Open-source web server software
The
Apache HTTP Server
(
?-
PATCH
-ee
) is a
free and open-source
cross-platform
web server
software, released under the terms of
Apache License 2.0
. It is developed and maintained by a community of developers under the auspices of the
Apache Software Foundation
.
The vast majority of Apache HTTP Server instances run on a
Linux distribution
,
[5]
but current versions also run on
Microsoft Windows
,
[6]
OpenVMS
,
[7]
and a wide variety of
Unix-like
systems. Past versions also ran on
NetWare
,
OS/2
and other operating systems,
[8]
including ports to mainframes.
[9]
Originally based on the
NCSA HTTPd
server, development of Apache began in early 1995 after work on the NCSA code stalled.
[10]
Apache played a key role in the initial growth of the
World Wide Web
,
[11]
quickly overtaking NCSA HTTPd as the dominant
HTTP
server. In 2009, it became the first web server software to serve more than 100 million
websites
.
[12]
As of March 2022
[update]
,
Netcraft
estimated that Apache served 23.04% of the million busiest websites, while
Nginx
served
22.01%;
Cloudflare
at 19.53% and
Microsoft
Internet Information Services
at 5.78% rounded out the top four. For some of Netcraft's other stats, Nginx is ahead of Apache.
[13]
According to W3Techs' review of all web sites, in June 2022 Apache was ranked second at 31.4% and Nginx first at 33.6%, with Cloudflare Server third at 21.6%.
[14]
Name
[
edit
]
According to
The Apache Software Foundation
, its name was chosen "from respect for the various
Native American
nations collectively referred to as
Apache
, well-known for their superior skills in warfare strategy and their inexhaustible endurance".
[15]
This was in a context in which it seemed that the open internet -- based on free exchange of open source code -- appeared to be soon subjected to a kind of conquer by proprietary software vendor
Microsoft
; Apache co-creator
Brian Behlendorf
-- originator of the name -- saw his effort somewhat parallel that of
Geronimo
, Chief of the last of the free Apache peoples.
[16]
[17]
But it conceded that the name "also makes a cute
pun
on 'a patchy
web server
'?a server made from a series of
patches
".
There are other sources for the "patchy" software pun theory, including the project's official documentation in 1995, which stated: "Apache is a cute name which stuck. It was based on some existing code and a series of software patches, a pun on 'A PAtCHy' server."
[18]
[19]
But in an April 2000 interview, Behlendorf asserted that the origins of Apache were not a pun, stating:
[20]
The name literally came out of the blue. I wish I could say that it was something fantastic, but it was out of the blue. I put it on a page and then a few months later when this project started, I pointed people to this page and said: "Hey, what do you think of that idea?" ... Someone said they liked the name and that it was a really good pun. And I was like, "A pun? What do you mean?" He said, "Well, we're building a
server
out of a bunch of software patches, right? So it's a patchy Web server." I went, "Oh, all right." ... When I thought of the name, no. It just sort of connoted: "Take no prisoners. Be kind of aggressive and kick some ass."
In January 2023, the US-based non-profit Natives in Tech accused the Apache Software Foundation of
cultural appropriation
and urged them to change the foundation's name, and consequently also the names of the software projects it hosts.
[21]
[22]
When Apache is running under
Unix
, its process name is
httpd
, which is short for "HTTP
daemon
".
[23]
Feature overview
[
edit
]
Apache supports a variety of features, many implemented as
compiled
modules
which extend the core functionality. These can range from
authentication
schemes to supporting
server-side
programming languages such as
Perl
,
Python
,
Tcl
and
PHP
. Popular authentication modules include mod_access, mod_auth, mod_digest, and mod_auth_digest, the successor to mod_digest. A sample of other features include
Secure Sockets Layer
and
Transport Layer Security
support (
mod_ssl
), a
proxy
module (
mod_proxy
), a
URL rewriting
module (mod_rewrite), custom log files (mod_log_config), and filtering support (mod_include and mod_ext_filter).
Popular compression methods on Apache include the external extension module, mod_gzip, implemented to help with reduction of the size (weight) of web pages served over
HTTP
.
ModSecurity
is an open source intrusion detection and prevention engine for Web applications. Apache logs can be analyzed through a Web browser using free scripts, such as
AWStats
/
W3Perl
or Visitors.
