nativeInstallermoodle

Enable different Apache modules

Before running the commands shown on this page, you should load the Bitnami stack environment by executing the installdir/use_APPNAME script (Linux and MacOS) or by clicking the shortcut in the Start Menu under “Start -> Bitnami APPNAME Stack -> Application console” (Windows). On OS X VMs, the installation directory is /opt/bitnami and OS X VM users can click the “Open Terminal” button to run commands. Learn more about the Bitnami stack environment and about OS X VMs.

NOTE: The Approach A sections referred to below do not apply to Bitnami native installers. Users of Bitnami native installers should refer only to the Approach B sections.

LDAP

Bitnami stacks already ship the LDAP module installed in Apache but it is not enabled by default. To enable this module, follow these steps:

  • Enable the LDAP module. Edit the main Apache configuration file located at installdir/apache2/conf/httpd.conf. Uncomment the mod_authnz_ldap line and add the mod_ldap line at the end of the LoadModule section:

      ...
      LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
      ...
      LoadModule ldap_module modules/mod_ldap.so
    
  • Restart Apache server and check it is already enabled:

      $ sudo installdir/ctlscript.sh restart apache
      $ installdir/apache2/bin/apachectl -M | grep ldap
      ...
      authnz_ldap_module (shared)
      ldap_module (shared)
      ...
    

mod_evasive

Follow these steps:

  • Download the latest version:

      $  git clone https://github.com/jzdziarski/mod_evasive/
    
  • Build, configure and install the module:

      $ cd mod_evasive
      $ cp mod_evasive{20,24}.c
      $ sed s/remote_ip/client_ip/g -i mod_evasive24.c
      $ sudo apxs -i -a -c mod_evasive24.c
    
  • Update the Apache module configuration:

      $ echo Include conf/modevasion.conf | sudo tee -a installdir/apache2/conf/httpd.conf
      $ sudo tee installdir/apache2/conf/modevasion.conf <<EOF
      #increases size of hash table. Good, but uses more RAM."
      DOSHashTableSize    3097"
      #Interval, in seconds, of the page interval."
      DOSPageInterval     1"
      #Interval, in seconds, of the site interval."
      DOSSiteInterval     1"
      #period, in seconds, a client is blocked.  The counter is reset to 0 with every access within this interval."
      DOSBlockingPeriod   10"
      #threshold of requests per page, per page interval.  If hit == block."
      DOSPageCount        2"
      #threshold of requests for any object by the same ip, on the same listener, per site interval."
      DOSSiteCount        50"
      #locking mechanism prevents repeated calls.  email can be sent when host is blocked (leverages the following by default "/bin/mail -t %s")"
      DOSEmailNotify      mbrown@domainy.com"
      #locking mechanism prevents repeated calls.  A command can be executed when a host is blocked.  %s is the host IP."
      #DOSSystemCommand    \"su - someuser -c \'/sbin/... %s ...\'\""
      #DOSLogDir           \"/var/lock/mod_evasive\""
      #whitelist an IP., leverage wildcards, not CIDR, like 127.0.0.*"
      #DOSWhiteList 127.0.0.1"
      EOF
    
  • Restart Apache:

      $ sudo installdir/ctlscript.sh restart apache
    

mod_proxy_html

Follow these steps:

Approach A: Bitnami installations using system packages

  • Install the libxml2 development system package:

    • Debian:

        $ sudo apt-get install libxml2-dev
      
    • CentOS:

       $ sudo yum install libxml2-devel
      
  • Download the latest version and extract the contents:

      $ wget http://apache.webthing.com/mod_proxy_html/mod_proxy_html.tar.bz2
      $ tar -jxf mod_proxy_html.tar.bz2
      $ cd mod_proxy_html/
    
  • Install the module:

      $ sudo apxs -c $(xml2-config --cflags) $(xml2-config --libs) -i mod_proxy_html.c
      $ sudo apxs -c $(xml2-config --cflags) $(xml2-config --libs) -i mod_xml2enc.c
      $ sudo chmod 755 installdir/apache2/modules/mod_proxy_html.so installdir/apache2/modules/mod_xml2enc.so
    
  • Enable the module by including the lines below in the installdir/apache2/conf/httpd.conf configuration file:

      LoadModule proxy_html_module modules/mod_proxy_html.so
      LoadModule xml2enc_module modules/mod_xml2enc.so
    

Approach B: Self-contained Bitnami installations

  • Download the latest version and extract the contents:

      $ wget http://apache.webthing.com/mod_proxy_html/mod_proxy_html.tar.bz2
      $ tar -jxf mod_proxy_html.tar.bz2
      $ cd mod_proxy_html/
    
  • Install the module:

      $ sudo apxs -c -I installdir/common/include/libxml2 -I. -i mod_proxy_html.c
      $ sudo apxs -c -I installdir/common/include/libxml2 -I. -i mod_xml2enc.c
      $ sudo chmod 755 installdir/apache2/modules/mod_proxy_html.so installdir/apache2/modules/mod_xml2enc.so
    
  • Enable the module by including the lines below in the installdir/apache2/conf/httpd.conf configuration file:

      LoadFile installdir/common/lib/libxml2.so
      LoadModule proxy_html_module modules/mod_proxy_html.so
      LoadModule xml2enc_module modules/mod_xml2enc.so
    

mod_security

Approach A: Bitnami installations using system packages

Bitnami stacks using system packages already ship the mod_security3 module installed in Apache but it is not enabled by default. To enable this module, follow these steps:

