The Apache HTTP Server Project

Essentials

  • About
  • License
  • FAQ
  • Security
    Reports

    • Download!

  • from a mirror

    • Documentation

  • Apache 1.3
  • Apache 2.0

    • Get Involved

  • Mailing Lists
  • Bug Reports
  • Developer Info

    • Subprojects

  • Docs
  • Test
  • Flood
  • libapreq
  • Modules

    • Miscellaneous

  • Contributors
  • Awards
  • Support
    Webring
    • The Number One HTTP Server On The Internet

    The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards.

    Apache has been the most popular web server on the Internet since April of 1996. The October 2003 Netcraft Web Server Survey found that more than 64% of the web sites on the Internet are using Apache, thus making it more widely used than all other web servers combined.

    The Apache HTTP Server is a project of the Apache Software Foundation.

    Want to try out the Apache HTTP Server?

    Great! We have updated our download page in an effort to better utilize our mirrors. We hope that by making it easier to use our mirrors that we will be able to provide a better download experience.

    Please ensure that you verify your downloads using PGP or MD5 signatures!

    Apache 2.0.52 Released

    The Apache HTTP Server Project is proud to announce the release of version 2.0.52 of the Apache HTTP Server ("Apache").

    This version of Apache is principally a bug fix release. Of particular note is that 2.0.52 addresses one new security related flaw introduced in 2.0.51:

    Fix merging of the Satisfy directive, which was applied to the surrounding context and could allow access despite configured authentication.
    [CAN-2004-0811]

    For further details, see the announcement.

    Download | New Features in Apache 2.0 | ChangeLog for 2.0.52 | ChangeLog for 2.0

    Apache 1.3.31 Released

    The Apache Group is pleased to announce the release of the 1.3.31 version of the Apache HTTP Server.

    This version of Apache is principally a security and bug fix release. Of particular note is that 1.3.31 addresses and fixes the following 4 security related issues:

    In mod_digest, verify whether the nonce returned in the client response is one we issued ourselves. This problem does not affect mod_auth_digest. [CAN-2003-0987 (cve.mitre.org)]

    Escape arbitrary data before writing into the errorlog.
    [CAN-2003-0020 (cve.mitre.org)]

    Fix starvation issue on listening sockets where a short-lived connection on a rarely-accessed listening socket will cause a child to hold the accept mutex and block out new connections until another connection arrives on that rarely-accessed listening socket.
    [CAN-2004-0174 (cve.mitre.org)]

    Fix parsing of Allow/Deny rules using IP addresses without a netmask; issue is only known to affect big-endian 64-bit platforms
    [CAN-2003-0993 (cve.mitre.org)]

    Download | Apache for Win32 | New Features in Apache 1.3 | ChangeLog for 1.3.31

    Copyright © 1999-2004, The Apache Software Foundation