Apache Web Server





The Apache HTTP Server is a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. Typically Apache is run on a Unix-like operating system, but it is available for a wide variety of operating systems, including Linux, Novell NetWare, Mac OS-X and Windows. Released under the Apache License, Apache is open-source software.

Share tech news, updates, or what's on your mind.

Sign up to Post

we installed tomcat apache in windows server in -C:\   ,  Drive.
For better management we planning to move to D: Drive.

Please advise the steps needed to achive for the same
For tomcat Apache server. How to convert Java JMX Agent Insecure Configuration to Secure one,
Kindly advice the steps in
Session variables:

I have a web page which uses session variables to submit details to my database
The website is running on my localhost (http://loalhost:888/......)
I have forwarded traffic through my router to this site which works
I appreciate this is not in a production environment so it is not an issue at the moment - just a question

If I access the website using the external dns address through the router to the internal address, and if I submit a webpage form which uses session variables to be submitted to the database, these variables are not being entered. All the other form fields are entered as expected
If I use the website on the pc which hosts the website (apache), ie internally, the session variables are entered with no problem

I was just wondering why the session variables are not being entered when the website is accessed externally
There seems to be some sort of mysterious redirection going on when i try to access the site at

A static file, such as http://fostamells.technojeeves.com/license.txt comes out fine but the attempt to access the homepage seems to land on a page of the company that hosts technojeeves.com. I really can't see why. Is it Wordpress doing this or what (after all it does say X-Redirect-By: WordPress)? I've attached a wget debug log of the attempt to get the homepage
MAMP Expires in one week?

I got a message that the full-working demo will expire...

What does that mean?

I really do not want to pay $69 for an installation I made as a simple test-bed for WordPress and PowerPress. I plan to host the podcast in a few weeks.

What will I not be able to do once this demo has expired?

Can I simply register?

I start by saying that I'm not an Apache expert, so I'll do my best for describe the strange (IMHO) thing happen.
Before all, here's the result of a telnet to the problematic site served by an Apache (IP & address are fantasy names):

telnet www.problematicsite.com 80


Connected to www.problematicsite.com.

Escape character is '^]'.

GET / HTTP/1.0

HTTP/1.1 302 Found

Server: Apache-Coyote/1.1

Set-Cookie: JSESSIONID=30A1322E0051FE076012575109C79528; Path=/; HttpOnly

Location: http://localhost:1701/problematicsite_library/libweb/action/feRedirect.do

Content-Type: text/html

Content-Length: 0

Vary: Accept-Encoding

Date: Mon, 03 Jun 2019 06:46:36 GMT

Connection: close

Set-Cookie: sto-id-%3FSaaS-A_prod%3FPMTEU02.prod.problematicsite.1701-sg=FGHIBAAK; Expires=Thu, 31-May-2029 06:46:37 GMT; Path=/

Connection closed by foreign host.

Open in new window

Regarding the feRedirect.do 'file' it is indeed not supposed to have any contents it only provides http headers to tell the browser to redirect to a different location using the below header:

Location: /problematicsite.com/libweb/action/search.do?vid=39UDN_VIEW

Theoretically it's all perfect but....in some (apparently random) client PCs I can't use the http://www.problematicsite.com url because these machines permits only the download of the zero-byte "feRedirect.do" file without a correct redirection!!
I've made some tests with the web admins and we're sure that the cause of this is NOT on the PCs clients  but in the Apache server.
Sadly the web admins doesn't understand the cause...any clue?
We're going to run a webservice to receive messages from one client. We are required to use mutual TLS. The client did send us the certificate he will use to connect to our webservice. (it needs to be this certificate) Our environment is Nginx+Apache+PHP.

My question is: what is the best way to do this? How can I let Nginx or Apache require a client certificate and trust this particular certificate? Or should I do this in PHP. What's the best approach?
I´m using this configuration for a HA web server. I´ll have 2000 simultaneous connections. It that ok, or I´ll have to change any value ?
It´s centos 7.6  with 64 Gb RAM

<IfModule prefork.c>
StartServers 5
MinSpareServers 20
MaxSpareServers 40
MaxRequestWorkers 1000
MaxConnectionsPerChild 1000
ServerLimit 100
Hi Experts,

I upgraded Apache 2.2 to 2.4, used as a proxy.

