Apache Server : A Complete Beginner’s Guide

There are several types of web servers on the market and among them is Apache, one of the oldest servers

Although new, more modern and efficient alternatives have emerged in recent years, Apache continues to be a reference server.

Statistically, Apache covers 33.7% of the top 1000 sites, just behind Nginx with its 38.8%

It is widely used in Unix-like operating systems, and can be used on almost all platforms such as Windows, OS X, OS/2, etc

In this detailed guide, we will see:

  • What Apache is precisely;
  • Its importance;
  • How it works;
  • Its advantages and disadvantages;
  • Difference between it and other Web servers on the market;
  • Its installation and configuration ;
  • etc.

Let’s start!

Glossary

Chapter 1: What is the Apache server and how does it work?

1.1) What is Apache and what does it do?

The Apache server is one of the most powerful free Web servers on the market. It was created in 1995 by Rob McCool, then an employee of NCSA

According to the statistics of W3techs, its use is 31.5% of all websites for which the server is known

Serveur Apache Guide Complet (2)

This is the core technology of theApache Software Foundationit is the core technology of the Apache platform, responsible for more than a dozen projects involving :

  • Web transmission technologies
  • Data processing;
  • And the execution of distributed applications

Why Apache? The word, Apache, was taken from the name of the American Native TribeApache “, famous for its skills in warfare and strategy.

Apache Http server

Initially, it was just a group of patches for the NCSA HTTPd web server, which the author then completely replaced by rewriting all the original code.

In short, Apache is an open source HTTP Web server developed and maintained by a community of users around theApache Software Foundation. It is used to respond to content requests from Web clients (browsers).

Base de donnees Client Serveur

Currently and since 1996, it is the most used free Web server in the world because of its security and stability.

In addition, most web hosting companies work with Apache servers.

1.1.1. What is a web server?

A web server is a program that processes and returns information when a user makes a request

Requete et Reponse serveur web

In other words, it hosts websites on one or more servers and displays the content (websites) of the server via client software (a browser).

Most servers are Linux-compatible. The most important Linux Web servers are Apache and NGINX.

1.1.2. What is the biggest challenge of a Web server?

The files that servers process are written in different languages

  • Python
  • Java
  • PHP
  • Etc.

When a user wants to load a page from a website, his browser sends a request to the server, and Apache returns a response with all the requested files:

  • Text
  • Images;
  • Videos
  • Etc.

In short, the server provides the pages requested by different users and guarantees a correct and secure communication. The server and the client communicate via the HTTP protocol

1.2) How does an Apache server work?

The main functionality of this web service is to provide users with all the files needed to view the web. The users’ requests are usually made via a browser:

  • Chrome
  • Firefox
  • Safari;
  • Etc.

Apache ensures that the communication between the web server and the web client (user requesting the information) is smooth and consistent.

Thus, when a user makes an HTTP request via the browser to enter a specific website or URL, Apache returns the requested information via the HTTP protocol.

For example, when a user writes twaino.com in his browser, this request will reach our Apache server, which will provide the texts, images, styles… via the HTTP protocol.

Fonctionnement d un serveur apache

In addition, Apache allows you to apply a high level of customization through its modular system.

In fact, the server has a structure module-based that allows you to enable and disable various features like

  • security modules like mod_security
  • caching modules like Varnish;
  • or header customization modules like mod_headers.

These Apache modules should be used with caution as they can affect the security and functionality of the web server. (We’ll see more details on Apache modules below).

Apache also allows you to customize your hosting’s PHP settings through the .htaccess file.

1.3. Some features of Apache

It is a web server with support for HTTP/1.1 and later HTTP/2.0 according to RFC 7540

caractéristiques de Apache (1)

It was one of the first servers to support VirtualHost (also known as virtual site) for domains and IPs following the normal RFC 2616 standard

Caractéristiques de Apache (1)

This allows multiple domains to be hosted on the same server with the same IP, something that today seems basic but in the 90s was a revolution.

Among the main features of Apache, we find the following:

  • It is free and open source;
  • Easy to install and configure;
  • Highly extensible and adaptable thanks to modules;
  • Built-in features for user authentication and validation;
  • Support for languages such as Perl, PHP and Python.

