Skip to main content
Version: 4.6.x.x LTS

Optional Apache modules

You may load optional Apache modules into the nevisProxy. The optional Apache modules are delivered "as is". We provide only very limited support. Use the Apache modules only if you know how they work and how they can be configured. There are two possible ways to load and configure modules:

  • Use the Include attribute within the navajo.xml file to add configuration files processed by the Apache process. The content of this file is processed within the global configuration context (outside virtual hosts).
  • Use the ApacheConfigFilter

Apache module usage example

 <filter>
  <filter-name>ApacheConfigFilter</filter-name>
  <filter-class>ch:nevis:navajo:apglue:httpd_${HTTPD_LIB_VERSION}_x:servlet:ApacheConfigFilter</filter-class>
  <init-param>
   <param-name>ServerConfig</param-name>
   <param-value>
    LoadModule setenvif_module /opt/nevisproxy/lib/libmetadata_ap_${HTTPD_LIB_VERSION}.so.1
    BrowserMatch ^Mozilla netscape
   </param-value>
  </init-param>
 </filter>

Built-in Apache modules

mod_rewrite

This module uses a rule-based rewriting engine (based on a regular expression parser) to rewrite requested URLs on the fly. For more information, see the official documentation of mod_rewrite.

mod_qos

This is a quality of service module mod_qos for the Apache web server. It enables users to define priority levels for the processing of HTTP requests and can be used to fend off distributed denial-of-service attacks. Main features:

  • Limits the number of concurrent requests to a URL or generating an event.
  • Limits the number of requests per second to a URL or generating an event.
  • Limits the download bandwith to a URL or when generating an event.
  • Limits the number of concurrent TCP connections to a server or by a source IP.
  • Dynamically controls HTTP keep-alive settings and TCP connection timeouts.
  • Supports GEO location mapping (country codes) of client IP addresses and may limit or redirect from certain countries under different circumstances.
  • Filters requests by URLs, headers, size or body data.
  • May count and process recurring events.
  • May count and process recurring events on a per client IP address basis.
  • May enforce milestones.
  • Cookie check to ensure a client accepts session cookies.
  • Can enfore a minimal up- and download bandwith per client.
  • Serializing requests.

For more information, see the official documentation of mod_qos. Note that the mod_qos module has been compiled with a default sampling rate QS_SrvSampleRate of 10 seconds.

mod_logio

This module provides the logging of input and output number of bytes received/sent per request. For more information, see the official documentation of mod_logio.

mod_log_config

This module provides a flexible way of logging client requests. For more information, see the official documentation of mod_log_config.

Available Apache modules

We list here the modules available within the libraries installed within the /opt/nevisproxy/lib path. Note, that before using these modules, they need to be linked as active module with the LoadModule directive.

mod_status

LoadModule status_module libgenerators_ap_${HTTPD_LIB_VERSION}.so.1

This module implements a handler to render a HTML page presenting the current server statistics in an easily readable form. For more information, see the official documentation of mod_status.

mod_info

LoadModule info_module libgenerators_ap_${HTTPD_LIB_VERSION}.so.1

This implements a handler which may be used to show an overview of the Apache server’s configuration. For more information, see the official documentation of mod_info.

mod_setenvif

LoadModule setenvif_module libmetadata_ap_${HTTPD_LIB_VERSION}.so.1

Allows the setting of environment variables based on characteristics of the request. For more information, see the official documentation of mod_setenvif.

mod_headers

LoadModule headers_module /opt/nevisproxy/lib/libmetadata_ap_2_4.so.1

This module provides directives to control and modify HTTP request and response headers. Headers can be merged, replaced or removed. For more information, see the official documentation of mod_headers.

mod_setenvifplus

LoadModule setenvifplus_module libmodsetenvifplus_ap_${HTTPD_LIB_VERSION}.so.1

The mod_setenvifplus module allows you to set environment variables according to whether different aspects of the request match regular expressions you specify. These environment variables can be used by other parts of the server to make decisions about actions to be taken, e.g. by using mod_qos or to propagate supplemental information to the application via HTTP header data. The mod_setenvifplus is derived from the standard Apache modules mod_setenvif and mod_headers. For more information, see the official documentation of mod_setenvifplus.

mod_sslcrl

LoadModule sslcrl_module libmodsslcrl_ap_${HTTPD_LIB_VERSION}.so.1

This module verifies the validity of client certificates against Certificate Revocation Lists (CRL) of Certification Authorities (CA). You can use this module together with the "require" or "optional" options of the ClientCert parameter of the IdentityCreationFilter, but not with the "want" option. For more information, see the official documentation of mod_sslcrl.

mod_md

LoadModule md_module libmodmd_ap_${HTTPD_LIB_VERSION}.so.1

Offers an alternate OCSP Stapling implementation. This works with managed certificates as well as with certificates you configure yourself. OCSP Stapling is a necessary component for any https: site, influencing page load times and, depending on other setups, page availability. Only the OCSP stapling feature should be used from the mod_md for nevisProxy. For more information, see the official documentation of mod_md.

mod_remoteip

LoadModule remoteip_module libmetadata_ap_${HTTPD_LIB_VERSION}.so.1

With this module, you can configure which value should be traced as ipF (IP frontend). Usually you enable this module if there is a load balancer between nevisProxy and the client. By enabling and configuring this module correctly, the IP address of the client is traced, instead of the IP address of the load balancer.

A possible configuration using the ApacheConfigFilter could look like this:

 <filter>
  <filter-name>RemoteIpModuleFilter</filter-name>
  <filter-class>ch:nevis:navajo:apglue:httpd_${HTTPD_LIB_VERSION}.so.1_x:servlet:ApacheConfigFilter</filter-class>
  <init-param>
   <param-name>ServerConfig</param-name>
   <param-value>
   LoadModule remoteip_module /opt/nevisproxy/lib/libmetadata_ap_${HTTPD_LIB_VERSION}.so.1
   RemoteIPHeader X-Forwarded-For
   </param-value>
  </init-param>
 </filter>

For more information, see the official documentation of mod_remoteip.