A Developer’s Guide to Useful Apache Modules
Apache is one of the most widely used web servers, and its real power comes from its modular design.
Below is a practical, example-based guide to Apache modules that are useful in real-world web development.
How to Enable/Disable Modules
# Enable a module
sudo a2enmod module_name
# Disable a module
sudo a2dismod module_name
# Restart Apache
sudo systemctl restart apache2
mod_rewrite – URL Routing & Clean URLs
<VirtualHost *:80>
ServerName example.com
RewriteEngine On
RewriteRule ^user/([0-9]+)/?$ /profile.php?id=$1 [L,QSA]
</VirtualHost>
Used for clean URLs, routing logic, SEO-friendly paths, and framework rewrites.
mod_ssl – HTTPS Support
<VirtualHost *:443>
ServerName example.com
SSLEngine On
SSLCertificateFile /etc/ssl/certs/example.crt
SSLCertificateKeyFile /etc/ssl/private/example.key
</VirtualHost>
Enables TLS/SSL so the site can run securely over HTTPS.
mod_headers – Security & Cache Headers
<IfModule mod_headers.c>
Header always set X-Frame-Options "DENY"
Header always set X-Content-Type-Options "nosniff"
Header always set Referrer-Policy "no-referrer"
</IfModule>
Allows setting and modifying HTTP response headers for security and performance.
mod_expires – Browser Cache Control
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType text/css "access plus 7 days"
ExpiresByType image/png "access plus 1 year"
ExpiresDefault "access plus 1 hour"
</IfModule>
Adds automatic expiration headers so browsers can cache static files.
mod_proxy and mod_proxy_http – Reverse Proxy to Apps
<VirtualHost *:80>
ServerName api.example.com
ProxyPass / http://127.0.0.1:4000/
ProxyPassReverse / http://127.0.0.1:4000/
</VirtualHost>
Forwards requests to backend services like Node, Python, Docker, or another server.
mod_security – Web Application Firewall
SecRuleEngine On
Include /usr/share/modsecurity-crs/*.conf
Blocks common attacks such as SQL injection, XSS, and RCE using rule sets.
mod_status – Live Server Status Page
<Location "/server-status">
SetHandler server-status
Require ip 127.0.0.1
</Location>
Displays live Apache metrics: active connections, workers, load, uptime.
mod_auth_basic and mod_authn_file – Simple Password Protection
<Location "/admin">
AuthType Basic
AuthName "Restricted"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Location>
Adds quick HTTP basic authentication without touching application code.
mod_evasive – Auto-Blocking for DDoS / Brute Force
<IfModule mod_evasive20.c>
DOSHashTableSize 2048
DOSPageCount 5
DOSPageInterval 1
DOSBlockingPeriod 30
DOSEmailNotify admin@example.com
</IfModule>
Detects repeated requests and temporarily blocks abusive traffic automatically.
Additional Useful Modules
mod_deflate or mod_brotli – Response Compression
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/html text/css application/json
</IfModule>
<IfModule mod_brotli.c>
BrotliCompressionQuality 6
AddOutputFilterByType BROTLI_COMPRESS text/html text/css application/javascript
</IfModule>
Compresses responses to reduce bandwidth and speed up page loads.
mod_pagespeed – Auto Performance Optimizer
ModPagespeed on
ModPagespeedEnableFilters rewrite_css,sprite_images,collapse_whitespace
Automatically optimizes assets: minifies, inlines, rewrites, lazyloads, etc.
mod_geoip / mod_maxminddb – Geo-Based Rules
<IfModule mod_maxminddb.c>
MaxMindDBFile COUNTRY_DB /usr/share/GeoIP/GeoLite2-Country.mmdb
MaxMindDBEnv GEOIP_COUNTRY_CODE COUNTRY_DB/country/iso_code
</IfModule>
<Location />
Require all granted
Require not env GEOIP_COUNTRY_CODE=CN
</Location>
Allows country-based routing, blocking, redirects, or localization.
Summary
| Module | Purpose / Use Case |
|---|---|
mod_rewrite |
URL routing, clean URLs, SEO-friendly rewrites |
mod_ssl |
Enables HTTPS/TLS encryption |
mod_headers |
Sets custom security and cache headers |
mod_expires |
Controls browser caching for static files |
mod_proxy |
Reverse proxy to backend apps/services |
mod_security |
Web Application Firewall (WAF) |
mod_status |
Live server metrics/status page |
mod_auth_basic |
Simple HTTP basic authentication |
mod_evasive |
Auto-blocking for DDoS / brute force requests |
mod_deflate / brotli
|
Response compression for faster load times |
mod_pagespeed |
Automatic asset optimization (minify, inline etc.) |
mod_geoip / maxminddb
|
Geo-based routing, blocking, or localization |