Here an example for one VH :

<VirtualHost *:80>
        Servername apps-dev.contoso.com

        <Location />
                Order Deny,Allow
                Include conf-ip/allowed-ip-contoso.conf

        ProxyPass /
        ProxyPassReverse /

Open in new window

How to have the correct syntax with the "require" command?  

I tried Required ip... but not working.
How can we replace "Include conf-ip/allowed-ip-contoso.conf" with the correct syntax?
I tried Required ip conf-ip/allowed-ip-contoso.conf... but not working.

EDIT1 : Include working! But the problem come from the allowed-ip-contoso.conf :

Order deny,allow

Deny from all

## ALLOW IP ##
Allow from
Allow from
Allow from
Allow from
Allow from

What is the correct syntax for 2.4?

Thank you
I have 2 servers with:
1. API - linux apache
2. C# Console app (calls the API and returns the result)
They are both on our servers in our control

Even though this question is focused on C# console APP, there might be some other limitation i'm not considering, so have tagged this question in multiple topics

My goal is to call API 500 times a sec from one machine, currently its not even close, and I think its due to lack of concurrent connections to API.

When hitting API from console app, we are seeing in the region of these figures for response time on API result
 - 350ms when on WAN,
-  150ms on LAN

Not using console app -  from API server directly
-  56ms (using terminal session and running script to call the http API directly)

These are the detailed stats when hitting the API directly from itself (56ms option above)
From the Apache test:

Concurrency Level:      100
[b]*Time taken for tests:   24.612 seconds*[/b]
Complete requests:      *50,000*
Failed requests:        0
Non-2xx responses:      50000
Keep-Alive requests:    0
Total transferred:      33050000 bytes
HTML transferred:       18450000 bytes
Requests per second:    2031.56 [#/sec] (mean)
[b]*Time per request:       49.223 [ms] (mean)*[/b]
[b]*Time per request:       0.492 [ms] (mean, across all concurrent requests)*[/b]

Open in new window

So according to these results it can handle a very acceptable amount,  using concurrent connections, albeit internally - (2,031 per second, which is…
Win 10 64 bit
Apache 2.2
PHP v (unknown)
Microsoft SQL Serve 2008 r2 Express
Dreamweaver CC 2019

Ehem… I have little experience with PHP, but I can fumble around "reading" it, I can't program it.

Using Dreamweaver, I attempted to create a php test server with this locally hosted and previously functioning web back office.
I have since backed this out and will be attempting to use another machine on the network as the testing server.
Back office (web) comes with Point of Sale software. POS Software is functioning fine as WAS the back office until... my Dreamweaver experiment.

Since the attempted test server setup, and after a successful (not using Live View) Chrome localhost login I’m getting this:
"http://localhost/OCPOS/OCPOS/login.php" and the error of The requested URL /OCPOS/OCPOS/login.php was not found on this server.
The second "OCPOS" should not exist at all, and the file was never present to begin with, so why is it being requested?
I should be seeing a dashboard, and I'm not.

This login problem only happened after I mapped the files with Dreamweaver in site setup; again I have since backed this out.

Localhost – login file path:
C:\OCPOS\htdocs index.php - passes the request "header("location: OCPOS/login.php");"

login.php file path:
C:\OCPOS\htdocs\OCPOS - login.php (which looks to run a check on the user name and pword by a call to another "settings" file)
“login.php” also requests these
I have a php file that is excue a .sh command:
  echo exec('/var/www/html/disable.sh');

the .sh file command is:
sudo  cp /var/www/html/1.cfg /var/www/html/2.cfg

when I run it from ssh from root user account using
php /var/www/html/disable.php the /sh work fine
when I runt it from browser is not working !
so what I have to do ?
I try to use this guide https://github.com/zmartzone/mod_auth_openidc/wiki/Azure-OAuth-2.0-and-OpenID-Connect to enable authentification on a directory in Apache.

