The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. Official Apache OpenOffice download page. Join the OpenOffice revolution, the free office productivity suite with over 310 million trusted downloads.
What is Apache Web Server?
Apache HTTP Server is a free and open-source web server that delivers web content through the internet. It is commonly referred to as Apache and after development, it quickly became the most popular HTTP client on the web. It’s widely thought that Apache gets its name from its development history and process of improvement through applied patches and modules but that was corrected back in 2000. It was revealed that the name originated from the respect of the Native American tribe for its resiliency and durability.
Now, before we get too in depth on Apache, we should first go over what a web application is and the standard architecture usually found in web apps.
Apache Web Application Architecture
Apache is just one component that is needed in a web application stack to deliver web content. One of the most common web application stacks involves LAMP, or Linux, Apache, MySQL, and PHP.
Linux is the operating system that handles the operations of the application. Apache is the web server that processes requests and serves web assets and content via HTTP. MySQL is the database that stores all your information in an easily queried format. PHP is the programming language that works with apache to help create dynamic web content.
While actual statistics may vary, it’s fair to say a large portion of web applications run on some form of the LAMP stack because it is easy to build and also free to use. For the most part, web applications tend to generally have similar architecture and structure even though they serve many different functions and purposes. Most web applications also benefit from Firewalls, Load Balancers, Web Servers, Content Delivery Networks, and Database Servers.
Firewalls help protect the web application from both external threats and internal vulnerabilities depending on where the firewalls are configured. Load Balancers help distribute traffic across the web servers which handle the HTTP(S) requests (this is where Apache comes in) and application servers (servers that handle the functionality and workload of the web app.) We also have Database Servers, which handle asset storage and backups. Depending on your infrastructure, your database and application can both live on the same server although it’s recommended to keep those separate.
Easily monitor and troubleshoot Apache web activity
Gain better insight into systems infrastructure, and your clients and customers' interactions with your website and applications.
Web Server Landscape
The internet is comprised of many different technologies and not all of them are the same. While Apache is arguably one of the most popular web servers out there on the net, there are many other players and the landscape is always changing. Back in the late 90s and early 2000s, Apache’s dominance was very strong, serving over 50% of the internet's active websites. Microsoft's IIS (Internet Information Services) was also an option but not nearly as popular.
Today, Apache still serves a large portion of the active websites but their share of the field has shrunk from 50% to just under 40% as of 2018 and NGINX, a relatively new player to the web server playing field, is in second place with roughly 35% and Microsoft IIS hovering around 8-10%. Every year there’s a new crop of web applications with new stacks and servers so the landscape is always changing.
Why Apache Web Servers?
Apache is considered open source software, which means the original source code is freely available for viewing and collaboration. Being open source has made Apache very popular with developers who have built and configured their own modules to apply specific functionality and improve on its core features. Apache has been around since 1995 and is responsible as a core technology that helped spur the initial growth of the internet in its infancy.
One of the pros of Apache is its ability to handle large amounts of traffic with minimal configuration. It scales with ease and with its modular functionality at its core, you can configure Apache to do what you want, how you want it. You can also remove unwanted modules to make Apache more lightweight and efficient.
Some of the most popular modules that can be added are SSL, Server Side Programming Support (PHP), and Load Balancing configs to handle large amounts of traffic. Apache can also be deployed on Linux, MacOS, and Windows. If you learn how to configure Apache on Linux, you can administer Apache on Windows and Mac. The only difference would be directory paths and installation processes.
Features of Apache Web Server
- Handling of static files
- Loadable dynamic modules
- Compatible with IPv6
- Supports HTTP/2
- FTP connections
- Gzip compression and decompression
- Bandwidth throttling
- Perl, PHP, Lua scripts
- Load balancing
- Session tracking
- URL rewriting
- Geolocation based on IP address
Apache Http Server Latest Version
How does Apache Web Server Work?
