Apache Web Server





The Apache HTTP Server is a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. Typically Apache is run on a Unix-like operating system, but it is available for a wide variety of operating systems, including Linux, Novell NetWare, Mac OS-X and Windows. Released under the Apache License, Apache is open-source software.

Share tech news, updates, or what's on your mind.

Sign up to Post

Very strange problem
I have been using xampp in windows 10 for many months - no problems at all
In the last couple of days I have the problem where I try to log into phpmyadmin or any other site on my local webserver which requires a login, chrome browser just hangs
All the sites work in Firefox - no issues

I cannot see where the problem is in Chrome - I know I can recreate the Google chrome Data file and create a new one but I would rather not have to do that as I lose my settings
If I access the site from another pc with Chrome, the sites work just fine

Any ideas
Build an E-Commerce Site with Angular 5
LVL 13
Build an E-Commerce Site with Angular 5

Learn how to build an E-Commerce site with Angular 5, a JavaScript framework used by developers to build web, desktop, and mobile applications.


My company site is currently hosted on windows IIS web server  called  bob.com (for example). I have setup a separate test site that is on a ubuntu apache server hosted on a different cloud provider.
I want to edit the virtual host configuration on my test site (apache) to be a subdomain of my production website. So on the test site it will be test.bob.com. Is it enough/correct way to change the ServerName to bob.com and the ServerAlias to test.bob.com ? The reason I want to edit the virtualhost config is in order that I can put an ssl cert on test.bob.com
Are there any security concerns/ will there be any connection issues?

Thank you.
Recently I had a WordPress site for a friend. He never installed it, and someone installed it and uploaded a file that gave them access to my server.

The server wasn't really important, hence me being sort of lax with the security, but it got me thinking about how I could better secure WordPress installations on personal servers.

I was thinking I could either move the uploads directory outside of the web root. Or I could maybe configure Apache or some settings to where PHP files won't run.

I'm not going to post this on Stack Overflow because it's sort of discussion based. So any help would be appreciated.
I have a problem with the url rewriting in my .htaccess.
I use following lines to remove php extension:
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^ %{REQUEST_URI}.php [L]

Open in new window

Originally my pages where in the document root and the following lines worked great to rewrite urls
RewriteCond %{THE_REQUEST} \s/categoria\?c=(\w+)\s [NC]
RewriteRule ^ /categoria/%1? [R=302,L]

Open in new window

But now I have put my pages in different subfolders accordingly to the chosen language. The main language is spanish and I have a folder 'es' where the spanish pages are. So I changed, or better I tried to change my htaccess to use subfolders:
RewriteCond %{THE_REQUEST} \s/es/categoria\?c=(\w+)\s [NC]
RewriteRule ^ es/categoria/%1? [R=302,L]

Open in new window

This works, because the url is actually rewritten, but it also generates an Internal Server Error. After some investigation I realized that it looks like there are too many redirections and once the limit is reached, Apache raises the error 500. But the suggeted solution to put an exclamation mark to the RewriteCond for files:
RewriteCond %{REQUEST_FILENAME}.php !-f

Open in new window

prevents the removing of the php extension.
Any idea?
Thank you.
How to configure Apache server such that access to the public ip of the server will automatically redirect me to the ./web/index.php

<VirtualHost *:80>
    ServerAdmin mis@abc.com
    ServerName abc.com
    ServerAlias www.abc.com
    DocumentRoot /var/www/html/mec/
    ##ErrorLog /var/www/html/example.com/logs/error.log
    ##CustomLog /var/www/html/example.com/logs/access.log combined

Hi everybody.
In a website I use .htaccess to write SEO friendly url and in the root directory everything works fine.

#first I drop the file extension
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteCond %{REQUEST_URI} ^(.+)\.php$
RewriteRule (.*)\.php$ /$1 [R=301,L]
#RewriteRule ^(.*)$ $1.php [QSA]

# then redirect "/vinos.php?id=xxx" to "/vinos/xxx"
RewriteCond %{THE_REQUEST} \s/vinos\.php\?v=(\w+)\s [NC]
RewriteRule ^ /vinos/%1? [R=301,L]

# internally rewrite "/vinos/xxx" to "/vinos.php?id=xxx"
RewriteRule ^vinos/(\w+)$ /vinos.php?v=$1 [L]

Open in new window

This way, the url mywebsite.com/vinos.php?v=sangre_de_toro becomes mywebsite.com/vinos/sangre_de_toro.
So in the vinos.php I have:
$url = explode("/", ($_SERVER["REQUEST_URI"]));
$vino_querido = end($url);

Open in new window

and then I use the variable $vino_querido in my sql query.

