DocumentationAPIChangelogTest your siteWatch a demoDashboard
Documentation
  1. Platform Integrations: Server-side
  2. Apache

Apache Changelog

DataDome Apache Module

2.56.0 (2026-05-28)

  • Remove hard-coded status codes in favor of DataDome Protection API response headers, enabling seamless support for upcoming features
  • Increase length limit from 128 to 512 characters for DataDome cookie to support upcoming features

2.55.0 (2026-04-28)

2.54.0 (2024-09-12)

  • Enable protection on specific VirtualHost and Locations directives
  • Update truncation limits to align with documentation
  • Increase default timeout value to 150ms
  • Enhance sed command support for compatibility with BSD and GNU-base systems
  • Enhance trace logs to improve human readability

2.53.2 (2024-07-16)

  • Revert previous cookie handling changes

2.53.1 (2024-06-19)

  • Improve cookie handling
  • Avoid mismatches of URIRegexExclusion between source file and configuration file

2.53.0 (2023-01-10)

  • Add session by header feature

2.52.0 (2023-06-22)

  • Improve headers management

v2.51.0 (2023-01-26)

  • Collect Fetch Metadata headers (Sec-Fetch-*)

v2.50.1 (2022-11-21)

  • Fix typo in payload field name (XForwardedForIp)
  • Switch to semantic versioning

v2.50 (2022-10-19)

  • Add Sec-CH-* Headers

v2.49 (2022-03-04)

  • Switch to OPENSSL_DIR variable to force paths for OpenSSL includes and libraries

v2.48 (2022-02-07)

  • Support custom paths for OpenSSL includes and libraries
  • Fix backward compatibility with OpenSSL

v2.47 (2021-12-01)

  • Fix logs on response parsing

v2.46 (2021-10-18)

  • Manage TLSv1.2 (HTTPS) with OpenSSL 1.1.1
  • Remove DomeTimeOut & TimeOut unused parameters

v2.45 (2021-01-12)

  • Restore default DomeStatus on.

v2.44 (2020-12-10)

  • Improve connection tracking
  • Improve debug logging
  • Deprecate unused DomeStatus value
  • Synch exclusion Regex with other modules

v2.43 (2020-09-30)

  • Improve tracking Keep-Alive connection at edge case

v2.42 (2019-01-30)

  • Fix build on Gentoo Linux

v2.41 (2018-11-20)

  • Decrease DNS response TTL from 1 hour to 5 minutes
  • Switch to use requests' IP addresses. This allows the override of the IP addresses by other modules, such as mod_remoteip for example

v2.40 (2018-05-10)

  • Introduce the ApiURI option to override the API Server's call URI
  • Add headers to the API Server's call: Content-Type, From, X-Real-IP, Via and True-Client-IP
  • Improve X-Forwarded-For handling

v2.39 (2017-11-30)

  • Fix crash caused when the API Server's domain has got no A records

v2.38 (2017-08-07)

  • Disable SSLv3 for the API Server's connection
  • Introduce support for 401 response code from the API Server

v2.37 (2017-07-20)

  • Fix crash caused by using DomeStatus inside location directive
  • Fix dynamic allocation of Regex inside the module's configuration

v2.36 (2017-05-18)

  • Fix the wrong content type on blocked response when the configuration has a lot of rewrite rules
  • Close the HTTPS connection properly

v2.35 (2017-04-24)

  • Fix the regression with the API Server's Keep-Alive connection

v2.34 (2017-04-12)

  • Improve the handling when the module can't allocate the memory
  • Fix typo in Makefile
  • Stop returning a partial body of API response to the client

v2.33 (2017-03-16)

  • Add support for X-DataDome-request-Headers

v2.32 (2017-02-21)

  • Remove X-dd-type header in RESPONSE headers

v2.31 (2017-02-16)

  • Add X-dd-type header in REQUEST headers

v2.30 (2017-02-08)

  • Rename configuration options to DomeName
  • Fix an issue when the module's configuration is specified inside virtual host

v2.29 (2017-02-02)

  • Add support for DATA_DOME_DISABLE environment variable to temporary disable the module
  • Add functionality to allow specified Module directives at any place in the config

v2.28 (2016-12-09)

