I see Backporting mentioned below.
https://access.redhat.com/site/security/updates/backporting/
I'm not sure what they mean by "module". For the example scenario mentioned in the link, it sounds that, in ubuntu, if users only use packages managed by apt, there is no need to backport packages in the sense that RedHat means. Is it so? Thanks.
It's not really about apt, but packages in the Main repository do get backported security fixes throughout the life-cycle of an Ubuntu release. So if you stick to this software, then you won't have to do anything special except install updates as they become available.
The only two exceptions I'm aware of, is Firefox and Thunderbird, which instead of getting backported fixes, are instead upgraded to a newer version.
In other words; the document you refer to, pretty accurately describes what happens in Ubuntu.
There are two backporting in Ubuntu repositories: security backports and normal backports.
Security backports are enabled and installed by default each day. They are provided through the codename-security repository. This are the same as RH backports that you were reading. Others backports are enabled but not installed unless you ask specifically for them, a behaviour that was taken from Debian instead.
The use or not of apt has nothing to do with this fact rather than apt is the one installing them.
This is apache modular system. You can attach modules to change, improve or expand the functionality of apache.
I explained what it the common points of backports between RH and Ubuntu. So in this specific case, it means that since they aren't altering the functionality of apache, just hardening or closing a security hole. Modules depends of the functionality of apache, and business might not like to update their stuff.