Chapter 2: What are the advantages and disadvantages of Apache?

2.1. Advantages of Apache

Some of the advantages that we can find in an Apache server are the following:

  • Support: It is one of the most used servers for more than two decades, so behind it there is a very large community accompanied by extensive documentation.
  • Cross-platform: It runs on both Microsoft Windows, Unix/Linux and Mac, making it an excellent service for both a server and a development environment on any workstation.
  • Features: It contains a large number of official and third-party modules that allow you to extend the functionality of the server.
  • Simplicity: It is one of the simplest servers to install and configure, especially in Linux distributions where it is part of the repositories of each distribution. In the case of Windows, it can be found packaged with the MySQL server and PHP in a single installer which makes installation much easier.
  • Security: Apache has built-in features to secure the software with Authorization and Authentication modules and Access Control functions, as well as support for SSL/TLS certificate encryption.
  • It has a large community of developers around the world, who help improve the software, as the original source code is freely available for viewing;
  • Module-based structure;
  • It is open source and free;
  • High level of security through constant updates;
  • Customization via independent .htaccess in each hosting;
  • Compatible with the main CMS, online stores and e-learning platforms;
  • It is one of the oldest web servers on the market, therefore super reliable;
  • Allows you to enable and disable features;
  • Easy to use for beginners.

2.2 Disadvantages of Apache

Here are the two disadvantages of Apache:

  • Performance can be affected on high traffic pages, especially after 10,000 connections;
  • If the modules are not used properly, security holes can be generated.

The only notable drawback is the poor performance compared to other alternatives on the market that are faster and able to handle much more traffic with the same resources.

Chapter 3: Differences Between Apache and Other Major Web Servers

3.1. Apache versus Nginx

Although NGINX is relatively young (born in 2004), it has become popular very quickly because of the advantages it offers in handling high traffic of more than 10,000 connections at a time.

Source: Apache Vs NGINX – Which Is The Best Web Server for You?

It can be defined as an application for Web servers. It was mainly designed to solve the problem that some servers like Apache had: Owners of sites with a lot of traffic were having performance difficulties.

NGINX allows all requests to a Web site to be made in a single process and provides better scalability.

For this reason, it is used by international brands such as Netflix, Airbnb, Pinterest or Wikipedia

In short, for high-traffic websites, NGINX is what you need and for sites with fewer visits, Apache is ideal.

To provide a high-performance web service in terms of connection, some servers have an Apache and Nginx configuration running in parallel.

3.1.1. The differences between Nginx and Apache

The American server Apache and the Russian Ngnix have been fighting and gaining ground in the world of web hosting. They are two of the most used resources for managing thousands of websites on local servers.

And although both servers serve the same purpose of keeping the world connected, it is worth reviewing what their most important differences are and here you will learn more about them.

3.1.1.1 They have a different structure and scope

The Apache web server has a simple software structure, is open source and processes a user request via HTTP or HTTPS, one at a time.

On the other hand, Ngnix is more robust, open source and suitable for all types of websites and web traffic, as it can handle a large number of parallel connections from the work process.

3.1.1.2. Apache utility for shared hosting

One feature of Apache, unlike Nginx, is that the customer can choose the configuration of his web site on the server without affecting the others, or changing the overall server layout in shared hosting.

The above function is possible from .htaccess files, with which each directory of the web page can be configured independently.

Although this is a great advantage, this flexibility in configuration can affect the performance of the server when it receives a large number of requests.

3.1.1.3. Compatibility of the two servers

Apache is highly compatible with Linux, Windows and the most commonly used CMS for creating and managing websites such as WordPress and Joomla.

On the other hand, Nginx still does not achieve ideal synchronization with Windows, but it is also compatible with popular content managers and the Python programming language.

3.1.1.4. Apache and Nginx facilitate the web-user relationship

Web servers have come to us to facilitate the exchange of information

If we look at it from a more specific point of view, they allow pages to achieve their goals by maintaining a loading speed that allows the user to quickly get what he is looking for.