But I have added the support for two other language replicating the website pages in two subfolders 'en' and 'it' (the main langage 'es' is in the root). But in these subfolders the rewriting doesn't work.
The pages have different names, so I have added additional rules to my .htaccess:
RewriteCond %{THE_REQUEST} \s/it/vini\.php\?v=(\w+)\s [NC]
RewriteRule ^ /it/vini/%1? [R=301,L]

RewriteRule ^it/vini/(\w+)$ /it/vini.php?v=$1 [L]

RewriteCond %{THE_REQUEST} \s/en/wines\.php\?v=(\w+)\s [NC]
RewriteRule ^ /en/wines/%1? [R=301,L]

RewriteRule ^en/wines/(\w+)$ /en/wines.php?v=$1 [L]

Open in new window

But this has no effect, the url is not rewritten and the last element of the array $url in the wines.php (and vini.php) is "wines?v=blanco_afrutado" (or "vini?v=blanco_afrutado")
Originally I thought this would be a Wordpress question but now I want to approach this from a different perspective.

I am running a LAMP Stack in AWS using Amazon Linux. I have a company website that is a Wordpress site.

I have six domains that I want to (1) force from HTTP to HTTPS and (2) forward to "https://CompanysSite.com".

The other domains are variants, so, for example I want "http://CompanySite-inc.com" to forward to "https://CompanySite.com". And it's totally okay to have the domain name be changed to "https://CompanysSite.com" from whatever domain it came in on.

Is there a way to do this globally at the Apache level, perhaps using Mod-ReWrite? I just don't know enough about Apache to add that to the script in order to have all traffic sent to "https://CompanySite.com".

Thanks for your help!
Struggling with this in a .htaccess file

the root folder has the following folders


in the spa folder there is a folder called /dist
and in the api folder there is a folder called /api/public/

when somebody types mydomain.com/ it will access the /spa/dist folder and access all the assets under so the page displays
when somebody access the /api folder it will access the /api/public folder

but no redirects it will be rewrites.
Need to install LAMP on AWS.EC2.Ubuntu.t2.micro

I can now successfully SSH into my Ubuntu server and find my folder,


is totally empty.

I consider this a good thing.


I need to install LAMP and then WordPress. (I want MySQL since I have no experience with Maria.)

Please explain the sequence of installations and the commands I need to issue.  Also, if I need to download a file, please provide me the URL.

I already have PHPMyAdmin on my MacBook, but let's worry later about reconfiguring my Mac. Instead, please tell me how to verify each element was installed properly.

Then, once we are all convinced my little AWS Ubuntu host is hosting WordPress, the fun begins and the question on EE will start flying.

Become a Certified Penetration Testing Engineer
LVL 13
Become a Certified Penetration Testing Engineer

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

I'm having an issue (probably trivial) setting up apache under Ubuntu 18.04.2 (if fact I want to run NextCloud 16.0.1 on it).

Apache would not run with the following message:
-- Unit apache2.service has begun starting up.
Jun 19 23:54:35 nextcloud apachectl[10836]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using Set the 'ServerName' directive
Jun 19 23:54:36 nextcloud apachectl[10836]: Action 'start' failed.
Jun 19 23:54:36 nextcloud apachectl[10836]: The Apache error log may have more information.
Jun 19 23:54:36 nextcloud systemd[1]: apache2.service: Control process exited, code=exited status=1
Jun 19 23:54:36 nextcloud systemd[1]: apache2.service: Failed with result 'exit-code'.
Jun 19 23:54:36 nextcloud systemd[1]: Failed to start The Apache HTTP Server.
-- Subject: Unit apache2.service has failed
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
-- Unit apache2.service has failed.
-- The result is RESULT.
Jun 19 23:54:36 nextcloud sshd[10869]: Did not receive identification string from port 54010

Open in new window

yet my config file has a ServerName directive as follows
<VirtualHost *:443>
    Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
    # Header always set Referrer-Policy "strict-origin"
    SSLEngine on

ServerAdmin it@domain.com
ServerName mycloud.domain.com
#    ServerAlias subdomain.example.com


Open in new window

we installed tomcat apache in windows server in -C:\   ,  Drive.
For better management we planning to move to D: Drive.

