Chapter 3 Using Dynamic Modules

  Table of Contents

  Glossary

  Index

Dynamic modules provide a means of allowing developers and third parties to extend the capabilities of the Secure Web Server. When properly configured in the server configuration file, these modules will be loaded into the Web server at startup time. As the Secure Web Server is powered by Apache, modules conforming to the Apache DSO API can be use with the Secure Web Server.

The Secure Web Server can be customized using dynamic modules provided from Apache and other sources. For a complete list of the Secure Web Server 1.3 modules (DSO and integrated), see Appendix A. See Appendix B for a complete list of the Secure Web Server 2.0 modules.

This chapter provides the following information:

Secure Web Server Support for Apache Dynamic Modules

Apache dynamic modules can be obtained from many sources. These include:

  • Modules that are part of the Apache distribution.

  • Modules from the Apache Module Register on the Web: http://modules.apache.org. The Module registry contains a list of modules that are available for use with Apache based servers. These modules derive from a variety of sources, and can often be easily built and used with the Secure Web Server.

  • Custom-written modules from various sources. Occasionally, a Web site has special needs that cannot be easily addressed using the existing Secure Web Server functionality of and are not readily available from existing modules. In these cases, a Web site can create custom modules based on the Apache DSO API that extends the functionality of the Secure Web Server.

The Secure Web Server integrates many Apache modules and provides many other modules as dynamic shared objects (DSO). The DSO modules are not integrated because they are not usually part of the default configuration of an Apache server. Section : Standard Modules Provided as DSO Modules lists the standard Apache modules provided as DSO modules. Section : Nonstandard Modules Provided as DSO Modules lists nonstandard DSO modules provided in the Secure Web Server kit. (Nonstandard DSO modules are modules not from the Apache Foundation.)

Administrators can build Apache modules for use with the Secure Web Server. The standard Apache apxs utility (/usr/internet/httpd/bin/apxs or /usr/opt/hpapache2/bin/apxs) is provided with the Secure Web Server to assist you during compilation and installation of the Apache modules.

Instructions for compiling modules using the apxs utility are usually included with the source code for that particular module. Instructions can also be found in the standard Apache documentation on the Web: http://www.apache.org.

Standard Apache documentation is also included with the Secure Web Server in the IAEAPDOCxxxsubset, installed in /usr/internet/httpd/apdocs. Standard Apache 2.0 documentation is installed in /usr/hpapache2/manual.

Standard Modules Provided as DSO Modules

The Secure Web Server provides several standard Apache modules as DSO modules. These are modules that are included in source form as part of the Apache Version 1.3 source distributions and Apache Version 2.0 source distribution. Although there are many modules that are included in the distributions, many of them are not included in the default server configuration. The optional modules are provided in the form of DSO modules so they can be activated if needed. Table A-2 lists and describes the modules for the Secure Web Server 1.3. Table B-2 lists and describes the modules for the Secure Web Server 2.0.

Nonstandard Modules Provided as DSO Modules

In addition to the standard Apache modules, the Secure Web Server provides DSO modules from sources outside the Apache Foundation.

Table A-3 and Table A-4 provide a list of nonstandard modules for the Secure Web Server 1.3. Table B-3 provides a list of nonstandard modules for the Secure Web Server 2.0.

Activating the Apache DSO Modules

To activate an Apache DSO module, you must modify the httpd.conf server configuration file, as follows:

  1. Add a LoadModule directive.

  2. Add an AddModule directive, if the ClearModule directive is used.

  3. Add additional module configuration-specific directives.

  4. Restart the server for the configuration changes to take effect.

Usually, an Apache DSO module will not perform any useful function until the module-specific configuration directives activate the module's functionality. The module-specific documentation explains the module configuration directives. For Apache DSO modules provided with the Secure Web Server, refer to either the Apache documentation provided with the Secure Web Server kit, or the documentation available on the Apache Web site:

http://httpd.apache.org

Using the LoadModule Directive

The LoadModule directive enables dynamic module loading by the Web server. This directive must occur before any other configuration directive for the module being loaded.

The LoadModule directive has the following form:

LoadModule module_identifier filename

The module_identifier variable is the internal module definition variable name, that is documented in the module documentation.

The filename parameter is the loadable module on disk that the server will load. The file name can be an absolute path or a path relative to the server root as defined by the httpd.conf file.

If the ClearModule directive is present, it signals the server that the list of loaded modules needs to be reordered. The ClearModule directive begins the process by clearing the internal list of modules, thus providing the configuration file with a complete list of all modules (integrated and DSO). Each module is readded to the module list with an AddModule directive (Section : Using the AddModule Directive).

Using the AddModule Directive

The AddModule directive is used by the Web server to build a list of modules in order of precedence. The directive is only needed if the ClearModule directive is used to zero out the module list. If the ClearModule directive is not used, then the module precedence is in the order that they were loaded.

The AddModule directive has the form:

AddModule source_file

The source_file is the file name of the compilation unit that contained the module declaration. To determine the proper file name to use, see the module-specific documentation.

Verifying the Configuration File

After adding the configuration directives to the httpd.conf file, the file syntax can be reviewed prior to restarting the server. The following command directs the server to verify the specified configuration file:

For Secure Web Server 1.3:

# /usr/internet/httpd/bin/httpd -t -f /usr/internet/httpd/conf/httpd.conf

For Secure Web Server 2.0:

# /usr/opt/hpapache2/bin/httpd -t -f /usr/opt/hpapache2/httpd.conf

Activating an Apache DSO Module — Example

The example in this section shows how to activate the mod_usertrack Apache DSO module, which uses Cookies to track users. To activate the module, use the httpd.conf configuration file for the default public server /usr/internet/httpd/conf/httpd.conf and follow these steps:

  1. Define the LoadModule directive as follows:

    LoadModule usertrack_module   libexec/mod_usertrack.so

  2. If the ClearModule directive is defined, add the module to the module list with an AddModule directive:

    AddModule mod_usertrack.c

  3. Define the module-specific directives, for example:

    CookieName OurTestCookie
    CookieTracking on

  4. Track the generated cookies by using a directive for another Apache module (that is, one that is integrated in the Secure Web Server). This directive will cause the cookies to be logged into a file called clickstream, in the logs directory relative to the server root. For example:

    CustomLog logs/clickstream "%{cookie}n %r %t"