I have a Running site where SSL/PHP and everything else works.

A part of my .conf file for this site looks now like this.


OIDCProviderMetadataURL https://sts.windows.net/hiddenc123-5ahiddensds-b3f2-sds22/.well-known/open$
OIDCRedirectURI https://mysite.com/test2/

OIDCClientID hidden123123123
OIDCClientSecret Test
OIDCCryptoPassphrase hiddenasdasdasdasd

OIDCScope "openid email"

OIDCRemoteUserClaim email

<Location /var/www/mysite/html/test>
    SSLOptions +StdEnvVars

    AuthType openid-connect
    require valid-user

    Options Includes FollowSymLinks
    AllowOverride AuthConfig Limit
    Order allow,deny
    Allow from all

Then I did service apache2 restart
When I run apachectl configtest I get no error regarding mod_auth_openidc. So I think this module is correctly installed.

But no authentification is enabled on the folder that I would like to protect. Also no error messages appears in webbrowser.

I now have some questions:

I expect an error message when it not works? So it must be something wrong? Or somthing that is not correctly activated?

What is OIDCRedirectURI? Do I need some PHP code for this? Is that not the url that I would like to protect? (https://mysite.com/test2/)

Where can I …
I have included the following 2 pages in my index page:

This page has this line: include("includes/fusioncharts.php");

This page also has this line: include("includes/fusioncharts.php");

I get the following:
Fatal error: Cannot redeclare class FusionCharts in C:\xampp\htdocs\Development\Inventas\Sites\Charts\MyPHPDatabaseExamples\includes\fusioncharts.php on line 3

How can I avoid this error and get both includes showing on the index page
Upgrading Apache Tomcat on a Coldfusion 10 server.  Our company recently revived a security notification about a possible vulnerability. The vulnerability is called CVE-2019-0232 . The recommendation is to upgrade from our current Tomcat to Tomcat version 7.0.94

Does anybody know if doing a manual upgrade is possible on Coldfusion 10 on Windows? Or is it best to wait for Adobe to release a patch? I'm skeptical that Adobe will do much about this anytime soon.
I have a customer with an ecommerce Magento 1.9.x website.  We have discovered that our hosting package bandwidth usage has gone up considerably.  It appears that some of our product pictures on the site are victim of hotlinking.  I have found some references on how to stop the hotlinking or replace it image when hotlinked.  For example: https://alistapart.com/article/hotlinking/  However, I was wondering is there a way to give the user that viewed the "hotlinked" picture from the remote site, a link back to our site.  If their going to steal our pictures/bandwidth, then maybe we can redirect their visitors to our site??
I am trying to install and SSL certificate on a website after i've migrated it from Ubuntu to a CentOS server.
Everything is up and running but I can't get SSL working. Apache starts fine. My config test shows no errors. But when I try to connect to the server through ssl, in all browsers I get ERR_CONNECTION_REFUSED. I don't believe its an SSL issue but maybe a firewall. I don't know as im unfamiliar with CENTOS, Any ideas?
I host several websites with Dreamhost. Today, I shelled into my main user account and found a few dozen .txt files at the top level of my main user account that looked incredibly suspicious. They are named `logins.1234567890.txt` (the numerical portion being uniquely generated, it appears) and contain csv's showing apparent logins under this main username, including IP addresses and (variably) times/dates of the login. Most of them are my IP, but several are not, and some come from locations both near my home and business as well as outside the US (Canada was the only one I've seen so far).

Here's what I've found:

The files are generated at around the same time every week since last June (yeah, this is the first time I've noticed them – I'm not a frequent shell user). They appear to show logins with IP addresses and number of logins, along with dates and/or times. More often than not, it's my IP address, but sometimes it shows others.