Virtual hosting
allows one Apache installation to serve many different
websites
. For example, one computer with one Apache installation could simultaneously serve
example.com
,
example.org
,
test47.test-server.example.edu
, etc.
Apache features configurable error messages,
DBMS
-based authentication databases,
content negotiation
and supports several
graphical user interfaces
(GUIs).
It supports password authentication and
digital certificate
authentication. Because the source code is freely available, anyone can adapt the server for specific needs, and there is a large public library of Apache add-ons.
[24]
A more detailed list of features is provided below:
Performance
[
edit
]
Instead of implementing a single architecture, Apache provides a variety of MultiProcessing Modules (MPMs), which allow it to run in either a
process
-based mode, a hybrid (process and
thread
) mode, or an event-hybrid mode, in order to better match the demands of each particular infrastructure. Choice of MPM and configuration is therefore important. Where compromises in performance must be made, Apache is designed to reduce
latency
and increase
throughput
relative to simply handling more requests, thus ensuring consistent and reliable processing of requests within reasonable time-frames.
[
clarification needed
]
For delivering static pages, Apache 2.2 series was considered significantly slower than
nginx
and
varnish
.
[41]
To address this issue, the Apache developers created the Event MPM, which mixes the use of several processes and several threads per process in an
asynchronous
event-based loop
.
[42]
[
clarification needed
]
This architecture as implemented in the Apache 2.4 series performs at least as well as event-based web servers, according to
Jim Jagielski
and other independent sources.
[43]
[44]
[45]
However, some independent but significantly outdated benchmarks show that it is still half as fast as nginx, e.g.
[46]
Licensing
[
edit
]
The Apache HTTP Server
codebase
was
relicensed
to the
Apache 2.0 License
(from the previous 1.1 license) in January 2004,
[47]
and Apache HTTP Server 1.3.31 and 2.0.49 were the first
releases
using the new license.
[48]
The
OpenBSD
project did not like the change and continued the use of pre-2.0 Apache versions, effectively
forking
Apache 1.3.x for its purposes.
[49]
[50]
[51]
They initially replaced it with
Nginx
, and soon after made their own replacement, OpenBSD Httpd, based on the Relayd project.
[52]
[53]
[54]
[55]
Versions
[
edit
]
Version 1.1:
The Apache License 1.1 was approved by the ASF in 2000: The primary change from the 1.0 license is in the 'advertising clause' (section 3 of the 1.0 license); derived products are no longer required to include attribution in their advertising materials, only in their documentation.
Version 2.0:
The ASF adopted the Apache License 2.0 in January 2004. The stated goals of the license included making the license easier for non-ASF projects to use, improving compatibility with GPL-based software, allowing the license to be included by reference instead of listed in every file, clarifying the license on contributions, and requiring a patent license on contributions that necessarily infringe a contributor's own patents.
Development
[
edit
]
Versions of Apache HTTP Server
Version
|
Initial release
|
Latest release
|
Old version, no longer maintained:
1.3
|
1998-06-06
[56]
|
2010-02-03 (1.3.42)
[57]
|
Old version, no longer maintained:
2.0
|
2002-04-06
[58]
|
2013-07-10 (2.0.65)
[59]
|
Old version, no longer maintained:
2.2
|
2005-12-01
[60]
|
2017-07-11 (2.2.34)
[61]
|
Current stable version:
2.4
|
2012-02-21
[62]
|
2024-04-04 (2.4.59)
[63]
|
Legend:
Old version
Older version, still maintained
Latest version
Latest preview version
Future release
|
The Apache HTTP Server Project is a collaborative software development effort aimed at creating a robust, commercial-grade, feature-rich and freely available source code implementation of an HTTP (Web) server. The project is jointly managed by a group of volunteers located around the world, using the Internet and the Web to communicate, plan, and develop the server and its related documentation. This project is part of the Apache Software Foundation. In addition, hundreds of users have contributed ideas, code, and documentation to the project.
[64]
[65]
[66]
Apache 2.4 dropped support for
BeOS
,
TPF
,
A/UX
,
NeXT
, and
Tandem
platforms.
[8]
Security
[
edit
]
Apache, like other server software, can be hacked and exploited. The main Apache attack tool is
Slowloris
, which exploits a bug in Apache software.
