Apache Web Server





The Apache HTTP Server is a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. Typically Apache is run on a Unix-like operating system, but it is available for a wide variety of operating systems, including Linux, Novell NetWare, Mac OS-X and Windows. Released under the Apache License, Apache is open-source software.

Share tech news, updates, or what's on your mind.

Sign up to Post

hi guys

I have an EC2 AWS instance running apache. We previously bought SSL certificates and had them installed. They have now expired. We renewed them with Godaddy.

I want to install them on the server, but I can't seem to find the location where they need to go. One of our techies who has left may have played with the http.conf file but I am unable to work this out.

Can someone give advice on how to work on this?

Thank you
Bootstrap 4: Exploring New Features
LVL 13
Bootstrap 4: Exploring New Features

Learn how to use and navigate the new features included in Bootstrap 4, the most popular HTML, CSS, and JavaScript framework for developing responsive, mobile-first websites.

We are getting a CORS error when trying to run and API request from one of our subdomains to another. I saw an htaccess fix...

<ifmodule mod_headers.c="">
   SetEnvIf Origin "^(.*\.MyDomain\.com)$" ORIGIN_SUB_DOMAIN=$1
   Header set Access-Control-Allow-Origin "%{ORIGIN_SUB_DOMAIN}e" env=ORIGIN_SUB_DOMAIN
   Header set Access-Control-Allow-Methods: "*"
   Header set Access-Control-Allow-Headers: "Origin, X-Requested-With, Content-Type, Accept, Authorization"

I added that to the htaccess file of where the API request was going *to*, but we still get the error. Does it need to go in the htaccess of the site the request is coming *from*? Or both? In other words, does the htaccess stuff need to live where the request originates or where the request is processed? Or both?

I have added the line $wgExternalLinkTarget = '_blank' to LocalSettings.php so that external links open in a new windows and this works fine.  I also want to open internal links, e.g. PDF links in the same way.  Is there an easy solution to this, similar to external links?
Hello EE,

I am new Apache SVN , I have recently installed apache SVN using https://www.itzgeek.com/how-tos/linux/centos-how-tos/install-apache-svn-subversion-on-centos-7-rhel-7.html . I have created a new repository called "subversion " and wish to import a copy of an existing repository on another centos server into this new  svn instance . Can you please provide the proper direction on this matter .

CentOS Linux 7 (Core) , Apache /2.4.6 ( Red Hat Enterprise Linux)
The web application in my organizations uses Apache web server that load balance across Application servers (Tomcat instance). There are two Apache (Web server) instances that route the traffic to 4 Application server instance.

The HTTPS traffic coming to the application terminates at the Web server layer, and then communication between Web server and App server is over HTTP. My assumption is that Web server and App-server communicates over HTTP and not over HTTPS.

However lately in a discussion with my IS team I came to know that Web server communication to App server over HTTP is not considered secure, and Web server should instead communicate to App server over HTTPS.

I would like to know your views on how generally this works in your organization?
Very strange problem
I have been using xampp in windows 10 for many months - no problems at all
In the last couple of days I have the problem where I try to log into phpmyadmin or any other site on my local webserver which requires a login, chrome browser just hangs
All the sites work in Firefox - no issues

I cannot see where the problem is in Chrome - I know I can recreate the Google chrome Data file and create a new one but I would rather not have to do that as I lose my settings
If I access the site from another pc with Chrome, the sites work just fine

Any ideas

My company site is currently hosted on windows IIS web server  called  bob.com (for example). I have setup a separate test site that is on a ubuntu apache server hosted on a different cloud provider.
I want to edit the virtual host configuration on my test site (apache) to be a subdomain of my production website. So on the test site it will be test.bob.com. Is it enough/correct way to change the ServerName to bob.com and the ServerAlias to test.bob.com ? The reason I want to edit the virtualhost config is in order that I can put an ssl cert on test.bob.com
Are there any security concerns/ will there be any connection issues?

Thank you.
Recently I had a WordPress site for a friend. He never installed it, and someone installed it and uploaded a file that gave them access to my server.

The server wasn't really important, hence me being sort of lax with the security, but it got me thinking about how I could better secure WordPress installations on personal servers.

I was thinking I could either move the uploads directory outside of the web root. Or I could maybe configure Apache or some settings to where PHP files won't run.