  • Add verification by X-DatadomeResponse header
  • Send request's headers' names to the API Server
  • Send the request's Connection, Pragma and Cache-Control header values
  • Fix building by compiler without C99 mode

v2.27 (2016-11-25)

  • Fix building on Apache 2.2
  • Reduce error and info logs
  • Fix the timeout error code

v2.26 (2016-11-10)

  • Improve compatibility with HAProxy
  • Add DATA_DOME_STATUS and DATA_DOME_SPENT_TIME environment variables
  • Add 7xx status code to provide internal module status
  • Remove compilation warning
  • Improve timeout
  • Fix picking-up random resolved address

v2.25 (2016-11-01)

  • Fix spent time calculation
  • Implement a more strict parse of the API server's response.
  • Check socket status before sending anything

v2.24 (2016-10-18)

  • Synch exclusion Regex with other modules

v2.23 (2016-10-05)

  • Fix memory leak caused when the API server closed the SSL connection

v2.22 (2016-10-01)

  • Stop initializing OpenSSL in the module when mod_ssl is expected to handle it

v2.21 (2016-09-26)

  • Switch to using pre-reserved memory to create the API call body
  • Fix error handling when memory can't be allocated
  • Fix double free when API server isn't available
  • Fix memory overflow when a value has a lot of symbols that are URL-encoded
  • Truncate URL-encoded values

v2.20 (2016-09-21)

  • Decrease the maximum API call to 10kb

v2.19 (2016-09-13)

  • Add .mp4 and .otf to default exclusion Regex

v2.18 (2016-08-08)

  • Remove all code that can read request body
  • Add Regex exclusion

v2.17 (2016-08-01)

  • Send a timestamp to the API server when the full request is ready
  • Send Content-Length header as PostParamLen

v2.16 (2016-07-21)

  • Register the module as APR_HOOK_REALLY_FIRST to process the request as soon as possible

v2.15 (2016-06-29)

  • Stop sending Cookies and Body to API server by default
  • Add debug_params option
  • Send Cookies length and Body length to API server
  • Send Authorization length
  • Send Method
  • Send X-Requested-With
  • Send Origin

v2.14 (2016-06-23)

  • Add URL encoding to API call parameters

v2.13 (2016-06-20)

  • Fix crash caused by SSL reconnection to the API Server (double-free error)

v2.12 (2016-06-03)

  • Fix param truncate logic

v2.11 (2016-05-24)

  • Fix Post param size limit

v2.10 (2016-04-25)

  • Stop overwriting Set-Cookie header

v2.9 (2016-04-15)

  • Implement change for the module to not generate ClientID
  • Remove X-DataDome header with module version
  • Add support for X-DataDome-headers from the API response

v2.8 (2016-04-09)

  • Re-call the API server if a call had failed
  • Add setup DATA_DOME_IS_URI_REGEX_MATCHED env
  • Add X-DataDome header with module version

v2.7 (2016-03-31)

  • Fix multiple calls to API Server

v2.6 (2016-03-15)

  • Remove SSL_3 protocol as it is not supported by openssl anymore

v2.5 (2016-01-28)

  • Add fix to re-generate client ID if it shorter or longer than expected

v2.4 (2016-01-08)

  • Fix truncating timestamp for API requests on 32-bit systems

v2.3 (2016-01-06)

  • Fix build on OSX
  • Fix build on old linux where clock_gettime required lrt
  • Fix crash caused by X-Forwarder-For without port
  • Add Set-Cookie to error headers
  • Add DomePostParamLimit
  • Add generated client_id to the request's cookie header
  • Implement fix to send to client API response for 301, 302 and 403
  • Implement fix to send to client location from API response for 301 and 302
  • Implement fix to not trim the timestamp on 32-bit systems

v2.1 (2015-12-02)

  • Implement change for Regex to apply to URL only, and not to MIME anymore
  • Change Regex to case insensitive

V2.0 (2015-11-30)

  • Implement Cookie and session ID
  • Implement change to extract more from Header: Accept, AcceptCharset, AcceptEncoding and AcceptLanguage