Apache Web Server





The Apache HTTP Server is a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. Typically Apache is run on a Unix-like operating system, but it is available for a wide variety of operating systems, including Linux, Novell NetWare, Mac OS-X and Windows. Released under the Apache License, Apache is open-source software.

Share tech news, updates, or what's on your mind.

Sign up to Post

Pretty odd one here I cannot wrap my mind around. I was in the middle of testing a page with a POST form when I discovered that, along with the POST, it was creating a GET query string. I started eliminating JavaScript, etc., until I was down to a basic HTML page structure with no other markup than the form. Still having the problem, I started eliminating things in the form (even the submit button as type="submit") until I came up with the following. This is the entire page:

     <!DOCTYPE html>
    <html lang="en-gb">
        <meta charset="utf-8">
            <input type="hidden" name="foo" value="foo" />
            <button name="Button">Send Message</button>

Open in new window

As you can see, this form should not even submit. Yet, pressing the button will create a url query string in the address bar. This is my dedicated server. My thought is that there must be a MITM listener at work here. This has been tested in different versions of IE, FireFox and Chrome on 5 different computers and one Android phone. The only other possibility that makes sense to me is my network or my ISP. Whatever it is, there has to be something listening somewhere to submit a form that isn't really a legal form. I have not experienced this except on domains on my server.

I should add that there are several domains on this server an I ran this test file on several of them with the same results.
Trying to figure out the best Apache/Php configuration (installed on windows to use for my wordpress site. (currently it gives me err connection reset/ out of memory/ Maximum execution time reached etc..)

my current configuratio

<IfModule mpm_winnt_module>      
      ThreadsPerChild 150
      ListenBackLog   100
      MaxRequestsPerChild 0
    ###ThreadsPerChild          1500
    ###MaxConnectionsPerChild   10000

max_execution_time = 1000
max_input_time = 300
memory_limit = 512M
This is Apache 2.2.17 and it was complied into its own directory.
The Openssl version on the server was 1.0.0.
I installed a newer version 1.0.1g.

Configured the new version to be used by the OS. 'openssl version' and 'which openssl' both show the new version.

However, when I try to add the new security from OpenSSL in the httpd.conf I get this error:

SSLProtocol: Illegal protocol 'TLSv1.2'

...showing that it is still not using updated OpenSSL.
Per Redhat. httpd2.2.17 should support this:

RHEL 6: TLS v1, v1.1, & v1.2 support

You must have at least openssl-1.0.1e-15.el6, httpd-2.2.15-39, and mod_ssl-2.2.15-39 to have support for TLSv1, v1.1, & v1.2.
TLS v1.1 & v1.2 support added to OpenSSL with release of openssl-1.0.1e-15.el6 from RHBA-2013:1585, first shipped in RHEL 6.5.
The ability to specify TLSv1.1 & v1.2 in Apache with SSLProtocol was included in httpd-2.2.15-39, released in RHBA-2014:1386-1.

What needs to be done to do this other than recompiling Apache?
I can't get the rewrite rule correct in order to create pretty url's with pagination.

This is my current rule for listing products within a category:

RewriteRule ^product-category/([a-zA-Z-]+)$ category.php?slug=$1 [NC,L]

Open in new window

The result is something like mysite.com/product-category/shirts

I want the pagination url after clicking on "2" for example, to be

I tried this but it doesn't work and just looks wrong:

RewriteRule ^product-category/([a-zA-Z-]+) category.php?slug=$1/page/([a-zA-Z-]+)$ pagination?=$1 [NC,L]

Open in new window

I get an internal server error.
I suddenly can't seem to access my local websites on my Mac via MAMP. My ddns.log file contains the following:

mamp_dyndns[41389:21445531] DynDNS: [no update] empty username and/or password

Open in new window

I do have my DynDNS username and password stored properly in the MAMP interface, and my DynDNS account is in good standing and is configured as it's always been.

Any help on figuring this out would be appreciated.


I installed/built apache 2.2.x on a Ubuntu, but I want to completely remove Apache now, but having a hard time.   There is an "apache2" folder in "/usr/local/apache2".    Is it simple as just deleting this folder?  If not, what steps can I take to do this?