I'm not going to post this on Stack Overflow because it's sort of discussion based. So any help would be appreciated.
I have a problem with the url rewriting in my .htaccess.
I use following lines to remove php extension:
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^ %{REQUEST_URI}.php [L]

Open in new window

Originally my pages where in the document root and the following lines worked great to rewrite urls
RewriteCond %{THE_REQUEST} \s/categoria\?c=(\w+)\s [NC]
RewriteRule ^ /categoria/%1? [R=302,L]

Open in new window

But now I have put my pages in different subfolders accordingly to the chosen language. The main language is spanish and I have a folder 'es' where the spanish pages are. So I changed, or better I tried to change my htaccess to use subfolders:
RewriteCond %{THE_REQUEST} \s/es/categoria\?c=(\w+)\s [NC]
RewriteRule ^ es/categoria/%1? [R=302,L]

Open in new window

This works, because the url is actually rewritten, but it also generates an Internal Server Error. After some investigation I realized that it looks like there are too many redirections and once the limit is reached, Apache raises the error 500. But the suggeted solution to put an exclamation mark to the RewriteCond for files:
RewriteCond %{REQUEST_FILENAME}.php !-f

Open in new window

prevents the removing of the php extension.
Any idea?
Thank you.
Build an E-Commerce Site with Angular 5
LVL 13
Build an E-Commerce Site with Angular 5

Learn how to build an E-Commerce site with Angular 5, a JavaScript framework used by developers to build web, desktop, and mobile applications.

How to configure Apache server such that access to the public ip of the server will automatically redirect me to the ./web/index.php

<VirtualHost *:80>
    ServerAdmin mis@abc.com
    ServerName abc.com
    ServerAlias www.abc.com
    DocumentRoot /var/www/html/mec/
    ##ErrorLog /var/www/html/example.com/logs/error.log
    ##CustomLog /var/www/html/example.com/logs/access.log combined

Hi everybody.
In a website I use .htaccess to write SEO friendly url and in the root directory everything works fine.

#first I drop the file extension
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteCond %{REQUEST_URI} ^(.+)\.php$
RewriteRule (.*)\.php$ /$1 [R=301,L]
#RewriteRule ^(.*)$ $1.php [QSA]

# then redirect "/vinos.php?id=xxx" to "/vinos/xxx"
RewriteCond %{THE_REQUEST} \s/vinos\.php\?v=(\w+)\s [NC]
RewriteRule ^ /vinos/%1? [R=301,L]

# internally rewrite "/vinos/xxx" to "/vinos.php?id=xxx"
RewriteRule ^vinos/(\w+)$ /vinos.php?v=$1 [L]

Open in new window

This way, the url mywebsite.com/vinos.php?v=sangre_de_toro becomes mywebsite.com/vinos/sangre_de_toro.
So in the vinos.php I have:
$url = explode("/", ($_SERVER["REQUEST_URI"]));
$vino_querido = end($url);

Open in new window

and then I use the variable $vino_querido in my sql query.

But I have added the support for two other language replicating the website pages in two subfolders 'en' and 'it' (the main langage 'es' is in the root). But in these subfolders the rewriting doesn't work.
The pages have different names, so I have added additional rules to my .htaccess:
RewriteCond %{THE_REQUEST} \s/it/vini\.php\?v=(\w+)\s [NC]
RewriteRule ^ /it/vini/%1? [R=301,L]

RewriteRule ^it/vini/(\w+)$ /it/vini.php?v=$1 [L]

RewriteCond %{THE_REQUEST} \s/en/wines\.php\?v=(\w+)\s [NC]
RewriteRule ^ /en/wines/%1? [R=301,L]

RewriteRule ^en/wines/(\w+)$ /en/wines.php?v=$1 [L]

Open in new window

But this has no effect, the url is not rewritten and the last element of the array $url in the wines.php (and vini.php) is "wines?v=blanco_afrutado" (or "vini?v=blanco_afrutado")
Originally I thought this would be a Wordpress question but now I want to approach this from a different perspective.

I am running a LAMP Stack in AWS using Amazon Linux. I have a company website that is a Wordpress site.

I have six domains that I want to (1) force from HTTP to HTTPS and (2) forward to "https://CompanysSite.com".

The other domains are variants, so, for example I want "http://CompanySite-inc.com" to forward to "https://CompanySite.com". And it's totally okay to have the domain name be changed to "https://CompanysSite.com" from whatever domain it came in on.

