In this guide, we will briefly talk about the Apache web server front-end and how to list or check which Apache modules have been enabled on your server.
Apache is built, based on the principle of modularity, this way, it enables web server administrators to add different modules to extend its primary functionalities and enhance apache performance as well.
Suggested Read: 5 Tips to Boost the Performance of Your Apache Web Server
Some of the common Apache modules include:
- mod_ssl – which offers HTTPS for Apache.
- mod_rewrite – which allows for matching url patterns with regular expressions, and perform a transparent redirect using .htaccess tricks, or apply a HTTP status code response.
- mod_security – which offers you to protect Apache against Brute Force or DDoS attacks.
- mod_status – that allows you to monitor Apache web server load and page statics.
In Linux, the apachectl or apache2ctl command is used to control Apache HTTP server interface, it is a front-end to Apache.
You can display the usage information for apache2ctl as below:
$ apache2ctl help OR $ apachectl help
Usage: /usr/sbin/httpd [-D name] [-d directory] [-f file] [-C "directive"] [-c "directive"] [-k start|restart|graceful|graceful-stop|stop] [-v] [-V] [-h] [-l] [-L] [-t] [-S] Options: -D name : define a name for use in directives -d directory : specify an alternate initial ServerRoot -f file : specify an alternate ServerConfigFile -C "directive" : process directive before reading config files -c "directive" : process directive after reading config files -e level : show startup errors of level (see LogLevel) -E file : log startup errors to file -v : show version number -V : show compile settings -h : list available command line options (this page) -l : list compiled in modules -L : list available configuration directives -t -D DUMP_VHOSTS : show parsed settings (currently only vhost settings) -S : a synonym for -t -D DUMP_VHOSTS -t -D DUMP_MODULES : show all loaded modules -M : a synonym for -t -D DUMP_MODULES -t : run syntax check for config files
apache2ctl can function in two possible modes, a Sys V init mode and pass-through mode. In the SysV init mode, apache2ctl takes simple, one-word commands in the form below:
$ apachectl command OR $ apache2ctl command
For instance, to start Apache and check its status, run these two commands with root user privileges by employing the sudo command, in case you are a normal user:
$ sudo apache2ctl start $ sudo apache2ctl status
tecmint@TecMint ~ $ sudo apache2ctl start AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message httpd (pid 1456) already running tecmint@TecMint ~ $ sudo apache2ctl status Apache Server Status for localhost (via 127.0.0.1) Server Version: Apache/2.4.18 (Ubuntu) Server MPM: prefork Server Built: 2016-07-14T12:32:26 ------------------------------------------------------------------------------- Current Time: Tuesday, 15-Nov-2016 11:47:28 IST Restart Time: Tuesday, 15-Nov-2016 10:21:46 IST Parent Server Config. Generation: 2 Parent Server MPM Generation: 1 Server uptime: 1 hour 25 minutes 41 seconds Server load: 0.97 0.94 0.77 Total accesses: 2 - Total Traffic: 3 kB CPU Usage: u0 s0 cu0 cs0 .000389 requests/sec - 0 B/second - 1536 B/request 1 requests currently being processed, 4 idle workers __W__........................................................... ................................................................ ...................... Scoreboard Key: "_" Waiting for Connection, "S" Starting up, "R" Reading Request, "W" Sending Reply, "K" Keepalive (read), "D" DNS Lookup, "C" Closing connection, "L" Logging, "G" Gracefully finishing, "I" Idle cleanup of worker, "." Open slot with no current process
And when operating in pass-through mode, apache2ctl can take all the Apache arguments in the following syntax:
$ apachectl [apache-argument] $ apache2ctl [apache-argument]
All the Apache-arguments can be listed as follows:
$ apache2 help [On Debian based systems] $ httpd help [On RHEL based systems]
Check Enabled Apache Modules
Therefore, in order to check which modules are enabled on your Apache web server, run the applicable command below for your distribution, where -t -D DUMP_MODULES
is a Apache-argument to show all enabled/loaded modules:
--------------- On Debian based systems --------------- $ apache2ctl -t -D DUMP_MODULES OR $ apache2ctl -M
--------------- On RHEL based systems --------------- $ apachectl -t -D DUMP_MODULES OR $ httpd -M $ apache2ctl -M
[root@tecmint httpd]# apachectl -M Loaded Modules: core_module (static) mpm_prefork_module (static) http_module (static) so_module (static) auth_basic_module (shared) auth_digest_module (shared) authn_file_module (shared) authn_alias_module (shared) authn_anon_module (shared) authn_dbm_module (shared) authn_default_module (shared) authz_host_module (shared) authz_user_module (shared) authz_owner_module (shared) authz_groupfile_module (shared) authz_dbm_module (shared) authz_default_module (shared) ldap_module (shared) authnz_ldap_module (shared) include_module (shared) ....
