mod_no_prefetch

mod_no_prefetch is a simple module for the Apache 1.3.x web server.

It provides functionality to block so called "prefetch requests" originating from the Mozilla Firefox browser and Google's Web Accelerator.

Download

The current release can be downloaded here.

Installation

After downloading the module, extract it into the src/modules/ subdirectory of your Apache source tree.

The module can then be compiled into Apache using the ./configure command chain ./configure --activate-module=src/modules/no_prefetch/mod_no_prefetch.c --enable-module=no_prefetch in the Apache src/ directory.

Usage

Currently the module will immediately start to scan requests.   The next version will instead make it necessary to explicitely specify when/where to scan for prefetch requests.

Rationale

The main reason for developing this module was that Google's Web Accelerator can do a lot of harm when prefetching certain links from administration interfaces.  The folks from 37signals.com have summed this up quite well on their weblog.

While blocking requests is certainly not the way to go for the long term, it at least makes sure that no harm can be done while one is adjusting web applications to e.g. use the POST instead of the GET method for non-idempotent requests.

Details

The module hooks into the header parsing phase of the web server and attempts to identify prefetch requests by looking at special request headers.  If a prefetch request has been found, the module causes the Apache engine to send a Forbidden 403 response.

The module has been developed and is maintained by Martin Jansen and it is licensed under the Apache License.