I've attached an image/screenshot showing the steps I took to install it if that helps.  I haven't configured or modified anything so I do not need to backup anything at all.  I just want it completely gone if possible.
hi guys

So I am going to be installing an SSL certificate on a Linux Amazon EC2. I created the CSR on this instance so I will need to apply the SSL to it to complete the installation.

It is a wildcard SSL certificate. So then I will need to export this SSL certificate and install it on another instance and turn off the other machine. On Windows I know how to export it as a .pfx and install it on another instance, but I don't know how to do this on a Linux machine. It is an amazon EC2 instance.

Are you able to help me accomplish this? What commands do I have to run to export this and then install it again on the new instance?

Thanks for helping
Hi Experts,

I'm wondering how to best log access-logs on Apache while using ProxyPass based on <Location>.

Here are 3 things I have in mind that I'm trying to implement:

  1. I would like to be able to identify the STATUS code Apache received from our application server (ProxyPass) and the STATUS code Apache sent to end-user. I'm not 100% sure how to identify these separate status codes as of now based on %s "<" or ">" redirection possibility on documentation.
  2. I would like to know if it is possible to log the server IP (application server) that processed the request on the backend (ProxyPass), where the response is coming from.
  3. Any recommendation on how to log full headers from REQUEST and RESPONSE headers, including POST data?

This is my current log format:

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%v\" %D \"%{UNIQUE_ID}e\"" custom

And the VHOST has the following config:

ProxyVia Full
ProxyRequests Off
ProxyPreserveHost On

<Location /admin/>
Order deny,allow
Allow from all

On the above ProxyPass IP (, that IP is a server pool from haproxy load balancer, it has 4 servers, so for each request, I can land on a different server in that pool.

Apache version: 2.2.15

Thank you!
hi guys

I'm trying to access an apache web server that I just took a copy of. The external IP is: If you put that into a web browser, then you literally get a 'www' put in front of that IP address.

It's a linux server running apache. I'm not a developer, but could you guide me into looking at where the actual redirect might be occurring and take it out so that putting in the external IP will redirect it to the correct place? I.e. if I put in then that's exactly where it needs to forward to without a www. coming in front of it.

Thanks for helping
Dear Experts,

I have a client who rebuilt his website, and asked us to do some URL redirects for him. but a certain link I get stumped with, I tried encoding, decoding and everything I could think of to make that work, but still it refuses to work!
Site is hosted on cPanel with Apache WebServer, all redirects except for this one works fine.

Original link:

(Cleints says that the %d7 must be part of the matched URL for SEO reasons)

should redirect to

Any help would be greatly appriciated.
Referring to above Struts vulnerability, would an encrypted DB have helped
prevent this data leak/loss?  

Does this Equifax & AXA dl come about by issuing an sql command?

There could be other unknown vulnerabilities yet to be discovered so
wud DB encryption had helped?
We noticed that when we change some data (images for example) in site that is in /var/www directory apache hesitate to apply thouse changes and for some time we see old images when accessing web site from browser. How to force Apache to apply changes immediately? May be the problem is in some Apache caching? If so - can it be disabled somehow?
I have a webapp written in PHP.
I am developing on my Mac, then running the website on my own Ubuntu server on AWS.

How should I be storing date/time in my mysql database???
Currently when I test on my mac all the times are right.... but when i run on my ubuntu server its an hour out.

Ubuntu Server is UTC timezone.

Im confused what I should do.

I want to rewrite an entire directory using htaccess

Examples of original legacy URLs

Open in new window

The new urls would be and rewrote to the original urls
website.com/app/group/id/ //with or without trailing slash
website.com/app/group/id/settings //settings file -> only get param is the group id
website.com/app/group/id/tasks/index.php //Tasks directory
website.com/app/group/id/tasks/task.php?task=taskId //Or website.com/app/group/id/tasks/task.php/taskId
website.com/app/group/id/members/member.php?member=memberId //OR website.com/app/group/id/members/member.php/memberId

Open in new window

There are about 10 -12 directories within the parent directory of "group"

I have successfully created a rewrite condition to accept

using the following condition
RewriteCond %{REQUEST_URI} /app/group/
RewriteRule ^app/group/(\w+)/?$ /app/group/?group=$1 [L]

