Customizing Apache for Windows
- Apache Web Server Linux
- Apache Web Server Windows
- Apache Web Server Not Working
- Nginx Web Server
- Apache Web Server Download
Apache is configured by the files in the conf
subdirectory. These are the same files used to configure the Unix version, but there are a few different directives for Apache on Windows. See the directive index for all the available directives.
The Apache HTTP server is a software (or program) that runs in the background under an appropriate operating system, which supports multi-tasking, and provides services to other applications that connect to it, such as client web browsers. The issue was that my.domain.com is a different ip than was configured in the virtual hosts. As server uses 2 IPs. So apache was answering on 443, but could not connect a website to the connection. Matched the IP all is good.
The main differences in Apache for Windows are:
Because Apache for Windows is multithreaded, it does not use a separate process for each request, as Apache can on Unix. Instead there are usually only two Apache processes running: a parent process, and a child which handles the requests. Within the child process each request is handled by a separate thread.
The process management directives are also different:
MaxConnectionsPerChild
: Like the Unix directive, this controls how many connections a single child process will serve before exiting. However, unlike on Unix, a replacement process is not instantly available. Use the defaultMaxConnectionsPerChild 0
, unless instructed to change the behavior to overcome a memory leak in third party modules or in-process applications.Warning: The server configuration file is reread when a new child process is started. If you have modifiedhttpd.conf
, the new child may not start or you may receive unexpected results.ThreadsPerChild
: This directive is new. It tells the server how many threads it should use. This is the maximum number of connections the server can handle at once, so be sure to set this number high enough for your site if you get a lot of hits. The recommended default isThreadsPerChild 150
, but this must be adjusted to reflect the greatest anticipated number of simultaneous connections to accept.The directives that accept filenames as arguments must use Windows filenames instead of Unix ones. However, because Apache may interpret backslashes as an 'escape character' sequence, you should consistently use forward slashes in path names, not backslashes.
While filenames are generally case-insensitive on Windows, URLs are still treated internally as case-sensitive before they are mapped to the filesystem. For example, the
<Location>
,Alias
, andProxyPass
directives all use case-sensitive arguments. For this reason, it is particularly important to use the<Directory>
directive when attempting to limit access to content in the filesystem, since this directive applies to any content in a directory, regardless of how it is accessed. If you wish to assure that only lowercase is used in URLs, you can use something like:When running, Apache needs write access only to the logs directory and any configured cache directory tree. Due to the issue of case insensitive and short 8.3 format names, Apache must validate all path names given. This means that each directory which Apache evaluates, from the drive root up to the directory leaf, must have read, list and traverse directory permissions. If Apache2.4 is installed at C:Program Files, then the root directory, Program Files and Apache2.4 must all be visible to Apache.
Apache for Windows contains the ability to load modules at runtime, without recompiling the server. If Apache is compiled normally, it will install a number of optional modules in the
Apache2.4modules
directory. To activate these or other modules, theLoadModule
directive must be used. For example, to activate the status module, use the following (in addition to the status-activating directives inaccess.conf
):Information on creating loadable modules is also available.
Apache can also load ISAPI (Internet Server Application Programming Interface) extensions such as those used by Microsoft IIS and other Windows servers. More information is available. Note that Apache cannot load ISAPI Filters, and ISAPI Handlers with some Microsoft feature extensions will not work.
When running CGI scripts, the method Apache uses to find the interpreter for the script is configurable using the
ScriptInterpreterSource
directive.Since it is often difficult to manage files with names like
.htaccess
in Windows, you may find it useful to change the name of this per-directory configuration file using theAccessFilename
directive.Any errors during Apache startup are logged into the Windows event log when running on Windows NT. This mechanism acts as a backup for those situations where Apache is not yet prepared to use the
error.log
file. You can review the Windows Application Event Log by using the Event Viewer, e.g. Start - Settings - Control Panel - Administrative Tools - Event Viewer.
