Optional Apache modules
You may load optional Apache modules into the nevisProxy. The optional Apache modules are delivered "as is". We provide only very limited support. Use the Apache modules only if you know how they work and how they can be configured. There are two possible ways to load and configure modules:
- Use the Include attribute within the navajo.xml file to add configuration files processed by the Apache process. The content of this file is processed within the global configuration context (outside virtual hosts).
- Use the ApacheConfigFilter:
Apache module usage example
<filter>
<filter-name>ApacheConfigFilter</filter-name>
<filter-class>ch:nevis:navajo:apglue:httpd_${HTTPD_LIB_VERSION}_x:servlet:ApacheConfigFilter</filter-class>
<init-param>
<param-name>ServerConfig</param-name>
<param-value>
LoadModule setenvif_module /opt/nevisproxy/lib/libmetadata_ap_${HTTPD_LIB_VERSION}.so.1
BrowserMatch ^Mozilla netscape
</param-value>
</init-param>
</filter>
Available Apache modules
The following table lists the most important modules available within the libraries installed within the /opt/nevisproxy/lib path.
| Module | Library | Description |
|---|---|---|
| status_module | libgeneratorsap${HTTPD_LIB_VERSION}.so.1 | This module implements a handler to render a HTML page presenting the current server statistics in an easily readable form. For more information, see http://httpd.apache.org/docs/current/mod/mod_status.html/. |
| info_module | libgeneratorsap${HTTPD_LIB_VERSION}.so.1 | This implements a handler which may be used to show an overview of the Apache server’s configuration. For more information, see http://httpd.apache.org/docs/current/mod/mod_info.html/. |
| rewrite_module | built-in | This module uses a rule-based rewriting engine (based on a regular expression parser) to rewrite requested URLs on the fly. For more information, see http://httpd.apache.org/docs/current/mod/mod_rewrite.html/. This module's library is built-in in nevisProxy. You therefore do not have to configure one. |
| qos_module | built-in | This is a quality of service module mod_qos for the Apache web server. It enables users to define priority levels for the processing of HTTP requests and can be used to fend off distributed denial-of-service attacks. Main features: Limits the number of concurrent requests to a URL or generating an event. Limits the number of requests per second to a URL or generating an event. Limits the download bandwith to a URL or when generating an event. Limits the number of concurrent TCP connections to a server or by a source IP. Dynamically controls HTTP keep-alive settings and TCP connection timeouts. Supports GEO location mapping (country codes) of client IP addresses and may limit or redirect from certain countries under different circumstances. Filters requests by URLs, headers, size or body data. May count and process recurring events. May count and process recurring events on a per client IP address basis. May enforce milestones. Cookie check to ensure a client accepts session cookies. Can enfore a minimal up- and download bandwith per client. Serializing requests. For more information, see http://opensource.adnovum.ch/mod_qos/Note: Themod_qosmodule has been compiled with a default sampling rateQS_SrvSampleRate* of 10service attacks. Mhis module's library is built-in in nevisProxy. You therefore do not have to configure one. |
| setenvif_module | libmetadataap${HTTPD_LIB_VERSION}.so.1 | This module allows you to set environment variables. For more information, see http://httpd.apache.org/docs/current/mod/mod_setenvif.html/. |
| setenvifplus_module | libmodsetenvifplusap${HTTPD_LIB_VERSION}.so.1 | This module allows you to set environment variables and request/response headers according to whether different aspects of the request match regular expressions you specify. You may also change the HTTP response status code or encrypt cookies. For more information, see http://opensource.adnovum.ch/mod_setenvifplus/ |
| sslcrl_module | libmodsslcrlap${HTTPD_LIB_VERSION}.so.1 | This module verifies the validity of client certificates against Certificate Revocation Lists (CRL) of Certification Authorities (CA). You can use this module together with the "require" or "optional" options of the ClientCert parameter of the IdentityCreationFilter, but not with the "want" option. For more information, see http://opensource.adnovum.ch/mod_sslcrl/ |
| logio_module | built-in | This module provides the logging of input and output number of bytes received/sent per request. For more information, see http://httpd.apache.org/docs/current/mod/mod_logio.html/. This module's library is built-in in nevisProxy. You therefore do not have to configure one. |
| log_config_module | built-in | This module provides a flexible way of logging client requests. For more information, see http://httpd.apache.org/docs/current/mod/mod_log_config.html/. This module's library is built-in in nevisProxy. You therefore do not have to configure one. |
| remoteip_module | libmetadataap${HTTPD_LIB_VERSION}.so.1 | With this module, you can configure which value should be traced as ipF (IP front-end). Usually you enable this module if there is a load balancer between nevisProxy and the client. By enabling and configuring this module correctly, the IP address of the client is traced, instead of the IP address of the load balancer. |
| md_module | libmodmdap${HTTPD_LIB_VERSION}.so.1 | The md_module offers an alternate OCSP Stapling implementation. "This works with managed certificates as well as with certificates you configure yourself. OCSP Stapling is a necessary component for any https: site, influencing page load times and, depending on other setups, page availability." For more information, see Apache Module mod_md. Only the OCSP stapling feature should be used from the md_module for nevisProxy |
A possible configuration using the ApacheConfigFilter could look like this:
<filter>
<filter-name>RemoteIpModuleFilter</filter-name>
<filter-class>ch:nevis:navajo:apglue:httpd_${HTTPD_LIB_VERSION}.so.1_x:servlet:ApacheConfigFilter</filter-class>
<init-param>
<param-name>ServerConfig</param-name>
<param-value>
LoadModule remoteip_module /opt/nevisproxy/lib/libmetadata_ap_${HTTPD_LIB_VERSION}.so.1
RemoteIPHeader X-Forwarded-For
</param-value>
</init-param>
</filter>
For more information, see Apache documentation. |