A module is an optional software component that adds a specific function, protocol, or processing rule to a larger system. In web servers like NGINX, modules can enable features such as HTTP/3 handling, rewrite logic, compression, authentication, or upstream protocol support.
Modules matter in cyber security because they expand the attack surface and can change how a program parses, forwards, or filters traffic. A flaw may exist only in one enabled module, one build option, or one custom extension, which is why defenders must verify the exact package and module set running in production. Attackers often look for buggy or rarely used modules to trigger memory corruption, request-smuggling behavior, or parsing confusion. In defense, reviewing loaded modules, disabling unneeded ones, and comparing build flags with vendor packages can reduce risk and make vulnerability assessments more precise.



