Apache Web Server Version

Posted on  by



The Apache HTTP Server—known as Apache web server or simply Apache—is considered the standard for general-purpose HTTP activities and services. It offers a wide range of modules to deliver optimum flexibility in support of URL rewriting, proxy servers, and granular access management and control. Apache is a popular choice among web developers because it uses CGI, embedded interpreters, and FastCGI to support server-side scripting. This allows for the rapid and effective execution and implementation of highly dynamic coding.

One of the first things to be taken care of is hiding the server version banner. The default Apache configuration will expose the server version. This information might help an attacker gain a greater understanding of the systems in use and potentially develop further attacks targeted at the specific version of the server. The following procedures help you install an Apache web server with PHP and MariaDB (a community-developed fork of MySQL) support on your Amazon Linux 2 instance (sometimes called a LAMP web server or LAMP stack). You can use this server to host a static website or deploy a dynamic PHP application that reads and writes information to a database.

  1. The level of version information given out by an Apache server can be configured by the ServerTokens setting in its configuration. I believe there is also a setting that controls whether the version appears in server error pages, although I can't remember what it is off the top of my head.
  2. Apache is an open source web server that’s available for Linux servers free of charge. In this tutorial we’ll be going through the steps of setting up an Apache server. What you’ll learn. How to set up Apache; Some basic Apache configuration; What you’ll need. Ubuntu Server 16.04 LTS; Secure Shell (SSH) access to your server.

There are plenty of well-known Apache alternatives—nginx, XAMPP, Caddy, and Microsoft IIS, among many others—but none of them offer the same breadth of usage provided by Apache. Apache is so widely used it has more than a 50% share in the commercial web server marketplace. It’s especially popular for use with Unix-like operating systems, although it supports most platforms. This includes Windows, OS X, OS/2, and others.

Web

A Simple Definition of Apache
How to Set Up Apache Server
How to Set Up Apache Server in Linux
How to Set Up Apache Virtual Servers
The Best Apache Server Monitoring Tool

However, Apache’s flexibility and breadth of usage come at the expense of simplicity in many cases. The configuration structure is complex, and many of the advanced functionalities are difficult to use. This Apache server tutorial will explain the basics of Apache, providing instructions for Apache web server configuration in Linux, step by step. The aim is to help you not only set up Apache server, but also monitor it. My recommended tool for this purpose is SolarWinds® Server & Application Monitor for Apache.

A Simple Definition of Apache

Apache is a process-based, modular, open-source web server application designed to establish a new thread for each connection occurring simultaneously. Apache supports a range of functionalities, covering everything from authentication mechanisms to server-side programming languages. It also supports virtual hosting, allowing you to use one Apache web server to serve multiple websites. Most Apache capabilities are delivered as individual modules, allowing you to extend and enhance Apache’s core utilities.

How to Set Up Apache Server

You may find yourself becoming overwhelmed as you start to set up Apache server. As an open source, advanced application capable of a wide range of functions, Apache web server configuration and setup is fairly complex.

You can install and set up Apache server in two ways.

  1. Vendor-based installation. As it’s an open source web application, anyone can make an installer to suit their individual environment. Vendors like Red Hat, SUSE, and Debian have used this capability to customize Apache server configuration and file location by taking the base operating system and other installed programs into account.
  2. Source code installation. The alternative to using a vendor-based installer is to set up Apache server by building and installing directly from the source code. This approach enables you to set up Apache server in platform-independent manner available for all operating systems.

With both installation options, modules can be compiled in the form of a dynamic shared object, or DSO. A DSO is an object file capable of being shared and utilized by numerous applications. DSO modules are separate from the core Apache file. The DSO approach to compiling modules is popular because it makes adding, updating, and removing modules easy.

How to Set Up Apache Server in Linux

This Apache server tutorial will now provide instructions for Apache web server configuration in Linux, step by step.

