Optional Apache modules
You may load optional Apache modules into the nevisProxy. The optional Apache modules are delivered "as is". We provide only very limited support. Use the Apache modules only if you know how they work and how they can be configured. There are two possibilities to load and configure modules:
- Use the Include attribute within the navajo.xml file to add configuration files processed by the Apache process. The content of this file is processed within the global configuration context (outside virtual hosts).
- Use the ApacheConfigFilter:
Apache module usage example
<filter>
<filter-name>AllowClientsFromDACHOnly</filter-name>
<filter-class>ch::nevis::isiweb4::filter::rewrite::RewriteFilter</filter-class>
<init-param>
<!-- shows page for users NOT coming from neither Switzerland, Germany nor Austria -->
<param-name>RequestURI</param-name>
<param-value>
!Condition:ENV:QS_Country:CH|DE|AT
.*:/errorpages/forbidden.html:F
</param-value>
</init-param>
</filter>
<filter>
<filter-name>GeoIPCountry</filter-name>
<filter-class>ch:nevis:navajo:apglue:httpd_${HTTPD_LIB_VERSION}_x:servlet:ApacheConfigFilter</filter-class>
<filter-lib>@PKG_HOME@/webapp/WEB-INF/lib/libApache${HTTPD_LIB_VERSION}_Servlet.so.1</filter-lib>
<init-param>
<param-name>ServerConfig</param-name>
<param-value>
LoadModule qos_module @PKG_HOME@/lib/libmodqos_ap_${HTTPD_LIB_VERSION}.so.1
QS_ClientGeoCountryDB @PKG_HOME@/etc/ip2location.csv
</param-value>
</init-param>
</filter>
Available Apache modules
The following table lists the most important modules available within the libraries installed within the /opt/nevisproxy/lib path.
| Module | Library | Description |
|---|---|---|
| mod_status | libgeneratorsap${HTTPD_LIB_VERSION}.so.1 | This module implements a handler to render a HTML page presenting the current server statistics in an easily readable form.See http://httpd.apache.org/docs/2.2/mod/mod_status.html |
| mod_info | libgeneratorsap${HTTPD_LIB_VERSION}.so.1 | This implements a handler which may be used to show an overview of the Apache server’s configuration.See http://httpd.apache.org/docs/2.2/mod/mod_info.html |
| mod_rewrite | libmappersap${HTTPD_LIB_VERSION}.so.1 | This module uses a rule-based rewriting engine (based on a regular expression parser) to rewrite requested URLs on the fly.See http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html |
| mod_qos | libmodqosap${HTTPD_LIB_VERSION}.so.1 | This is a quality of service module for the Apache web server. It enables users to define priority levels for the processing of HTTP requests and can be used to fend off distributed denial-of-service attacks. Main features: Limits the number of concurrent requests to a URL or generating an event. Limits the number of requests per second to a URL or generating an event. Limits the download bandwith to a URL or when generating an event. Limits the number of concurrent TCP connections to a server or by a source IP. Dynamically controls HTTP keep-alive settings and TCP connection timeouts. Supports GEO location mapping (country codes) of client IP addresses and may limit or redirect from certain countries under different circumstances. Filters requests by URLs, headers, size or body data. May count and process recurring events. May count and process recurring events on a per client IP address basis. May enforce milestones. Cookie check to ensure a client accepts session cookies. Can enfore a minimal up- and download bandwith per client. * Serializing requests. See http://opensource.adnovum.ch/mod_qos/Note: mod_qos has been compiled with a default QS_SrvSampleRate of 10 seconds. |
| mod_setenvif | libmetadataap${HTTPD_LIB_VERSION}.so.1 | This module allows you to set environment variables.See https://httpd.apache.org/docs/2.2/mod/mod_setenvif.html |
| mod_setenvifplus | libmodsetenvifplusap${HTTPD_LIB_VERSION}.so.1 | This module allows you to set environment variables and request/response headers according to whether different aspects of the request match regular expressions you specify. You may also change the HTTP response status code or encrypt cookies.See http://opensource.adnovum.ch/mod_setenvifplus/ |
| mod_sslcrl | libmodsslcrlap${HTTPD_LIB_VERSION}.so.1 | This module verifies the validity of client certificates against Certificate Revocation Lists (CRL) of Certification Authorities (CA).Note: This module may be used together with the “require” or “optional” options of the ClientCert parameter of the IdentityCreationFilter but it does not work when using the option “want”.See http://opensource.adnovum.ch/mod_sslcrl/ |
| mod_logio | libloggersap${HTTPD_LIB_VERSION}.so | This module provides the logging of input and output number of bytes received/sent per request.See http://httpd.apache.org/docs/2.2/mod/mod_logio.html |
| mod_log_config | libloggersap${HTTPD_LIB_VERSION}.so | This module provides a flexible way of logging client requests.See http://httpd.apache.org/docs/2.2/mod/mod_log_config.html |