Apache HTTP Server – The Most Widely Used Web Server Software

What is Apache HTTP Server?

Apache HTTP Server, commonly known as Apache, is the world’s most widely used web server software. Developed and maintained by the Apache Software Foundation, this open-source software has powered the web since 1995, serving everything from personal blogs to enterprise applications and high-traffic websites.

Apache processes HTTP requests from web browsers and returns web pages, handling the critical connection between users and web content. Its modular architecture allows extensive customization through loadable modules that add functionality like SSL/TLS encryption, URL rewriting, authentication, caching, and support for dynamic content through PHP, Python, and other languages.

The server’s flexibility, reliability, and extensive documentation have made it the foundation of the LAMP stack (Linux, Apache, MySQL, PHP) that powers millions of websites worldwide. Despite competition from newer alternatives like Nginx, Apache remains the preferred choice for many administrators due to its feature richness and .htaccess support.

Key Features and Capabilities

Modular Architecture

Apache’s modular design allows administrators to enable only the features they need, optimizing resource usage and security. Core modules handle essential HTTP functionality, while additional modules provide SSL, compression, caching, authentication, URL manipulation, and much more.

Virtual Hosting

Apache supports both name-based and IP-based virtual hosting, allowing multiple websites to run on a single server. This capability is essential for shared hosting environments and organizations managing multiple domains.

.htaccess Support

Per-directory configuration through .htaccess files enables decentralized management of web server settings. Users can customize URL rewrites, access controls, and other settings without requiring server-wide configuration changes or administrative access.

URL Rewriting

The mod_rewrite module provides powerful URL manipulation capabilities essential for SEO-friendly URLs, redirects, and complex routing rules. Regular expression support enables sophisticated pattern matching and transformation.

Authentication and Authorization

Built-in authentication modules support various methods including basic, digest, and form-based authentication. Integration with LDAP, databases, and external providers enables enterprise-grade access control.

SSL/TLS Support

The mod_ssl module enables HTTPS connections with support for modern TLS protocols, certificate management, and configuration options for optimal security and performance.

System Requirements

Minimum Requirements

Apache runs on minimal hardware—any system with 50 MB disk space and 64 MB RAM can host Apache. Production servers typically need more resources based on traffic and application requirements, with memory being the primary scaling factor.

Operating System Support

Apache runs on virtually all operating systems including Linux distributions, Windows Server, macOS, FreeBSD, Solaris, and other Unix variants. Linux remains the most common deployment platform.

Installation Guide

Installing on Ubuntu/Debian

# Update package index
sudo apt update

# Install Apache
sudo apt install apache2

# Start Apache
sudo systemctl start apache2

# Enable on boot
sudo systemctl enable apache2

# Check status
sudo systemctl status apache2

# Verify installation
curl http://localhost

# View Apache version
apache2 -v

Installing on RHEL/CentOS

# Install Apache (httpd)
sudo dnf install httpd

# Start Apache
sudo systemctl start httpd

# Enable on boot
sudo systemctl enable httpd

# Configure firewall
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

# Check status
sudo systemctl status httpd

Installing on macOS

# Apache is pre-installed on macOS
# Start Apache
sudo apachectl start

# Stop Apache
sudo apachectl stop

# Restart Apache
sudo apachectl restart

# Or install via Homebrew
brew install httpd
brew services start httpd

Installing on Windows

# Download Apache from apachelounge.com or Apache Haus
# Extract to C:\Apache24

# Install as service
cd C:\Apache24\bin
httpd.exe -k install

# Start service
httpd.exe -k start

# Or use XAMPP/WAMP for easier installation

Compiling from Source

# Install dependencies
sudo apt install build-essential libapr1-dev libaprutil1-dev libpcre3-dev libssl-dev

# Download source
wget https://dlcdn.apache.org/httpd/httpd-2.4.58.tar.gz
tar -xzf httpd-2.4.58.tar.gz
cd httpd-2.4.58

# Configure
./configure --prefix=/usr/local/apache2 \
    --enable-ssl \
    --enable-so \
    --enable-rewrite \
    --enable-deflate \
    --enable-expires \
    --enable-headers