  1. Update your system repositories. This involves downloading the most recent version of a software by updating the Ubuntu repositories’ local package index. To do this, go to the terminal and enter the command “$ sudo apt update” into it.
  2. Install Apache by using the “apt” command. For this example, let’s use Apache2. Just input the following command— “$ sudo apt install apache2” —as sudo, which will install Apache2 and all necessary dependencies. At this stage, you may be asked whether you want to continue the installation process. Enter “Y” to indicate you would like to, and installation will begin.
  3. Verify Apache has been successfully installed. When the installation procedure has finished, check the version number to confirm Apache2 is now installed on your system. Enter “$ apache2 -version” to do this. The server version will appear, hopefully confirming Apache2 has been installed.

How to Set Up Apache Virtual Servers

When using virtual hosts, it’s important to undertake virtual server Apache configuration. Modifying configuration settings will ensure they reflect the domain specifics, which will allow Apache to respond to domain requests correctly and successfully. The process for completing virtual server Apache configuration is simple:

  1. First, input “$ sudo nano /etc/apache2/sites-available/example.com.conf” to open your virtual host configuration file.
  2. Replace “example.com” appropriately. Next, you’ll be able to modify the following:
    ServerName example.com
    ServerAdmin admin@example.com
    ServerAlias www.example.com
    DocumentRoot /var/www/example.com/public_htmlAgain, be sure to replace all example components with the appropriate information. When modified, the end result should resemble the following:
    <VirtualHost *:80>
    ServerName example.com
    ServerAdmin admin@example.com
    ServerAlias www.example.com
    DocumentRoot /var/www/example.com/public_html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    </VirtualHost>
  3. If an error occurs, reference these instructions to ensure nothing has been mistyped or inputted incorrectly.

Best Apache Server Monitoring Tool

After setting up Apache web server, I highly recommend the use of a monitoring tool to help you test Apache server and monitor it effectively. There are several such tools on the market, but SolarWinds Server & Application Monitor (SAM) tops my list. This tool allows you to easily define specific performance metrics to facilitate proactive monitoring of Apache Cassandra, Apache Geronimo, and Apache Tomcat. The single application is capable of monitoring and managing your entire Apache environment, and the underlying infrastructure of the server.

With SAM, monitoring uptime and performance is easy, as is diagnosing the root of performance issues. The application facilitates proactive monitoring of all web server supporting components contributing to the Apache web server, including Linux and MySQL. Application monitoring covers the virtual layer, servers, and applications like Microsoft SQL Server, Exchange, and Active Directory. The system benefits from customizable alerts, reports, and easy-to-navigate dashboards ready to use out of the box. This means you can get up and running when SAM is installed, without having to create or modify dashboards.

The dashboards themselves have been cleverly designed, with data represented in the form of graphs and charts whenever appropriate, to give you immediate insight into key metrics and information without overloading or cluttering the interface.

SAM is a scalable and highly feature-rich application, requiring zero training or experience to start using, and is suitable for extensive enterprise-grade requirements. The user-friendly interface is one of SAM’s best features, as it makes data interpretation dynamic and accurate. This program simplifies the Apache monitoring experience, allowing you to test and interrogate it in a few simple clicks. The implementation process is simple, and SolarWinds support technicians are available on a 24/7 basis.

With the unified, centralized dashboard and ample support offered by SolarWinds, using this application couldn’t be easier. SolarWinds SAM also serves as a wider application and server monitoring solution, with its monitoring capabilities extending to Active Directory, agentless servers, application dependency, AWS, Azure IaaS, and much more. What’s great is you can download a no-risk 30-day free trial to try out the fully featured software before making a commitment.

Apache is the most commonly used Web server on Linux systems. Web servers are used to serve Web pages requested by client computers. Clients typically request and view Web pages using Web browser applications such as Firefox, Opera, Chromium, or Internet Explorer.

Users enter a Uniform Resource Locator (URL) to point to a Web server by means of its Fully Qualified Domain Name (FQDN) and a path to the required resource. For example, to view the home page of the Ubuntu Web site a user will enter only the FQDN:

To view the community sub-page, a user will enter the FQDN followed by a path:

The most common protocol used to transfer Web pages is the Hyper Text Transfer Protocol (HTTP). Protocols such as Hyper Text Transfer Protocol over Secure Sockets Layer (HTTPS), and File Transfer Protocol (FTP), a protocol for uploading and downloading files, are also supported.

