Top Three Apache Modules for PHP

Top three apache modules for php

When building websites with PHP, I would put money on the fact your backend server is Apache. If so, what Apache modules should you enable on your server stack in order to get the best out of your PHP web application? In this top list, we'll shortlist and break down three different modules that you cannot live without.

What are Apache Modules

Apache modules are extensions that add extra functionality to the Apache HTTP server, which are pieces separate from the Apache core that are loaded into the server to provide additional features and capabilities. They can be dynamically loaded, meaning you can switch them off and on at your leisure. The idea behind putting functionality behind separate modules is so you can pick which is the right fit for your web server and application. A benefit of this is allowing sysadmins (system administrators) the ability to change Apache's default behavior without affecting the core Apache code. This is why as a sysadmin, you'll likely see that each server has been set up with a different subset of the Apache modules. An Apache module is typically known as a shared object file or ".so" file which is loaded at runtime. Let's explore the modules that are bundled with Apache and are also written by the Apache Software Foundation that you need to enable to get the best out of your PHP application.

Top Three Apache Modules for PHP

Let's explore the top three Apache modules you should install and enable on your server to give your PHP website boosted functionality.


The most common module available to webmasters is the ability to offer cleaner, search engine-friendly URLs, great for SEO and users. If you are running a CMS like Craft CMS, WordPress, or Magento, the mod_rewrite module will be used by these frameworks to enable clean URLs. It works by intercepting and modifying the URL before it is processed by the server and seen by the user. Manipulating the URL on the fly provides webmasters flexibility on how web server requests are made. If you spin up a default WordPress installation and add a page, you'll notice that the URL structure (permalink) is similar to the one below.


If we deeper drive into the request and check our WordPress installation, in the folder structure we don't have those folders off the root. That's because mod_rewrite is kicking in and the WordPress request actually getting routed through the index.php file in the directory root. Because mod_rewrite is "cleaning" our URL we don't see index.php either. If we (or in this case WordPress) didn't use URL rewrite, our URL may look similar to the one below, which is long and cumbersome.


You can enable mod_rewrite by uncommenting the following line found inside your Apache configuration file (depending on your server's operating system that's either, httpd.conf or apache2.conf). Once you have made changes to your Apache config, you will be required to restart Apache. It's also a good idea to add "AllowOverride" in your .htaccess file, as this is required by the likes of WordPress. You can also check your Apache server status at any time when enabling or disabling Apache modules.

LoadModule rewrite_module modules/


Next up is the powerful mod_headers module, which is perfect for HTTP header manipulation, setting cache-control directives, CORS, or extra security-related headers. This module works for both client requests and server responses (so both ways), and allows webmasters the ability to add, modify or remove headers as they wish. When making a request to a website, the request that your browser sends will contain headers. Headers are hidden bits of information that tell the receiving party things like, what character encoding you support, and where the request comes from, among other important bits of information. The receiver will accept these headers and process them accordingly. Then the receiver becomes the sender and will repeat the process back to you. Below is an example custom header that is sent back from our example API, letting the user know (via headers) the total remaining API credits that are left.

Header set X-API-Credits-Left "99"

Using the mod_headers module allows you to set custom headers, which is great if you require extra information to be sent out by your server under certain scenarios, such as an API request, where you could set, the total number of credits left. A popular mod_headers option is setting cache-control directives such as Cache-Control or Expires. Setting these headers lets webmasters control the caching behavior in web browsers for optimising static resources and ultimately to help improve website performance. A common page speed practice is to set a high cache timeout so that users who browse multiple pages and/or re-visit don't re-download the same assets again from the origin server, and instead keep a cached version of the resource locally. This in turn dynamically improves page speed and the user's experience. Within your .htaccess file, the easiest way to set the Cache-Control header is by wrapping your header in an IfModule.

The IfModule wrapper is a safe check, where Apache will check if you have mod_headers enabled on your server. In this case, if you didn't, the "Header set" command in your .htaccess wouldn't be called and therefore wouldn't break your webpage. Once mod_headers is enabled and you have the following code in your .htaccess, Apache will serve this header with the parameters you've set. Here as an example, we've set the "max-age" (time to cache the resource) to 86,400 seconds, which is one full day. Secondly, the "public" reference in the header is a directive that indicates that the resource is to be shared by both public and private caches, but without it, it is implied.

<IfModule mod_headers.c>
 Header set Cache-Control "max-age=86400, public"


The final important Apache Module for PHP is mod_deflate. Another module linked to providing better page speed for your website and its resources, by providing on-the-fly compression features. This module will compress and reduce the file size of transmitted resources and data. By reducing file sizes, you in turn result in faster page loading speeds and reduced bandwidth consumption, perfect if your hosting company limits the total amount of bandwidth your website can consume per month.

It works by using a compression algorithm, typically the gzip compression algorithm, to compress content. Using gzip compression, the server will significantly reduce the size of text-based files such as CSS, HTML, JavaScript, and XML. In isolation, for one user, this is seconds to possible only millisecond improvements (based on the server, the resources, and the user's internet speed, among other factors), but scaled up thousands or into millions, sending a huge (uncompressed) JavaScript files (for example) compared to the same file but compressed, will make a huge server load difference.

A common modern client-based header for the browser to send with the request is the accepted encoding type(s). Gzip will very often be one of them, including deflate and br (Brotil compression algorithm). It's possible for a client to head multiple encoding types, in this case, it's three types, and below is one such common example of the accept-encoding request header.

Accept-Encoding: gzip, deflate, br

Another powerful feature of mod_deflate is the ability to set which files (or MIME types) you wish to compress. By wrapping our directive again in IfModule for safety, then we can use the "AddOutputFilterByType" flag, and give the compression algorithm and the MIME types we wish to target.

<IfModule mod_deflate.c>
 SetOutputFilter DEFLATE
 AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript


Enabling these three Apache modules mod_rewrite, mod_headers, and mod_defalte will supercharge your PHP applications in terms of control for you the webmaster, and increase page speed. Coupled with a lower server resource load could make a difference for you and your users. If you are using third-party software within your PHP application, check the server requirements match yours in order to support their software. The three we've listed here in this guide are common requirements in nearly all modern CMSs and web frameworks, including Laravel.

Be sure you take a backup of any config files or .htaccess files you edit just in case. When there are errors in either, it will break the website on the front end, so it's best to test on a staging demo environment first (if possible). Apache contains and supports many different types of modules to aid in a selection of different areas, so be sure you check out the Apache 2.4 module list to find out what else might benefit your PHP web application.

Senior PHP developer with near two decades of PHP experience. Author of Dev Lateral guides and tools. The complete place for PHP programmers. Available to hire to help you build or maintain your PHP application.

Looking for industry-leading PHP web development?

API development WordPress Hosting ★ and more 🐘

We use cookies to enhance your browsing experience and analyse website traffic in accordance with our Privacy and Cookie Policy. Our cookies, including those provided by third parties, collect anonymous information about website usage and may be used for targeted advertising purposes. By clicking "Reject non-essential" you can opt out of non-essential cookies. By clicking "Accept all" you agree to the use of all cookies.

Reject non-essential Accept all