There is no doubt about the usefulness of Web servers, Apache and Nginx are valuable

3.1.1.5. Other differences
  1. CPU and memory usage is consistent on Nginx even under heavy loads compared to Apache.
  2. Apache uses conventional file-based methods to handle static content and dynamic content by integrating the language renderer, while Nginx lacks the ability to render dynamic content natively.
  3. Apache allows additional per-directory configuration by evaluating and interpreting directives in hidden files called .htaccess, while Nginx does not allow additional per-directory configuration by evaluating and interpreting directives.
  4. Apache interprets .htaccess while Nginx does not interpret .htaccess
  5. Requests are served faster by Nginx than by Apache.
  6. The security level is high in Nginx compared to Apache, because Nginx does not allow distributing access to directory-level settings to an individual user.
  7. Apache was designed as a web server, while Nginx was designed as a web server as well as a proxy server.
  8. In Apache, modules are loaded and unloaded dynamically, but in Nginx, modules are not loaded dynamically.
  9. In Nginx, modules are selected and then compiled into the main software, while in Apache, this is done dynamically.

Now that their differences stand out, it’s up to you to decide which one is right for the type of project you want to set up.

3.2. Apache versus Tomcat

Tomcat (Apache tomcat) is a sub-project of the Apache Foundation and is a project at the same level as the Apache server (i.e. httpd)

 Apache Tomcat

Tomcat is intended exclusively for Java applications.

In terms of similarity between the two, we have :

  • They are developed by the Apache organization;
  • They have the function of HTTP service;
  • They are open source and free.

In terms of distinction, we have

1. Tomcat is special in that it is also a Java web container and can handle JSPs, while Apache usually comes with PHP and cannot handle JSPs.

2. Apache only allows static web pages and requires Tomcat to handle dynamic web pages like Jsp. Tomcat can also be used for static pages but in some cases it is less efficient than Apache .

3. It cannot be configured as simply as Apache.

4. Apache and Tomcat integration:

  • – If the client requests a static page, only the Apache server must answer the request;
  • – If the client requests a dynamic page, the Tomcat server answers the request.

5. Apache and Tomcat are independent and can be integrated in the same server.

6. Apache is implemented in the C language and supports various features and modules to extend the basic functionality. Tomcat is written in Java and is better suited for Servlet and JSP.

7. Apache is a web server (static parsing, like HTML), tomcat is a Java application server (dynamic parsing, like JSP).

8. Tomcat is just a servlet container, which can be considered as an extension of apache, but can work independently of apache.

9. Apache is an ordinary server, which only supports HTML web pages, i.e. normal web pages. In contrast, Tomcat is a jsp/servlet container, and it also supports HTML, JSP, ASP, PHP, CGI, etc.

10. Apache focuses on the HTTP server and Tomcat on the servlet engine

11. Unlike Tomcat, Apache can run for a year without restarting, and the stability is very good.

3.3. Apache versus LiteSpeed

Many modern server solutions use an existing technology as a base to build on. This is exactly the case with LiteSpeed.

LiteSpeed

LiteSpeed Web Server (LSWS) was first released in 2003 and was marketed as a replacement for Apache

It has the ability to read Apache configuration files, execute the same commands and fully integrate with all control panels such as cPanel, Plesk and DirectAdmin.

The main improvements were in performance and scalability.

Although LiteSpeed was intended to replace Apache, it does not use the same code base. In fact, its event-driven architecture makes the solution much more similar to Nginx

The software uses predictive mechanisms to handle incoming traffic spikes and lighten the load on the server.

Now it’s time to compare LiteSpeed vs Apache and find out which one is better:

  1. Popularity – LiteSpeed vs Apache – Winner: Apache

There could be only one winner for this factor. After all, Apache was already conquering the market. When LiteSpeed arrived, its competitor was already powering over 50% of all websites.

In fact, the percentage varies depending on the third-party source you are looking at.

According to Netcraft’s April 2020 report, Apache has already lost the top spot to Nginx, now holding only 25% of the market share

On the other hand, web survey giant W3Techs tells a different story. Their recent report on usage statistics shows that Apache is still king, ruling 39% of the Internet. Nginx is second with 31.9% and LiteSpeed is in 5th place, responsible for 6.4% of online sites.

Therefore, it is clear that the winner here is Apache.