Apache Web Servers are often used in combination with the MySQL database engine, the HyperText Preprocessor (PHP) scripting language, and other popular scripting languages such as Python and Perl. This configuration is termed LAMP (Linux, Apache, MySQL and Perl/Python/PHP) and forms a powerful and robust platform for the development and deployment of Web-based applications.

Installation

The Apache2 web server is available in Ubuntu Linux. To install Apache2:

At a terminal prompt enter the following command:

Configuration

Apache2 is configured by placing directives in plain text configuration files. These directives are separated between the following files and directories:

  • apache2.conf: the main Apache2 configuration file. Contains settings that are global to Apache2.

  • httpd.conf: historically the main Apache2 configuration file, named after the httpd daemon. In other distributions (or older versions of Ubuntu), the file might be present. In Ubuntu, all configuration options have been moved to apache2.conf and the below referenced directories, and this file no longer exists.

  • conf-available: this directory contains available configuration files. All files that were previously in /etc/apache2/conf.d should be moved to /etc/apache2/conf-available.

  • conf-enabled: holds symlinks to the files in /etc/apache2/conf-available. When a configuration file is symlinked, it will be enabled the next time apache2 is restarted.

  • envvars: file where Apache2 environment variables are set.

  • mods-available: this directory contains configuration files to both load modules and configure them. Not all modules will have specific configuration files, however.

  • mods-enabled: holds symlinks to the files in /etc/apache2/mods-available. When a module configuration file is symlinked it will be enabled the next time apache2 is restarted.

  • ports.conf: houses the directives that determine which TCP ports Apache2 is listening on.

  • sites-available: this directory has configuration files for Apache2 Virtual Hosts. Virtual Hosts allow Apache2 to be configured for multiple sites that have separate configurations.

  • sites-enabled: like mods-enabled, sites-enabled contains symlinks to the /etc/apache2/sites-available directory. Similarly when a configuration file in sites-available is symlinked, the site configured by it will be active once Apache2 is restarted.

  • magic: instructions for determining MIME type based on the first few bytes of a file. Drivers c-map usb devices.

In addition, other configuration files may be added using the Include directive, and wildcards can be used to include many configuration files. Any directive may be placed in any of these configuration files. Changes to the main configuration files are only recognized by Apache2 when it is started or restarted.

The server also reads a file containing mime document types; the filename is set by the TypesConfig directive, typically via /etc/apache2/mods-available/mime.conf, which might also include additions and overrides, and is /etc/mime.types by default.

Basic Settings

This section explains Apache2 server essential configuration parameters. Refer to the Apache2 Documentation for more details.

  • Apache2 ships with a virtual-host-friendly default configuration. That is, it is configured with a single default virtual host (using the VirtualHost directive) which can be modified or used as-is if you have a single site, or used as a template for additional virtual hosts if you have multiple sites. If left alone, the default virtual host will serve as your default site, or the site users will see if the URL they enter does not match the ServerName directive of any of your custom sites. To modify the default virtual host, edit the file /etc/apache2/sites-available/000-default.conf.

    Note

    The directives set for a virtual host only apply to that particular virtual host. If a directive is set server-wide and not defined within the virtual host settings, the default setting is used. For example, you can define a Webmaster email address and not define individual email addresses for each virtual host.

    If you wish to configure a new virtual host or site, copy that file into the same directory with a name you choose. For example:

    Edit the new file to configure the new site using some of the directives described below.

  • The ServerAdmin directive specifies the email address to be advertised for the server’s administrator. The default value is webmaster@localhost. This should be changed to an email address that is delivered to you (if you are the server’s administrator). If your website has a problem, Apache2 will display an error message containing this email address to report the problem to. Find this directive in your site’s configuration file in /etc/apache2/sites-available.

