Extra Modules (Apache: The Definitive Guide)

Chapter 12. Extra Modules

In addition to the standard modules mentioned in Chapter 1, "Getting Started", which we suggest you compile into your copy of Apache, there are a number of more volatile modules available. We do not propose to document them in this edition of the book, but the list might be interesting. Be warned: modules designed for earlier versions of Apache may need updating before they work correctly with Version 1.3. Modules can be found in several places:

The Apache ../src/modules directory. This contains the standard modules plus (in the 1.3 release) subdirectories experimental and extra. The curious may find a search rewarding. At the time of writing there was only mod_mmap_static, which allows faster serving of slowly changing files.

The Apache FTP directory at ftp://ftp.apache.org/apache/dist/contrib/modules/. At the time of writing the list was as follows:

mod_allowdev: Disallow requests for files on particular devices.
mod_auth_cookie: Authenticate via cookies on-the-fly.
mod_auth_cookie_file: Authenticate via cookies with .htpasswd-like file.
mod_auth_external: Authenticate via external program.
mod_auth_inst: Authenticate via instant passwords for dummy users.
mod_auth_system: Authenticate via system passwd file.
mod_bandwidth: Bandwidth management on a per-connection basis.
mod_cache: Automatic caching of documents via mmap().
mod_cntr: Automatic URL access counter via DBM file.
mod_disallow_id: Disallow requests for files owned by particular user IDs.
mod_lock: Conditional locking mechanism for document trees.
mod_peephole: Peepholing filesystem information about documents.
mod_put: Handler for HTTP/1.1 PUT and DELETE method.
mod_qs2ssi: Parse query string to CGI/SSI variables.
mod_session: Session management and tracking via identifiers.

The module registry at http://modules.apache.org/:

Authentification (NIS-based): NIS/password-based authentication, using normal user IDs.
Bandwidth management: Limit bandwidth based on number of connections.
CGI SUGId: Set User/Group ID for CGI execution (like CERN).
Chatbox: A Chatbox module for Apache.
Chroot Security Patch: Patch for running httpd chrooted.
Cold Flame: Alpha version of a module to parse Cold Fusion code, using mysql.
Cookie Authentication: Fake basic authentication using cookies.
Cookie authentication (MySQL-based): Compare cookie against contents of MySQL DB.
Cookie Authentification (file-based): Cookie-based authentication, with .htpasswd-like file.
Cookie Authentification (mSQL-based): Cookie-based authentication, with mSQL database.
Corrosion Research Group: Research education.
DCE Authentication: DCE authentication/secure DFS access.
dir_log_module: Implements per-directory logging.
dir_patch (unofficial Apache 1.1.1 patch): Allows one to suppress HTML preamble for directories.
Disallow ID: Disallow serving web pages based on uid/gid.
External Authentication Module.: Authenticates using user-provided function/script.
FastCGI: Keeps CGI processes alive to avoid per-hit forks.
FTP Conversions: Viewing FTP archive using WWW, conversions.
heitml -- Extended Interactive HTML: Programmable database extension of HTML.
Indexer: Configurable directory listing module.
inst_auth_module: Module for instant password authentication.
Java Wrapper Module: Enables execution of Java apps as CGI directly.
Kerberos Authentication: Kerberos auth for mutual tkt or principal/passwd.
LDAP Authentication Module: Authenticates users from an LDAP directory.
mod_throttle: Throttle the usage of individual users.
mod_allowdev: Restrict access to filespace more efficiently.
mod_auth_dbi: Authenticate via Perl DBI, Oracle, Informix, more.
mod_auth_ldap: Apache LDAP authentication module.
mod_auth_mysql: mySQL authentication module for Apache.
mod_auth_pgsql: Authentication module for Apache 1.3 PostgreSQL.
mod_auth_radius.c: Authenticate via external RADIUS server.
mod_auth_rdbm: Networked dbm or db authentication permits auth db sharing between servers.
mod_auth_samba: Samba-based authentication for passwords.
mod_auth_smb: Authorization module that uses SMB (LanMan).
mod_auth_sys: Basic authentication using System-Accounts.
mod_auth_yard: Authentication module via YARD database.
mod_beza: Module and patch converting national characters.
mod_blob_pg95: URI to Postgres95 Large Object mapping.
mod_dlopen: Load modules dynamically from ELF object files.
mod_ecgi: Embedded (nonforking) CGI.
mod_fjord.c: Java backend processor.
mod_fontxlate: Configurable national character set translator.
mod_javascript: Javascript module (ECMA-262).
mod_jserv: Java servlet interface.
mod_ldap.c: LDAP authentication and access rules.
mod_lock.c: Selective lock of trees and virtual hosts.
mod_mmap_static: mmap a static list of files for speed.
mod_neoinclude.c: NeoWebScript-Tcl scripting extension.
mod_pagescript.cc: SSI extensions.
mod_perl: Embed Perl interpreters to avoid CGI overhead and provide a Perl interface to the server API.
mod_put: Handler for HTTP /1.1 PUT and DELETE methods.
mod_session: Advanced session management and tracking.
mod_ssl: Free Apache interface to SSLeay.
mod_weborb (WebORB project): Directly invoke CORBA objects to handle CGI requests.
PAM Auth: Authentication against Pluggable Auth Modules.
Patch for native SunOS-4.1.x compilation: Fixes to allow compilation on SunOS-4 without GCC.
PHP/FI: Server-parsed scripting language with RDBMS support.
Postgres95 Authentication: User authentication with the Postgres95 database.
PostgreSQL Authentication: User authentication with PostgreSQL (and cookie).
PyApache: Embedded Python language interpreter.
Query String to Server Side Include variables: Parse the query string to XSSI variables.
RADIUS Authentication module: RADIUS authentication module.
Raven SSL Module: SSL security module for the Apache web server.
Rewriting/Mapping of local URIs: Mapping on URI level; includes the "/" and "/."
Russian Apache (mod_charset): Smart Russian codepage translations.
Russian Charset Handling Module: Russian document support in various charsets.
SSI for ISO-2022-JP: SSI handling ISO-2022-JP encoding document.
System Authentication: Use both system files and .htaccess for authentication.
User/domain access control: Allow or deny access to user/domain pair.
UserPath Module: Provide a different method of mapping ~user URLs.
var_patch (unofficial Apache 1.1.1 patch): Add charset negotiation/guessing to .var files.
WebCounter: Dynamically count web page access.
zmod_module: The Logfile-Modul for VDZ online accounting.

Other sites; use a search engine to look for "Apache module".

12.1. Authentication

There is a whole range of options for different authentication schemes. The usernames and passwords can be stored in flat files (with the standard mod_auth) or in DBM or Berkeley-DB files (with mod_auth_dbm or mod_auth_db, respectively).

For more complex applications, usernames and passwords can be stored in mSQL, Postgres95, or DBI-compatible databases, using mod_auth_msql, mod_auth_pg95, or http://www.osf.org/~dougm/apache/.

If passwords can't be stored in a file or database (perhaps because they are obtained at runtime from another network service), the ftp://ftp.apache.org/apache/dist/contrib/modules/mod_auth_external.c module lets you call an external program to check if the given username and password are valid. If your site uses Kerberos, http://www2.ncsu.edu/ncsu/cc/rddc/projects/mod_auth_kerb/ allows Kerberos-based authentication.

The mod_auth_anon module allows an anonymous FTP-style access to authenticated areas, in which a user gives an anonymous username and a real email address as the password. There are also modules to hold authentication information in cookies and to authenticate against standard /etc/passwd and NIS password services. See the module registry at http://modules.apache.org/.


11.5. Logging the Action		12.2. Blocking Access

Chapter 12. Extra Modules

Contents:

12.1. Authentication