Find out if an Apache module can be disabled from website usage

Solution 1:

I don't believe there is a universal solution, but there are still some options. Some modules (for instance, mod_rewrite) have their own logging facilities, but you'd have to read the documentation for each module to find out. Any modules listed as static are compiled in and can't be disabled unless you recompile Apache. For the rest, you might try three things: searching for directive prefixes, enabling debug logging, or selectively disabling module-by-module and restarting.

For most modules, the directives share a common prefix. For the HTTP authentication modules, basic and digest, you can tell if you're using them by filtering the configuration files with grep. If you're doing virtual hosting you can probably do the following:

cd /etc/apache2/sites-enabled
grep Auth *

If you see anything like AuthType basic or AuthType digest, then you need one or both of these modules. Otherwise, it should be safe to disable them. Similarly for other modules: mime_magic is only enabled if the MimeMagicFile directive is issued somewhere.

If there are modules you're still not sure about after that, you might try enabling LogLevel debug and checking the logs. If you see some output from a module, then you can tell that the module is in use. You can even set LogLevel debug for specific modules. This is slightly different than what you asked about though, since if you don't see any output, it doesn't necessarily mean that a module is not in use. (Maybe it simply doesn't produce debug output.)

Finally, in many cases you can try disabling a module and running apache2ctl configtest. If a directive is not recognized because a module isn't being loaded, this will result in error.