最後更新: 2016-03-03

目錄

 

• mod_include
• actions_module
• allowmethods_module
• info_module
• mod_remoteip
• logio_module
• Filter - data_module
• Login - authn_anon_module
• Login - mod_authz_owner
• echo_module
• mod_dumpio
• mod_logio
• substitute_module
• dbd_module
• mod_unique_id
• socache_*
• mod_slotmem_*
• mod_lua
• mod_revocator
• autoindex_module
• unixd_module

 

---

mod_include

 

Server-parsed html documents

i.e.

AddType text/html .shtml
AddOutputFilter INCLUDES .shtml

 

---

actions_module

 

Execute CGI scripts based on media type or request method.

Syntax:    Action action-type cgi-script [virtual]

 

---

allowmethods_module

# case sensitive

<Location "/">
   AllowMethods GET POST OPTIONS
</Location>

 

---

info_module

 

Provides a comprehensive overview of the server configuration

<Location "/server-info">
    SetHandler server-info
    Require host example.com
</Location>

 

---

mod_remoteip

介紹

Replaces the original client IP address for the connection with the useragent IP address list

presented by a proxies or a load balancer via the request headers.

IP address is then used for the mod_authz_host Require ip feature, is reported by mod_status,

and is recorded by mod_log_config %a and core %a format strings.

The underlying client IP of the connection is available in the %{c}a format string.

Enable this behavior from intermediate hosts (proxies, etc)

說明

When multiple, comma delimited useragent IP addresses are listed in the header value,

they are processed in Right-to-Left order.

Processing halts when a given useragent IP address is not trusted to present the preceding IP address.

The header field is updated to this remaining list of unconfirmed IP addresses,

or if all IP addresses were trusted, this header is removed from the request altogether.

Setting:

# header-field header as the useragent IP address

# subject to further configuration of the RemoteIPInternalProxy and RemoteIPTrustedProxy directives.

RemoteIPHeader header-field

# adds one or more addresses (or address blocks) to trust as presenting a valid RemoteIPHeader value

# any IP address presented in this header, including private intranet addresses, are trusted

RemoteIPInternalProxy proxy-ip|proxy-ip/subnet|hostname ...

# a file parsed at startup, and builds a list of addresses (or address blocks) to trust

#  '#' hash character designates a comment line

RemoteIPInternalProxyList filename

i.e. reverve proxy ( client --> nginx --> apache )

Setting

conf.modules.d/00-base.conf

# Centos 7 的 Apache2.4 包含了此 module 並預設載入了
LoadModule remoteip_module modules/mod_remoteip.so

conf/httpd.conf

# treat the value of the specified header-field header as the useragent IP address
RemoteIPHeader X-Forwarded-For

# any IP address presented in this header, including private intranet addresses, are trusted
RemoteIPInternalProxy 10.0.2.0/24

 LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

用在 Proxy 的情況

RemoteIPProxiesHeader HeaderFieldName
RemoteIPProxyProtocol On|Off
RemoteIPProxyProtocolExceptions host|range [host|range] [host|range]
RemoteIPTrustedProxy proxy-ip|proxy-ip/subnet|hostname ...
RemoteIPTrustedProxyList filename

 

---

logio_module

 

 

---

Filter

 

data_module

Convert response body into an RFC2397 data URL

Data URLs can be embedded inline within web pages using something like the mod_include module, to remove the need for clients to make separate connections to fetch what may potentially be many small images. Data URLs may also be included into pages generated by scripting languages such as PHP.

<Location "/data/images">
    SetOutputFilter DATA
</Location>

 

---

Login

 

authn_anon_module

Allows "anonymous" user access to authenticated areas

mod_authz_owner

This module authorizes access to files by comparing the userid used for HTTP authentication (the web userid)
with the file-system owner or group of the requested file.

 

---

echo_module

 

A simple echo server to illustrate protocol modules
(Telnet to it and type stuff, and it will echo it)

Default:    ProtocolEcho Off

 

---

mod_dumpio

 

Dumps all I/O to error log as desired.

 

---

mod_logio

Logging of input and output bytes per request

# including headers
%I     Bytes received
%O     Bytes sent

 

---

substitute_module

 

 

---

dbd_module

 

mod_dbd manages SQL database connections using APR. It provides database connections on request to modules requiring SQL database functions, and takes care of managing databases with optimal efficiency and scalability for both threaded and non-threaded MPMs.

 

---

mod_unique_id

 

Provides an environment variable with a unique identifier for each request

 

---

socache_*

 

a shared object cache provider which provides for creation and access to a cache backed

 

---

mod_slotmem_*

 

Slot-based shared memory provider

slotmem_shm_module

Access to a shared memory segment in which the datasets are organized in "slots."

All shared memory is cleared and cleaned with each restart

slotmem_plain_module

Access to a plain memory segment in which the datasets are organized in "slots."

If the memory needs to be shared between threads and processes, a better provider would be mod_slotmem_shm.
 

 

---

mod_lua

 

Provides Lua hooks into various portions of the httpd request processing

<Files "*.lua">
    SetHandler lua-script
</Files>

 

---

mod_revocator

 

retrieves and installs remote Certificate Revocation Lists (CRLs) into an Apache web server.

 

---

autoindex_module

 

A file located in that directory, typically called index.html. The DirectoryIndex directive sets the name of the file or files to be used.

This is controlled by mod_dir.

Otherwise, a listing generated by the server. The other directives control the format of this listing.

 

---

unixd_module

 

- ChrootDir Directive
- Group Directive
- User Directive
- Suexec Directive

Directory for apache to run chroot(8) after startup.

Syntax:    ChrootDir /path/to/directory
Default:    none

 

---