  • The Listen directive specifies the port, and optionally the IP address, Apache2 should listen on. If the IP address is not specified, Apache2 will listen on all IP addresses assigned to the machine it runs on. The default value for the Listen directive is 80. Change this to 127.0.0.1:80 to cause Apache2 to listen only on your loopback interface so that it will not be available to the Internet, to (for example) 81 to change the port that it listens on, or leave it as is for normal operation. This directive can be found and changed in its own file, /etc/apache2/ports.conf

  • The ServerName directive is optional and specifies what FQDN your site should answer to. The default virtual host has no ServerName directive specified, so it will respond to all requests that do not match a ServerName directive in another virtual host. If you have just acquired the domain name mynewsite.com and wish to host it on your Ubuntu server, the value of the ServerName directive in your virtual host configuration file should be mynewsite.com. Add this directive to the new virtual host file you created earlier (/etc/apache2/sites-available/mynewsite.conf).

    You may also want your site to respond to www.mynewsite.com, since many users will assume the www prefix is appropriate. Use the ServerAlias directive for this. You may also use wildcards in the ServerAlias directive.

    For example, the following configuration will cause your site to respond to any domain request ending in .mynewsite.com.

  • The DocumentRoot directive specifies where Apache2 should look for the files that make up the site. The default value is /var/www/html, as specified in /etc/apache2/sites-available/000-default.conf. If desired, change this value in your site’s virtual host file, and remember to create that directory if necessary!

Enable the new VirtualHost using the a2ensite utility and restart Apache2:

Note

Be sure to replace mynewsite with a more descriptive name for the VirtualHost. One method is to name the file after the ServerName directive of the VirtualHost.

Similarly, use the a2dissite utility to disable sites. This is can be useful when troubleshooting configuration problems with multiple VirtualHosts:

Apache Web Server Version

Default Settings

This section explains configuration of the Apache2 server default settings. For example, if you add a virtual host, the settings you configure for the virtual host take precedence for that virtual host. For a directive not defined within the virtual host settings, the default value is used.

  • The DirectoryIndex is the default page served by the server when a user requests an index of a directory by specifying a forward slash (/) at the end of the directory name.

    For example, when a user requests the page http://www.example.com/this_directory/, he or she will get either the DirectoryIndex page if it exists, a server-generated directory list if it does not and the Indexes option is specified, or a Permission Denied page if neither is true. The server will try to find one of the files listed in the DirectoryIndex directive and will return the first one it finds. If it does not find any of these files and if Options Indexes is set for that directory, the server will generate and return a list, in HTML format, of the subdirectories and files in the directory. The default value, found in /etc/apache2/mods-available/dir.conf is “index.html index.cgi index.pl index.php index.xhtml index.htm”. Thus, if Apache2 finds a file in a requested directory matching any of these names, the first will be displayed.

  • The ErrorDocument directive allows you to specify a file for Apache2 to use for specific error events. For example, if a user requests a resource that does not exist, a 404 error will occur. By default, Apache2 will simply return a HTTP 404 Return code. Read /etc/apache2/conf-available/localized-error-pages.conf for detailed instructions for using ErrorDocument, including locations of example files.

  • By default, the server writes the transfer log to the file /var/log/apache2/access.log. You can change this on a per-site basis in your virtual host configuration files with the CustomLog directive, or omit it to accept the default, specified in /etc/apache2/conf-available/other-vhosts-access-log.conf. You may also specify the file to which errors are logged, via the ErrorLog directive, whose default is /var/log/apache2/error.log. These are kept separate from the transfer logs to aid in troubleshooting problems with your Apache2 server. You may also specify the LogLevel (the default value is “warn”) and the LogFormat (see /etc/apache2/apache2.conf for the default value).

  • Some options are specified on a per-directory basis rather than per-server. Options is one of these directives. A Directory stanza is enclosed in XML-like tags, like so:

    The Options directive within a Directory stanza accepts one or more of the following values (among others), separated by spaces:

    • ExecCGI - Allow execution of CGI scripts. CGI scripts are not executed if this option is not chosen.

      Caution

      Most files should not be executed as CGI scripts. This would be very dangerous. CGI scripts should kept in a directory separate from and outside your DocumentRoot, and only this directory should have the ExecCGI option set. This is the default, and the default location for CGI scripts is /usr/lib/cgi-bin.

