Apache HTTP Server


The Apache HTTP Server, colloquially called Apache, is a free and open-source cross-platform web server software, released under the terms of Apache License 2.0. Apache is developed and maintained by an open community of developers under the auspices of the Apache Software Foundation.
The vast majority of Apache HTTP Server instances run on a Linux distribution, but current versions also run on Microsoft Windows and a wide variety of Unix-like systems. Past versions also ran on OpenVMS, NetWare, OS/2 and other operating systems, including ports to mainframes.
Originally based on the NCSA HTTPd server, development of Apache began in early 1995 after work on the NCSA code stalled. Apache played a key role in the initial growth of the World Wide Web, quickly overtaking NCSA HTTPd as the dominant HTTP server, and has remained most popular since April 1996. In 2009, it became the first web server software to serve more than 100 million websites., Netcraft estimated that Apache served 29.12% of the million busiest websites, while Nginx served 25.54%; according to W3Techs, Apache served 39.5% of the top 10 million sites and Nginx served 31.7%.

Name

A number of explanations for the origin of the Apache name have been offered over the years.
From the inception of the Apache project in 1995 the official documentation stated:
In an April 2000 interview, Brian Behlendorf, one of the creators of Apache said:
Since 2013 the Apache Foundation has explained the origin of the name as:
When Apache is running under Unix, its process name is, which is short for "HTTP daemon".

Feature overview

Apache supports a variety of features, many implemented as compiled modules which extend the core functionality. These can range from authentication schemes to supporting server-side programming languages such as Perl, Python, Tcl and PHP. Popular authentication modules include mod_access, mod_auth, mod_digest, and mod_auth_digest, the successor to mod_digest. A sample of other features include Secure Sockets Layer and Transport Layer Security support, a proxy module, a URL rewriting module, custom log files, and filtering support.
Popular compression methods on Apache include the external extension module, mod_gzip, implemented to help with reduction of the size of web pages served over HTTP. ModSecurity is an open source intrusion detection and prevention engine for Web applications. Apache logs can be analyzed through a Web browser using free scripts, such as AWStats/W3Perl or Visitors.
Virtual hosting allows one Apache installation to serve many different websites. For example, one computer with one Apache installation could simultaneously serve example.com, example.org, test47.test-server.example.edu, etc.
Apache features configurable error messages, DBMS-based authentication databases, content negotiation and supports several graphical user interfaces.
It supports password authentication and digital certificate authentication. Because the source code is freely available, anyone can adapt the server for specific needs, and there is a large public library of Apache add-ons.
A more detailed list of features is provided below:
Instead of implementing a single architecture, Apache provides a variety of MultiProcessing Modules, which allow it to run in either a process-based mode, a hybrid mode, or an event-hybrid mode, in order to better match the demands of each particular infrastructure. Choice of MPM and configuration is therefore important. Where compromises in performance must be made, Apache is designed to reduce latency and increase throughput relative to simply handling more requests, thus ensuring consistent and reliable processing of requests within reasonable time-frames.
For delivering static pages, Apache 2.2 series was considered significantly slower than nginx and varnish. To address this issue, the Apache developers created the Event MPM, which mixes the use of several processes and several threads per process in an asynchronous event-based loop. This architecture as implemented in the Apache 2.4 series performs at least as well as event-based web servers, according to Jim Jagielski and other independent sources. However, some independent but significantly outdated benchmarks show that it is still half as fast as nginx, e.g.

Licensing

The Apache HTTP Server codebase was relicensed to the Apache 2.0 License in January 2004, and Apache HTTP Server 1.3.31 and 2.0.49 were the first releases using the new license.
The OpenBSD project did not like the change and continued the use of pre-2.0 Apache versions, effectively forking Apache 1.3.x for its purposes. They initially replaced it with Nginx, and soon after made their own replacement, OpenBSD Httpd, based on the relayd project.

Versions

Version 1.1:
The Apache License 1.1 was approved by the ASF in 2000: The primary change from the 1.0 license is in the 'advertising clause' ; derived products are no longer required to include attribution in their advertising materials, only in their documentation.
Version 2.0:
The ASF adopted the Apache License 2.0 in January 2004. The stated goals of the license included making the license easier for non-ASF projects to use, improving compatibility with GPL-based software, allowing the license to be included by reference instead of listed in every file, clarifying the license on contributions, and requiring a patent license on contributions that necessarily infringe a contributor's own patents.

Development

The Apache HTTP Server Project is a collaborative software development effort aimed at creating a robust, commercial-grade, feature-rich and freely available source code implementation of an HTTP server. The project is jointly managed by a group of volunteers located around the world, using the Internet and the Web to communicate, plan, and develop the server and its related documentation. This project is part of the Apache Software Foundation. In addition, hundreds of users have contributed ideas, code, and documentation to the project.
Apache 2.4 dropped support for BeOS, TPF and even older platforms.

Security

Apache, like other server software, can be hacked and exploited. The main Apache attack tool is Slowloris, which exploits a bug in Apache software. It creates many sockets and keeps each of them alive and busy by sending several bytes to let the server know that the computer is still connected and not experiencing network problems. The Apache developers have addressed Slowloris with several modules to limit the damage caused; the Apache modules mod_limitipconn, mod_qos, mod_evasive, mod security, mod_noloris, and mod_antiloris have all been suggested as means of reducing the likelihood of a successful Slowloris attack. Since Apache 2.2.15, Apache ships the module mod_reqtimeout as the official solution supported by the developers.