Apache Web Server





The Apache HTTP Server is a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. Typically Apache is run on a Unix-like operating system, but it is available for a wide variety of operating systems, including Linux, Novell NetWare, Mac OS-X and Windows. Released under the Apache License, Apache is open-source software.

Share tech news, updates, or what's on your mind.

Sign up to Post

I am on an Amazon Linux 2 AMI running Apache 2 and I need a software solution for security.  I have been told mod_security isn't a good choice.  So does anyone have experience with the AWS Waf?  If so, what rules are you using?

Or, do you have another idea altogether?

On my previous instance I used fail2ban but I found the bots could outsmart fail2ban so hopefully someone will have a better choice.

Let me clarify my biggest  problems are postfix issues, stopping ddos, bots running up and down my site stealing bandwidth, clicking on every link and having numerous disk i/o's which I have to pay for.

By the way, I am not interested in using another AMI due to the complexity of my existing AMI.
I have installed apache tomcat 7.0.90 on my windows 8 64bit system. This is how I have configured my tomcat-users.xml -

<?xml version='1.0' encoding='utf-8'?>
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at


  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  See the License for the specific language governing permissions and
  limitations under the License.
  NOTE:  By default, no user is included in the "manager-gui" role required
  to operate the "/manager/html" web application.  If you wish to use this app,
  you must define such a user - the username and password are arbitrary. It is
  strongly recommended that you do NOT use one of the users in the commented out
  section below since they are intended for use with the examples web
  NOTE:  The sample user and role entries below are intended for use with the
  examples web application. They 

Open in new window

I need to upload a Wordpress theme and I am getting the message that I am exceeding the max_filesize.  I have change php.in, restarted Apache and still I get the same error.

These are the settings I have changed:

file_uploads = On

Open in new window

Please tell me what to fix.


I have wamp version  3.1.3  i have multiple website and everything work fine ....
i want to enable lets encrypt certificate on on of website:
i do the following steps:
on httpd:
oadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
on vhsot file:
<VirtualHost *:80>
 ServerName mydomain.com
 ServerAlias www.mydomain.com
 DocumentRoot "c:/mywebsites/www.mydomain.com"
 <Directory  "c:/mywebsites/www.mydomain.com/">
  Options Indexes FollowSymLinks
        AllowOverride all
        Order Deny,Allow
        Allow from all
        Require all granted
 ErrorLog "logs/mydomain.com-error.log"
 CustomLog "logs/mydomain.com-access.log" common
 Alias /.well-known c:/mywebsites/www.mydomain.com/.well-known
and download the last package of  letsencrypt-win-simple
the run the letsencyprt file as admin
press m the 1 then mydomain.com then  4  then 1
its give me validation plugin not found or not created
create certificate failed
i try to brows http://mydomain.com/.well-known
its give me:The requested URL /.well-known was not found on this server.
so where is the problem ?
is there any other way to get i certificate ?

I want to use imagemagick on the cloud, i have a Bluehost account that says it's available https://my.bluehost.com/hosting/help/imagemagick

I have very limited experience in unix (or whatever the operating system is?) and I'm unable even to find out how to get to a command line to test this.

This question is just to get me kicked in the right direction, so any of the following would be a good start:
1. getting onto a command line and verifying the statements form the link above
2. creating a simple script file that i can run on the server somehow
3. a dummies summary of how imagemagick could work on bluehost

Attached screenshot of some of the bluehost advanced options.


Related question resolved:

I would like to request an assistant.

I would like to make a redirect using .htaccess .

The condition that i would like to combined are as follows :

1. redirect any access from /supporttickets.php to https://support.domain.com

2. redirect any access from  /submitticket.php to  https://support.domain.com/Tickets/Submit

3. redirect any access from   /contact.php to https://www.domain.com/contact.php

4. redirect any access to "billing" folder to https://billing.domain.com

5. IGNORE all above rules if the access file are "fpx_indirectcallback.php" or "fpx_directcallback.php"

Appreciates anybody assistant on this issue.
I have a curl error 77
Update Failed: Download failed. cURL error 77: error setting certificate verify locations: CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none

Open in new window

whenever I try to update my plugins in wordpress.