If you host a website, chances are good that you are running either Apache or Internet Information Services (IIS). Depending on the data source, they are two of the most common web server platforms, comprising a virtual triumvirate with Nginx for control of the market.
They each also have their passionate supporters and haters. In fact, IIS vs. Apache flame wars are many times really spillover or proxy tirades of ‘Microsoft vs. Linux’. A compare-and-contrast exercise between the two web servers should be as objective as possible, which is what we’ll try and do here and not get drawn into personal preferences and emotional-laden outbursts.
What is IIS?
IIS (Internet Information Services) is Microsoft’s web server offering, playing second fiddle to market leader Apache. As is expected of a core Microsoft product, it only runs and is bundled on Windows operating systems, but is otherwise free for use. It is a closed software product and supported by solely by Microsoft. Although development is not as open and quick as the open-source user-supported nature of Apache, a behemoth like Microsoft can throw formidable support and development resources at its products, and IIS has fortunately benefitted from this. Actually it is one of the few Microsoft products that even its detractors (grudgingly) agree can stand toe-to-toe with its open source rival and even trounce it soundly in some areas. There is a lite version called IIS Express that has been installable as a standalone freeware server from Windows XP SP3 onwards. But this version only supports http and https.
Solid feature, performance and security improvements over the years have meant that IIS has steadily improved and gained ground and market share on Apache. Security has been one area of significant gain, making huge leaps from the days of IIS 6.0’s vulnerability to the infamous Code Red worm. All has not been perfect however; for instance IIS historically experienced poor support for PFS (Perfect Forward secrecy) – a property of key cryptography that ensures a long-term key will not be compromised if a single component session key is compromised or broken. Still, the IIS-Apache security comparison may not be fair to IIS. IIS vulnerability may also be largely blamed on its operating system parent since most malware targets Windows, and Linux (Apache’s main choice of OS) is itself an offshoot of the inherently iron-clad Unix OS.
Like Apache, IIS also utilizes external web extensions to implement some features. For example FTP publishing, application request routing, media services and URL rewriting are all new features introduced in IIS 7.5 via extensions. And IIS offers strong support for the Microsoft products .NET (framework) and ASPX (scripting), so if your website relies heavily on these, IIS is a clear frontrunner as a choice of web server. And IIS offers in-depth diagnostic tools such as failed request tracing, request monitoring and runtime data, in addition to virtual hosting support. But a major concern is that choosing IIS necessitates also picking Windows, with its attendant high cost and security implications compared to Linux.
IIS is reported as being slightly behind Apache in terms of performance. However, these results are tainted because the underlying operating system environment cannot be equalized in order to set an equal base. IIS is inextricably tied with Windows (for example IIS can easily pass and receive process threads from the Windows OS), and Apache simply cannot perform as well there. But both Apache and IIS are still handily beaten in terms of performance by the Nginx web server.
Apache Web Server Linux
What is Apache?
Apache, or to use its full royal title The Apache HTTP web server, is an open source Web server application managed by the Apache Software Foundation. The server software is freely distributed, and the open source license means users can edit the underlying code to tweak performance and contribute to the future development of the program – a major source of its beloved status among its proponents. Support, fixes and development are handled by the loyal user community and coordinated by the Apache Software Foundation.
Although Apache will run on all major operating systems, it is most frequently used in combination with Linux. These two, combined with MySQL database and PHP scripting language, comprise the popular LAMP Web server solution.
Apache used to command a huge lead in the web server market, but this has changed over the years. According to a 2019 Netcraft survey, IIS and Apache are now virtually tied for market share of installations, at 28.4% and 26.1%, respectively. However, that’s not the whole story, as Apache has a big lead on the measure of “active sites,” with 30.99% compared to just 6.21% for IIS, suggesting that many IIS installations are on sites that are not actively used, such as default demo sites set up internally and never used.
