Apache Performance Optimization with Security
Apache Performance Optimization with Security
Apache's modular architecture allows fine-tuned performance optimization while maintaining security. Start by selecting the appropriate Multi-Processing Module (MPM):
# Check current MPM
apache2ctl -V | grep MPM
# Enable event MPM (recommended for high-performance)
sudo a2dismod mpm_prefork
sudo a2enmod mpm_event
sudo systemctl restart apache2
Configure MPM Event for optimal performance in /etc/apache2/mods-available/mpm_event.conf:
<IfModule mpm_event_module>
# Server-pool management
StartServers 3
MinSpareThreads 75
MaxSpareThreads 250
ThreadLimit 64
ThreadsPerChild 25
MaxRequestWorkers 400
MaxConnectionsPerChild 10000
# Timeout configurations for security
Timeout 60
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
# Async request handling
AsyncRequestWorkerFactor 2
</IfModule>
Implement secure caching strategies:
# Enable caching modules
sudo a2enmod cache cache_disk cache_socache
sudo a2enmod file_cache
sudo a2enmod expires
sudo a2enmod headers
# Configure cache settings in virtual host
<VirtualHost *:443>
# Basic cache configuration
CacheQuickHandler off
CacheLock on
CacheRoot "/var/cache/apache2/mod_cache_disk"
CacheIgnoreNoLastMod On
CacheDefaultExpire 3600
# Security-aware cache configuration
CacheIgnoreHeaders Set-Cookie
CacheIgnoreURLSessionIdentifiers jsessionid PHPSESSID
# Cache static assets aggressively
<FilesMatch "\.(jpg|jpeg|png|gif|ico|css|js|woff2?)$">
CacheEnable disk
CacheHeader on
CacheDefaultExpire 86400
CacheMaxExpire 31536000
CacheIgnoreCacheControl on
# Security headers for cached content
Header set Cache-Control "public, max-age=31536000, immutable"
Header set X-Content-Type-Options "nosniff"
</FilesMatch>
# Don't cache sensitive content
<LocationMatch "/(admin|api|login|logout|user)">
CacheDisable on
Header set Cache-Control "no-store, no-cache, must-revalidate, private"
Header set Pragma "no-cache"
</LocationMatch>
# Compression with security considerations
<IfModule mod_deflate.c>
# Compress HTML, CSS, JavaScript, Text, XML
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/json
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
AddOutputFilterByType DEFLATE application/x-font
AddOutputFilterByType DEFLATE application/x-font-opentype
AddOutputFilterByType DEFLATE application/x-font-otf
AddOutputFilterByType DEFLATE application/x-font-truetype
AddOutputFilterByType DEFLATE application/x-font-ttf
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE font/opentype
AddOutputFilterByType DEFLATE font/otf
AddOutputFilterByType DEFLATE font/ttf
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE image/x-icon
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/xml
# Security: Don't compress for old browsers
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# Don't compress already compressed content
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png|exe|t?gz|zip|bz2|sit|rar)$ no-gzip
</IfModule>
</VirtualHost>