# Compile and install
make
sudo make install

# Start Apache
/usr/local/apache2/bin/apachectl start

Configuration Files

File Locations

# Debian/Ubuntu
/etc/apache2/apache2.conf      # Main configuration
/etc/apache2/ports.conf        # Port configuration
/etc/apache2/sites-available/  # Virtual host definitions
/etc/apache2/sites-enabled/    # Enabled virtual hosts
/etc/apache2/mods-available/   # Available modules
/etc/apache2/mods-enabled/     # Enabled modules
/etc/apache2/conf-available/   # Additional configurations
/var/www/html/                 # Default document root
/var/log/apache2/              # Log files

# RHEL/CentOS
/etc/httpd/conf/httpd.conf     # Main configuration
/etc/httpd/conf.d/             # Additional configurations
/etc/httpd/conf.modules.d/     # Module configurations
/var/www/html/                 # Default document root
/var/log/httpd/                # Log files

Basic Configuration Directives

# Server identification
ServerName www.example.com:80
ServerAdmin admin@example.com
ServerRoot "/etc/apache2"

# Document root
DocumentRoot "/var/www/html"

# Directory permissions

    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted


# Listen on ports
Listen 80
Listen 443

# Log configuration
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
LogLevel warn

# Performance settings
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5

Virtual Host Configuration

Name-Based Virtual Hosts

# /etc/apache2/sites-available/example.com.conf

    ServerName example.com
    ServerAlias www.example.com
    DocumentRoot /var/www/example.com/public_html
    
    
        Options -Indexes +FollowSymLinks
        AllowOverride All
        Require all granted
    
    
    ErrorLog ${APACHE_LOG_DIR}/example.com-error.log
    CustomLog ${APACHE_LOG_DIR}/example.com-access.log combined


# Enable site (Debian/Ubuntu)
sudo a2ensite example.com.conf
sudo systemctl reload apache2

SSL Virtual Host

# /etc/apache2/sites-available/example.com-ssl.conf

    ServerName example.com
    DocumentRoot /var/www/example.com/public_html
    
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/example.com.crt
    SSLCertificateKeyFile /etc/ssl/private/example.com.key
    SSLCertificateChainFile /etc/ssl/certs/chain.crt
    
    # Modern SSL configuration
    SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
    SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256
    SSLHonorCipherOrder off
    
    
        Options -Indexes +FollowSymLinks
        AllowOverride All
        Require all granted
    
    
    Header always set Strict-Transport-Security "max-age=31536000"


# Force HTTPS redirect

    ServerName example.com
    Redirect permanent / https://example.com/

Module Management

Common Module Commands

# Debian/Ubuntu - Enable module
sudo a2enmod rewrite
sudo a2enmod ssl
sudo a2enmod headers
sudo a2enmod expires
sudo a2enmod deflate
sudo a2enmod proxy
sudo a2enmod proxy_http

# Disable module
sudo a2dismod autoindex

# List enabled modules
apache2ctl -M

# RHEL/CentOS - modules in conf.modules.d/
# Comment/uncomment LoadModule lines in config files

Essential Modules

mod_ssl        - SSL/TLS support
mod_rewrite    - URL rewriting
mod_headers    - HTTP header manipulation
mod_deflate    - Compression
mod_expires    - Cache control
mod_security   - Web application firewall
mod_proxy      - Reverse proxy
mod_cache      - Caching
mod_auth_basic - Basic authentication
mod_php        - PHP processing

URL Rewriting with mod_rewrite

Basic Rewrite Rules

# Enable rewrite engine
RewriteEngine On

# Force HTTPS
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# Force www
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [L,R=301]

# Remove trailing slash
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]

# Pretty URLs (remove .php extension)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([^\.]+)$ $1.php [NC,L]

# WordPress permalinks
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# Block specific IPs
RewriteCond %{REMOTE_ADDR} ^123\.456\.789\.
RewriteRule .* - [F]

# Redirect old URLs to new
RewriteRule ^old-page\.html$ /new-page [R=301,L]

.htaccess Configuration

Common .htaccess Rules

# Prevent directory listing
Options -Indexes

# Custom error pages
ErrorDocument 404 /errors/404.html
ErrorDocument 500 /errors/500.html

# Protect .htaccess

    Order allow,deny
    Deny from all


# Block sensitive files

    Order allow,deny
    Deny from all


# Enable compression

    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
    AddOutputFilterByType DEFLATE application/javascript application/json


