| Module | Min. Apache V2 Version | Included | What does it do? | Reasons to include/exclude |
|---|
| Default | Most | Reallyall | Few |
|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| mod_access_compat | 2.4 | No |
|
|
| Control access based on client hostname, IP address or other characteristics of client request |
|
| mod_actions | 2.0 | No |
|
|
| Lets you run CGI scripts when a particular file or method is used in a request | Exclude if not using CGI scripts or have no need to execute scripts conditionally based on request. XSS vulnerability considerations. If included, ensure request parameters are not considered when making decisions based on content type |
| mod_alias | 2.0 |
|
|
|
| Used for simple URL manipulation tasks, including mapping URLs to filesystem paths and standard redirection. |
|
| mod_allowmethods | 2.4 |
|
|
|
| Restricts what HTTP methods can be used on a server |
|
| mod_asis | 2.0 |
|
|
|
| Allows you to send a document without adding the usual HTTP headers |
|
| mod_auth_basic | 2.2 |
|
|
|
| Used to restrict access with HTTP Basic Auth. Should be combined with at least one authentication module and one authorization module. | If this type of authentication is required, it is nearly imperative to use SSL as passwords are sent as almost plain text (base4 encoded). |
| mod_auth_digest | 2.0 |
|
|
|
| Used to implement HTTP Digest Auth. | If this type of authentication is required, it is nearly imperative to use SSL as an attacker can force the browser to downgrade to basci auth. The passwords are stored unsecurely on the server. |
|
|
|
|
|
|
|
|