Apache Module System

One of Apache's greatest strengths is its module-based extensibility. You can activate only the modules you need, and with Dynamic Shared Objects (DSO), you can add or remove modules without recompiling Apache.

---

Module System Overview

Method	Description	Characteristics
Static compilation	Embedded in the Apache binary at compile time	Fast, cannot be changed
Dynamic loading (DSO)	Loaded at runtime via LoadModule	Flexible, loaded on demand

# Check currently loaded modules
apache2ctl -M
# or
httpd -M

---

Ubuntu Module Management (a2enmod / a2dismod)

# Enable modules
sudo a2enmod rewrite    # mod_rewrite
sudo a2enmod ssl        # mod_ssl
sudo a2enmod headers    # mod_headers
sudo a2enmod expires    # mod_expires
sudo a2enmod proxy      # mod_proxy
sudo a2enmod proxy_http # mod_proxy_http

# Disable a module
sudo a2dismod rewrite

# Always reload after changes
sudo systemctl reload apache2

# List available modules
ls /etc/apache2/mods-available/

# List enabled modules
ls /etc/apache2/mods-enabled/

---

CentOS/RHEL Module Management

# /etc/httpd/conf.modules.d/00-optional.conf
# Uncomment to enable
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule headers_module modules/mod_headers.so
# LoadModule userdir_module modules/mod_userdir.so  ← disabled

---

Key Modules and Their Roles

Core Modules

Module	Role	Enabled by Default
mod_log_config	Log configuration	Yes
mod_mime	MIME type settings	Yes
mod_dir	Directory index	Yes
mod_alias	URL aliases, redirects	Yes

URL Processing Modules

Module	Role	Command
mod_rewrite	URL rewriting and redirects	a2enmod rewrite
mod_alias	Alias, Redirect directives	Enabled by default

Proxy Modules

Module	Role	Command
mod_proxy	Basic proxy functionality	a2enmod proxy
mod_proxy_http	HTTP proxy	a2enmod proxy_http
mod_proxy_ajp	AJP proxy (Tomcat integration)	a2enmod proxy_ajp
mod_proxy_balancer	Load balancer	a2enmod proxy_balancer
mod_proxy_wstunnel	WebSocket proxy	a2enmod proxy_wstunnel

Security Modules

Module	Role	Command
mod_ssl	HTTPS/TLS support	a2enmod ssl
mod_headers	HTTP header manipulation	a2enmod headers
mod_auth_basic	HTTP Basic authentication	a2enmod auth_basic
mod_evasive	Basic DDoS protection	apt install libapache2-mod-evasive

Performance Modules

Module	Role	Command
mod_deflate	Gzip compression	a2enmod deflate
mod_expires	Cache expiry headers	a2enmod expires
mod_cache	Response caching	a2enmod cache
mod_http2	HTTP/2 support	a2enmod http2

Content Processing Modules

Module	Role	Command
mod_php	Embedded PHP (Prefork MPM)	apt install libapache2-mod-php
mod_cgi	CGI script execution	a2enmod cgi

---

Module Configuration Examples

mod_proxy + mod_proxy_http — Reverse Proxy

ProxyPreserveHost On
ProxyPass        /api/ http://127.0.0.1:8080/api/
ProxyPassReverse /api/ http://127.0.0.1:8080/api/

mod_headers — Security Headers

<IfModule mod_headers.c>
    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set X-Content-Type-Options "nosniff"
    Header always set Strict-Transport-Security "max-age=31536000"
</IfModule>

mod_deflate — Gzip Compression

<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/css application/javascript application/json
    DeflateCompressionLevel 6
</IfModule>

mod_http2 — HTTP/2

Protocols h2 http/1.1

<VirtualHost *:443>
    ServerName example.com
    SSLEngine on
    Protocols h2 http/1.1
</VirtualHost>

---

Diagnosing Module Issues

# Check if specific module is loaded
apache2ctl -M | grep rewrite
# rewrite_module (shared)   ← loaded
# (nothing = not loaded)

# Common error when module not loaded:
# Invalid command 'RewriteEngine', perhaps misspelled or defined by a module
# not included in the server configuration

---

Summary

• Ubuntu: a2enmod module_name / a2dismod module_name + systemctl reload apache2
• CentOS: Uncomment LoadModule in conf.modules.d/
• Essential production modules: mod_rewrite, mod_ssl, mod_headers, mod_deflate, mod_expires, mod_proxy, mod_proxy_http
• Always run configtest to validate syntax before reloading after module changes