Apache functions as a way to communicate over networks from client to server using the TCP/IP protocol. Apache can be used for a wide variety of protocols, but the most common is HTTP/S. HTTP/S or Hyper Text Transfer Protocol (S stands for Secure) is one of the main protocols on the web, and the one protocol Apache is most known for.
HTTP/S is used to define how messages are formatted and transmitted across the web, with instructions for browsers and servers on how to respond to various requests and commands. Hypertext Transfer Protocol Secure is usually through port 443 with the unsecured protocol being through port 80.
The Apache server is configured via config files in which modules are used to control its behavior. By default, Apache listens to the IP addresses configured in its config files that are being requested. This is where one of Apaches many strengths come into play.
With the Listen directive, Apache can accept and route specific traffic to certain ports and domains based on specific address-port combination requests. By default, Listen runs on port 80 but Apache can be bound to different ports for different domains, allowing for many different websites and domains to be hosted and a single server. You can have domain1.com listening on port 80, domain2.com on port 8080 and domain3.com on port 443 using HTTPS all on Apache.
Once a message reaches its destination or recipient, it sends a notice, or ACK message, basically giving acknowledgment to the original sender that their data has successfully arrived. If there’s an error in receiving data, or some packets were lost in transit, the destination host or client sends a Not Acknowledged, or NAK message, to inform the sender that the data needs to be retransmitted.
Who Uses Apache Web Server?
Apache HTTP web servers are used by over 67% of all web servers in the world. Apache web servers are easy to customize environments, they’re fast, reliable, and highly secure. This makes Apache web servers a common choice by best-in-class companies.
Alternatives for Apache HTTP Server
While Apache web servers are very popular, they’re not the only web servers on the market. Below are a number of alternatives for Apache HTTP servers.
- Apache Tomcat
- Microsoft IIS
Apache HTTP Server vs Tomcat
Simply put, Apache HTTP server is a web server designed to serve static web pages. Whereas, Apache Tomcat is an application server built to serve java applications. Web pages can still be served through Apache Tomcat, but it will be less efficient than using an Apache HTTP server.
Conclusion: Apache Web Server
Throughout the last few decades, Apache has proven to be a staple in many popular stacks and the backbone of the early internet year. While it’s popularity is declining and the options of web server choices are increasing, Apache still plays a pivotal role in many technology stacks and companies system infrastructure. Even with new technologies and servers coming out nonstop, Apache is still a technology every developer should learn how to handle and configure.
Easily monitor and troubleshoot Apache web activity
Sumo Logic helps you identify root issues, decrease downtime, increase availability, and improve overall system performance and user experience.
Apache is the most commonly used Web server on Linux systems. Web servers are used to serve Web pages requested by client computers. Clients typically request and view Web pages using Web browser applications such as Firefox, Opera, Chromium, or Internet Explorer.
Users enter a Uniform Resource Locator (URL) to point to a Web server by means of its Fully Qualified Domain Name (FQDN) and a path to the required resource. For example, to view the home page of the Ubuntu Web site a user will enter only the FQDN:
To view the community sub-page, a user will enter the FQDN followed by a path:
The most common protocol used to transfer Web pages is the Hyper Text Transfer Protocol (HTTP). Protocols such as Hyper Text Transfer Protocol over Secure Sockets Layer (HTTPS), and File Transfer Protocol (FTP), a protocol for uploading and downloading files, are also supported.
Apache Web Servers are often used in combination with the MySQL database engine, the HyperText Preprocessor (PHP) scripting language, and other popular scripting languages such as Python and Perl. This configuration is termed LAMP (Linux, Apache, MySQL and Perl/Python/PHP) and forms a powerful and robust platform for the development and deployment of Web-based applications.