That’s all! in this simple tutorial, we explained how to use the Apache front-end tools to list enabled/loaded apache modules. Keep in mind that you can get in touch using the feedback form below to send us your questions or comments concerning this guide.
Can i know the modules path using apachectl ?
Aaron, have you actually tried disabling these modules yourself? I have, and I had issues.
Apache server comes with MPM prefork by default (at least on RHEL 7), therefore you cannot simply disable mpm_prefork_module.
You also need to load a CGI module appropriate to the MPM, therefore mod_cgi with the prefork MPM.
@Tomas
As i stated, “It is perhaps a good idea to know why you want disable a certain module(s) before actually doing that”. The effects of disabling these modules various from one user’s system to another. Therefore, if you get issues afterwards, you probably need them, you can enable them once again.
However, thanks for mentioning that, i hope Apache users out there will benefit from your feedback.
The idea is pretty simple, why would you have dozens of auth* modules loaded if you don’t use them? It’s wiser to disable them unless you have a reason not to. Performance is always a bonus, but not my main concert when it comes to auth* modules.
And you haven’t answered my question really.
@Tomas
I actually disabled a few of them, however, i provided the list based on the description here: http://httpd.apache.org/docs/2.4/mod/ since @sado wanted to know which ones are reasonably safe to disable on Apache (say on CentOS 7). You can always consider your system requirements before disabling any Apache module.
I have a feeling that you posted the list without probably realising that some modules cannot be disabled.
You seem to have a lot of auth* modules loaded?
Do you know which ones are reasonably save to disable on Apache (say on CentOS 7)?
@Sado
All modules you are seeing from the output of the command in the article are the ones loaded by default on Linux Mint(Ubuntu base). It is perhaps a good idea to know why you want disable a certain module(s) before actually doing that.
However, since apache loads all these modules into memory, this can heavily reduce your memory and system performance. You may consider disabling the modules below:
mpm_prefork_module (static)
authn_alias_module (shared)
authn_anon_module (shared)
authn_dbm_module (shared)
authn_default_module (shared)
authz_owner_module (shared)
authz_dbm_module (shared)
authz_default_module (shared)
ldap_module (shared)
authnz_ldap_module (shared)
include_module (shared)
env_module (shared)
ext_filter_module (shared)
mime_magic_module (shared)
usertrack_module (shared)
dav_module (shared)
status_module (shared)
autoindex_module (shared)
info_module (shared)
dav_fs_module (shared)
vhost_alias_module (shared)
negotiation_module (shared)
actions_module (shared)
speling_module (shared)
userdir_module (shared)
substitute_module (shared)
proxy_balancer_module (shared)
proxy_ftp_module (shared)
proxy_http_module (shared)
proxy_ajp_module (shared)
proxy_connect_module (shared)
cache_module (shared)
suexec_module (shared)
disk_cache_module (shared)
cgi_module (shared)
version_module (shared)
Once you have turned off any module(s), you can enable it again, that is if you need to use it.
if they are marked shared is this means they are disabled?
No. If it says “static” then such module has been compiled into the httpd binary when the server was built. This module will always be present while running Apache.
If it says “shared” then such module has to be loaded dynamically by using the LoadModule directive.
@kenny
Not really, static modules are compiled into the Apache binary when the package is built, whereas dynamic shared modules are included at runtime.