The Apache Web Server Project from Apache Software Foundation is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.
Apache is being used since 1995 to host websites. Apache is used on over 40% of all active websites on the internet, making it the most popular web server software in the world.
Apache uses a modular design to provide extendability using modules. By configuring these modules additional features, such as caching, CGI support, SSL/TLS support, Virtual Hosting, and Authentication can be added to the Apache web server.
Apache is able to serve dynamic content from PHP with mod_php and from Java applications with its integration with mod_jk.
Listed below are some common Apache web server statistics.
|Statistics* (as of 2022)||Value|
|Percent used by Top 10k Websites||>48%|
|Usage by Top 100k Websites||>48%|
|Usage by Top 1 Million Websites||>44%|
|Operating system usage distribution||Linux (85%), Windows (11%), Other (4%)|
|Number of major releases||Over 20|
|Security features||SSL/TLS support, authentication, access control|
|Support Resources||Online forums, documentation resources|
Key Apache Web Server Features
Listed below are some key features of the Apache web server:
- Cross-Platform: Apache is cross-platform and can run on BSD, Linux, Windows, and macOS.
- Ease of Use and Configuration: Configuration files are in plain text, which makes them easy to read and modify.
- Load balancing and proxy services: Adds caching support and load balancing feature with available modules.
- Modular Design: With pluggable modules, you can extend the functionality of Apache.
- Security: Support SSL/TSLS with HTTPS transport. Additional security features are available through authentication modules.
- Support for Dynamic Content: Apache can serve dynamic content from PHP and other scripting languages through native modules or through the Fast CGI interfaces.
How to Install Apache Web Server
I have a post that goes through the steps of installing the Apache web server and PHP on Windows. Check that out if you are on Windows.
You can install Apache on Debian-based Linux, such as Ubuntu using the steps listed below. Follow the commands shown below:
sudo apt update; sudo apt install; sudo apt install apache2;
The three lines above will install the Apache web server.
Once it is installed you can open a browser and enter the URL,
http://localhost. The following page will be loaded showing information about Apache.
Apache Web Server Configuration Files
Apache configuration files are located in the folder
/etc/apache2/ on Ubuntu and in the folder
<apache install path>\conf\ on Windows.
On ubuntu following is the list of important files and folders:
apache2.conf: Contain configuration attributes to control server-level configuration variables.
ports.conf: Configure the default HTTP and HTTPS ports that Apache web server listens on.
sites-available: Virtual host configuration files for all available virtual domains.
sites-enabled: Links to active virtual host configuration files in the
On Ubuntu modules are enabled or disable using the commands below.
sudo a2enmod ssl # enables SSL module sudo a2dismod ssl # disables SSL module
On Windows, following is the list of important files and folders:
httpd.conf: This is the main server configuration file similar to
apache2.confon Linux. In this file, you can enable and disable various Apache modules.
extra: The extra folder within the conf folder contains configuration files for SSL and Virtual Hosts.
Securing Apache Web Server
There are multiple strategies that can be used to secure an Apache web server install. Below is a partial list of available options.
|Apache Updates||Keep Apache web server updated with the latest software patches.|
|Authentication and Access Control||With Apache modules there are several options for authentication and access control, such as Basic authentication, Digest authentication, and OAuth authentication. Enable these depending on the needs of your applications.|
|Disable Unused Modules||To reduce the reduce the attack surface of the web server and minimize the risk of vulnerabilities, the unused Apache web server modules should be disabled.|
|Firewall||Use a hardware or software firewall to configure only necessary connections to the web server, and block all other connections.|
|File Permissions||Secure all server executables and configuration files from being accessed and modified by malicious actors.|
|SSL/TLS||Always enable secure website access by using SSL/TLS encrptoin over HTTPS.|
|System Software||In addition to keeping Apache web server up to date, one should also keep the system updated with the latest security patches as well. This provides a secure environment on which Apache can run.|
Troubleshooting Apache Web Server
Issues with Apache can be either external or internal. External issues are based on the evironment and setup where Apache is running, whereas internal issues are likely because of configuration errors and corrupted installs.
Below are some common issues categories.
- Error Messages: Generated during start and execution the error messages provide details of what may be causing the problem. Look in the log files for details.
- Permissions Issues: Permissions issues occur the server tries to access files or folders to which it does not access to. These errors are also sent to the log files.
- Security Issues: Security issues are due to incorrect configuration or unpatched code in the software. Keep up to date on the patches. Access issues can be resolved by looking into configuration files.
- Server Crashes: Apache may crash due to various reasons, such as traffic overload, insufficient memory, or hardware issues. Look into Apache and system logs for errors. Use monitoring tools for automated crash reporting.
- Slow Performance: This is usually due to external factors such as, insufficient resources, misconfigured modules, or excessive traffic. Looking at monitoring information and logs for details.
Check my post on Apache logging to learn how to configure and use different logs.
Alternatives to Apache Web Server
While Apache web server is one of the most widely used web server software, there are other alternatives available depending on your use case. Listed below are some of the most common options available to use instead of the Apache web servers.
- Lighttpd: Lighttpd (pronounced “lighty”) is a lightweight web server that is designed to be fast, secure, and easy to configure. It is optimized for serving static content and can handle dynamic content with FastCGI.
- Nginx: Nginx is a high-performance web server that is fast and has lower resource requirements than Apache web server. Its strength is in serving static content. Similar to Apache it comes with built-in modules, compiled in the executable, providing reverse proxy and caching capability. Many sites also use Nginx as a load balancer. This is a preferred option for websites serving a large user base.
- Microsoft IIS: Microsoft IIS is specifically designed for Windows-based servers. It is tightly integrated with Windows and offers features such as integration with other Microsoft products.
- Open LightSpeed: This is an excellent web server for websites requiring high performance. It features an event-driven architecture with support for dynamic content. It supports popular scripting languages such as PHP, Python, and Ruby.
- Tomcat: Apache Tomcat is a web server and servlet container that is designed to run Java-based web applications. It is used mostly with Java applications to serve dynamic application content. it is not the best option for static file serving.
Each of the server options above provides an alternative to the Apache web server.
Frequently Asked Questions
What is an Apache web server?
Apache web server is open-source software that is widely used for hosting websites. It runs on most operating systems and is easy to use and configure.
You can extend the functionality offered by Apache using Modules.
How does the Apache web server work?
Apache web server works by listening for incoming requests from clients, such as web browsers and mobile applications. In response, it replies back with the requested content.
How do I configure the Apache web server?
You can configure the Apache web server by modifying the text files in the conf folder of the install. On Windows, the configuration files are located in
<install_folder>/conf and on Linux, the configuration files are in
How do I secure the Apache web server?
To secure Apache, it’s important to enable SSL/TLS for secure connections. You can also secure the installation by configuring authentication and access control, using secure file permissions, disabling unused modules, keeping Apache up-to-date, and using a firewall.