Apache HTTP Server – Web Server

Apache HTTP Server, commonly referred to as Apache, is the world’s most widely deployed web server software. Since its release in 1995, Apache has powered millions of websites and remains a critical component of internet infrastructure. Developed and maintained by the Apache Software Foundation as an open-source project, Apache continues to serve as the foundation for hosting dynamic web applications, static content, and enterprise systems worldwide.

What is Apache HTTP Server?

Apache HTTP Server is a cross-platform, open-source web server that processes HTTP requests and serves web content to clients. It’s designed to be highly configurable, modular, and extensible, making it suitable for everything from small personal websites to large-scale enterprise deployments serving millions of requests per second.

Key Statistics and Market Position

• Market Share: Powers 30-35% of all active websites globally
• History: Released in 1995, making it nearly 30 years of continuous development
• License: Apache License 2.0 (permissive open-source)
• Platforms: Runs on Linux, Windows, macOS, Unix, and more
• Performance: Handles 10,000+ concurrent connections with proper tuning

Core Features and Capabilities

1. Modular Architecture

Apache’s modular design allows you to load only the functionality you need, reducing memory footprint and improving security. Common modules include:

• mod_ssl: SSL/TLS encryption support
• mod_rewrite: Powerful URL rewriting and redirection
• mod_proxy: Reverse proxy and load balancing
• mod_security: Web application firewall (WAF)
• mod_cache: Content caching for improved performance
• mod_deflate: Gzip compression for bandwidth reduction
• mod_headers: HTTP header manipulation
• mod_php: PHP integration (though PHP-FPM is now preferred)

2. Virtual Host Support

Apache excels at hosting multiple websites on a single server through virtual hosts. You can configure name-based, IP-based, or port-based virtual hosting to serve different domains from one Apache instance.

3. .htaccess Configuration

Apache’s unique .htaccess files allow per-directory configuration without restarting the server. This makes it ideal for shared hosting environments where users need configuration control without root access.

4. MPM (Multi-Processing Modules)

Apache supports multiple processing models:

• prefork: Process-based model (stable, compatible with non-thread-safe modules)
• worker: Hybrid threaded model (better performance, less memory)
• event: Improved threaded model optimized for keep-alive connections

Installation Guide

debian-installation">Ubuntu/Debian Installation

# Update package index
sudo apt update

# Install Apache2
sudo apt install apache2 -y

# Enable Apache to start on boot
sudo systemctl enable apache2

# Start Apache service
sudo systemctl start apache2

# Verify Apache is running
sudo systemctl status apache2

# Check Apache version
apache2 -v

centos-rocky-linux-installation">RHEL/CentOS/Rocky Linux Installation

# Install Apache (httpd package)
sudo dnf install httpd -y

# Enable and start Apache
sudo systemctl enable httpd
sudo systemctl start httpd

# Configure firewall
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

# Verify installation
httpd -v

Fedora Installation

sudo dnf install httpd -y
sudo systemctl enable --now httpd
sudo firewall-cmd --add-service=http --permanent
sudo firewall-cmd --reload

Configuration Deep Dive

Main Configuration File

Apache’s primary configuration file location varies by distribution:

• Ubuntu/Debian: /etc/apache2/apache2.conf
• RHEL/CentOS: /etc/httpd/conf/httpd.conf
• Configuration Test: apachectl configtest

Virtual Host Configuration

Name-Based Virtual Host (recommended):

<VirtualHost *:80>
    ServerName example.com
    ServerAlias www.example.com
    ServerAdmin webmaster@example.com
    
    DocumentRoot /var/www/example.com/public_html
    
    <Directory /var/www/example.com/public_html>
        Options -Indexes +FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>
    
    # Logging
    ErrorLog ${APACHE_LOG_DIR}/example.com-error.log
    CustomLog ${APACHE_LOG_DIR}/example.com-access.log combined
    
    # Security headers
    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set X-Content-Type-Options "nosniff"
    Header always set X-XSS-Protection "1; mode=block"
</VirtualHost>

Enable the virtual host (Ubuntu/Debian):

# Create virtual host config
sudo nano /etc/apache2/sites-available/example.com.conf

# Enable the site
sudo a2ensite example.com.conf

# Reload Apache
sudo systemctl reload apache2

SSL/TLS Configuration with Let’s Encrypt

# Install Certbot
sudo apt install certbot python3-certbot-apache -y

# Obtain and install SSL certificate
sudo certbot --apache -d example.com -d www.example.com

# Auto-renewal test
sudo certbot renew --dry-run

Manual SSL Virtual Host Configuration:

<VirtualHost *:443>
    ServerName example.com
    ServerAlias www.example.com
    
    DocumentRoot /var/www/example.com/public_html
    
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
    
    # Modern SSL configuration
    SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
    SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256
    SSLHonorCipherOrder off
    
    # HSTS (optional but recommended)
    Header always set Strict-Transport-Security "max-age=31536000"
    
    <Directory /var/www/example.com/public_html>
        Options -Indexes +FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>

Performance Tuning

MPM Event Configuration (Recommended)

# /etc/apache2/mods-available/mpm_event.conf

<IfModule mpm_event_module>
    StartServers             4
    MinSpareThreads         25
    MaxSpareThreads         75
    ThreadLimit             64
    ThreadsPerChild         25
    MaxRequestWorkers      200
    MaxConnectionsPerChild   0
</IfModule>

Enable Gzip Compression

# Enable mod_deflate
sudo a2enmod deflate

# Configuration
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
    AddOutputFilterByType DEFLATE application/javascript application/json
    AddOutputFilterByType DEFLATE application/xml application/xhtml+xml
    AddOutputFilterByType DEFLATE image/svg+xml
    
