The idea is simple: why don’t we turn off all the modules of Apache HTTPD server and PHP which we do not use at all? Hopefully, we should get the light version of the application platform. Surely, there may be various ways to optimize Apache and PHP, monitor it, and then fine tune it again for your needs. This is an on-going process.
For this exercise, I used XAMPP 1.7.3 which comes with:
After this step, the main victim modules are … (come on, they have just been turned off!)
# mod_actions # mod_alias # mod_asis # mod_auth_basic # mod_auth_digest # mod_authn_default # mod_authn_file # mod_authz_default # mod_authn_file # mod_authz_default # mod_authz_groupfile # mod_authz_user # mod_cgi # mod_dav # mod_dav_fs # mod_dav_lock # mod_include # mod_info # mod_rewrite # mod_autoindex_color
Then, I commented out the lines related to alias_module (including ScriptAlias), cgi-bin configurations, and XAMPP file (httpd-xampp.conf).
I had to enable mod_authz_host to give IP specific access permissions to my clients.
On the contrary, I wanted to enable modules which could be useful for performance such as:
On the PHP side (php.ini), I did not need the following libraries (modules):
; php_exif ; php_imap ; php_soap ; php_sockets ; php_xmlrpc ; php_zip ; php_ming ; php_pdflib
On the other hand, we need to check the following modules if they work and do not crash our web application:
~ php_apc or