Apache HTTP Server, colloquially called Apache, is free and open-source cross-platform web server software, released under the terms of Apache License 2.0. Apache is developed and maintained by an open community of developers under the auspices of the Apache Software Foundation.
The project is jointly managed by a group of volunteers located around the world, using the Internet and the Web to communicate, plan, and develop the server and its related documentation.
Apache HTTP Server is cross-platform, meaning that it is built for Unix-like systems (e.g., macOS, Linux and FreeBSD) as well as Windows. 92% of all Apache HTTPS Server copies run on Linux distributions.
This Project is a collaborative software development effort aimed at creating a robust, commercial-grade, featureful, and freely-available source code implementation of an HTTP (Web) server.
This project is part of the Apache Software Foundation. In addition, hundreds of users have contributed ideas, code, and documentation to the project. Apache Software exists to provide robust and commercial-grade reference implementations of many types of software. It must remain a platform upon which individuals and institutions can build reliable systems, both for experimental purposes and for mission-critical purposes.
Apache HTTP Server Features:
- Loadable Dynamic Modules
- Multiple Request Processing modes (MPMs) including Event-based/Async, Threaded and Prefork.
- Highly scalable (easily handles more than 10,000 simultaneous connections)
- Handling of static files, index files, auto-indexing and content negotiation
- .htaccess support
- Reverse proxy with caching
- Load balancing with in-band health checks
- Multiple load balancing mechanisms
- Fault tolerance and Failover with automatic recovery
- WebSocket, FastCGI, SCGI, AJP and uWSGI support with caching
- Dynamic configuration.
- TLS/SSL with SNI and OCSP stapling support, via OpenSSL.
- Name- and IP address-based virtual servers
- HTTP/2 protocol support
- Fine-grained authentication and authorization access control
- gzip compression and decompression
- URL rewriting
- Headers and content rewriting
- Custom logging with rotation
- Concurrent connection limiting
- Request processing rate limiting
- Bandwidth throttling
- Server Side Includes
- IP address-based geolocation
- User and Session tracking
- Embedded Perl, PHP and Lua scripting
- CGI support
- public_html per-user web-pages
- Generic expression parser
- Real-time status views
- XML support
- SECURITY: CVE-2020-11984 (cve.mitre.org) mod_proxy_uwsgi: Malicious request may result in information disclosure or RCE of existing file on the server running under a malicious process environment.
- SECURITY: CVE-2020-11993 (cve.mitre.org) mod_http2: when throttling connection requests, log statements where possibly made that result in concurrent, unsafe use of a memory pool.
- SECURITY: mod_http2: a specially crafted value for the ‘Cache-Digest’ header request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards.
- mod_proxy_fcgi: Fix build warnings for Windows platform
Changes in Apache HTTP Server 2.4.43:
- mod_ssl: Fix memory leak of OCSP stapling response.
Changes in Apache HTTP Server 2.4.41:
- mod_proxy_balancer: Improve balancer-manager protection against XSS/XSRF attacks from trusted users.
- mod_session: Introduce SessionExpiryUpdateInterval which allows to configure the session/cookie expiry’s update interval. PR 57300.
- modules/filters: Fix broken compilation when using old GCC (<4.2.x). PR 63633.
- mod_ssl: Fix startup failure in 2.4.40 with SSLCertificateChainFile configured for a domain managed by mod_md.
Homepage – https://httpd.apache.org
Size: 8.93 MB