*all* the module entries get cleared by the
ClearModuleList.
I believe the point of this somewhat convoluted load/clear/add
procedure is for the static modules to end up in the right spots in
the module list relative to all the DSOs, rather than all bunched up
at one end, since the order does matt
all authentication requests to go through the encrypted side so
> the passwords is never passed in plain text.
We do this via an old-fashioned 403 handler on the unencrypted side
that returns a 302 redirect to an https URL. The vhost for the
encrypted side overrides the 403 handler with our stan
