How To Enable or Disable Modules in Apache Web Server

The Apache HTTP Server’s (HTTPD) feature set can be extended by a ton of modules. Modules can be either static or shared/dynamic. Static modules are “in effect” or enabled by default but the shared ones have to be explicitly enabled. Enabling and disabling modules has to be done via configurations. We just need to know where the Apache configurations and the module files (to be loaded) are located.

Enable/Disable Modules

As far as any Unix-based or Unix-like operation systems go, like Mac OS, FreeBSD or Linux distros (Ubuntu, Debian, Fedora, CentOS, etc.), enabling or disabling an HTTPD module is just a LoadModule entry away. In this article we will learn how to:

  1. Find the module file path.
  2. Find the module identifier.
  3. Pass (1) and (2) to the LoadModule directive to enable the module.

Step 1: Finding Module Path

By default the Apache server installation ships with a bunch of modules that are all available somewhere, but just a few enabled. These modules exist as so (shared object) files. We need to find the location of this so file first.

One of the easiest way to do that is to first find out two things:

On running apachectl -V (or httpd -V) on my macOS, this is what I get:

 -D HTTPD_ROOT="/usr"
 -D SERVER_CONFIG_FILE="/private/etc/apache2/httpd.conf"

So my server root is /usr and the main server config location is /private/etc/apache2/httpd.conf. As you can see they are on separate paths which is ok. In linux distributions you may find them on similar paths like this:

 -D HTTPD_ROOT="/etc/apache2"
 -D SERVER_CONFIG_FILE="apache2.conf"

When the server config path is relative (apache2.conf), it’ll be relative to the server root path which is /etc/apache2. Hence in this case the full path for main server config is /etc/apache2/apache2.conf.

Once we know the full path to main server config, the next thing we need to do is simply cd into the “apache2” or “httpd” folder path in that and grep for LoadModule. On my local that is /private/etc/apache2 where as on a linux distribution, it’ll be something like /etc/apache2 or /etc/httpd depending upon the HTTPD_ROOT and SERVER_CONFIG_FILE values dumped above. Anyway, let’s do the cd and grep.

~ % cd /private/etc/apache2
/private/etc/apache2 % grep -ir 'LoadModule' .
./httpd.conf:# LoadModule foo_module modules/mod_foo.so
./httpd.conf:#LoadModule mpm_event_module libexec/apache2/mod_mpm_event.so
./httpd.conf:LoadModule mpm_prefork_module libexec/apache2/mod_mpm_prefork.so
./httpd.conf:#LoadModule mpm_worker_module libexec/apache2/mod_mpm_worker.so
./httpd.conf:LoadModule authn_file_module libexec/apache2/mod_authn_file.so
./httpd.conf:#LoadModule authn_dbm_module libexec/apache2/mod_authn_dbm.so
./httpd.conf:#LoadModule authn_anon_module libexec/apache2/mod_authn_anon.so
./httpd.conf:#LoadModule authn_dbd_module libexec/apache2/mod_authn_dbd.so
./httpd.conf:#LoadModule authn_socache_module libexec/apache2/mod_authn_socache.so
./httpd.conf:LoadModule authn_core_module libexec/apache2/mod_authn_core.so
./httpd.conf:LoadModule authz_host_module libexec/apache2/mod_authz_host.so
./httpd.conf:LoadModule authz_groupfile_module libexec/apache2/mod_authz_groupfile.so
./httpd.conf:LoadModule authz_user_module libexec/apache2/mod_authz_user.so
...
...
...

As we can see there are a bunch of LoadModule lines with a module identifier and module path. The lines that are uncommented are the ones enabling the specified modules. The important things to note here is that the path for all of them are similar:

libexec/apache2/<mod-file.so>

The module path can be absolute or relative to the server root which in my case is /usr. Hence the full path for a module will be /usr/libexec/apache2/<mod-file.so>. Let’s go to /usr/libexec/apache2/ and do an ls to see whats there:

~ % ls /usr/libexec/apache2
httpd.exp                       mod_lbmethod_heartbeat.so
mod_access_compat.so            mod_ldap.so
mod_actions.so                  mod_log_config.so
mod_alias.so                    mod_log_debug.so
mod_allowmethods.so             mod_log_forensic.so
mod_asis.so                     mod_logio.so
mod_auth_basic.so               mod_macro.so
mod_auth_digest.so              mod_mime.so
mod_auth_form.so                mod_mime_magic.so
mod_authn_anon.so               mod_mpm_event.so
mod_authn_core.so               mod_mpm_prefork.so
mod_authn_dbd.so                mod_mpm_worker.so
mod_authn_dbm.so                mod_negotiation.so
mod_authn_file.so               mod_perl.so
mod_authn_socache.so            mod_proxy.so
mod_authnz_ldap.so              mod_proxy_ajp.so
mod_authnz_od_apple.so          mod_proxy_balancer.so
mod_authz_core.so               mod_proxy_connect.so
mod_authz_dbd.so                mod_proxy_express.so
mod_authz_dbm.so                mod_proxy_fcgi.so
mod_authz_groupfile.so          mod_proxy_fdpass.so
mod_authz_host.so               mod_proxy_ftp.so
mod_authz_owner.so              mod_proxy_hcheck.so
mod_authz_user.so               mod_proxy_html.so
mod_autoindex.so                mod_proxy_http.so
mod_buffer.so                   mod_proxy_scgi.so
mod_cache.so                    mod_proxy_uwsgi.so
mod_cache_disk.so               mod_proxy_wstunnel.so
mod_cache_socache.so            mod_ratelimit.so
mod_cgi.so                      mod_reflector.so
mod_cgid.so                     mod_remoteip.so
mod_charset_lite.so             mod_reqtimeout.so
mod_data.so                     mod_request.so
mod_dav.so                      mod_rewrite.so
mod_dav_fs.so                   mod_sed.so
mod_dav_lock.so                 mod_session.so
mod_dbd.so                      mod_session_cookie.so
mod_deflate.so                  mod_session_dbd.so
mod_dialup.so                   mod_setenvif.so
mod_dir.so                      mod_slotmem_plain.so
mod_dumpio.so                   mod_slotmem_shm.so
mod_echo.so                     mod_socache_dbm.so
mod_env.so                      mod_socache_memcache.so
mod_expires.so                  mod_socache_redis.so
mod_ext_filter.so               mod_socache_shmcb.so
mod_file_cache.so               mod_speling.so
mod_filter.so                   mod_ssl.so
mod_headers.so                  mod_status.so
mod_heartbeat.so                mod_substitute.so
mod_heartmonitor.so             mod_unique_id.so
mod_hfs_apple.so                mod_unixd.so
mod_http2.so                    mod_userdir.so
mod_imagemap.so                 mod_usertrack.so
mod_include.so                  mod_version.so
mod_info.so                     mod_vhost_alias.so
mod_lbmethod_bybusyness.so      mod_watchdog.so
mod_lbmethod_byrequests.so      mod_xml2enc.so
mod_lbmethod_bytraffic.so

That’s it! We now know where the module files exist. To enable one of them, we’ll use their path from here.

Step 2: Finding Module Identifier

Now we need to find another bit of information, which is the module identifier to be used with LoadModule. This is super simple. Sometimes the grep that we did in the previous step may give you the answer but if not then we can simply go to the Apache documentation for any module where the identifier will be listed under the Module Identifier section or sub-heading.

For instance, the module identifier for <a href="https://httpd.apache.org/docs/current/mod/mod_proxy.html">mod_proxy</a> is proxy_module.

mod_proxy documentation page

Step 3: Load the Module

With the module path and identifier in hand, we can finally put the LoadModule directive into the main server config followed by a server restart to load the module.

# In /private/etc/apache2/httpd.conf
# Syntax: LoadModule module-identifier module-file-path
LoadModule proxy_module /usr/libexec/apache2/mod_proxy.so

The file path can be either absolute or relative to the server root. Don’t forget to restart httpd after this change:

% sudo apachectl restart

Once the module is loaded and enabled, you can put any related configuration settings for it in the server config file directly. Another way is to put the module-related config in a separate file and include it in the main server config.

Utilities

Some operating systems ship with utilities to make the entire process much more easier.

Ubuntu/Debian

If you’re on Ubuntu or Debian, you can already see the list of available modules in the server root’s mods-available folder.

# ls /etc/apache2/mods-available/
access_compat.load    cache.load          heartbeat.load            negotiation.conf     rewrite.load

To enable them, you can use inbuilt utilities like a2enmod and a2dismod to enable and disable modules respectively.

$ a2enmod rewrite # Enable mod_rewrite
$ a2dismod rewrite # Disable mod_rewrite

Followed by a server restart:

$ service apache2 restart

I really like the mods-available and mods-enabled segregation in Ubuntu personally. It further segregates the module’s LoadModule directive and any default configuration into separate files. For example, these are the available files in mods-available or mods-enabled for mod_info:

$ cat mods-available/info.conf
<IfModule mod_info.c>

	# Allow remote server configuration reports, with the URL of
	#  http://servername/server-info (requires that mod_info.c be loaded).
	# Uncomment and change the "192.0.2.0/24" to allow access from other hosts.
	#
	<Location /server-info>
		SetHandler server-info
		Require local
		#Require ip 192.0.2.0/24
	</Location>

</IfModule>

$ cat mods-available/info.load
LoadModule info_module /usr/lib/apache2/modules/mod_info.so

The two different files are then included in the main config file (apache2.conf). Much better organisation!

Leave a Reply

Your email address will not be published. Required fields are marked *