# Set caching headers

    ExpiresActive On
    ExpiresByType image/jpg "access plus 1 year"
    ExpiresByType image/jpeg "access plus 1 year"
    ExpiresByType image/png "access plus 1 year"
    ExpiresByType image/gif "access plus 1 year"
    ExpiresByType text/css "access plus 1 month"
    ExpiresByType application/javascript "access plus 1 month"


# Security headers

    Header set X-Content-Type-Options "nosniff"
    Header set X-Frame-Options "SAMEORIGIN"
    Header set X-XSS-Protection "1; mode=block"


# Password protection
AuthType Basic
AuthName "Restricted Area"
AuthUserFile /path/to/.htpasswd
Require valid-user

Authentication Setup

Basic Authentication

# Create password file
htpasswd -c /etc/apache2/.htpasswd username
htpasswd /etc/apache2/.htpasswd another_user

# Configure in VirtualHost or .htaccess

    AuthType Basic
    AuthName "Restricted Content"
    AuthUserFile /etc/apache2/.htpasswd
    Require valid-user


# Allow specific users
Require user admin john

# Allow group
AuthGroupFile /etc/apache2/.htgroups
Require group admins

Performance Optimization

MPM Configuration

# Prefork MPM (default for mod_php)

    StartServers             5
    MinSpareServers          5
    MaxSpareServers         10
    MaxRequestWorkers      150
    MaxConnectionsPerChild   0


# Event MPM (recommended for performance)

    StartServers             3
    MinSpareThreads         75
    MaxSpareThreads        250
    ThreadsPerChild         25
    MaxRequestWorkers      400
    MaxConnectionsPerChild   0

Caching Configuration

# Enable caching modules
sudo a2enmod cache
sudo a2enmod cache_disk

# Configure disk cache

    CacheRoot /var/cache/apache2/mod_cache_disk
    CacheEnable disk /
    CacheDirLevels 2
    CacheDirLength 1
    CacheMaxFileSize 1000000
    CacheMinFileSize 1

Security Hardening

Security Best Practices

# Hide Apache version
ServerTokens Prod
ServerSignature Off

# Disable TRACE method
TraceEnable off

# Limit request size
LimitRequestBody 10485760

# Timeout settings
Timeout 60
RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500

# Disable unnecessary modules
# Comment out LoadModule lines for unused modules

# Restrict root directory

    Options None
    AllowOverride None
    Require all denied


# Only allow specific methods

    
        Require all denied
    

Logging and Monitoring

Log Configuration

# Access log formats
LogFormat "%h %l %u %t \"%r\" %>s %b" common
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%{X-Forwarded-For}i %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" proxy

# Conditional logging
SetEnvIf Request_URI "^/health$" dontlog
CustomLog ${APACHE_LOG_DIR}/access.log combined env=!dontlog

# Separate error log
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn

# Debug logging for specific module
LogLevel rewrite:trace3

Log Analysis

# View recent access
tail -f /var/log/apache2/access.log

# Count requests by IP
awk '{print $1}' /var/log/apache2/access.log | sort | uniq -c | sort -rn | head -20

# Find 404 errors
grep " 404 " /var/log/apache2/access.log

# View error log
tail -100 /var/log/apache2/error.log

Apache Management Commands

Service Control

# Start/Stop/Restart
sudo systemctl start apache2
sudo systemctl stop apache2
sudo systemctl restart apache2
sudo systemctl reload apache2

# Or using apachectl
sudo apachectl start
sudo apachectl stop
sudo apachectl restart
sudo apachectl graceful

# Test configuration
sudo apachectl configtest
sudo apache2ctl -t

# Show compiled modules
apache2 -l

# Show all loaded modules
apache2ctl -M

# Show Apache version
apache2 -v

Conclusion

Apache HTTP Server remains a cornerstone of web infrastructure, offering unmatched flexibility and extensive feature sets through its modular architecture. Its support for .htaccess files, comprehensive documentation, and wide community support make it accessible for beginners while providing the depth needed for complex enterprise deployments.

Whether serving static content, running PHP applications, or acting as a reverse proxy, Apache’s proven reliability and extensive configuration options continue to make it an excellent choice for web server needs.