-Protection "1; mode=block"
</IfModule>
</VirtualHost>
This helps protect your site from clickjacking, MIME sniffing, and other web vulnerabilities.
🔁 Step 5: Restart Apache |
After updating your configuration, restart Apache:
sudo systemctl restart apache2 # Ubuntu/Debian
sudo systemctl restart httpd # RHEL/CentOS/Fedora/AlmaLinux/Rocky
Now, your server should start successfully.
Here’s a quick reference table for resolving Apache’s Invalid command 'Header' error:
| Issue | Cause | Solution | Example Command |
|---|---|---|---|
Apache fails with Invalid command 'Header' | mod_headers not enabled | Enable headers module | sudo a2enmod headers |
Apache fails with LoadModule headers_module not found | Module missing | Install Apache module package | sudo apt install apache2 (Ubuntu) or sudo yum install httpd (RHEL) |
| Apache still won’t start | Syntax error in config | Validate configuration | sudo apachectl configtest |
| Headers not applied | Directive placed outside <IfModule> or <VirtualHost> | Move headers inside proper block | See secure config example above |
To avoid similar issues in the future:
|
|
|
Example:
<IfModule mod_headers.c>
Header always set X-Content-Type-Options "nosniff"
</IfModule>
|
🔄 CLI Workflow Recap |
Here’s a quick workflow to resolve the problem on example.com:
# 1. Check Apache logs
journalctl -xeu apache2.service
# 2. Enable headers module
sudo a2enmod headers
# 3. Test Apache configuration
sudo apachectl configtest
# 4. Restart Apache
sudo systemctl restart apache2
This sequence ensures your Apache server comes back online quickly.
Learn how to configure etcd with SSL/TLS on RHEL 8 or CentOS 8 for secure communication. This step-by-step guide covers everything from generating certificates to
In this article, we’ll explore the simple steps to enable HTTPS on your website. We’ll guide you through the process of installing SSL on RHEL9,
Learn how to automate SSL/TLS certificate renewal and deployment using OpenSSL and Bash scripts. Includes CLI examples, best practices, cron automation, and deployment tips. Table