Below I peeked inside a few of the files (with ls -l) to find out when they were created, in the order in which they appeared:

myuser@my_dreamhost_server:~$ ls -l logins-1554572892.txt
-r-------- 1 myuser pg17700 234 Apr  6 10:55 logins-1554572892.txt
ladot@ds11468:~$ ls -l logins-1553969843.txt
-r-------- 1 myuser pg17700 180 Mar 30 11:24 logins-1553969843.txt
ladot@ds11468:~$ ls -l logins-1553364634.txt
-r-------- 1 myuser pg17700 180 Mar 23 11:17 logins-1553364634.txt
ladot@ds11468:~$ ls -l logins-1552759601.txt

Open in new window

refer to attached:

are they affecting Apache httpd (ie web servers) 2.4.x  only
& other lower versions (eg: our Solaris 10's  Apache/2.0.63
is said to have been patched by our admin but I'm not sure)?

So versions 2.4.x running on Windows are not affected?

Can point me to where to get the patches for RHEL7/RHEL6
in Red Hat support portal??

I recently had an internal security scan and it highlighted access to Tomcat manager web app is possible using default credentials,
I have found the tomcat-users.xml file that contains the below, can I just change the password or will this stop something working?

- <tomcat-users>
  <role rolename="tomcat" />
  <role rolename="role1" />
  <role rolename="manager" />
  <role rolename="admin" />
  <user username="tomcat" password="tomcat" roles="tomcat" />
  <user username="both" password="tomcat" roles="tomcat,role1" />
  <user username="role1" password="tomcat" roles="role1" />
  <user username="admin" password="admin" roles="admin,manager" />
error when using dom pdf to generate pdf files from php records:
Unable to stream pdf: headers already sent

I have tried all the typical suggested solutions for this but I still get the error
I haven't posted any code yet because I am unsure of exactly what to post
I initially post this error in case anyone has a suggestion of whet the error is actually telling me / doing in terms of code
I am pretty sure it used to work on my server but I have not visited my code for some time so I just cannot remember if anything has changed
In my .htaccess file, there are references to favicon. I want to delete my graphics folder. Is it of to move any favicon files to the root of my site, not inside a folder?

#do things different on prod
<IfDefine prod>
RewriteRule ^favicon\.ico$ /graphics/live_favicon.ico [L]
<IfDefine !prod>
RewriteRule ^favicon\.ico$ /graphics/test_favicon.ico [L]

and where is "prod" defined? Is that an Apache thing? Sorry for the newbness, Im taking over for a departed employee and trying to sort things out.
Hi all

I would like to display a certain path in the URL but actually server content from another path. How can I achieve the following using my .htaccess Apache file please?

I want to have a URL with the word attachments

but actually serve the content located at /images/plots/

Thanks in advance, Neil

I have changed part of  an old Drupal Site to a Wordpress site in a subdomain.  

The main part of the Drupal site still exists, I have just taken the shopping cart portion and built it in a Wordress, which sits in a subdomain

I am trying to redirect the old product pages ot the new ones, but my htaccess code is ignored..

Options +FollowSymLinks
RewriteEngine on

Redirect 301  /cgi-bin/commerce.cgi?preadd=action&key=A30-E https://resources.beststart.org/a30-e-risks-of-cannabis/

Open in new window

I have tried writing the redirect a few ways, all are ignored..  Redirect, RedirectMatch 301, redirectPermanent, etc.

I do have a lor of products as well, it would be good if I could do a wildcard for all /cgi-bin/commerce.cg*
I want any request that goes to mysite.com/index.html to be 301 redirected to mysite.com

Will the following mod_rewrite work in my htaccess file, is it comprehensive enough, and where would it need to be placed in the file?

RewriteCond %mysite.com/index.html HTTP [NC]
RewriteRule (.*)index.html$ /$1 [R=301,L]

Apache Web Server





The Apache HTTP Server is a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. Typically Apache is run on a Unix-like operating system, but it is available for a wide variety of operating systems, including Linux, Novell NetWare, Mac OS-X and Windows. Released under the Apache License, Apache is open-source software.