Please advise the steps needed to achive for the same
For tomcat Apache server. How to convert Java JMX Agent Insecure Configuration to Secure one,
Kindly advice the steps in
Session variables:

I have a web page which uses session variables to submit details to my database
The website is running on my localhost (http://loalhost:888/......)
I have forwarded traffic through my router to this site which works
I appreciate this is not in a production environment so it is not an issue at the moment - just a question

If I access the website using the external dns address through the router to the internal address, and if I submit a webpage form which uses session variables to be submitted to the database, these variables are not being entered. All the other form fields are entered as expected
If I use the website on the pc which hosts the website (apache), ie internally, the session variables are entered with no problem

I was just wondering why the session variables are not being entered when the website is accessed externally
There seems to be some sort of mysterious redirection going on when i try to access the site at

A static file, such as http://fostamells.technojeeves.com/license.txt comes out fine but the attempt to access the homepage seems to land on a page of the company that hosts technojeeves.com. I really can't see why. Is it Wordpress doing this or what (after all it does say X-Redirect-By: WordPress)? I've attached a wget debug log of the attempt to get the homepage
MAMP Expires in one week?

I got a message that the full-working demo will expire...

What does that mean?

I really do not want to pay $69 for an installation I made as a simple test-bed for WordPress and PowerPress. I plan to host the podcast in a few weeks.

What will I not be able to do once this demo has expired?

Can I simply register?

I start by saying that I'm not an Apache expert, so I'll do my best for describe the strange (IMHO) thing happen.
Before all, here's the result of a telnet to the problematic site served by an Apache (IP & address are fantasy names):

telnet www.problematicsite.com 80


Connected to www.problematicsite.com.

Escape character is '^]'.

GET / HTTP/1.0

HTTP/1.1 302 Found

Server: Apache-Coyote/1.1

Set-Cookie: JSESSIONID=30A1322E0051FE076012575109C79528; Path=/; HttpOnly

Location: http://localhost:1701/problematicsite_library/libweb/action/feRedirect.do

Content-Type: text/html

Content-Length: 0

Vary: Accept-Encoding

Date: Mon, 03 Jun 2019 06:46:36 GMT

Connection: close

Set-Cookie: sto-id-%3FSaaS-A_prod%3FPMTEU02.prod.problematicsite.1701-sg=FGHIBAAK; Expires=Thu, 31-May-2029 06:46:37 GMT; Path=/

Connection closed by foreign host.

Open in new window

Regarding the feRedirect.do 'file' it is indeed not supposed to have any contents it only provides http headers to tell the browser to redirect to a different location using the below header:

Location: /problematicsite.com/libweb/action/search.do?vid=39UDN_VIEW

Theoretically it's all perfect but....in some (apparently random) client PCs I can't use the http://www.problematicsite.com url because these machines permits only the download of the zero-byte "feRedirect.do" file without a correct redirection!!
I've made some tests with the web admins and we're sure that the cause of this is NOT on the PCs clients  but in the Apache server.
Sadly the web admins doesn't understand the cause...any clue?
We're going to run a webservice to receive messages from one client. We are required to use mutual TLS. The client did send us the certificate he will use to connect to our webservice. (it needs to be this certificate) Our environment is Nginx+Apache+PHP.

My question is: what is the best way to do this? How can I let Nginx or Apache require a client certificate and trust this particular certificate? Or should I do this in PHP. What's the best approach?
Hi Experts,

I upgraded Apache 2.2 to 2.4, used as a proxy.

Here an example for one VH :

<VirtualHost *:80>
        Servername apps-dev.contoso.com

        <Location />
                Order Deny,Allow
                Include conf-ip/allowed-ip-contoso.conf

        ProxyPass /
        ProxyPassReverse /

Open in new window

How to have the correct syntax with the "require" command?  

I tried Required ip... but not working.
How can we replace "Include conf-ip/allowed-ip-contoso.conf" with the correct syntax?
I tried Required ip conf-ip/allowed-ip-contoso.conf... but not working.

EDIT1 : Include working! But the problem come from the allowed-ip-contoso.conf :

Order deny,allow

Deny from all

## ALLOW IP ##
Allow from
Allow from
Allow from
Allow from
Allow from

What is the correct syntax for 2.4?

Thank you
Exploring ASP.NET Core: Fundamentals
LVL 13
Exploring ASP.NET Core: Fundamentals

Learn to build web apps and services, IoT apps, and mobile backends by covering the fundamentals of ASP.NET Core and  exploring the core foundations for app libraries.

I have 2 servers with:
1. API - linux apache
2. C# Console app (calls the API and returns the result)
They are both on our servers in our control

Even though this question is focused on C# console APP, there might be some other limitation i'm not considering, so have tagged this question in multiple topics

My goal is to call API 500 times a sec from one machine, currently its not even close, and I think its due to lack of concurrent connections to API.

