最後更新: 2016-03-03
目錄
- mod_include
- actions_module
- allowmethods_module
- info_module
- mod_remoteip
- logio_module
- Filter - data_module
- Login - authn_anon_module
- Login - mod_authz_owner
- echo_module
- mod_dumpio
- mod_logio
- substitute_module
- dbd_module
- mod_unique_id
- socache_*
- mod_slotmem_*
- mod_lua
- mod_revocator
- autoindex_module
- unixd_module
mod_include
Server-parsed html documents
i.e.
AddType text/html .shtml AddOutputFilter INCLUDES .shtml
actions_module
Execute CGI scripts based on media type or request method.
Syntax: Action action-type cgi-script [virtual]
allowmethods_module
# case sensitive
<Location "/"> AllowMethods GET POST OPTIONS </Location>
info_module
Provides a comprehensive overview of the server configuration
<Location "/server-info"> SetHandler server-info Require host example.com </Location>
介紹
Replaces the original client IP address for the connection with the useragent IP address list
presented by a proxies or a load balancer via the request headers.
IP address is then used for the mod_authz_host Require ip feature, is reported by mod_status,
and is recorded by mod_log_config %a and core %a format strings.
The underlying client IP of the connection is available in the %{c}a format string.
Enable this behavior from intermediate hosts (proxies, etc)
說明
When multiple, comma delimited useragent IP addresses are listed in the header value,
they are processed in Right-to-Left order.
Processing halts when a given useragent IP address is not trusted to present the preceding IP address.
The header field is updated to this remaining list of unconfirmed IP addresses,
or if all IP addresses were trusted, this header is removed from the request altogether.
Setting:
# header-field header as the useragent IP address
# subject to further configuration of the RemoteIPInternalProxy and RemoteIPTrustedProxy directives.
RemoteIPHeader header-field
# adds one or more addresses (or address blocks) to trust as presenting a valid RemoteIPHeader value
# any IP address presented in this header, including private intranet addresses, are trusted
RemoteIPInternalProxy proxy-ip|proxy-ip/subnet|hostname ...
# a file parsed at startup, and builds a list of addresses (or address blocks) to trust
# '#' hash character designates a comment line
RemoteIPInternalProxyList filename
i.e. reverve proxy ( client --> nginx --> apache )
Setting
conf.modules.d/00-base.conf
# Centos 7 的 Apache2.4 包含了此 module 並預設載入了 LoadModule remoteip_module modules/mod_remoteip.so
conf/httpd.conf
# treat the value of the specified header-field header as the useragent IP address RemoteIPHeader X-Forwarded-For # any IP address presented in this header, including private intranet addresses, are trusted RemoteIPInternalProxy 10.0.2.0/24
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
用在 Proxy 的情況
RemoteIPProxiesHeader HeaderFieldName RemoteIPProxyProtocol On|Off RemoteIPProxyProtocolExceptions host|range [host|range] [host|range] RemoteIPTrustedProxy proxy-ip|proxy-ip/subnet|hostname ... RemoteIPTrustedProxyList filename
logio_module
Filter
data_module
Convert response body into an RFC2397 data URL
Data URLs can be embedded inline within web pages using something like the mod_include module, to remove the need for clients to make separate connections to fetch what may potentially be many small images. Data URLs may also be included into pages generated by scripting languages such as PHP.
<Location "/data/images"> SetOutputFilter DATA </Location>
Login
authn_anon_module
Allows "anonymous" user access to authenticated areas
mod_authz_owner
This module authorizes access to files by comparing the userid used for HTTP authentication (the web userid)
with the file-system owner or group of the requested file.
echo_module
A simple echo server to illustrate protocol modules
(Telnet to it and type stuff, and it will echo it)
Default: ProtocolEcho Off
mod_dumpio
Dumps all I/O to error log as desired.
mod_logio
Logging of input and output bytes per request
# including headers
%I Bytes received
%O Bytes sent
substitute_module
dbd_module
mod_dbd manages SQL database connections using APR. It provides database connections on request to modules requiring SQL database functions, and takes care of managing databases with optimal efficiency and scalability for both threaded and non-threaded MPMs.
mod_unique_id
Provides an environment variable with a unique identifier for each request
socache_*
a shared object cache provider which provides for creation and access to a cache backed
mod_slotmem_*
Slot-based shared memory provider
slotmem_shm_module
Access to a shared memory segment in which the datasets are organized in "slots."
All shared memory is cleared and cleaned with each restart
slotmem_plain_module
Access to a plain memory segment in which the datasets are organized in "slots."
If the memory needs to be shared between threads and processes, a better provider would be mod_slotmem_shm.
mod_lua
Provides Lua hooks into various portions of the httpd request processing
<Files "*.lua"> SetHandler lua-script </Files>
mod_revocator
retrieves and installs remote Certificate Revocation Lists (CRLs) into an Apache web server.
autoindex_module
A file located in that directory, typically called index.html. The DirectoryIndex directive sets the name of the file or files to be used.
This is controlled by mod_dir.
Otherwise, a listing generated by the server. The other directives control the format of this listing.
unixd_module
- ChrootDir Directive
- Group Directive
- User Directive
- Suexec Directive
Directory for apache to run chroot(8) after startup.
Syntax: ChrootDir /path/to/directory
Default: none