[67]
It creates many sockets and keeps each of them alive and busy by sending several bytes (known as "keep-alive headers") to let the server know that the computer is still connected and not experiencing network problems. The Apache developers have addressed Slowloris with several modules to limit the damage caused; the Apache modules mod_limitipconn,
mod_qos
, mod_evasive,
mod security
, mod_noloris, and mod_antiloris have all been suggested as means of reducing the likelihood of a successful Slowloris attack.
[68]
[69]
Since Apache 2.2.15, Apache ships the module mod_reqtimeout as the official solution supported by the developers.
[70]
See also
[
edit
]
References
[
edit
]
- ^
"About the Apache HTTP Server Project"
.
Apache Software Foundation
.
Archived
from the original on 7 June 2008
. Retrieved
2008-06-25
.
- ^
"Apache HTTP Server 2.4.59 Released"
. 4 April 2024
. Retrieved
5 April
2024
.
- ^
"Apache Software Foundation Index: Projects by Programming Language Index"
. Archived from
the original
on 2016-03-02
. Retrieved
2016-02-27
.
- ^
"Compiling and Installing"
.
httpd.apache.org
. The Apache Software Foundation.
Archived
from the original on 7 May 2016
. Retrieved
9 May
2016
.
- ^
"OS/Linux Distributions using Apache"
.
secure1.securityspace.com
.
Archived
from the original on 2018-09-18
. Retrieved
2018-09-17
.
- ^
"Platform Specific Notes - Apache HTTP Server Version 2.4"
.
httpd.apache.org
.
Archived
from the original on 2019-01-22
. Retrieved
2019-01-21
.
- ^
"Secure Web Server"
.
vmssoftware.com
.
Archived
from the original on 2020-10-22
. Retrieved
2020-10-20
.
- ^
a
b
"Upgrading to 2.4 from 2.2"
.
Archived
from the original on 2021-05-10
. Retrieved
2021-05-12
.
Platform support has been removed for BeOS, TPF, and even older platforms such as A/UX, Next, and Tandem. These were believed to be broken anyway.
- ^
"The Apache EBCDIC Port - Apache HTTP Server Version 2.4"
.
httpd.apache.org
.
Archived
from the original on 2019-02-27
. Retrieved
2019-08-16
.
- ^
"About the Apache HTTP Server Project - The Apache HTTP Server Project"
.
httpd.apache.org
. Retrieved
2024-02-08
.
- ^
Netcraft Market Share
Archived
2010-05-20 at the
Wayback Machine
for Top Servers Across All Domains August 1995 - today (monthly updated)
- ^
"February 2009 Web Server Survey"
.
Netcraft
. 18 February 2009.
Archived
from the original on 26 February 2009
. Retrieved
2009-03-29
.
- ^
"March 2022 Web Server Survey"
.
Netcraft News
. 29 March 2022.
Archived
from the original on 2022-05-28
. Retrieved
2022-06-18
.
- ^
"Usage Statistics of Web Servers"
.
w3techs.com
.
Archived
from the original on 2023-07-25
. Retrieved
2022-06-18
.
- ^
"Apache Foundation"
.
www.apache.org
.
Archived
from the original on 13 December 2021
. Retrieved
22 August
2018
.
- ^
"
"Trillions and Trillions Served" documentary feature on The Apache Software Foundation"
. TheApacheFoundation / Youtube. 2020.
Archived
from the original on 2021-11-22.
- ^
"A Foundation of Trust: Building a Blockchain Future : Brian Behlendorf"
. Long Now Foundation / YouTube. 2020-02-10.
Archived
from the original on 2021-11-22.
- ^
"Information on the Apache HTTP Server Project"
. 1997-04-15. Archived from
the original
on April 15, 1997.
- ^
"Apache Server Frequently Asked Questions"
. Archived from
the original
on 1997-01-06
. Retrieved
15 January
2017
.
- ^
McMillan, Robert (15 April 2000).
"Apache Power"
.
Linux Magazine
. Archived from the original on 28 January 2019.
{{
cite web
}}
: CS1 maint: unfit URL (
link
)
- ^
Claburn, Thomas (2023-01-11).
"Native Americans ask Apache foundation to change name"
.
The Register
.
Archived
from the original on 2023-01-12
. Retrieved
2023-01-12
.
- ^
Purdy, Kevin (2023-01-12).
"Indigenous tech group asks Apache Foundation to change its name"
.
Ars Technica
.