When hitting API from console app, we are seeing in the region of these figures for response time on API result
 - 350ms when on WAN,
-  150ms on LAN

Not using console app -  from API server directly
-  56ms (using terminal session and running script to call the http API directly)

These are the detailed stats when hitting the API directly from itself (56ms option above)
From the Apache test:

Concurrency Level:      100
[b]*Time taken for tests:   24.612 seconds*[/b]
Complete requests:      *50,000*
Failed requests:        0
Non-2xx responses:      50000
Keep-Alive requests:    0
Total transferred:      33050000 bytes
HTML transferred:       18450000 bytes
Requests per second:    2031.56 [#/sec] (mean)
[b]*Time per request:       49.223 [ms] (mean)*[/b]
[b]*Time per request:       0.492 [ms] (mean, across all concurrent requests)*[/b]

Open in new window

So according to these results it can handle a very acceptable amount,  using concurrent connections, albeit internally - (2,031 per second, which is…
Win 10 64 bit
Apache 2.2
PHP v (unknown)
Microsoft SQL Serve 2008 r2 Express
Dreamweaver CC 2019

Ehem… I have little experience with PHP, but I can fumble around "reading" it, I can't program it.

Using Dreamweaver, I attempted to create a php test server with this locally hosted and previously functioning web back office.
I have since backed this out and will be attempting to use another machine on the network as the testing server.
Back office (web) comes with Point of Sale software. POS Software is functioning fine as WAS the back office until... my Dreamweaver experiment.

Since the attempted test server setup, and after a successful (not using Live View) Chrome localhost login I’m getting this:
"http://localhost/OCPOS/OCPOS/login.php" and the error of The requested URL /OCPOS/OCPOS/login.php was not found on this server.
The second "OCPOS" should not exist at all, and the file was never present to begin with, so why is it being requested?
I should be seeing a dashboard, and I'm not.

This login problem only happened after I mapped the files with Dreamweaver in site setup; again I have since backed this out.

Localhost – login file path:
C:\OCPOS\htdocs index.php - passes the request "header("location: OCPOS/login.php");"

login.php file path:
C:\OCPOS\htdocs\OCPOS - login.php (which looks to run a check on the user name and pword by a call to another "settings" file)
“login.php” also requests these
I have a php file that is excue a .sh command:
  echo exec('/var/www/html/disable.sh');

the .sh file command is:
sudo  cp /var/www/html/1.cfg /var/www/html/2.cfg

when I run it from ssh from root user account using
php /var/www/html/disable.php the /sh work fine
when I runt it from browser is not working !
so what I have to do ?
I try to use this guide https://github.com/zmartzone/mod_auth_openidc/wiki/Azure-OAuth-2.0-and-OpenID-Connect to enable authentification on a directory in Apache.

I have a Running site where SSL/PHP and everything else works.

A part of my .conf file for this site looks now like this.


OIDCProviderMetadataURL https://sts.windows.net/hiddenc123-5ahiddensds-b3f2-sds22/.well-known/open$
OIDCRedirectURI https://mysite.com/test2/

OIDCClientID hidden123123123
OIDCClientSecret Test
OIDCCryptoPassphrase hiddenasdasdasdasd

OIDCScope "openid email"

OIDCRemoteUserClaim email

<Location /var/www/mysite/html/test>
    SSLOptions +StdEnvVars

    AuthType openid-connect
    require valid-user

    Options Includes FollowSymLinks
    AllowOverride AuthConfig Limit
    Order allow,deny
    Allow from all

Then I did service apache2 restart
When I run apachectl configtest I get no error regarding mod_auth_openidc. So I think this module is correctly installed.

But no authentification is enabled on the folder that I would like to protect. Also no error messages appears in webbrowser.

I now have some questions:

I expect an error message when it not works? So it must be something wrong? Or somthing that is not correctly activated?

What is OIDCRedirectURI? Do I need some PHP code for this? Is that not the url that I would like to protect? (https://mysite.com/test2/)

Where can I …
I have included the following 2 pages in my index page:

This page has this line: include("includes/fusioncharts.php");

This page also has this line: include("includes/fusioncharts.php");

I get the following:
Fatal error: Cannot redeclare class FusionCharts in C:\xampp\htdocs\Development\Inventas\Sites\Charts\MyPHPDatabaseExamples\includes\fusioncharts.php on line 3

How can I avoid this error and get both includes showing on the index page
Upgrading Apache Tomcat on a Coldfusion 10 server.  Our company recently revived a security notification about a possible vulnerability. The vulnerability is called CVE-2019-0232 . The recommendation is to upgrade from our current Tomcat to Tomcat version 7.0.94

Does anybody know if doing a manual upgrade is possible on Coldfusion 10 on Windows? Or is it best to wait for Adobe to release a patch? I'm skeptical that Adobe will do much about this anytime soon.

Apache Web Server





The Apache HTTP Server is a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. Typically Apache is run on a Unix-like operating system, but it is available for a wide variety of operating systems, including Linux, Novell NetWare, Mac OS-X and Windows. Released under the Apache License, Apache is open-source software.