Ubuntu – Find out if an Apache module can be disabled from website usage

apache-2.2loggingUbuntu

I can see the list of core and other modules loaded by apache using the below command:

$ apache2ctl -t -D DUMP_MODULES
Loaded Modules:
 core_module (static)
 mpm_prefork_module (static)
 http_module (static)
 so_module (static)
 auth_basic_module (shared)
 auth_digest_module (shared)

In order to optimize the performance of the server (save memory on each Apache thread essentially), I would like to disable unused modules. The Apache documentation provides information about this modules at the following page.

Most of the time, the information provided for each module is enough to determine whether I should disable a module or not. For instance I know I don't use LDAP authentication so I can safely disable authnz_ldap_module.

However for some modules it is a bit less obvious. For instance the mime_magic module is used as a "second line of defense" for cases that mod_mime can't resolve, which can't be determined theoretically as it depends on what files will get served by Apache.

Q: Is there a way to log to a file the list of modules that Apache effectively used to process a request?

If I could log such information, I would just let the web server run for some time, then get the list of modules that were used to process all the requests received in the meantime, and disable those that don't appear in that list.

Best Answer

I don't believe there is a universal solution, but there are still some options. Some modules (for instance, mod_rewrite) have their own logging facilities, but you'd have to read the documentation for each module to find out. Any modules listed as static are compiled in and can't be disabled unless you recompile Apache. For the rest, you might try three things: searching for directive prefixes, enabling debug logging, or selectively disabling module-by-module and restarting.

For most modules, the directives share a common prefix. For the HTTP authentication modules, basic and digest, you can tell if you're using them by filtering the configuration files with grep. If you're doing virtual hosting you can probably do the following:

cd /etc/apache2/sites-enabled
grep Auth *

If you see anything like AuthType basic or AuthType digest, then you need one or both of these modules. Otherwise, it should be safe to disable them. Similarly for other modules: mime_magic is only enabled if the MimeMagicFile directive is issued somewhere.

If there are modules you're still not sure about after that, you might try enabling LogLevel debug and checking the logs. If you see some output from a module, then you can tell that the module is in use. You can even set LogLevel debug for specific modules. This is slightly different than what you asked about though, since if you don't see any output, it doesn't necessarily mean that a module is not in use. (Maybe it simply doesn't produce debug output.)

Finally, in many cases you can try disabling a module and running apache2ctl configtest. If a directive is not recognized because a module isn't being loaded, this will result in error.

Best Answer

Related Solutions

Redhat – Apache Config: RSA server certificate CommonName (CN) … NOT match server name

Apache2 random 403 error & info server busy logs on Ubuntu

Related Topic