Archived
from the original on 2023-01-12
. Retrieved
2023-01-12
.
- ^
"Apache Docs"
.
httpd.apache.org
.
Archived
from the original on 5 September 2018
. Retrieved
22 August
2018
.
- ^
"Apache Web Server"
.
webopedia.com
. 23 March 1998.
Archived
from the original on 12 May 2021
. Retrieved
12 May
2021
.
- ^
"Apache HTTP Server Tutorial: .htaccess files"
. Apache.org.
Archived
from the original on 2016-02-25
. Retrieved
2016-02-19
.
- ^
"mod_proxy"
. Apache.org.
Archived
from the original on 2018-07-29
. Retrieved
2016-02-19
.
- ^
"mod_proxy_balancer"
. Apache.org.
Archived
from the original on 2016-02-13
. Retrieved
2016-02-19
.
- ^
"Balancer Manager"
. Apache.org.
Archived
from the original on 2016-03-04
. Retrieved
2016-02-19
.
- ^
"Authentication and Authorization"
. Apache.org.
Archived
from the original on 2018-01-31
. Retrieved
2016-02-19
.
- ^
"mod_rewrite"
. Apache.org.
Archived
from the original on 2016-02-13
. Retrieved
2016-02-19
.
- ^
"mod_headers"
. Apache.org.
Archived
from the original on 2016-02-21
. Retrieved
2016-02-19
.
- ^
"mod_sed"
. Apache.org.
Archived
from the original on 2016-03-04
. Retrieved
2016-02-19
.
- ^
"mod_substitute"
. Apache.org.
Archived
from the original on 2016-03-04
. Retrieved
2016-02-19
.
- ^
"Apache httpd Tutorial: Introduction to Server Side Includes"
. Apache.org.
Archived
from the original on 2016-02-18
. Retrieved
2016-02-19
.
- ^
"mod_usertrack"
. Apache.org.
Archived
from the original on 2021-05-12
. Retrieved
2021-05-12
.
- ^
"Apache Tutorial: Dynamic Content with CGI"
. Apache.org.
Archived
from the original on 2021-11-15
. Retrieved
2016-02-19
.
- ^
"Per-user web directories"
. Apache.org.
Archived
from the original on 2016-02-16
. Retrieved
2016-02-19
.
- ^
"Expressions in Apache HTTP Server"
. Apache.org.
Archived
from the original on 2016-02-29
. Retrieved
2016-02-19
.
- ^
"mod_status"
. Apache.org.
Archived
from the original on 2016-02-13
. Retrieved
2016-02-19
.
- ^
"Apache Module: mod_ftp"
. Apache.org.
Archived
from the original on 2017-07-10
. Retrieved
2017-07-08
.
- ^
"Serving static files: a comparison between Apache, Nginx, Varnish and G-WAN"
.
Spoot!
. 14 March 2011.
Archived
from the original on 24 April 2014
. Retrieved
23 April
2014
.
- ^
"worker - Apache HTTP Server Version 2.2"
.
apache.org
.
Archived
from the original on 2021-05-10
. Retrieved
2021-05-12
.
- ^
"Apache httpd 2.4"
(PDF)
.
Archived
(PDF)
from the original on 2012-01-27
. Retrieved
2012-02-08
.
- ^
"Picking a Proxy Server"
. 14 April 2014.
Archived
from the original on 3 March 2016
. Retrieved
19 February
2016
.
- ^
"Throughput evaluation of Apache 2.4.1"
. 22 February 2012.
Archived
from the original on 2016-03-02
. Retrieved
2016-02-19
.
- ^
"Performance of Apache 2.4 with the event MPM compared to Nginx"
.
eschrade.com
. 3 January 2014.
Archived
from the original on 13 March 2014
. Retrieved
13 March
2014
.
- ^
"Apache License, Version 2.0"
. The Apache Software Foundation. January 2004.
Archived
from the original on 2013-05-18
. Retrieved
2013-05-21
.
- ^
Burton, Richard Antony.
"FYI: Apache HTTP Server 2.0.49 Released"
.
Newsgroup
:
alt.apache.configuration
. Retrieved
2018-02-16
.
- ^
de Raadt, Theo
(18 February 2004).
"The new apache license"
.
openbsd-misc
(Mailing list)
. Retrieved
2013-05-21
.
- ^
"Copyright Policy"
. OpenBSD.