  1. Performance (static content) – LiteSpeed vs Apache – Winner: LiteSpeed

Due to its asynchronous architecture, LiteSpeed is much more flexible with higher traffic and concurrent connections

It uses an intelligent caching methodology in which the system caches compressed files instead of creating a new request every time the user tries to view them.

In this way, LSWS is able to increase PHP server performance by 50%, eventually making it up to six times faster than Apache for static content.

There is another advantage: LiteSpeed works wonders when it comes to compressing pages. This way, each new request is not only served faster, but also uses less RAM.

Therefore, LiteSpeed lives up to its name.

Source: 8 Types of Web Hosting Services Explained + Infographic (sitesaga.com)
  1. Performance (dynamic content) – LiteSpeed vs Apache: Equality

Most websites today are dynamic. They use server-side scripts, which determine how the server handles requests from different users.

Content Management Systems (CMS) are tools often used to create dynamic content: WordPress, Magento, Joomla, Drupal… it is very likely that your site uses a CMS solution

However, there is no clear winner when you put LiteSpeed’s performance to the test against Apache.

You can easily pre-configure it with modules like FastCGI and PHP-FPM. This way it will be able to handle higher loads and speed up your pages in a multi-user PHP environment.

LSWS is just as good, and benchmarks have confirmed this notion. Apache offered slightly better raw speed, but LiteSpeed’s advanced page compression gave it a slight advantage for larger websites.

  1. Operating System Support – LiteSpeed vs Apache – Winner: Apache

The operating system is another crucial element in the configuration of your website. Linux servers are still the dominant solution in the field of web hosting. Therefore, Unix-like operating systems are a natural choice

In this regard, it wouldn’t make much difference which web server you use.

Apache is compatible with all versions and instances of the Linux operating system

  • Fedora;
  • Ubuntu;
  • RedHat
  • Etc

And since LiteSpeed uses Apache as a base… well, you can connect the dots.

For Windows users, things change.

While Apache is fully optimized for Windows instances, LiteSpeed is not operating system friendly. According to the developers, Windows systems are quite different from Unix-like solutions and require many adjustments to the existing configuration.

Here Apache wins the duel.

  1. Security – LiteSpeed vs Apache – Winner: LiteSpeed

the security aspect should never be neglected. Cybercrime reports show a staggering 600% increase in online attacks since 2017, causing an estimated $500 billion in losses to the global economy.

Apache comes with everything you need to secure a web server. You can apply security rules, block user access or remove unnecessary modules

Moreover, Apache tries to follow the latest server security standards, frequently releasing vulnerability patches and security optimizations.

Nevertheless, you need some knowledge of administration and reconfiguration. LiteSpeed provides high-level protection for the website from the start

It supports Apache’s mod_security rules, so you can expect the same enhanced server defenses.

However, there are some things LiteSpeed excels at, and one of them is certainly protection against brute force and other DDoS attacks

In a simulated test, LSWS easily handled the same number of server requests that previously caused Apache to crash.

Every little bit counts, and LiteSpeed will have to win this one.

  1. Support – LiteSpeed vs Apache – Winner: LiteSpeed

Comparing LiteSpeed’s web server to Apache’s in terms of support, both solutions maintain detailed documentation for anyone interested in self-help

Naturally, the guides are a bit more technically oriented, but even a novice user can find enough learning material.

Still, LiteSpeed seems to have a better organized community. In addition to dedicated forums, LSWS users have their own groups on Slack and Facebook, where optimization tips are often discussed or customer problems solved.

As for live technical support, Apache simply does not have any. The software is open source, so the community is your best option for live support

In comparison, LiteSpeed is a commercial product, so they duly offer dedicated support. You can easily submit a help ticket from your user area, and operators are generally helpful.

You can even opt for premium support with LiteSpeed and get services such as:

  • Installing modules
  • Configuration of DDoS packages;
  • Or removal of blacklists.

Of course, these services can be quite expensive. For example, $999 per year for server management seems too expensive for a start-up or a small business. But if you don’t have an IT person and can afford it, the experts at LSWS may be just what you’re looking for.

LiteSpeed wins this round because of the wide variety of support options and dedicated assistance it offers.

