modules to load
The order of the modules is important:
The modules are executed in the order as they are specified. Loading mod_auth AFTER mod_fastcgi might disable authentication for fastcgi backends (if check-local is disabled).
As auth and access should be done early, place them before all executing modules (like proxy, fastcgi, scgi and cgi).
Like auth and access, setenv should be listed early, and prior to any modules which might end the request. e.g. mod_setenv should be listed prior to mod_redirect in order to setenv response headers to be sent along with a redirect (such as HSTS headers. see #2946)
Some configurations prefer to load auth modules early, so that redirect and rewrites occur only for authorized requests. If not, then rewrites and redirects should be next, followed by auth, access, and the docroot plugins.
Afterwards the external handlers like fastcgi, cgi, scgi and proxy and at the bottom the post-processing plugins like mod_accesslog.
server.modules = ( "mod_access", "mod_setenv", "mod_auth", "mod_rewrite", "mod_redirect", "mod_status", "mod_simple_vhost", "mod_evhost", "mod_alias", "mod_userdir", "mod_secdownload", "mod_fastcgi", "mod_proxy", "mod_cgi", "mod_ssi", "mod_compress", "mod_usertrack", "mod_expire", "mod_rrdtool", "mod_accesslog" )These modules are loaded automatically, so you need not load them yourself:
- mod_indexfile (if loaded manually, should be loaded early)
- mod_dirlisting (if loaded manually, should be loaded before mod_staticfile)
- mod_staticfile (if loaded manually, should be loaded at or near end list)
Do not add a module twice, only add modules in the global context.