How to Fix Apache2 Header Directive Errors in .htaccess: Enabling mod_headers for Cache Control


2 views

The 500 Internal Server Error occurs because Apache isn't processing the Header directives in your .htaccess file. The error log clearly indicates that the server doesn't recognize the Header command, which means the required mod_headers module isn't enabled.

Here's how to properly configure Apache to handle header directives:

# For Debian/Ubuntu systems:
sudo a2enmod headers
sudo systemctl restart apache2

# For CentOS/RHEL systems:
# Ensure this line exists in httpd.conf
LoadModule headers_module modules/mod_headers.so
sudo systemctl restart httpd

After enabling the module, check if it's loaded:

apache2ctl -M | grep headers
# or httpd -M for RHEL systems

You should see headers_module (shared) in the output.

Here's a more robust version of your cache control configuration:

<IfModule mod_headers.c>
  <FilesMatch "\.(eot|ico|pdf|flv|jpg|jpeg|png|gif|svg|swf|ttf|woff|woff2|webp)$">
    Header set Cache-Control "max-age=31536000, public, immutable"
    Header set Expires "Wed, 23 Apr 2025 17:00:01 GMT"
    Header unset ETag
    FileETag None
  </FilesMatch>
</IfModule>

If you still encounter issues:

  • Check Apache's error log: tail -f /var/log/apache2/error.log
  • Verify AllowOverride All is set in your virtual host configuration
  • Ensure the .htaccess file is in the correct directory and readable by Apache

You can also set conditional headers based on request characteristics:

<IfModule mod_headers.c>
  # Set CORS headers for fonts
  <FilesMatch "\.(ttf|ttc|otf|eot|woff|woff2)$">
    Header set Access-Control-Allow-Origin "*"
  </FilesMatch>
  
  # Security headers
  Header always set X-Content-Type-Options "nosniff"
  Header always set X-Frame-Options "SAMEORIGIN"
</IfModule>

The 500 Internal Server Error you're encountering occurs because Apache is trying to process Header directives in your .htaccess file without the required mod_headers module being enabled. The error log clearly indicates:

[alert] [client 24.15.83.241] /home/jonathan/.htaccess: Invalid command 'Header'

Here's how to enable the module on various platforms:

For Debian/Ubuntu:

sudo a2enmod headers
sudo systemctl restart apache2

For CentOS/RHEL:

sudo yum install httpd-devel
sudo vi /etc/httpd/conf/httpd.conf  # Add: LoadModule headers_module modules/mod_headers.so
sudo systemctl restart httpd

After enabling, verify with:

apache2ctl -M | grep headers
# or httpd -M for CentOS

Your current cache control implementation can be improved:

<FilesMatch "\.(eot|ico|pdf|flv|jpg|jpeg|png|gif|svg|swf|ttf|woff|woff2|webp|avif)$">
    Header set Cache-Control "max-age=31536000, immutable, public"
    Header set Expires "Wed, 31 Dec 2030 23:59:59 GMT"
    Header unset ETag
    FileETag None
</FilesMatch>
  • Order matters: Place Header directives after other rewrite rules
  • Syntax validation: Use apache2ctl -t to test configuration
  • Multiple locations: Header directives can be placed in virtual hosts too

When using mod_headers extensively, consider:

  1. Moving rules to main configuration instead of .htaccess
  2. Using <IfModule mod_headers.c> wrappers
  3. Combining similar header operations