  1. Prize – LiteSpeed vs Apache – Winner: Apache

Apache already has the upper hand here. The software has always been distributed for free, which is one of the reasons why it is such a popular solution for web server management.

As a proprietary platform, LiteSpeed is a paid product, with prices ranging from $10/month to $92/month at higher levels. There is also a free version, but it is quite limited: it can only support one domain and gives about 2 GB of RAM.

In the end, if price is your main selling point, free (Apache) will always beat paid (LiteSpeed).

3.4. Apache versus Lighttpd

About 10 years ago (while Nginx was still in its infancy), Lighttpd was a lightweight alternative server to Apache, as it better supported simultaneous connections of thousands of users.

 Lighttpd

Source: Wikipedia

Lighttpd is a software written in C by Jan Kneschke, distributed under BSD license and available for Unix and Linux.

One of the features of the web server is that it consumes very little RAM and CPU resources. This makes it particularly useful for VPS or Dedicated servers with low resources.

It supports communication and integration with FastCGI, SCGI and CGI. Therefore, it is able to respond to page requests made in any programming language.

One of the disadvantages of lighttpd is that it does not support .htaccess, as well as the fact that it lacks comprehensive documentation and a massively adopted community, unlike its rivals Apache and Nginx.

Here are 7 main differences between Apache and Lighttpd servers:

  1. Nginx and Lighttpd are probably the two most well-known asynchronous servers, and Apache is by far the most well-known process-based server.
  2. Most tests show that there is an inherent performance gain in using Lighttpd over Apache.
  3. Apache supports CGI and FastCGI. It is tested and its implementation has not changed for years. You can find documents that are over ten years old and still valid. Lighttpd supports CGI and FastCGI via the module.
  4. Lighttpd supports X-Sendfile since version 1.5. Apache 1 does not support X-Sendfile. For Apache 2 there is a third party module.
  5. URL rewriting in Apache can be handled in a configuration (at site level) or via a replacement in the .htaccess state. In Lighttpd, you are limited to rewriting only via the configuration level, which means that for platforms like WordPress, you’ll have to hard code following the format rewrite rule.
  6. Lighttpd is distributed under the terms of the revised BSD license. This licensing option greatly reduces collaborative friction between Lighttpd code and code from other projects distributed under other licenses. Apache uses the Apache 2.0 license of the same name, which is sometimes considered “permissive” in the sense that it is an open source license that is not a copyleft license.
  7. Installing PHP is not as easy in Lighttpd as in Apache because there is no module for it.

3.5. Apache versus IIS

IIS(Internet Information Services – formerly called Internet Information Server) is a web server created by Microsoft for its server operating systems

Microsoft IIS

Although it is a proprietary system, it relies on several publicly available protocols, including:

  • The Hypertext Transfer Protocol (HTTP)
  • The Simple Mail Transfer Protocol (SMTP);
  • And the file transfer protocol (FTP)

Its first version was introduced with Windows NT Server version 4 and has undergone several updates. Currently, the most recent version is IIS 10 (only available on Windows Server 2019)

After the launch of the .NET platform in 2002, IIS also acquired the role of managingASP.NET

Microsoft ASP NET

ASP.NET, like its direct competitor JSP, is compiled before execution. This feature has advantages over interpreted options such as ASP and PHP.

Now, which one to choose?

Apache and IIS both have their advantages and disadvantages

  • IIS comes with Windows but Apache does not have high profile enterprise support
  • Apache has excellent security but does not offer the excellent .NET support of IIS
  • Apache is free and IIS is not free;
  • Language modules are easier to install on IIS because you just need to run the installer;
  • IIS comes with the ASP library, ready to run scripts that use the language, while with Apache, the user has to install the appropriate packages;
  • Etc

The final choice may well be defined by the solution that best meets your unavoidable needs

The following summary table can also help you:

Caracteristique IIS vs Apache

Here is a short list of sites and their web servers:

 Liste de sites et leur serveur

3.6. Apache versus Caddy

Caddy is an open source web server platform designed to be simple, easy to use and secure

Written in Go with no dependencies, Caddy is easy to download and works on almost any platform that Go compiles on.