The site is www.thefrugallife.com

I have an Apache 2.4 instance running Linux 2 from Amazon.

I have recently moved the site and switched it to https.  My site certificate is showing it gets a B on SSL Labs using ipv4.

I can't update anything on the site till this error goes away.  Please let me know how to get rid of that error.

I designed an API that looks like this:

http://mysite.com/subfolder/api.php?resource=items&action=getAll   (get all items)
http://mysite.com/subfolder/api.php?resource=items&action=getById&id=1234   (get item by id)

Open in new window


Open in new window

Desired Re-Write


Open in new window

Is this impossible because they use the same names???

I have no experience using re-write with Apache.

Thanks for looking.
Hello i'm configuring the Owncloud X Appliance and have some questions that i can't find answer

1- It’s now accesible from the web by here
but user can still access this page
Is there a way to deny access to this page https://owncloud.domain/univention/portal/#category=software and just have access to https://owncloud.domain/ownCloud

2- How can i change owncloud url to : https://owncloud.domain/ instead of https://owncloud.domain/ownCloud
i found this link https://doc.owncloud.org/server/10.0/admin_manual/installation/changing_the_web_route.html but it don't seem to be relate to the appliance

3- If i want to increase space on the appliance once ive add more space on my lun what other step i need to do

Thanks for helping me !
I have recently set up a proxy server using apache. However I randomly receive this message "502 Proxy error : Error reading status line from remote server".
What is supposed to be the proper way to solve this issue?. I mean, I prefer not using fixes like the ones I had to include to getr rid of this error temporally

        SetEnv force-proxy-request-1.0 1
                SetEnv proxy-nokeepalive 1
                SetEnv proxy-initial-not-pooled 1

Open in new window

This is my configuration:

<VirtualHost *:443>
        ServerName subdomain.mydomain.com
        ProxyHCExpr ok234 {%{REQUEST_STATUS} =~ /^[234]/}
        <Proxy *>
               AddDefaultCharset off
               Order deny,allow
        <Proxy balancer://hostingCluster>
               BalancerMember http://server1:80 timeout=10 retry=3 hcmethod=HEAD hcexpr=ok234 hcinterval=10
               BalancerMember http://server2:80 timeout=10 retry=3 hcmethod=HEAD hcexpr=ok234 hcinterval=10
               ProxySet lbmethod=byrequests
               ProxySet stickysession=PHPSESSID

                SetEnv force-proxy-request-1.0 1
                SetEnv proxy-nokeepalive 1
                SetEnv proxy-initial-not-pooled 1

        <Location /manager>
                SetHandler balancer-manager
                AuthType Basic
                Require valid-user
                AuthUserFile /var/www/.htpasswd
                AuthName "Authorization Required"

Open in new window

I need to disable the POODLE vulnerability.  I have Centos 7.5 and
OpenSSL 1.0.2k-fips  26 Jan 2017

Open in new window

and I have ran yum update openssl and nothing qualifies.  I added the line
SSLProtocol All -SSLv2 -SSLv3

Open in new window


Open in new window

- I then restarted httpd.

Yet when I run my cert against https://www.ssllabs.com free ssl checker I still show a POODLE vulnerability.

Please tell me how to get rid of this vulnerability.

I'm migrating my website to a secure server, and there is an issue with a page which isn't loading all the content.  Google Chrome Developer Console reports an "uncaught DOMException".  I'm not a programmer, and don't know how to interpret or correct this.  I've uploaded a screen shot.