Open in new window

The problem becomes if i go to any other of the subdirectories within the parent directory of "group"

The group id ("group=id") will ALWAYS be needed with each page

Do i need to create a rewrite rule for each sub-directory?
Is there a way to extract only the group id and leave the remaining url intact (ex: website.com/app/group/id/tasks/task.php?task=5)?
down vote
I am trying to create clean urls by adjusting the .htaccess file

Firstly i want to string out the script type (.php) and then rewrite some of the urls. I have created the following .htaccess file

RewriteEngine on

ErrorDocument  400 /errors.php

RewriteCond %{REQUEST_FILENAME}.php -f   --> Ref A

RewriteRule !.*\.php$ %{REQUEST_FILENAME}.php [QSA,L]

RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteRule ^logged_in/team/(\d+)*$ /logged_in/team/?team=$1 --> Ref B

Open in new window

I have successfully removed the .php from the urls but cannot get the team rewrite to work.

Essentially, i have a url of


Open in new window

i want it to become

website.com/logged_in/team/id/  --> i want it to be able to have query stings after this as (ref B)

Open in new window

Example of a potential page

Open in new window

With regards to reference A. I have been looking at the following tutorial (https://code.tutsplus.com/tutorials/using-htaccess-files-for-pretty-urls--net-6049)

and noticed they included
RewriteCond %{SCRIPT_FILENAME} !-d
RewriteCond %{SCRIPT_FILENAME} !-f

Open in new window

I dont see a problem with the first but would the second counteract ref A? Should these be included as well?

[root@localhost httpd-2.4.27]# ./configure
checking for chosen layout... Apache
checking for working mkdir -p... yes
checking for grep that handles long lines and -e... /bin/grep
checking for egrep... /bin/grep -E
checking build system type... x86_64-pc-linux-gnu
checking host system type... x86_64-pc-linux-gnu
checking target system type... x86_64-pc-linux-gnu
configure: Configuring Apache Portable Runtime library...
checking for APR... no
configure: error: APR not found.  Please read the documentation.
Hi All,
We have a new Tomcat installation and management have asked me to install a SSL certificate on it, I have absolutely no Java/Tomcat experience but it has a plug on it so it falls to me.

I have found several guides online how to accomplish this and followed them to the letter.

The site loads fine but Crome shows a cross through the HTTPS stating its not secure.

I followed the below guides in sequence.
 I then purchased a Certificate from our approved supplier once received I had both the SLL cert and an Intermediate cert I then followed the below to install them.

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
SSLEnabled="true" keystoreFile="C:\Users\Administrator\.keystore" keystorePass="*********"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreType="JKS" />

What I have tried
I have tried adding keyAlias="tomcat" to the xml above but when I do that the site does not load at all.

Im really struggling any help appreciated.


John H
Hi I'm attempting the access the TMDB API using PHP

using the sample script here on my localhost WAMP I get this error

cURL Error #:SSL certificate problem: unable to get local issuer certificate

Open in new window

Running it on a live site works but I don't want to be running test scripts on a website

I have 3 questions

1. How do I solve the SSL certificate problem:?
2. in the CURLOPT_URL line  how do I substitute 'Kate%20Hudson' for $Name?
3. In the output  how do I access the components? I thought it would be $id = $response->{results}{id};

$curl = curl_init();
$Name= "Kate Hudson";
curl_setopt_array($curl, array(
  CURLOPT_URL => "https://api.themoviedb.org/3/search/person?include_adult=false&page=1&query=Kate%20Hudson&language=en-US&api_key=2c8a02fa36fb5299dcd97bbc84609899",

$response = curl_exec($curl);
$err = curl_error($curl);


if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
  $id = $response->{results}{id};
  $name = $response->{results}{name};
  $profile_path = $response->{results}{profile_path};
  echo "<p>  id  [$id] name  [$name] profile_path [$profile_path]</P>";

Open in new window


Open in new window

Apache2 quit working when I was messing with the config files and when I purged it and installed it, it quit working.

After I got it working again PHP wasn't working, so I removed it and reinstalled it and it's still not working.