Caddy

By default, Caddy supports automatic HTTPS by provisioning and renewing certificates via Let’s Encrypt. Unlike Apache, Caddy provides these features out of the box, and it also comes with automatic redirection of HTTP traffic to HTTPS.

Compared to Apache, Caddy’s configuration files are much smaller. In addition, Caddy runs on TLS 1.3, the latest standard for transport security.

In terms of performance, Caddy has proven to be competitive with Apache (but behind Nginx) both in terms of requests processed per second and load stability.

Another possible disadvantage of Caddy is that it currently holds a small market share, which may limit resources for troubleshooting

Chapter 4: Apache Installation and Configuration

4.1 Installing and Configuring the Apache Server: Short Video Tutorials

To help you see everything clearly, we have selected a few short, self-explanatory tutorial videos for the installation and configuration of the Apache HTTP Server:

  • Tutorial to Install and configure Apache Web Server on Windows 10
  • Tutorial to install and configure Apache on Linux:
  • Tutorial to install and configure the Apache web server in Ubuntu Linux (for beginners)

4.2. Starting Apache

Use the following commands:

  • To start the Apache service

sudo service apache2 start

  • To check if the Apache configuration is valid and to reload

sudo apache2ctl configtest

sudo service apache2 reload

  • To list the available Apache HTTP Server modules

/etc/init.d/apache2 -l

4.3. Configuring Apache via .htaccess

Use the “.htacess” file to configure some of the Apache HTTP behaviors. A major application of this file is to redirect a URL to other URLs.

The following .htacess file redirects http://twaino.com to http://www.twaino.com. It also redirects access to a certain web page to another web page via a 301 redirect

Les redirections 301

The 301 redirect will tell search engines that this page has been moved and is the recommended method for moving web pages.

Here is an explicit video that can help you with the configuration of Apache via .htacess

4.4. Using modules on Apache Http

Apache Http supports the use of modules. To enable modules, use a2enmod + command. To enable the rewrite module for example, use a2enmod rewrite.

Here is a video that explains how to enable/disable modules in Apache2: https: //youtu.be/YkZC38HfOQU

4.5. Performance – Enable gzip compression

To optimize the download time of your web pages, you can enable gzip compression. This requires the Apache module“mod_deflate” which can be installed with the following command:

a2enmod deflate

sudo /etc/init.d/apache2 restart

Compression can be enabled in the default configuration file for this module located in /etc/apache2/mods-available/deflate.conf or via the file “.htaccess“.

# compress all text & html:

AddOutputFilterByType DEFLATE text/plain

AddOutputFilterByType DEFLATE text/html

AddOutputFilterByType DEFLATE text/xml

AddOutputFilterByType DEFLATE text/css

AddOutputFilterByType DEFLATE application/xml

AddOutputFilterByType DEFLATE application/xhtml+xml

AddOutputFilterByType DEFLATE application/rss+xml

AddOutputFilterByType DEFLATE application/javascript

AddOutputFilterByType DEFLATE application/x-javascript

[[Other Apache modules]] == Support for php and wordpress :

sudo apt-get install libapache2-mod-fcgid

sudo apt-get install php5-cgi

Then activate the corresponding modules:

sudo a2enmod fastcgi

sudo a2enmod proxy

# required for wordpress blog

sudo a2enmod rewrite

Chapter 5: How to secure the Apache Web server?

Securing your web server is very important, it means:

  • Prevent your confidential information from being displayed
  • Protecting your data;
  • And restricting access.

Here are 7 common things that can improve the security of your Apache web servers:

5.1. Hide Apache version and operating system information

Generally, Apache displays its version and operating system name in errors.

An attacker can use this information to launch an attack using publicly available vulnerabilities in the particular server or operating system version.

In order to prevent the Apache web server from displaying this information, you must modify the “ server signature ” option available in the apache configuration file. By default it is“ON“, you need to put it“OFF“.

You can also set“ServerTokens Prod” which tells the web server to return only Apache and to remove major and minor versions of the operating system.

Configuration Apache

Source : Unixmen

After changing the configuration file, you need to restart/reload your apache web server to make it effective.

5.2. Disable directory listing

If the root directory of your document does not have an index file, by default your apache web server will display the entire contents of the document’s root directory.

