Enable different Apache modules
LDAP
Bitnami stacks already ship the LDAP module installed in Apache but it is not enabled by default. To enable this module, follow these steps:
Enable the LDAP module. Edit the main Apache configuration file located at installdir/apache2/conf/httpd.conf. Uncomment the mod_authnz_ldap line and add the mod_ldap line at the end of the LoadModule section:
... LoadModule authnz_ldap_module modules/mod_authnz_ldap.so ... LoadModule ldap_module modules/mod_ldap.soRestart Apache server and check it is already enabled:
$ sudo installdir/ctlscript.sh restart apache $ installdir/apache2/bin/apachectl -M | grep ldap ... authnz_ldap_module (shared) ldap_module (shared) ...
mod_evasive
Follow these steps:
Download the latest version:
$ git clone https://github.com/jzdziarski/mod_evasive/Build, configure and install the module:
$ cd mod_evasive $ cp mod_evasive{20,24}.c $ sed s/remote_ip/client_ip/g -i mod_evasive24.c $ sudo apxs -i -a -c mod_evasive24.cUpdate the Apache module configuration:
$ sudo sed 's@Include "installdir/apache2/conf/bitnami/bitnami.conf"@Include "installdir/apache2/conf/bitnami/bitnami.conf"\nInclude "installdir/apache2/conf/modevasion.conf"@' -i installdir/apache2/conf/httpd.conf $ sudo tee installdir/apache2/conf/modevasion.conf <<EOF #increases size of hash table. Good, but uses more RAM." DOSHashTableSize 3097" #Interval, in seconds, of the page interval." DOSPageInterval 1" #Interval, in seconds, of the site interval." DOSSiteInterval 1" #period, in seconds, a client is blocked. The counter is reset to 0 with every access within this interval." DOSBlockingPeriod 10" #threshold of requests per page, per page interval. If hit == block." DOSPageCount 2" #threshold of requests for any object by the same ip, on the same listener, per site interval." DOSSiteCount 50" #locking mechanism prevents repeated calls. email can be sent when host is blocked (leverages the following by default "/bin/mail -t %s")" DOSEmailNotify mbrown@domainy.com" #locking mechanism prevents repeated calls. A command can be executed when a host is blocked. %s is the host IP." #DOSSystemCommand \"su - someuser -c \'/sbin/... %s ...\'\"" #DOSLogDir \"/var/lock/mod_evasive\"" #whitelist an IP., leverage wildcards, not CIDR, like 127.0.0.*" #DOSWhiteList 127.0.0.1" EOFRestart Apache:
$ sudo installdir/ctlscript.sh restart apache
mod_proxy_html
Follow these steps:
Download the latest version:
$ wget http://apache.webthing.com/mod_proxy_html/mod_proxy_html.tar.bz2Extract the content and install the module:
$ tar -jxf mod_proxy_html.tar.bz2 $ cd mod_proxy_html/ $ sudo apxs -c -I installdir/common/include/libxml2 -I. -i mod_proxy_html.c $ sudo chmod 755 installdir/apache2/modules/mod_proxy_html.so $ sudo apxs -c -I installdir/common/include/libxml2 -I. -i mod_xml2enc. $ sudo chmod 755 installdir/apache2/modules/mod_xml2enc.soEnable the module by including the lines below in the installdir/apache2/conf/httpd.conf configuration file:
LoadFile installdir/common/lib/libxml2.so LoadModule proxy_html_module modules/mod_proxy_html.so LoadModule xml2enc_module modules/mod_xml2enc.so
mod_rpaf
Follow these steps:
Download the latest version:
$ wget https://github.com/gnif/mod_rpaf/archive/stable.zipExtract the contents and install the module:
$ unzip stable.zip $ cd mod_rpaf-stable $ sudo make $ sudo make installCheck that the mod_rpaf.so file exists in the installdir/apache2/modules directory:
$ ll installdir/apache2/modules/mod_rpaf.soLoad and configure the module. A configuration example follows; this can be added to the Apache configuration file at installdir/apache2/conf/httpd.conf.
LoadModule rpaf_module modules/mod_rpaf.so RPAF_Enable On RPAF_ProxyIPs 127.0.0.1 10.0.0.0/24 RPAF_SetHostName On RPAF_SetHTTPS On RPAF_SetPort On RPAF_ForbidIfNotProxy OffRestart Apache to reload the new configuration:
$ sudo installdir/ctlscript.sh restart apache
mod_security
Bitnami stacks already ship the mod_security2 module installed in Apache but it is not enabled by default. To enable this module, follow these steps:
Enable the mod_security2 and mod_unique_id modules in Apache. Edit the main Apache configuration file and uncomment the unique_id_module and add the mod_security line at the end of the LoadModule section:
... LoadModule unique_id_module modules/mod_unique_id.so ... LoadModule security2_module modules/mod_security2.soAdd the default configuration file for mod_security at the end of the Apache configuration file:
Include "installdir/apache2/conf/modsecurity.conf"Restart Apache server and check it is already enabled:
$ sudo installdir/ctlscript.sh restart apache $ tail installdir/apache2/logs/error_log ... [Thu Jan 30 18:42:14.004246 2014] [:notice] [pid 1127] ModSecurity for Apache/2.6.7 (http://www.modsecurity.org/) configured. ...
mod_xsendfile
Bitnami LAMP/MAMP/WAMP stacks b5.4.13-2 and later include the mod_xsendfile module. To enable this module, add the following line in the Apache configuration file:
LoadModule xsendfile_module modules/mod_xsendfile.so
If you are using an older version, it is easy to install this module into your existing Apache server. If you are using a native installer, you must install the necessary compilation tools first. Follow these steps:
Download the latest version:
$ wget https://tn123.org/mod_xsendfile/mod_xsendfile-0.12.tar.gzExtract the content and install the module:
$ tar -xzvf mod_xsendfile-0.12.tar.gz $ cd mod_xsendfile-0.12 $ sudo installdir/apache2/bin/apxs -aci mod_xsendfile.c
If everything goes well, the module will be installed to installdir/apache2/modules/mod_xsendfile.so. Check the mod_xsenfile configuration page to find out how to configure this module for your application.
mod_http2
Bitnami stacks ship with the mod_http2 module installed, but it is not enabled by default. To enable this module, follow these steps:
Edit the main Apache configuration file at installdir/apache2/conf/httpd.conf and uncomment the line below so that it looks like this:
... LoadModule http2_module modules/mod_http2.soRestart Apache and confirm that the module is active:
$ sudo installdir/ctlscript.sh restart apache $ sudo apachectl -M | grep http2