Installing additional Apache modules unlocks features such as TLS termination, URL rewriting, reverse proxying, and request filtering without replacing the core web server. Keeping only the required modules loaded helps reduce attack surface and makes troubleshooting more predictable.
Most optional Apache functionality is delivered as loadable modules that are read from configuration at startup. On Ubuntu and Debian, module load files typically live under /etc/apache2/mods-available and become active through symlinks in /etc/apache2/mods-enabled, commonly managed with a2enmod and a2dismod.
Package naming and enablement differ between distributions, so the same feature might be built-in, shipped as a separate package, or activated via a LoadModule configuration include. Loading a new module requires a restart, and a syntax mistake can prevent Apache from starting, so a configuration test before restarting is the safest default.
Steps to install Apache modules:
- Open a terminal with sudo privileges.
- List currently loaded Apache modules to confirm the starting state.
$ sudo apache2ctl -M Loaded Modules: core_module (static) so_module (static) watchdog_module (static) http_module (static) log_config_module (static) ##### snipped #####
- Search the package repository for the module package name.
$ apt search libapache2-mod- | head -n 12 WARNING: apt does not have a stable CLI interface. Use with caution in scripts. Sorting... Full Text Search... libapache-mod-jk-doc/noble 1:1.2.49-1build1 all Documentation of libapache2-mod-jk package libapache2-mod-apparmor/noble-updates 4.0.1really4.0.1-0ubuntu0.24.04.5 arm64 changehat AppArmor library as an Apache module libapache2-mod-apreq2/noble 2.17-5build2 arm64 generic Apache request library - Apache module libapache2-mod-auth-cas/noble 1.2-1build2 arm64 ##### snipped #####
Fedora and RHEL derivatives typically use dnf search mod_ or yum search mod_, and openSUSE commonly uses zypper search apache2-mod.
- Install the required module package.
$ sudo apt install --assume-yes libapache2-mod-security2 WARNING: apt does not have a stable CLI interface. Use with caution in scripts. Reading package lists... Building dependency tree... Reading state information... The following additional packages will be installed: liblua5.1-0 libyajl2 modsecurity-crs Suggested packages: lua geoip-database-contrib ruby python The following NEW packages will be installed: libapache2-mod-security2 liblua5.1-0 libyajl2 modsecurity-crs 0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded. Need to get 510 kB of archives. After this operation, 2,701 kB of additional disk space will be used. ##### snipped #####
Fedora and RHEL derivatives commonly install module packages with dnf install <package>, and openSUSE commonly uses zypper install <package>.
- Enable the module when it is installed but not active by default.
$ sudo a2enmod security2 Considering dependency unique_id for security2: Module unique_id already enabled Module security2 already enabled
Some modules ship with the base Apache package and only need enabling (example: sudo a2enmod rewrite).
- Test the Apache configuration syntax before applying the change.
$ sudo apache2ctl configtest Syntax OK
A failed config test can leave the service unable to restart, taking hosted sites offline until the error is corrected.
- Restart Apache to load the new module.
$ sudo systemctl restart apache2
- Verify that the module is loaded after the restart.
$ sudo apache2ctl -M | grep security2 security2_module (shared)
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.
