Which Apache modules are safe to disable

Each Apache process is using about 70MB of private/rss memory, so I would like to lean them up a bit. The server runs Magento and WordPress only. PHP is run as fcgid.

Which modules would you consider safe to disable?

Loaded Modules:

core_module (static)

mpm_prefork_module (static)

http_module (static)

so_module (static)

auth_basic_module (shared)

auth_digest_module (shared)

authn_file_module (shared)

authn_alias_module (shared)

authn_anon_module (shared)

authn_dbm_module (shared)

authn_default_module (shared)

authz_host_module (shared)

authz_user_module (shared)

authz_owner_module (shared)

authz_groupfile_module (shared)

authz_dbm_module (shared)

authz_default_module (shared)

ldap_module (shared)

authnz_ldap_module (shared)

include_module (shared)

log_config_module (shared)

logio_module (shared)

env_module (shared)

ext_filter_module (shared)

mime_magic_module (shared)

expires_module (shared)

deflate_module (shared)

headers_module (shared)

usertrack_module (shared)

setenvif_module (shared)

mime_module (shared)

dav_module (shared)

status_module (shared)

autoindex_module (shared)

info_module (shared)

dav_fs_module (shared)

vhost_alias_module (shared)

negotiation_module (shared)

dir_module (shared)

actions_module (shared)

speling_module (shared)

userdir_module (shared)

alias_module (shared)

substitute_module (shared)

rewrite_module (shared)

proxy_module (shared)

proxy_balancer_module (shared)

proxy_ftp_module (shared)

proxy_http_module (shared)

proxy_ajp_module (shared)

proxy_connect_module (shared)

cache_module (shared)

suexec_module (shared)

disk_cache_module (shared)

cgi_module (shared)

version_module (shared)

sed_module (shared)

security2_module (shared)

unique_id_module (shared)

fcgid_module (shared)

evasive20_module (shared)

perl_module (shared)

php5_module (shared)

ssl_module (shared)

dav_svn_module (shared)

authz_svn_module (shared)

core_module (static) log_config_module (static) logio_module (static) version_module (static) mpm_event_module (static) http_module (static) so_module (static) auth_basic_module (shared) authn_file_module (shared) authz_host_module (shared) authz_user_module (shared) expires_module (shared) deflate_module (shared) headers_module (shared) dir_module (shared) mime_module (shared) setenvif_module (shared) rewrite_module (shared) proxy_module (shared) proxy_fcgi_module (shared)

Best Answer

Here is a webpage which details which Apache modules can be safely removed. He considers the most common use cases but you should always check afterwards and reenable what you do need:

This is the list of modules that the author left enabled:

The page contains details for CentOS and also Ubuntu server. I highly recommend reading the entire page as it contains details as to why certain packages were left or were disabled, as well as tips. Your use case is likely not exactly as the author's use case, so be sure to use discretion and proper judgement. And test!

Best Answer

Related Solutions

Unnecessary Apache modules

Redhat – Apache Config: RSA server certificate CommonName (CN) … NOT match server name

Related Topic