This feature can be disabled for a specific directory via the “options directive” option available in the Apache configuration file.

5.3. Disable unnecessary modules

It is recommended to disable all unnecessary modules that are not used. You can see the list of enabled modules available in your apache configuration file.

Many of the modules listed can be disabled like:

  • mod_imap
  • mod_include
  • mod_info
  • mod_userdir
  • mod_autoindex ;
  • etc

They are hardly used by production web servers.

Once you have removed the modules that are not useful, save the file.

Restart the Apache services with the following command:

/etc/init.d/httpd restart

5.4. Restrict access to files outside the Web root directory

If you want to make sure that files outside the web root directory are not accessible, you need to make sure that the directory is restricted with the“Allow” and“Deny” option in your web server configuration file.

Once you have restricted access outside the web root directory, you will not be able to access any files located in any other folder on your web server. You will therefore get a 404 return code.

5.5. Use mod_evasive to refute DoS attack

If you want to protect your web server against Dos (i.e. Denial of Service), you should enable the mod_evasive module

ModEvasive

This is a third-party module that detects the Dos attack and prevents it from doing as much damage as it would if it were to take its course

It could be downloaded here : Download the file here.

5.6. Use mod_security to improve apache security

This module works as a firewall for Apache and allows you to monitor the traffic in real time. It also prevents the web server from brute force attacks

modesecurity

The mod_security module can be installed with the default package manager of your distribution.

5.7. Limit the size of requests

Apache has no restrictions on the total size of the http request that could lead to a DoS attack. However, you can limit the request size of an Apache “LimitRequestBody” directive with the directory tag

The value can be set between 0 and 2 GB (i.e. 2147483647 bytes) depending on your needs.

Chapter 6: Modular architecture of the HTTP server

The server has a modular architecture consisting of :

  • a Core that supports the common basic functions
  • then a series of proprietary/third party modules that extend its functionality that can be enabled or disabled in an installation as needed.

Among the best known are auth_basic and mod_rewrite, which are the ones a programmer uses most. The list is actually much longer

The complete list of modules can be seen in the module index available in the Apache documentation:

Apache HTTP server project

Among the most important modules, we can find the MPM ( Multi-Processing-Module ) modules which define the internal architecture

The way the work is distributed can vary depending on the MPM module used:

  • Multi-processing prefork (mpm-prefork);
  • Multiprocessing worker (mpm-worker);
  • Multiprocessing event (mpm-event) ;
  • ITK multiprocessing (mpm-itk).

These multi-processing modules (also called MPM) are the ones in charge of processing HTTP requests, managing the processes and the different execution threads of the service.

The choice of the module is a crucial decision since it will determine whether or not the server will function properly, depending on the use you wish to give the server.

6.1. mpm_prefork

The default module used by the server for processing is mpm-prefork. This module opens different processes to organize the work

It is considered the safest because there are some configurations and modules that are not safe to use with thread processing

Therefore, it is safer to use the server with mpm-prefork which instead of opening threads opens independent processes.

Apache MPM prefork

Although security is gained, it is also the one that consumes the most resources since independent processes consume much more CPU and RAM memory than threads.

6.2. mpm_worker

This module has better performance than mpm-prefork. Its function is to open several processes as prefork, and each of them in turn opens different threads to respond to requests.

Basically, it has two drawbacks

  • The first is that it has a poorer error handling than prefork and in case of a thread failure, it can lose requests;
  • And the second is that not all available modules are safe to use in this mode.

For example, the easiest way to do PHP configuration in Apache is via mod_php, but this module cannot be used with Worker. Therefore, it must be replaced by an example of PHP-FPM

Statistiques Utilisateurs

The latter in turn adds an improvement in resource usage, both memory and CPU.

6.3. mpm_event

Event is quite similar to mpm-worker in that it is based on it. It focuses on improving persistent requests for which Worker is not so good.

Normally a connection will be closed if it doesn’t have more information. To re-transmit a new connection, it involves a round trip communication to establish some parameters.

Once the communication is established, it is much more efficient to keep the channel open. This is done throughKeep-Alive requests that facilitate keeping a connection open until the client or server decides to close it.