Is there a way to do this globally at the Apache level, perhaps using Mod-ReWrite? I just don't know enough about Apache to add that to the script in order to have all traffic sent to "https://CompanySite.com".

Thanks for your help!
Struggling with this in a .htaccess file

the root folder has the following folders


in the spa folder there is a folder called /dist
and in the api folder there is a folder called /api/public/

when somebody types mydomain.com/ it will access the /spa/dist folder and access all the assets under so the page displays
when somebody access the /api folder it will access the /api/public folder

but no redirects it will be rewrites.
Need to install LAMP on AWS.EC2.Ubuntu.t2.micro

I can now successfully SSH into my Ubuntu server and find my folder,


is totally empty.

I consider this a good thing.


I need to install LAMP and then WordPress. (I want MySQL since I have no experience with Maria.)

Please explain the sequence of installations and the commands I need to issue.  Also, if I need to download a file, please provide me the URL.

I already have PHPMyAdmin on my MacBook, but let's worry later about reconfiguring my Mac. Instead, please tell me how to verify each element was installed properly.

Then, once we are all convinced my little AWS Ubuntu host is hosting WordPress, the fun begins and the question on EE will start flying.

I'm having an issue (probably trivial) setting up apache under Ubuntu 18.04.2 (if fact I want to run NextCloud 16.0.1 on it).

Apache would not run with the following message:
-- Unit apache2.service has begun starting up.
Jun 19 23:54:35 nextcloud apachectl[10836]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using Set the 'ServerName' directive
Jun 19 23:54:36 nextcloud apachectl[10836]: Action 'start' failed.
Jun 19 23:54:36 nextcloud apachectl[10836]: The Apache error log may have more information.
Jun 19 23:54:36 nextcloud systemd[1]: apache2.service: Control process exited, code=exited status=1
Jun 19 23:54:36 nextcloud systemd[1]: apache2.service: Failed with result 'exit-code'.
Jun 19 23:54:36 nextcloud systemd[1]: Failed to start The Apache HTTP Server.
-- Subject: Unit apache2.service has failed
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
-- Unit apache2.service has failed.
-- The result is RESULT.
Jun 19 23:54:36 nextcloud sshd[10869]: Did not receive identification string from port 54010

Open in new window

yet my config file has a ServerName directive as follows
<VirtualHost *:443>
    Header add Strict-Transport-Security: "max-age=15768000;includeSubdomains"
    # Header always set Referrer-Policy "strict-origin"
    SSLEngine on

ServerAdmin it@domain.com
ServerName mycloud.domain.com
#    ServerAlias subdomain.example.com


Open in new window

we installed tomcat apache in windows server in -C:\   ,  Drive.
For better management we planning to move to D: Drive.

Please advise the steps needed to achive for the same
For tomcat Apache server. How to convert Java JMX Agent Insecure Configuration to Secure one,
Kindly advice the steps in
Session variables:

I have a web page which uses session variables to submit details to my database
The website is running on my localhost (http://loalhost:888/......)
I have forwarded traffic through my router to this site which works
I appreciate this is not in a production environment so it is not an issue at the moment - just a question

If I access the website using the external dns address through the router to the internal address, and if I submit a webpage form which uses session variables to be submitted to the database, these variables are not being entered. All the other form fields are entered as expected
If I use the website on the pc which hosts the website (apache), ie internally, the session variables are entered with no problem

I was just wondering why the session variables are not being entered when the website is accessed externally
CompTIA Network+
LVL 13
CompTIA Network+

Prepare for the CompTIA Network+ exam by learning how to troubleshoot, configure, and manage both wired and wireless networks.

There seems to be some sort of mysterious redirection going on when i try to access the site at

A static file, such as http://fostamells.technojeeves.com/license.txt comes out fine but the attempt to access the homepage seems to land on a page of the company that hosts technojeeves.com. I really can't see why. Is it Wordpress doing this or what (after all it does say X-Redirect-By: WordPress)? I've attached a wget debug log of the attempt to get the homepage
MAMP Expires in one week?

I got a message that the full-working demo will expire...

What does that mean?

I really do not want to pay $69 for an installation I made as a simple test-bed for WordPress and PowerPress. I plan to host the podcast in a few weeks.

What will I not be able to do once this demo has expired?

Can I simply register?