Apache Web Server Windows
Feature-wise, Apache boasts an impressive repertoire. Many features are implemented as compiled modules to extend the core functionality. These can range from server-side programming language support to authentication schemes. Some common language interfaces support Perl, Python, Tcl, and PHP. Popular authentication modules include mod_access, mod_auth, mod_digest, and mod_auth_digest, the successor to mod_digest. A sample of other features include Secure Sockets Layer and Transport Layer Security support (mod_ssl), a proxy module (mod_proxy), a URL rewriter (mod_rewrite), custom log files (mod_log_config), and filtering support (mod_include and mod_ext_filter). Apache also supports virtual hosting, which enables one machine to host and simultaneously server several different websites, and a number of good, well-developed GUI interfaces. Another notable feature is web page compression to reduce their size over http. This is also achieved by an external module, one called mod_gzip. And security is one of Apache’s noted strengths.
When it comes to performance, conventional wisdom has it that Apache is just OK, a bit better than IIS but quite a bit slower than its main open-source rival Nginx. This has been borne out by objective tests. Though by no means slow for most general tasks, Apache is still held back by two of its main features:
- Feature bloat: Apache is frequently compared to MS Word – an extremely feature-rich application in which 90% of users only use about 10% of the features on a regular basis.
- Apache is a process-based server, unlike many of its rivals that are event-based or asynchronous in nature. In a process-based server, each simultaneous connection requires a separate thread and this incurs significant overhead. An asynchronous server, on the other hand, is event-driven and handles requests in a single or very few threads.
Does IIS or Apache have better performance?
Apache has good performance out of the box, however, performance tuning is essential to optimize the server, whether you are hosting on premises or in the cloud using services like Google Cloud or Microsoft Azure. Because the Apache HTTP Server comes with a ton of features, many of which you won’t need for serving your own application, you should eliminate modules and features you don’t need. This will improve application speed and enhance Apache’s overall performance.
To enhance the scalability of your application, you can host Apache together with the Nginx web server as a reverse proxy. Apache’s process-based model handles each request in a separate thread. This yields slower results that Nginx’s event-based asynchronous request processing. With Nginx as a reverse proxy, Nginx serves static files quickly and passes data processing to Apache, then returns the result to the client. This configuration yields such fast results that it has become a defacto gold standard for hosting web applications.
IIS is the golden standard of serving applications on Windows Server 2019 and other Windows Server versions. The web server is tightly integrated with the Windows operating system and Microsoft’s .NET framework, also known as Dot NET framework. Recent updates to IIS, such as IIS 8.0, IIS 8.5, and IIS 10.0, have included enhancements such as Idle worker-Process page-out and improved gzip compression for better performance. Perhaps even more so than Apache, Microsoft IIS suffers from its own share of feature bloat, but this makes available a wide set of modules to support enterprise level deployments that need robust features like granular logging and load balancing.
Does IIS or Apache have better security?
While IIS has made strides in security in recent years, it has suffered over the years from the general state of security in the Windows ecosystem. Hackers spend a good deal of their efforts exploiting and breaching Windows due to its popularity, and this has naturally exposed IIS deployments as well. Linux servers, as noted by ComputerWorld, have benefitted from an open source model that means more eyes on the code, improving critical aspects such as security. Apache deployments, while perceived as being more secure, are no panacea for keeping web applications safe. Since Apache is so commonly deployed, it comes with its own set of security challenges.
This means you should be vigilant concerning security, whether you choose to go with the Apache web server or choose to deploy on IIS. You might not have much leeway concerning your selection of web server anyway, for example if you are developing your application in ASP.NET or .NET MVC, running on Microsoft IIS will simplify your development and deployment.
Hardening both IIS and Apache involves making tradeoffs between security and ease of use, portability, and, sometimes, performance.