This is where Event outperforms Worker and for the rest they share the advantages as well as the disadvantages since Event is based on Worker only with the improvement of these requests.

6.4. mpm_itk

This is the most recent module and like Prefork (which works with child processes instead of threads), the main innovation of this module is that it allows you to assign each VirtualHost (each hosted domain) a user.

This way of separating sites with different users allows :

  • each site to have its own security permissions ;
  • and that the user processes cannot interact with each other, obtaining confidentiality and security of the data.

The same thing can be achieved with PHP-FPM where each site can work with its respective user

However, the configuration of each one is more cumbersome and involves more memory usage since there is a PHP-FPM process for each site.

Chapter 7: Other Questions About the Apache Server

7.1. What is Apache?

Apache2 HTTP Server is a web server that uses the http protocol. It is developed by the Apache Software Foundation (ASF). It is open source, cross-platform (works on different operating systems), free and downloadable. The project website is www.apache.org.

7.2. Why is Apache so popular?

Apache is open source, and as such, it is developed and maintained by a large group of global volunteers. One of the main reasons it is so popular is that the software can be downloaded and used by anyone for free.

In addition, the Apache web server is an easy to customize environment, it is fast, reliable and highly secure. This makes it a common choice for the best companies.

7.3. How do I know if my Apache server is working?

  1. Access your server using your favorite SSH client.
  2. Enter the following command: sudo service apache2 status.
  3. If Apache is running, you will see the following message Apache is running (pid 26874).

7.4. What does Apache include?

Apache has modules for :

  • Security ;
  • Caching;
  • URL rewriting;
  • Password authentication;
  • And so on

You can also adjust your own server settings via a file called .htaccess, which is an Apache configuration file.

7.5. How is the Apache server installed?

To install apache as a service :

  1. In the Windows menu, search for: cmd;
  2. Run cmd with administrator rights;
  3. Go to the \ apache : cd c:\Apache24\bin.
  4. Install the service with the instruction : httpd.exe -k install.
  5. Finally, start apache with the instruction : httpd.exe -k start.

7.6. How do I know if I am using Apache?

There are several ways to know the software used by our server, one of them is to use tools such as GTMetrix, Pingdom

The easiest way would be to analyze the website via Pingdom, from the File Requests section.

7.7. What communication port does the Apache web server use?

By default, the Apache HTTP server is configured to listen on port 80 for insecure web communications and on port 443 for secure web communications.

7.8. What are the versions of Apache?

There are currently three versions of Apache running: versions 2.0, 2.2 and 2.4. Previously, there was version 1.3 which is the best known and the one that meant the big expansion of the server.

7.9. How do I start, restart or stop the Apache server?

To start, stop or restart Apache as a web server, you just need to access the terminal of your server via ssh and execute one of the following commands:

  1. Start Apache: /etc/init.d/ apache2 start.
  2. Restart Apache: /etc/init.d/ apache2 restart.
  3. Stop Apache: /etc/init.d/apache2 stop . 5/5 – (3 votes)

7.10. how does Apache work?

As a web server, Apache is responsible foraccepting directory requests (HTTP) from Internet users and sending them the desired informationin the form of files and web pages

Most web software and code is designed to work with Apache’s functionality.

7.what is MySQL and PHP in Apache?

Apache is the web server that processes requests and serves web resources and content via HTTP

MySQL is the database that stores all your information in an easily searchable format.

PHP is the programming language that works with Apache to help create dynamic web content.

7.12. Can Nginx replace Apache?

Both solutions are capable of handling various workloads. Although Apache and Nginx share many qualities, they should not be considered entirely interchangeable.

7.13. Is Nginx the same as Apache?

The main difference between Apache and NGINX is their design architecture

Apache uses a process-oriented approach and creates a new thread for each request. NGINX, on the other hand, uses an event-driven architecture to handle multiple requests within a single thread.

In summary

As we have seen before, Apache is the Web server that thousands of hosting companies around the world work with.

It is ideal for small and medium-sized businesses that want to be present in the digital world. Very compatible with WordPress that allows you to work in a simple and orderly way.

I hope this guide has helped you weigh the pros and cons to make the right decision for your project!

Thanks for reading and see you soon!

Leave a comment