Then I tried to remove PHP and then remove Apache2. I installed Apache2 then installed PHP and it's not working.

From the terminal

Setting up libapache2-mod-php7.1 (7.1.8-2+ubuntu16.04.1+deb.sury.org+4) ...
dpkg: error processing package libapache2-mod-php7.1 (--configure):
 subprocess installed post-installation script returned error exit status 1
Errors were encountered while processing:
E: Sub-process /usr/bin/dpkg returned an error code (1)
I had my Apache2 running good on my development machine.

I changed some site configurations and started running the noip.com's client, even though this is a production machine, to see if I could access it from the world wide web.

I tried to install it in terminal and came across the following error

brian@brian-XPS-13:~$ sudo service apache2 start
[sudo] password for brian: 
Job for apache2.service failed because the control process exited with error code. See "systemctl status apache2.service" and "journalctl -xe" for details.
brian@brian-XPS-13:~$ sudo apt remove apache2
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages were automatically installed and are no longer required:
  apache2-data apache2-utils
Use 'sudo apt autoremove' to remove them.
The following packages will be REMOVED:
0 upgraded, 0 newly installed, 1 to remove and 121 not upgraded.
After this operation, 501 kB disk space will be freed.
Do you want to continue? [Y/n] y
(Reading database ... 278612 files and directories currently installed.)
Removing apache2 (2.4.18-2ubuntu3.4) ...
Processing triggers for man-db (2.7.5-1) ...
Processing triggers for ufw (0.35-0ubuntu2) ...
brian@brian-XPS-13:~$ sudo apt purge apache2
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following packages were automatically installed and are no longer required:
  apache2-data apache2-utils

Open in new window

While installing tomcat how to know which http free port is free?8080 is always busy occupied by glassfish etc.

any tool or software etc which tells all free and occupied ports on my windows laptop to decide which port to allocate to tomcat?

what is ajp/1.3 conector port 8009 which shows while installing?
please advise
I am running apache 2.2.32 (openssl version 1.0.2k) version with php 5.2.12 (openssl version 0.9.8t ) setup on my server. I have extension=php_openssl.dll uncomment in php.ini ( on correct location of php.ini). I was not able to load the openssl module in phpinfo.

I tried to copy the following two libraries from \php\ext to \windows\system32 folder as well.
1. libeay32.dll
2. ssleay32.dll

Still I could see the openssl reference corresponding to apache where ever apache version is specified on loading but php openssl module is not showing up in phpinfo().

I tried to install latest openssl from openssl website and copy the relevant library folders in both apache and windows\system32 folder to resolve it but the module is not loading. I want to know if i can check if there is any compatibility issues with openssl or I am missing any steps in between.

Can anyone let me help me?

I recently upgraded to a new SSL certificate. My old used to include both the www and naked domains (e.g. https://www.chloedog.org and https://chloedog.org).  But the new certificate only includes the naked domain.  

I'm trying to use a .htaccess redirect so that both are accomplished in one pass.  I've tried a few different things and none work.

The most recent was:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.
RewriteRule ^(.*)$ https://chloedog.org/$1 [R=301,L]
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Open in new window

With the above, the following happens:

http://www.chloedog.org?129  - Works Fine
http://chloedog.org?129 - works fine
https://chloedog.org?129 - works fine
https://www.chloedog.org?129 - I get an "insecure connection" message.

Can you tell me what I'm doing wrong? It is like it looks for the certificate before doing the redirect.
Is it possible to block a state via htacess?  Hypothetical, I am not allowed to business in CA so I want to block the state of CA?
Are there instructions on how to block all countries except the USA via htaccess?
I created an htaccess file in my directory for pma.fivetier.com with the following:

order deny,allow
deny from all
allow from xx.xxx.xxx.xx

Open in new window

When trying to visit from my IP I get a testing 123... page if you visit link above you will see.   If I remove the .htaccess file I have full access again without any problem.  What am I doing wrong?  Do I need to use ipv6 address or something?

Apache Web Server





The Apache HTTP Server is a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. Typically Apache is run on a Unix-like operating system, but it is available for a wide variety of operating systems, including Linux, Novell NetWare, Mac OS-X and Windows. Released under the Apache License, Apache is open-source software.