The website is under development on a server which is not open to the public.  If you are sufficiently interested in visiting the page in question, the Windows hosts file would need to be modified by adding "  mauitradewinds.com www.mauitradewinds.com secure.mauitradewinds.com   m.mauitradewinds.com".  In that case, the page with the issue could be visited at https://mauitradewinds.com/RezEasy/mobile/0001/cl0001.html    Otherwise, perhaps the screen shot is adequate for you to provide some guidance for me.  Thank you. Screenshot of DOMException error
I am managing  a very old XAMPP installation (1.7.3) which has been absolutely rock-solid for years.  Now, unfortunately, the company that provides a payment gateway that the system has been connecting to has decided to upgrade from TLS1.0 to TLS1.2 (for obvious reasons).  The version of PHP running on the install is 5.3.1 which comes with CURL 7.19.6

This version of CURL does not support TLS 1.2 encryption, the earliest version that does is CURL 7.34.0

As a quick fix, I've tried to upgrade the PHP installation to the latest one (7.26 I think) however, both methods I've tried result in Apache failing to restart - does anyone have any suggestions as to how I can upgrade the CURL or PHP?  Failing that, is there any alternative to CURL which will encrypt the data correctly, i.e. to TLS1.2 standard.

The XAMPP is running on Windows 7 64 bit
Dear Experts

We are using nextcloud which is on ubuntu 16.04 with php, mysql and apache until now we were using within the local network but now there is a requirement to enable this to external network that is from internet hence would like to procure ssl certificate and install the same,
1.  can you please suggest the good source to purchase the ssl certificates
2. at present users are using this solution  by installing the ssl certificates will it have any impact of not functioning or breaking down the system please suggest.
3. can you please help me how to install the ssl certificate in this server instance
This is to migrate the existing SuSE Linux Enterprise server 11 (think with SP1) to another newly-setup SuSE Linux Enterprise 11 with SP4. This existing server is hosting apache, and supporting an oracle via PHP. The main thing is, we also have to configure the new SuSE to have PHP supporting Oracle with the following working descriptions from the application owner as follows,

           - Apache connecting to PHP accessing a Oracle table through Oracle instant client

with this requirement:
1)      the PHP has to be compiled to enable Oracle instant client
2)      apache has to have the connector configured (not shown here ) and recompiled

So far, on this new SuSE, a apache and associated modules were installed. When typing "rpm -qa |grep apache", the results shows,


How should we proceed from here?

thanks in advance.
Running WampServer 2.2 on a Windows 7 platform, a problem has developed.  I am unable to start the WampApache service.  There are Event Viewer errors specifying a syntax error at the line which designates the documentroot, and the statement "DocumentRoot must be a directory".  The document root IS a directory, and I have not changed hppd.conf for many years.  WampServer worked fine until just now.  I experimented with the syntax, even changing the DocumentRoot to "C:\", and got the same errors.  I am inexperienced with this application, and would appreciate suggestions.
PHP website using sessions.  We original started development on our Ubuntu Apache system.  After 99% was complete we uploaded to the intended hosting package and found that the session commands we used and worked fine on our Apache development system would not work on the hosting package.  We were getting header already sent errors, but only on the shared hosting package that we purchased.  So we dove a little deeper and in simple terms we moved the session_starts to the top of the files and that seemed to resolve that issue.  However, not that the code is changed, the website is having problems on our development box.  When we try to access our "ADMIN" section which requires a login, we receive too many redirect errors.  However, the same code works on the hosting package. In the Admin section the index.php (admin is in a subfolder off of the root of the site) it includes our "Navigation" file which is basically the top menu of all of the pages.  In that Navigation file, the line "if(!isset($_SESSION['views'])){header("location:index.php");}" seems to be what is causing the error "ERR_TOO_MANY_REDIRECTS" in the browser.   So there is a two fold question here.  What is the problem with this, and why would it work on our hosting package but not on our development box?   Any help would be GREATLY appreciated.
Hello Fellow Experts,

I'm trying to get PHP PDO to work with an MS SQL database.  PHP returns a "driver not found" error. I've tried copying the "sqlSvr" driver files to the extensions folder and editing the ini file as suggested by various forums and tutorial, but the error still shows up.  