I start by saying that I'm not an Apache expert, so I'll do my best for describe the strange (IMHO) thing happen.
Before all, here's the result of a telnet to the problematic site served by an Apache (IP & address are fantasy names):

telnet www.problematicsite.com 80


Connected to www.problematicsite.com.

Escape character is '^]'.

GET / HTTP/1.0

HTTP/1.1 302 Found

Server: Apache-Coyote/1.1

Set-Cookie: JSESSIONID=30A1322E0051FE076012575109C79528; Path=/; HttpOnly

Location: http://localhost:1701/problematicsite_library/libweb/action/feRedirect.do

Content-Type: text/html

Content-Length: 0

Vary: Accept-Encoding

Date: Mon, 03 Jun 2019 06:46:36 GMT

Connection: close

Set-Cookie: sto-id-%3FSaaS-A_prod%3FPMTEU02.prod.problematicsite.1701-sg=FGHIBAAK; Expires=Thu, 31-May-2029 06:46:37 GMT; Path=/

Connection closed by foreign host.

Open in new window

Regarding the feRedirect.do 'file' it is indeed not supposed to have any contents it only provides http headers to tell the browser to redirect to a different location using the below header:

Location: /problematicsite.com/libweb/action/search.do?vid=39UDN_VIEW

Theoretically it's all perfect but....in some (apparently random) client PCs I can't use the http://www.problematicsite.com url because these machines permits only the download of the zero-byte "feRedirect.do" file without a correct redirection!!
I've made some tests with the web admins and we're sure that the cause of this is NOT on the PCs clients  but in the Apache server.
Sadly the web admins doesn't understand the cause...any clue?
We're going to run a webservice to receive messages from one client. We are required to use mutual TLS. The client did send us the certificate he will use to connect to our webservice. (it needs to be this certificate) Our environment is Nginx+Apache+PHP.

My question is: what is the best way to do this? How can I let Nginx or Apache require a client certificate and trust this particular certificate? Or should I do this in PHP. What's the best approach?
Hi Experts,

I upgraded Apache 2.2 to 2.4, used as a proxy.

Here an example for one VH :

<VirtualHost *:80>
        Servername apps-dev.contoso.com

        <Location />
                Order Deny,Allow
                Include conf-ip/allowed-ip-contoso.conf

        ProxyPass /
        ProxyPassReverse /

Open in new window

How to have the correct syntax with the "require" command?  

I tried Required ip... but not working.
How can we replace "Include conf-ip/allowed-ip-contoso.conf" with the correct syntax?
I tried Required ip conf-ip/allowed-ip-contoso.conf... but not working.

EDIT1 : Include working! But the problem come from the allowed-ip-contoso.conf :

Order deny,allow

Deny from all

## ALLOW IP ##
Allow from
Allow from
Allow from
Allow from
Allow from

What is the correct syntax for 2.4?

Thank you
I have 2 servers with:
1. API - linux apache
2. C# Console app (calls the API and returns the result)
They are both on our servers in our control

Even though this question is focused on C# console APP, there might be some other limitation i'm not considering, so have tagged this question in multiple topics

My goal is to call API 500 times a sec from one machine, currently its not even close, and I think its due to lack of concurrent connections to API.

When hitting API from console app, we are seeing in the region of these figures for response time on API result
 - 350ms when on WAN,
-  150ms on LAN

Not using console app -  from API server directly
-  56ms (using terminal session and running script to call the http API directly)

These are the detailed stats when hitting the API directly from itself (56ms option above)
From the Apache test:

Concurrency Level:      100
[b]*Time taken for tests:   24.612 seconds*[/b]
Complete requests:      *50,000*
Failed requests:        0
Non-2xx responses:      50000
Keep-Alive requests:    0
Total transferred:      33050000 bytes
HTML transferred:       18450000 bytes
Requests per second:    2031.56 [#/sec] (mean)
[b]*Time per request:       49.223 [ms] (mean)*[/b]
[b]*Time per request:       0.492 [ms] (mean, across all concurrent requests)*[/b]

Open in new window

So according to these results it can handle a very acceptable amount,  using concurrent connections, albeit internally - (2,031 per second, which is…

Apache Web Server





The Apache HTTP Server is a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. Typically Apache is run on a Unix-like operating system, but it is available for a wide variety of operating systems, including Linux, Novell NetWare, Mac OS-X and Windows. Released under the Apache License, Apache is open-source software.