Apache Per Server Settings

About

The Apache web server is the default web server choice on Enhance. It offers the maximum compatibility with your web applications and has full .htaccess support.

Servers running Apache will automatically inherit the Global Application setttings. In addition to the General Per Server Settings there are a handful of customisable configurations specific to Apache:

php-fpm Settings

php.ini automatically inherits the php.ini settings defined in your Global Application settings. Inherited directives can be identified by the ‘Inheritied’ tag.

To override or add custom directives to a server:

1. Click Servers in the left side bar
2. Locate the server you would like to enable ModSecurity on
3. Select Manage from the drop down menu
4. Scroll to the Roles section
5. Select the Application tab then select php settings
6. Select the row to edit an existing directive or select Add directive to add a custom directive

Virtual Host Includes

To add custom virtual host configuration for a site, log in to your server with SSH as root and edit the file at /var/local/enhance/apache/vhost_includes/example.com.conf where example.com is the domain for which you want to add the custom configuration. This file will be included at the end of both the http and https VirtualHost block.

This is an advanced feature and should be done carefully; incorrect syntax will take down your web server.

It is not possible to edit the primary httpd.conf. Any changes made to this file will be lost on update. However you can include custom configuration within a virtual host.

ModSecurity

ModSecurity can be enabled/disable through the Enhancee control panel. Once enabled, you can use Enhance’s inline editor to customise security settings, define rules, and how ModSecurity detects and responds to web threats.

By default the OWASP ruleset is enabled offering a set of predefined security rules to help protect the web server against common vulnerabilities such as SQL injection, cross-site scripting (XSS), and more. The OWASP version can update through the Enhance panel.

To enable ModSecurity on an Apache server:

1. Click Servers in the left side bar
2. Locate the server you would like to enable ModSecurity on
3. Select Manage from the drop down menu
4. Scroll to the Roles section
5. Select the Application tab then select ModSecuirty
6. Toggle on or Off

Apache modules

The following modules are shipped with Apache and enabled by default. These modules can not be disabled:

• mpm_event_module modules/mod_mpm_event
• authn_file_module modules/mod_authn_file
• authn_core_module modules/mod_authn_core
• authz_host_module modules/mod_authz_host
• authz_groupfile_module modules/mod_authz_groupfile
• authz_user_module modules/mod_authz_user
• authz_core_module modules/mod_authz_core
• access_compat_module modules/mod_access_compat
• auth_basic_module modules/mod_auth_basic
• reqtimeout_module modules/mod_reqtimeout
• filter_module modules/mod_filter
• mime_module modules/mod_mime
• log_config_module modules/mod_log_config
• logio_module modules/mod_logio
• env_module modules/mod_env
• expires_module modules/mod_expires
• headers_module modules/mod_headers
• setenvif_module modules/mod_setenvif
• version_module modules/mod_version
• unixd_module modules/mod_unixd
• status_module modules/mod_status
• autoindex_module modules/mod_autoindex
• dir_module modules/mod_dir
• alias_module modules/mod_alias
• rewrite_module modules/mod_rewrite
• proxy_module modules/mod_proxy
• proxy_fcgi_module modules/mod_proxy_fcgi
• proxy_http_module modules/mod_proxy_http
• proxy_http2_module modules/mod_proxy_http2
• ssl_module /usr/local/apache2/modules/mod_ssl
• http2_module modules/mod_http2
• deflate_module modules/mod_deflate
• unique_id_module modules/mod_unique_id
• security2_module modules/mod_security2

The following modules are shipped with Apache and are not enabled by default:

• mod_buffer mod_session
• mod_headers mod_optional_fn_export
• mod_access_compat mod_cache
• mod_heartbeat mod_optional_fn_import
• mod_session_cookie mod_actions
• mod_cache_disk mod_heartmonitor
• mod_optional_hook_export mod_session_crypto.so
• mod_alias mod_cache_socache
• mod_http2 mod_optional_hook_import
• mod_session_dbd mod_allowmethods
• mod_case_filter mod_ident
• mod_proxy mod_setenvif
• mod_asis mod_case_filter_in
• mod_imagemap mod_proxy_ajp
• mod_slotmem_plain mod_auth_basic
• mod_cern_meta mod_include
• mod_proxy_balancer mod_slotmem_shm
• mod_auth_digest mod_cgi
• mod_info mod_proxy_connect
• mod_socache_dbm mod_auth_form
• mod_cgid mod_isapi
• mod_proxy_express mod_socache_memcache
• mod_authn_anon mod_charset_lite
• mod_lbmethod_bybusyness mod_proxy_fcgi
• mod_socache_redis mod_authn_core
• mod_data mod_lbmethod_byrequests
• mod_proxy_fdpass mod_socache_shmcb
• mod_authn_dbd mod_dav
• mod_lbmethod_bytraffic mod_proxy_ftp
• mod_speling mod_authn_dbm
• mod_dav_fs mod_lbmethod_heartbeat
• mod_proxy_hcheck mod_ssl
• mod_authn_file mod_dav_lock
• mod_ldap mod_proxy_html
• mod_status mod_authn_socache
• mod_dbd mod_log_config
• mod_proxy_http mod_substitute
• mod_authnz_fcgi mod_deflate
• mod_log_debug mod_proxy_http2
• mod_suexec mod_authnz_ldap
• mod_dialup mod_log_forensic
• mod_proxy_scgi mod_unique_id
• mod_authz_core mod_dir
• mod_logio mod_proxy_uwsgi
• mod_unixd mod_authz_dbd
• mod_dumpio mod_lua
• mod_proxy_wstunnel mod_userdir
• mod_authz_dbm mod_echo
• mod_macro mod_ratelimit
• mod_usertrack mod_authz_groupfile
• mod_env mod_md
• mod_reflector mod_version
• mod_authz_host mod_example_hooks
• mod_mime mod_remoteip
• mod_vhost_alias mod_authz_owner
• mod_example_ipc mod_mime_magic
• mod_reqtimeou mod_watchdog
• mod_authz_user mod_expires
• mod_mpm_event mod_request
• mod_xml2enc mod_autoindex
• mod_ext_filter mod_mpm_prefork
• mod_rewrite mod_brotli
• mod_file_cache mod_mpm_worker
• mod_security2 mod_bucketeer
• mod_filter mod_negotiation
• mod_sed