Book HomeWebmaster in a Nutshell, 3rd EditionSearch this book

Chapter 19. Apache Modules

Contents:

mod_access
mod_actions
mod_alias
mod_auth
mod_auth_anon
mod_auth_dbm
mod_autoindex
mod_cern_meta
mod_cgi
mod_cgid
mod_dav
mod_deflate
mod_dir
mod_env
mod_example
mod_expires
mod_headers
mod_imap
mod_include
mod_info
mod_isapi
mod_log_config
mod_logio
mod_mime
mod_mime_magic
mod_negotiation
mod_proxy
mod_rewrite
mod_setenvif
mod_so
mod_speling
mod_ssl
mod_status
mod_suexec
mod_unique_id
mod_userdir
mod_usertrack
mod_vhost_alias

Modules are a key part of Apache. They provide much of the functionality administrators expect in a modern web server, including user tracking, CGI scripting, authentication, SSL, etc. The set of modules distributed with Apache can be divided into a number of groups. Core modules provide the set of directives that are always available to Apache. The Base modules provide a common set of features for the server and are compiled in by default. You have to manually deselect them during compilation to not install them. The Extension modules comprise another set of common and useful server features, but are not required for every server setup. Therefore, they are not compiled by default. The remaining modules are classified as Experimental; they are either not completed to specification, or introduce instability to some environments.

This chapter contains information about the Base and Extension modules and their directives. The modules are present in versions 1.3 and 2.0, and differences in support are noted per version. Table 19-1 shows the Apache modules described in this chapter.

Table 19-1. Standard Apache modules

Module

Compiled

Description

mod_access

Access control

mod_actions

CGI scripting

mod_alias

Aliasing and filesystem mapping

mod_asis

Provides for .asis (as is) files

mod_auth

User authentication

mod_auth_anon

 

Anonymous user authentication

mod_auth_db

 

User authentication with DB files. (Apache 1.1 to 1.3)

mod_auth_dbm

 

User authentication with DBM files

mod_autoindex

Automatic directory listings

mod_cern_meta

 

Support for CERN metafiles

mod_cgi

Execution of CGI scripts

mod_cgid

Execution of CGI scripts with external daemon (Apache 2.0 and up)

mod_dir

Simple directory handling

mod_dav

 

Support for WevDAV (Apache 2.0 and up)

mod_deflate

 

Compress content sent to the client (Apache 2.0 and up)

mod_env

Environment variable handling

mod_example

 

Example of Apache API usage

mod_expires

 

Automatic expire headers

mod_headers

 

Modification of HTTP response headers

mod_imap

Image map handling

mod_include

Server-side includes

mod_info

 

Server information

mod_isapi

Support for ISAPI extensions in Windows

mod_log_config

Configurable logging

mod_logio

Logs input and output bytes (Apache 2.0 and up)

mod_mime

MIME handling

mod_mime_magic

 

MIME handling via magic numbers

mod_negotiation

Content negotiation

mod_proxy

 

Proxy capabilities

mod_rewrite

 

URL rewriting

mod_setenvif

Conditional setting of environment variables

mod_so

 

Dynamic loading of modules and libraries

mod_speling

 

Spelling corrections

mod_ssl

 

Secure transaction over SSL (Apache 2.0 and up)

mod_status

 

Server status pages

mod_suexec

 

Select user and group for CGI (Apache 2.0 and up)

mod_userdir

User HTML directories

mod_unique_id

 

Unique server request identifiers

mod_usertrack

 

User tracking (cookies)

mod_vhost_alias

 

Dynamic virtual host configuration (Apache 2.0 and up)

This chapter presents an overview of the runtime directives used with the Apache modules. Each of the directives listed in this chapter are grouped in association with the module they relate to.

19.1. mod_access

The mod_access module resolves which clients are allowed to access server directories based on their IP address or hostname.

allow

allow from hostname hostname ...

[Within <Directory> or .htaccess]

The allow directive specifies which hosts can access a given directory in the site. The hostname can be any of the following:

Domain name
A domain name, like .oreilly.com. Only hosts from the domain are permitted access.

Hostname
A full hostname.

Full IP address
An IP address of a host.

Partial IP address
The first 1 to 3 bytes of an IP address, for subnet restriction.

Network address/netmask
A full network address, followed by a full netmask. (i.e., 192.168.220.110/255.255.255.0)

Network address/CIDR specification
A full network address, followed by an abbreviated netmask. (i.e., 192.168.220.110/24 is equivalent to 192.168.220.110/255.255.255.0)

all
Using this option means that all hosts are allowed.

There can be only one allow directive per section. If omitted, there is no default.

allow

allow from env=variable

[Within <Directory> or .htaccess]

The allow from env directive sets whether access to a directory should be granted if a specific environment variable exists. For example, the following grants access to the secret directory if the client is using Version 5.0 of the "InternetStar" browser, via a user-agent string:

BrowserMatch ^InternetStar/5.0 ACCESS_GRANTED
<Directory /secret>
order deny, allow
deny from all
allow from env=ACCESS_GRANTED
</Directory>
deny

deny from hostname hostname ...

[Within <Directory> or .htaccess]

The deny directive specifies which hosts are denied access to a directory. The hostname can be one of the following:

Domain name
A domain name, like .oreilly.com. Hosts from that domain are denied access.

Hostname
A full hostname.

Full IP address
The IP address of a host.

Partial IP address
The first 1 to 3 bytes of an IP address, for subnet restriction.

Network address with netmask
A full network address, followed by a full netmask. (i.e., 192.168.220.110/255.255.255.0), or by an abbreviated netmask. (i.e., 192.168.220.110/24 is equivalent to 192.168.220.110/255.255.255.0)

all
Using the word all means that all hosts are denied access.

deny

deny from env=variable

[Within <Directory> or .htaccess]

The deny from env directive sets whether access to a directory should be denied if a specific environment variable exists. Access to the secret directory is denied if the client is using Version 4.0 of the "InternetStar" browser, via a user-agent string:

BrowserMatch ^InternetStar/4.0 ACCESS_DENIED
<Directory /secret>
order deny, allow
deny from env=ACCESS_DENIED
allow from all
</Directory>
order

order order

[Within <Directory> or .htaccess]

The order directive specifies the order in which deny and allow directives are evaluated. The order directive can take one of the following forms:

order deny,allow
deny directives are evaluated before allow directives (this is the default).

order allow,deny
allow directives are evaluated before deny directives.

order mutual-failure
This setting means that any host appearing on the allow list is allowed, and any host listed on the deny list is denied. Finally, any host not appearing on either list is denied.



Library Navigation Links

Copyright © 2003 O'Reilly & Associates. All rights reserved.