The Apache2 web server is available in Ubuntu Linux. To install Apache2:
At a terminal prompt enter the following command:
Apache2 is configured by placing directives in plain text configuration files. These directives are separated between the following files and directories:
apache2.conf: the main Apache2 configuration file. Contains settings that are global to Apache2.
httpd.conf: historically the main Apache2 configuration file, named after the httpd daemon. In other distributions (or older versions of Ubuntu), the file might be present. In Ubuntu, all configuration options have been moved to apache2.conf and the below referenced directories, and this file no longer exists.
conf-available: this directory contains available configuration files. All files that were previously in
/etc/apache2/conf.dshould be moved to
conf-enabled: holds symlinks to the files in
/etc/apache2/conf-available. When a configuration file is symlinked, it will be enabled the next time apache2 is restarted.
envvars: file where Apache2 environment variables are set.
mods-available: this directory contains configuration files to both load modules and configure them. Not all modules will have specific configuration files, however.
mods-enabled: holds symlinks to the files in
/etc/apache2/mods-available. When a module configuration file is symlinked it will be enabled the next time apache2 is restarted.
ports.conf: houses the directives that determine which TCP ports Apache2 is listening on.
sites-available: this directory has configuration files for Apache2 Virtual Hosts. Virtual Hosts allow Apache2 to be configured for multiple sites that have separate configurations.
sites-enabled: like mods-enabled,
sites-enabledcontains symlinks to the
/etc/apache2/sites-availabledirectory. Similarly when a configuration file in sites-available is symlinked, the site configured by it will be active once Apache2 is restarted.
magic: instructions for determining MIME type based on the first few bytes of a file.
In addition, other configuration files may be added using the Include directive, and wildcards can be used to include many configuration files. Any directive may be placed in any of these configuration files. Changes to the main configuration files are only recognized by Apache2 when it is started or restarted.
The server also reads a file containing mime document types; the filename is set by the TypesConfig directive, typically via
/etc/apache2/mods-available/mime.conf, which might also include additions and overrides, and is
/etc/mime.types by default.
This section explains Apache2 server essential configuration parameters. Refer to the Apache2 Documentation for more details.
Apache2 ships with a virtual-host-friendly default configuration. That is, it is configured with a single default virtual host (using the VirtualHost directive) which can be modified or used as-is if you have a single site, or used as a template for additional virtual hosts if you have multiple sites. If left alone, the default virtual host will serve as your default site, or the site users will see if the URL they enter does not match the ServerName directive of any of your custom sites. To modify the default virtual host, edit the file
The directives set for a virtual host only apply to that particular virtual host. If a directive is set server-wide and not defined within the virtual host settings, the default setting is used. For example, you can define a Webmaster email address and not define individual email addresses for each virtual host.
If you wish to configure a new virtual host or site, copy that file into the same directory with a name you choose. For example:
Edit the new file to configure the new site using some of the directives described below.
The ServerAdmin directive specifies the email address to be advertised for the server’s administrator. The default value is [email protected] This should be changed to an email address that is delivered to you (if you are the server’s administrator). If your website has a problem, Apache2 will display an error message containing this email address to report the problem to. Find this directive in your site’s configuration file in /etc/apache2/sites-available.
The Listen directive specifies the port, and optionally the IP address, Apache2 should listen on. If the IP address is not specified, Apache2 will listen on all IP addresses assigned to the machine it runs on. The default value for the Listen directive is 80. Change this to 127.0.0.1:80 to cause Apache2 to listen only on your loopback interface so that it will not be available to the Internet, to (for example) 81 to change the port that it listens on, or leave it as is for normal operation. This directive can be found and changed in its own file,
To study phenothiazine-induced catatonia in rats 5. The given sacrifice pdf free download. To study the anti-inflammatory property of indomethacin against carrageenan-induced acute experimnetal oedema in rats 5.
The ServerName directive is optional and specifies what FQDN your site should answer to. The default virtual host has no ServerName directive specified, so it will respond to all requests that do not match a ServerName directive in another virtual host. If you have just acquired the domain name
mynewsite.comand wish to host it on your Ubuntu server, the value of the ServerName directive in your virtual host configuration file should be
mynewsite.com. Add this directive to the new virtual host file you created earlier (
You may also want your site to respond to
www.mynewsite.com, since many users will assume the www prefix is appropriate. Use the ServerAlias directive for this. You may also use wildcards in the ServerAlias directive.