  • Enable the mod_security3 and mod_unique_id modules in Apache. Edit the main Apache configuration file and uncomment the unique_id_module. Then, add the mod_security3 line at the end of the LoadModule section:

      ...
      LoadModule unique_id_module modules/mod_unique_id.so
      ...
      LoadModule security3_module modules/mod_security3.so
    
  • Enable ModSecurity in each virtual host file. For example, add the following configuration to the installdir/apache2/conf/vhosts/APPNAME-vhost.conf file:

      <VirtualHost _default_:80>
      ...
      <Directory "/path/to/htdocs">
        ...
        modsecurity on
        modsecurity_rules_file "installdir/apache2/conf/modsecurity.conf"
    
  • Restart the Apache server:

      $ sudo installdir/ctlscript.sh restart apache
      $ tail installdir/apache2/logs/error_log
    
      ...
      [Thu Jun 04 16:42:24.775180 2020] [:notice] [pid 4634:tid 140252742151040] ModSecurity: ModSecurity-Apache v0.1.1-beta configured.
      ...
    

Approach B: Self-contained Bitnami installations

  • Enable the mod_security2 and mod_unique_id modules in Apache. Edit the main Apache configuration file and uncomment the unique_id_module. Then, add the mod_security2 line at the end of the LoadModule section:

      ...
      LoadModule unique_id_module modules/mod_unique_id.so
      ...
      LoadModule security2_module modules/mod_security2.so
    
  • Add the default configuration file for mod_security at the end of the Apache configuration file:

      Include "installdir/apache2/conf/modsecurity.conf"
    
  • Restart Apache server and check it is already enabled:

      $ sudo installdir/ctlscript.sh restart apache
      $ tail installdir/apache2/logs/error_log
    
      ...
      [Thu Jan 30 18:42:14.004246 2014] [:notice] [pid 1127] ModSecurity for Apache/2.6.7 (http://www.modsecurity.org/) configured.
      ...
    

In some older stack versions, it is necessary to download an additional file for this module. Use the following commands:

$ cd installdir/apache2/conf
$ sudo wget https://raw.githubusercontent.com/SpiderLabs/ModSecurity/v2/master/unicode.mapping

mod_xsendfile

Approach A: Bitnami installations using system packages

Follow these steps:

  • Download the latest version of the module:

      $ wget https://tn123.org/mod_xsendfile/mod_xsendfile-0.12.tar.gz
    
  • Extract the content and install the module:

      $ tar -xzvf mod_xsendfile-0.12.tar.gz
      $ cd mod_xsendfile-0.12
      $ sudo apxs -aci mod_xsendfile.c
    

If everything goes well, the module will be installed as installdir/apache2/modules/mod_xsendfile.so. Check the mod_xsendfile configuration page to find out how to configure this module for your application.

Approach B: Self-contained Bitnami installations

Bitnami LAMP/MAMP/WAMP stacks 5.4.13-2 and later include the mod_xsendfile module. To enable this module, add the following line in the Apache configuration file:

LoadModule xsendfile_module modules/mod_xsendfile.so

If you are using an older version, it is easy to install this module into your existing Apache server. Follow the steps below:

  • First, install the necessary compilation tools to be able to build the Apache extension. On Ubuntu/Debian you can do it with the following command:

      $ sudo apt-get install build-essential
    
  • Download the latest version of the module:

      $ wget https://tn123.org/mod_xsendfile/mod_xsendfile-0.12.tar.gz
    
  • Extract the content and install the module:

      $ tar -xzvf mod_xsendfile-0.12.tar.gz
      $ cd mod_xsendfile-0.12
      $ sudo installdir/apache2/bin/apxs -aci mod_xsendfile.c
    

If everything goes well, the module will be installed as installdir/apache2/modules/mod_xsendfile.so. Check the mod_xsendfile configuration page to find out how to configure this module for your application.

mod_http2

Bitnami stacks ship with the mod_http2 module installed, but it is not enabled by default. To enable this module, follow these steps:

  • Edit the main Apache configuration file at installdir/apache2/conf/httpd.conf and uncomment the line below so that it looks like this:

      ...
      LoadModule http2_module modules/mod_http2.so
    
  • Restart Apache and confirm that the module is active:

      $ sudo installdir/ctlscript.sh restart apache
      $ sudo apachectl -M | grep http2
    
  • Enable HTTP 2 support in your virtual host.

mod_remoteip

Bitnami stacks ship with the mod_remoteip module installed, but it is not enabled by default. To enable this module, follow these steps:

  • Edit the main Apache configuration file at installdir/apache2/conf/httpd.conf and add the line shown below:

      ...
      LoadModule remoteip_module modules/mod_remoteip.so
    
  • Restart Apache and confirm that the module is active:

      $ sudo installdir/ctlscript.sh restart apache
      $ sudo apachectl -M | grep remoteip
    

To configure the format in which information is stored in the Apache access log, set the LogFormat value either inside a virtual host configuration file at installdir/apache2/conf/bitnami/bitnami.conf or in the main Apache configuration file at installdir/apache2/conf/httpd.conf.

Additional parameters for the module can be set by creating a file at installdir/apache2/conf/remoteip.conf* file and including it in either the virtual host configuration file or the main Apache configuration file, using the example *Include* directive shown below:

Include "installdir/apache2/conf/remoteip.conf"
Last modification June 16, 2021