This needs to be done both on my local Windows Xampp (PHP v5.6) installation and on the remote Linux server (PHP v5.3).  Niether works, what am I possibly missing?

Also, where do the extensions go on the Linux server? Can I just create an "ext" folder in the remote server's "root" folder?  The folder structure looks different on the remote server; there isn't an "ext" folder like in my Xampp environment.

I'm troubleshooting a site which resides on a secure server, not available to the public.   It would be helpful if my browser could access the cgi-bin directory, but this is apparently forbidden by default on an Apache server.  Is there a client-side solution to allow browser access, such as htaccess?  If so, could you provide code?
I'm migrating my website to a secure server, and a certain cgi script is not being found when it is needed.  I've attached an excerpt from the server's error log, specifying what happened.  I don't know how to interpret this error log text, or how to remedy the issue.  The script which isn't being found is properly situated in the cgi-bin folder.Error-loading-SecureForm.txt
I'm migrating my website to a secure (https) server.  There is code in htaccess which is unintentionally redirecting browsers to the non-secure (http) website.  The purpose of this code was to redirect requests for mysite.com to www.mysite.com.   If possible, I'd appreciate code which would redirect requests for http://mysite.com or http://www.mysite.com  or https://mysite.com  to https://www.mysite.com   However, an exception must be made for a few pages which present a scrolling, panoramic view, because those pages don't perform correctly when there is a www. prefix...

Here is the code which is presently causing an unwanted redirect to the non-secure server...

# redirect entire site from non-www to www except Panoramic View pages
RewriteCond %{REQUEST_URI} !^/viewtriage.htm$
RewriteCond %{REQUEST_URI} !^/view.htm$
RewriteCond %{REQUEST_URI} !^/viewipad.htm$
RewriteCond %{REQUEST_URI} !^/viewother.htm$
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
Hi Team,

Getting 504 gateway timeout error while browsing hosts.
Below is the error getting from server end where site is hosted.

[Wed Jun 27 06:35:48.634539 2018] [:error] [pid 5821:tid 139690111854336] [client] PHP Deprecated:  Methods with the same name as their class will not be constructors in a future version of PHP; backup_file has a deprecated constructor in /var/www/html-customers/sites/all/modules/contrib/backup_migrate/includes/files.inc on line 121

Request you to help me to fix this uissue.

Hi guys I have this rules in my htaccess to enabled my ssl and redirect all request from https://myserver.com to https://www.myserver.com, i wanna know if are ok or do i need to remove a line or add someone

RewriteCond %{HTTP_HOST} myserver\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.myserver.com/$1 [R,L]
RewriteCond %{HTTP_HOST} !^www.myserver.com$ [NC]
RewriteRule ^(.*)$ https://www.myserver.com/$1 [L,R=301]

I hope you can give an advice about it

Thx in advance
I'm migrating my website to a secure server, but certain pages do not load.  Instead, the 404.htm page loads.  I don't understand why this is happening.  
For example if you navigate to https://secure.mauitradewinds.com/RezEasy/mobile/0001  you will see several files in that folder.  Clicking on any of them results in the 404 error.  This doesn't happen on the same site which is still hosted on our non-secure server at http://mauitradewinds.com/RezEasy/mobile/0001 .   I'd appreciate any insight about resolving this.
I am getting this error when I try to upload an image to my server.  I haven't change anything except for the normal centos updates.  Here is the error:


This is also affecting my ability to update a plugin.  Where I get this error:


I have used this writeup to try and fix the problem.  However, nothing changed.  


Please help me get this working again.

Apache Web Server





The Apache HTTP Server is a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. Typically Apache is run on a Unix-like operating system, but it is available for a wide variety of operating systems, including Linux, Novell NetWare, Mac OS-X and Windows. Released under the Apache License, Apache is open-source software.