For example, the following configuration will cause your site to respond to any domain request ending in .mynewsite.com.
The DocumentRoot directive specifies where Apache2 should look for the files that make up the site. The default value is /var/www/html, as specified in
/etc/apache2/sites-available/000-default.conf. If desired, change this value in your site’s virtual host file, and remember to create that directory if necessary!
Enable the new VirtualHost using the a2ensite utility and restart Apache2:
Be sure to replace mynewsite with a more descriptive name for the VirtualHost. One method is to name the file after the ServerName directive of the VirtualHost.
Similarly, use the a2dissite utility to disable sites. This is can be useful when troubleshooting configuration problems with multiple VirtualHosts:
This section explains configuration of the Apache2 server default settings. For example, if you add a virtual host, the settings you configure for the virtual host take precedence for that virtual host. For a directive not defined within the virtual host settings, the default value is used.
The DirectoryIndex is the default page served by the server when a user requests an index of a directory by specifying a forward slash (/) at the end of the directory name.
For example, when a user requests the page
http://www.example.com/this_directory/, he or she will get either the DirectoryIndex page if it exists, a server-generated directory list if it does not and the Indexes option is specified, or a Permission Denied page if neither is true. The server will try to find one of the files listed in the DirectoryIndex directive and will return the first one it finds. If it does not find any of these files and if Options Indexes is set for that directory, the server will generate and return a list, in HTML format, of the subdirectories and files in the directory. The default value, found in
/etc/apache2/mods-available/dir.confis “index.html index.cgi index.pl index.php index.xhtml index.htm”. Thus, if Apache2 finds a file in a requested directory matching any of these names, the first will be displayed.
The ErrorDocument directive allows you to specify a file for Apache2 to use for specific error events. For example, if a user requests a resource that does not exist, a 404 error will occur. By default, Apache2 will simply return a HTTP 404 Return code. Read
/etc/apache2/conf-available/localized-error-pages.conffor detailed instructions for using ErrorDocument, including locations of example files.
By default, the server writes the transfer log to the file
/var/log/apache2/access.log. You can change this on a per-site basis in your virtual host configuration files with the CustomLog directive, or omit it to accept the default, specified in
/etc/apache2/conf-available/other-vhosts-access-log.conf. You may also specify the file to which errors are logged, via the ErrorLog directive, whose default is
/var/log/apache2/error.log. These are kept separate from the transfer logs to aid in troubleshooting problems with your Apache2 server. You may also specify the LogLevel (the default value is “warn”) and the LogFormat (see
/etc/apache2/apache2.conffor the default value).
Some options are specified on a per-directory basis rather than per-server. Options is one of these directives. A Directory stanza is enclosed in XML-like tags, like so:
The Options directive within a Directory stanza accepts one or more of the following values (among others), separated by spaces:
ExecCGI - Allow execution of CGI scripts. CGI scripts are not executed if this option is not chosen.
Most files should not be executed as CGI scripts. This would be very dangerous. CGI scripts should kept in a directory separate from and outside your DocumentRoot, and only this directory should have the ExecCGI option set. This is the default, and the default location for CGI scripts is
Includes - Allow server-side includes. Server-side includes allow an HTML file to include other files. See Apache SSI documentation (Ubuntu community) for more information.
IncludesNOEXEC - Allow server-side includes, but disable the #exec and #include commands in CGI scripts.
Indexes - Display a formatted list of the directory’s contents, if no DirectoryIndex (such as index.html) exists in the requested directory.
For security reasons, this should usually not be set, and certainly should not be set on your DocumentRoot directory. Enable this option carefully on a per-directory basis only if you are certain you want users to see the entire contents of the directory.
Multiview - Support content-negotiated multiviews; this option is disabled by default for security reasons. See the Apache2 documentation on this option.
SymLinksIfOwnerMatch - Only follow symbolic links if the target file or directory has the same owner as the link.
This section explains some basic apache2 daemon configuration settings.
