Apache Module mod_auth_form Description: Form authentication Status: Base ModuleIdentifier: auth_form_module SourceFile: mod_auth_form.c Compatibility: Available in Apache 2.3 and later Summary Warning Form authentication depends on the mod_session modules, and these modules make use of HTTP cookies, and as such can fall victim to Cross Site Scripting attacks, or expose potentially private information to clients. Please ensure that the relevant risks have been taken into account before enab

Dynamic Shared Object (DSO) Support The Apache HTTP Server is a modular program where the administrator can choose the functionality to include in the server by selecting a set of modules. Modules will be compiled as Dynamic Shared Objects (DSOs) that exist separately from the main httpd binary file. DSO modules may be compiled at the time the server is built, or they may be compiled and added at a later time using the Apache Extension Tool (apxs). Alternatively, the modules can be statically

Apache Module mod_authz_user Description: User Authorization Status: Base ModuleIdentifier: authz_user_module SourceFile: mod_authz_user.c Compatibility: Available in Apache 2.1 and later Summary This module provides authorization capabilities so that authenticated users can be allowed or denied access to portions of the web site. mod_authz_user grants access if the authenticated user is listed in a Require user directive. Alternatively Require valid-user can be used to grant access to all s

Apache Module mod_ext_filter Description: Pass the response body through an external program before delivery to the client Status: Extension ModuleIdentifier: ext_filter_module SourceFile: mod_ext_filter.c Summary mod_ext_filter presents a simple and familiar programming model for filters. With this module, a program which reads from stdin and writes to stdout (i.e., a Unix-style filter command) can be a filter for Apache. This filtering mechanism is much slower than using a filter which is

Advanced Techniques with mod_rewrite This document supplements the mod_rewrite reference documentation. It provides a few advanced techniques using mod_rewrite. Note that many of these examples won't work unchanged in your particular server configuration, so it's important that you understand them, rather than merely cutting and pasting the examples into your configuration. URL-based sharding across multiple backends Description: A common technique for distributing the burden of server lo

Apache Module mod_dav_lock Description: Generic locking module for mod_dav Status: Extension ModuleIdentifier: dav_lock_module SourceFile: mod_dav_lock.c Compatibility: Available in version 2.1 and later Summary This module implements a generic locking API which can be used by any backend provider of mod_dav. It requires at least the service of mod_dav. But without a backend provider which makes use of it, it's useless and should not be loaded into the server. A sample backend module which

Apache Module mod_vhost_alias Description: Provides for dynamically configured mass virtual hosting Status: Extension ModuleIdentifier: vhost_alias_module SourceFile: mod_vhost_alias.c Summary This module creates dynamically configured virtual hosts, by allowing the IP address and/or the Host: header of the HTTP request to be used as part of the pathname to determine what files to serve. This allows for easy use of a huge number of virtual hosts with similar configurations. Note If mod_alia

Apache HTTP Server Tutorial: .htaccess files .htaccess files provide a way to make configuration changes on a per-directory basis. .htaccess files Related Modules Related Directives core mod_authn_file mod_authz_groupfile mod_cgi mod_include mod_mime AccessFileName AllowOverride Options AddHandler SetHandler AuthType AuthName AuthUserFile AuthGroupFile Require You should avoid using .htaccess files completely if you have access to httpd main server config file. Using .htaccess files sl

Apache Module mod_negotiation Description: Provides for content negotiation Status: Base ModuleIdentifier: negotiation_module SourceFile: mod_negotiation.c Summary Content negotiation, or more accurately content selection, is the selection of the document that best matches the clients capabilities, from one of several available documents. There are two implementations of this. A type map (a file with the handler type-map) which explicitly lists the files containing the variants. A Multiview

Issues Regarding DNS and Apache HTTP Server This page could be summarized with the statement: don't configure Apache HTTP Server in such a way that it relies on DNS resolution for parsing of the configuration files. If httpd requires DNS resolution to parse the configuration files then your server may be subject to reliability problems (ie. it might not start up), or denial and theft of service attacks (including virtual hosts able to steal hits from other virtual hosts). A Simple Example