These are some steps you can take to harden your IIS web server installation:
- Disable 'directory browsing'
- Put web content on a non-system partition
- Configure application pool identity for application pools
- Disable WebDAV to prevent remote web content authoring
- Restrict sensitive features to authenticated principals
- Require SSL for “forms authentication”
- ...and more, this is just a start, ideally you should have a standard hardening checklist for new IIS installs
Apache requires just as much attention when it comes to hardening, and these steps should provide security one step above the default configuration:
- Update your Apache install from the Linux repositories for the latest security patches
- Set “mod_log_config” to monitor client requests and web accesses
- Turn on ModSecurity to prevent SQL injection and other malicious activity
- Prevent brute force attacks and DDoS with Mod_evasive
- Delete unused and out of date modules to reduce potential for hacks
As with IIS, the security of your Apache installation can be greatly enhanced by working with consistent, well-architectured security best practices. Given the potential for breaches of all kinds in the data center, taking steps to secure your infrastructure takes precedence.
How do IIS and Apache differ in licensing costs and enterprise support?
Apache is an iconic open source web server, with a proud history stretching more than 20 years in the open source community. Licensed under a standard Apache Software Foundation Apache 2.0 License, the web server is both free to use, distribute, and modify, without being subject to royalties or other license fees. Given this permissive licensing, which the server has in common with other critical software projects from the Apache Software Foundation, it has seen vibrant adoption and contributor participation in the open source world. Apache consistently holds the lead among the most popular web servers and has inspired imitators such as OpenBSD’s Httpd web server.
Licensing for IIS Server is much more complex, and will cost you more, too. IIS Server Express can be downloaded for free from Microsoft’s downloads site. This version is optimized for developers, and lets you develop and test your application on a lite version of the production IIS server. To fully test your code and features like SMTP in your staging environments , however, you will need an IIS Server license so you can run IIS Server. This comes with Windows Server, and can cost from $500 to over $6,000 depending on the Windows Server version and number of cores in your deployment.
Is IIS or Apache easier to use?
Thanks to its handy graphical user interface and improvements to the software over the years, IIS Server, despite its many features and services, is easy to use on a day to day basis. As a Microsoft server, IIS integrates seamlessly with other Microsoft tools such as MSSQL Server and Visual Studio. The Microsoft community is large, with numerous forums where you can get support, in addition to the wide ecosystem of vendors and certified Windows IT solutions experts. On the other hand, the proprietary nature of IIS has resulted in a product tightly interwoven into the Windows ecosystem. While this makes it easy to integrate into your other Windows tech, it does come with a cost regarding portability. This will rule it out if you want a solution that works seamlessly across operating systems and with mixing and matching of technology providers. web server.
Licensing for Apache is much simpler, and more permissive. There is no direct licence cost for the use, modification, or redistribution of the software. The open source nature of the Apache server has resulted in a product that works well with various technologies on UNIX-like systems including Linux and Mac. Notably, Apache’s cross-platform support extends to Windows as well. Apache is not only extremely stable, with a history of use in web hosting at some of the biggest tech players, but it keeps things flexible to support your stack. For example, you can just as easily run Python or PHP scripts using the CGI interface or deploy advanced web frameworks such as Django. This portability across tech stacks and operating systems makes it easier to stick with Apache when changing your deployment OS.
Conclusion
Both Apache and IIS have their pros and cons as outlined above. Determining which one to use is determined by several factors: IIS must be bundled with Windows but Apache does not have big-name corporate support, Apache has excellent security but does not offer IIS’s excellent .NET support. And so on. The final choice may well be a compromise dictated by whichever solution meets as many of your must-have needs as possible. The table summary below may also help.
Apache Web Server Not Working
Features | IIS | Apache |
Supported OS | Windows | Linux, Unix, Windows, macOS |
User support & fixes | Corporate support | Community support |
Cost | Free, but bundled with Windows | Completely free |
Development | Closed, proprietary | Open source |
Security | Excellent | Good |
Performance | Good | Good |
Market share | 32% | 42% |
Protect your business from data breaches
Nginx Web Server
At UpGuard, we can protect your business from data breaches, identify all of your data leaks, and help you continuously monitor the security posture of all your vendors.
Apache Web Server Download
CLICK HERE to get your FREE security rating now!