LockFile - The LockFile directive sets the path to the lockfile used when the server is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or USE_FLOCK_SERIALIZED_ACCEPT. It must be stored on the local disk. It should be left to the default value unless the logs directory is located on an NFS share. If this is the case, the default value should be changed to a location on the local disk and to a directory that is readable only by root.
PidFile - The PidFile directive sets the file in which the server records its process ID (pid). This file should only be readable by root. In most cases, it should be left to the default value.
User - The User directive sets the userid used by the server to answer requests. This setting determines the server’s access. Any files inaccessible to this user will also be inaccessible to your website’s visitors. The default value for User is “www-data”.
Unless you know exactly what you are doing, do not set the User directive to root. Using root as the User will create large security holes for your Web server.
Group - The Group directive is similar to the User directive. Group sets the group under which the server will answer requests. The default group is also “www-data”.
Apache2 is a modular server. This implies that only the most basic functionality is included in the core server. Extended features are available through modules which can be loaded into Apache2. By default, a base set of modules is included in the server at compile-time. If the server is compiled to use dynamically loaded modules, then modules can be compiled separately, and added at any time using the LoadModule directive. Otherwise, Apache2 must be recompiled to add or remove modules.
Ubuntu compiles Apache2 to allow the dynamic loading of modules. Configuration directives may be conditionally included on the presence of a particular module by enclosing them in an <IfModule> block.
You can install additional Apache2 modules and use them with your Web server. For example, run the following command at a terminal prompt to install the Python 3 WSGI module:
The installation will enable the module automatically, but we can disable it with
And then use the
a2enmod utility to re-enable it:
/etc/apache2/mods-available directory for additional modules already available on your system.
mod_ssl module adds an important feature to the Apache2 server - the ability to encrypt communications. Thus, when your browser is communicating using SSL, the
https:// prefix is used at the beginning of the Uniform Resource Locator (URL) in the browser navigation bar.
mod_ssl module is available in apache2-common package. Execute the following command at a terminal prompt to enable the
Apache Httpd 2.4.18 Exploit
There is a default HTTPS configuration file in
/etc/apache2/sites-available/default-ssl.conf. In order for Apache2 to provide HTTPS, a certificate and key file are also needed. The default HTTPS configuration will use a certificate and key generated by the
ssl-cert package. They are good for testing, but the auto-generated certificate and key should be replaced by a certificate specific to the site or server. For information on generating a key and obtaining a certificate see Certificates.
To configure Apache2 for HTTPS, enter the following:
/etc/ssl/private are the default locations. If you install the certificate and key in another directory make sure to change SSLCertificateFile and SSLCertificateKeyFile appropriately.
With Apache2 now configured for HTTPS, restart the service to enable the new settings:
Apache Httpd Ab
Depending on how you obtained your certificate you may need to enter a passphrase when Apache2 starts.
You can access the secure server pages by typing
https://your_hostname/url/ in your browser address bar.
Sharing Write Permission
For more than one user to be able to write to the same directory it will be necessary to grant write permission to a group they share in common. The following example grants shared write permission to
/var/www/html to the group “webmasters”.
These commands recursively set the group permission on all files and directories in
/var/www/html to allow reading, writing and searching of directories. Many admins find this useful for allowing multiple users to edit files in a directory tree.
Apache Https Ubuntu
apache2 daemon will run as the
www-data user, which has a corresponding
www-data group. These should not be granted write access to the document root, as this would mean that vulnerabilities in Apache or the applications it is serving would allow attackers to overwrite the served content.
Apache Httpd Configuration
Apache2 Documentation contains in depth information on Apache2 configuration directives. Also, see the apache2-doc package for the official Apache2 docs.
O’Reilly’s Apache Cookbook is a good resource for accomplishing specific Apache2 configurations.
For Ubuntu specific Apache2 questions, ask in the #ubuntu-server IRC channel on freenode.net.
Last updated 1 year, 10 days ago. Help improve this document in the forum.