apache modules needed to make ftp backup work?


Yesterday I tried many different method of optimizing httpd.conf file.
The most change I made was to disable many modules.

LoadModule authz_host_module modules/mod_authz_host.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule expires_module modules/mod_expires.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule dir_module modules/mod_dir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dav_module modules/mod_dav.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule cgi_module modules/mod_cgi.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
#LoadModule authn_anon_module modules/mod_authn_anon.so
#LoadModule authn_dbm_module modules/mod_authn_dbm.so
#LoadModule authn_default_module modules/mod_authn_default.so
#LoadModule authz_owner_module modules/mod_authz_owner.so
#LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
#LoadModule authz_dbm_module modules/mod_authz_dbm.so
#LoadModule authz_default_module modules/mod_authz_default.so
#LoadModule ldap_module modules/mod_ldap.so
#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
#LoadModule include_module modules/mod_include.so
#LoadModule logio_module modules/mod_logio.so
#LoadModule env_module modules/mod_env.so
#LoadModule ext_filter_module modules/mod_ext_filter.so
#LoadModule mime_magic_module modules/mod_mime_magic.so
#LoadModule usertrack_module modules/mod_usertrack.so
#LoadModule status_module modules/mod_status.so
#LoadModule info_module modules/mod_info.so
#LoadModule dav_fs_module modules/mod_dav_fs.so
#LoadModule actions_module modules/mod_actions.so
#LoadModule speling_module modules/mod_speling.so
#LoadModule userdir_module modules/mod_userdir.so
#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
#LoadModule proxy_http_module modules/mod_proxy_http.so
#LoadModule proxy_connect_module modules/mod_proxy_connect.so
#LoadModule cache_module modules/mod_cache.so
#LoadModule disk_cache_module modules/mod_disk_cache.so
#LoadModule file_cache_module modules/mod_file_cache.so
#LoadModule mem_cache_module modules/mod_mem_cache.so
#LoadModule version_module modules/mod_version.so

Did I commented out any of the needed module for making FTP backups?
I did disable firewall and everything; still wouldn’t work. Everything works until virtualmin echo the following:

Uploading archive to FTP server x.x.x.x

then it gets stuck.

Thank you for your help!

What I’ve found out is that virtualmin successfully creates folders and everything.
It just won’t upload the file using ftp protocol.

Any suggestions?

And ssh won’t work either.

I found the problem.
It’s CSF.

If I disable it then I can use it just fine.
Once I figure out how to use Virtualmin backup with CSF then I’ll post it here.

CSF is blocking some kind of process.
How can I let Virtualmin process backup without CSF interfering?

It works if I set outgoing TCP to = 0:65535
It basically means that every outgoing port is open.

I don’t feel secure with such configuration though.

Any suggestions?


Well, I wouldn’t be too concerned with which outgoing ports are open… I’d mostly be concerned about the incoming ones.

Outgoing ports are hard to control with a firewall, as it’s difficult to know which will be used. Semi-random high ports are used for communication – you won’t always be seeing common ports like 80 and 25.

So, my suggestion would be to allow all outgoing ports, and if you want to use a firewall, just block incoming requests.


Sometimes even opening all outgoing ports wouldn’t work.
I literally have to disable Firewall before I do FTP backup which is really weird.

Is there a way to put Virtualmin’s backup process to be whitelisted?
I really want to keep using CSF as it’s super easy to maintain.

Thank you!

I’m unfortunately not familiar with CSF… Virtualmin’s FTP process wouldn’t be different from other FTP processes though. So, my recommendation would be to research CSF to figure out how to allow FTP in general.

Also, perhaps other folks experienced with CSF could chime in here, maybe they’d have some insight!


I’ve found another way.

Virtualmin’s scheduled backup had options to run commands before and after, so I let it disable firewall before doing backup, then re-enable after the backup. So far it’s working.