Archived
from the original on 2017-11-13
. Retrieved
2013-05-12
.
- ^
"apache-httpd-openbsd-1.3.20140502p2 ? OpenBSD improved and secured version of Apache 1.3"
.
OpenBSD ports
.
Archived
from the original on 2015-03-02
. Retrieved
2014-12-28
.
- ^
Marvin, Rob (25 March 2015).
"Inside OpenBSD's new httpd Web server"
.
SD Times
.
Archived
from the original on 12 October 2019
. Retrieved
12 October
2019
.
- ^
"OpenBSD Upgrade Guide: 5.1 to 5.2"
.
openbsd.org
.
Archived
from the original on 2017-12-22
. Retrieved
2014-03-13
.
- ^
jj, ed. (2014-03-14).
"Heads Up: Apache Removed from Base"
.
OpenBSD Journal
.
Archived
from the original on 2014-10-18
. Retrieved
2014-12-29
.
- ^
"OpenBSD Upgrade Guide: 5.5 to 5.6"
.
openbsd.org
.
Archived
from the original on 2014-12-22
. Retrieved
2014-12-29
.
- ^
"Announcement: Apache 1.3.0 Released !"
. 1998-06-06.
Archived
from the original on 2018-12-11
. Retrieved
2015-01-06
.
- ^
"Apache HTTP Server 1.3.42 released (final release of 1.3.x)"
.
apache.org
.
Archived
from the original on 2015-03-11
. Retrieved
2015-01-06
.
- ^
"Official Release: Apache 2.0.35 is now GA"
. 2002-04-06.
Archived
from the original on 2018-12-12
. Retrieved
2015-01-06
.
- ^
"[Announcement] Apache HTTP Server 2.0.65 Released"
.
apache.org
.
Archived
from the original on 2015-07-28
. Retrieved
2015-01-06
.
- ^
"Apache HTTP Server 2.2.0 Released"
. 2005-12-01.
Archived
from the original on 2018-12-12
. Retrieved
2015-01-06
.
- ^
"[Announce] Apache HTTP Server 2.2.34 Released"
.
apache.org
.
Archived
from the original on 2020-08-21
. Retrieved
2019-04-03
.
- ^
"[ANNOUNCEMENT] Apache HTTP Server 2.4.1 Released"
. 2012-02-21.
Archived
from the original on 2021-02-12
. Retrieved
2015-07-17
.
- ^
"Apache HTTP Server 2.4.59 Released"
.
apache.org
.
Archived
from the original on 2017-10-25
. Retrieved
2017-10-25
.
- ^
Documentation Group.
"About the Apache HTTP Server Project - The Apache HTTP Server Project"
.
apache.org
.
Archived
from the original on 2008-06-07
. Retrieved
2021-05-12
.
- ^
"The Apache HTTP Server Open Source Project on Ohloh. (n.d.). Ohloh, the open source network. Retrieved November 12, 2012"
.
Archived
from the original on March 9, 2012
. Retrieved
February 8,
2012
.
- ^
"Chapter 4. The Apache HTTP Server"
.
fedoraproject.org
. Archived from
the original
on 2012-11-25
. Retrieved
2012-12-03
.
- ^
Zdrnja, Bojan (21 June 2009).
"Apache HTTP DoS tool mitigation"
.
SANS Institute
.
Archived
from the original on 12 November 2021
. Retrieved
12 November
2021
.
- ^
"Slowloris HTTP DoS"
. Archived from the original on 26 April 2015
. Retrieved
26 June
2009
.
{{
cite web
}}
: CS1 maint: bot: original URL status unknown (
link
)
- ^
"mod_noloris: defending against DoS"
. niq's soapbox. July 2009.
Archived
from the original on 8 October 2011
. Retrieved
7 January
2012
.
- ^
"mod_reqtimeout"
. Apache.org.
Archived
from the original on 2013-07-03
. Retrieved
2013-07-03
.
External links
[
edit
]
Wikibooks has a book on the topic of:
Apache
|
---|
Top-level
projects
| |
---|
Commons
| |
---|
Incubator
| |
---|
Other projects
| |
---|
Attic
| |
---|
Licenses
| |
---|
|
|
---|
|
Most popular
| |
---|
Other
| |
---|
Retired
| |
---|
|
---|
International
| |
---|
National
| |
---|
Other
| |
---|