    # Don't compress already-compressed files
    SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png|zip|gz|pdf)$ no-gzip
</IfModule>

Enable Caching

# Enable caching modules
sudo a2enmod cache
sudo a2enmod cache_disk
sudo a2enmod expires
sudo a2enmod headers

# Caching configuration
<IfModule mod_expires.c>
    ExpiresActive On
    
    # Images
    ExpiresByType image/jpeg "access plus 1 year"
    ExpiresByType image/png "access plus 1 year"
    ExpiresByType image/gif "access plus 1 year"
    ExpiresByType image/webp "access plus 1 year"
    
    # CSS and JavaScript
    ExpiresByType text/css "access plus 1 month"
    ExpiresByType application/javascript "access plus 1 month"
    
    # HTML
    ExpiresByType text/html "access plus 0 seconds"
</IfModule>

Reverse Proxy Configuration

Apache can act as a reverse proxy for backend applications:

# Enable proxy modules
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod proxy_balancer
sudo a2enmod lbmethod_byrequests

# Reverse proxy configuration
<VirtualHost *:80>
    ServerName app.example.com
    
    ProxyPreserveHost On
    ProxyPass / http://localhost:3000/
    ProxyPassReverse / http://localhost:3000/
    
    # Timeout configuration
    ProxyTimeout 300
    
    # Error handling
    ErrorLog ${APACHE_LOG_DIR}/app-error.log
    CustomLog ${APACHE_LOG_DIR}/app-access.log combined
</VirtualHost>

Load Balancing Multiple Backend Servers

<VirtualHost *:80>
    ServerName loadbalanced.example.com
    
    <Proxy balancer://mycluster>
        BalancerMember http://backend1.example.com:8080
        BalancerMember http://backend2.example.com:8080
        BalancerMember http://backend3.example.com:8080
        ProxySet lbmethod=byrequests
    </Proxy>
    
    ProxyPass / balancer://mycluster/
    ProxyPassReverse / balancer://mycluster/
</VirtualHost>

Security Hardening

Hide Apache Version Information

# /etc/apache2/conf-available/security.conf

ServerTokens Prod
ServerSignature Off

Disable Directory Listing

<Directory /var/www/html>
    Options -Indexes
</Directory>

Install and Configure ModSecurity (WAF)

# Install ModSecurity
sudo apt install libapache2-mod-security2 -y

# Enable ModSecurity
sudo a2enmod security2

# Copy recommended configuration
sudo cp /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf

# Set to active mode
sudo sed -i 's/SecRuleEngine DetectionOnly/SecRuleEngine On/' /etc/modsecurity/modsecurity.conf

# Install OWASP Core Rule Set
sudo apt install modsecurity-crs -y

# Restart Apache
sudo systemctl restart apache2

Limit Request Size

# Prevent large upload attacks
LimitRequestBody 10485760  # 10MB limit

URL Rewriting with mod_rewrite

Force HTTPS

# .htaccess or VirtualHost config
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

Remove www from URL

RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]

Pretty URLs (WordPress-style)

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

Monitoring and Troubleshooting

Check Apache Status

# Service status
sudo systemctl status apache2

# Test configuration
sudo apachectl configtest

# View loaded modules
apachectl -M

# Check listening ports
sudo netstat -tulpn | grep apache

# Real-time log monitoring
sudo tail -f /var/log/apache2/access.log
sudo tail -f /var/log/apache2/error.log

Enable Server Status Module

# Enable mod_status
sudo a2enmod status

# Configuration
<Location "/server-status">
    SetHandler server-status
    Require ip 127.0.0.1 ::1
    Require ip YOUR_IP_ADDRESS
</Location>

# Access at: http://yourserver/server-status

Common Use Cases

1. LAMP Stack Hosting

Apache excels at hosting PHP applications like WordPress, Drupal, and Laravel. The prefork MPM provides stability for PHP applications, while PHP-FPM offers better performance.

2. Static Website Hosting

Excellent for serving static HTML, CSS, and JavaScript files with built-in caching and compression.

3. Reverse Proxy

Use Apache as a frontend for Node.js, Python, or Java backend applications, handling SSL termination and load balancing.

4. Shared Hosting Environments

Apache’s .htaccess support makes it ideal for shared hosting where users need configuration control without root access.

Apache vs Nginx

Feature	Apache	Nginx
.htaccess Support	Yes (per-directory config)	No (server-level only)
Dynamic Modules	200+ modules available	Fewer, but growing
Static Content	Good (1,000-2,000 req/s)	Excellent (10,000+ req/s)
PHP Integration	Native mod_php support	Requires PHP-FPM
Configuration	Flexible, more complex	Simple, less flexible
Memory Usage	Higher (process-based)	Lower (event-driven)
Best For	Shared hosting, PHP apps	High traffic, static content

Choose Apache When:

• You need .htaccess configuration flexibility
• Running legacy PHP applications
• Shared hosting environment
• Extensive module ecosystem required
• Team familiar with Apache configuration

Choose Nginx When:

• Serving high volumes of static content
• Need best performance and low memory footprint
• Reverse proxy for microservices
• High concurrent connections (10k+)

Download

Apache HTTP Server is available for all major platforms with pre-compiled binaries and source code:

Download Apache HTTP Server

Latest Stable Version: 2.4.58
License: Apache License 2.0
Developer: Apache Software Foundation

Quick Links:
Official Documentation |
GitHub Repository |
Security Reports