    • Includes - Allow server-side includes. Server-side includes allow an HTML file to include other files. See Apache SSI documentation (Ubuntu community) for more information.

    • IncludesNOEXEC - Allow server-side includes, but disable the #exec and #include commands in CGI scripts.

    • Indexes - Display a formatted list of the directory’s contents, if no DirectoryIndex (such as index.html) exists in the requested directory.

      Caution

      For security reasons, this should usually not be set, and certainly should not be set on your DocumentRoot directory. Enable this option carefully on a per-directory basis only if you are certain you want users to see the entire contents of the directory.

    • Multiview - Support content-negotiated multiviews; this option is disabled by default for security reasons. See the Apache2 documentation on this option.

    • SymLinksIfOwnerMatch - Only follow symbolic links if the target file or directory has the same owner as the link.

apache2 Settings

This section explains some basic apache2 daemon configuration settings.

LockFile - The LockFile directive sets the path to the lockfile used when the server is compiled with either USE_FCNTL_SERIALIZED_ACCEPT or USE_FLOCK_SERIALIZED_ACCEPT. It must be stored on the local disk. It should be left to the default value unless the logs directory is located on an NFS share. If this is the case, the default value should be changed to a location on the local disk and to a directory that is readable only by root.

Apache Web Server Version 2011

PidFile - The PidFile directive sets the file in which the server records its process ID (pid). This file should only be readable by root. In most cases, it should be left to the default value.

User - The User directive sets the userid used by the server to answer requests. This setting determines the server’s access. Any files inaccessible to this user will also be inaccessible to your website’s visitors. The default value for User is “www-data”.

Warning

Apache 2.4.6 end of life

Unless you know exactly what you are doing, do not set the User directive to root. Using root as the User will create large security holes for your Web server.

Group - The Group directive is similar to the User directive. Group sets the group under which the server will answer requests. The default group is also “www-data”.

Apache2 Modules

Apache2 is a modular server. This implies that only the most basic functionality is included in the core server. Extended features are available through modules which can be loaded into Apache2. By default, a base set of modules is included in the server at compile-time. If the server is compiled to use dynamically loaded modules, then modules can be compiled separately, and added at any time using the LoadModule directive. Otherwise, Apache2 must be recompiled to add or remove modules.

Ubuntu compiles Apache2 to allow the dynamic loading of modules. Configuration directives may be conditionally included on the presence of a particular module by enclosing them in an <IfModule> block.

You can install additional Apache2 modules and use them with your Web server. For example, run the following command at a terminal prompt to install the Python 3 WSGI module:

The installation will enable the module automatically, but we can disable it with a2dismod:

And then use the a2enmod utility to re-enable it:

See the /etc/apache2/mods-available directory for additional modules already available on your system.

Apache Web Server Version

HTTPS Configuration

The mod_ssl module adds an important feature to the Apache2 server - the ability to encrypt communications. Thus, when your browser is communicating using SSL, the https:// prefix is used at the beginning of the Uniform Resource Locator (URL) in the browser navigation bar.

The mod_ssl module is available in apache2-common package. Execute the following command at a terminal prompt to enable the mod_ssl module:

There is a default HTTPS configuration file in /etc/apache2/sites-available/default-ssl.conf. In order for Apache2 to provide HTTPS, a certificate and key file are also needed. The default HTTPS configuration will use a certificate and key generated by the ssl-cert package. They are good for testing, but the auto-generated certificate and key should be replaced by a certificate specific to the site or server. For information on generating a key and obtaining a certificate see Certificates.

To configure Apache2 for HTTPS, enter the following:

Note

The directories /etc/ssl/certs and /etc/ssl/private are the default locations. If you install the certificate and key in another directory make sure to change SSLCertificateFile and SSLCertificateKeyFile appropriately.

With Apache2 now configured for HTTPS, restart the service to enable the new settings:

Note

Apache Web Server Version History

Depending on how you obtained your certificate you may need to enter a passphrase when Apache2 starts.

You can access the secure server pages by typing https://your_hostname/url/ in your browser address bar.

Sharing Write Permission

For more than one user to be able to write to the same directory it will be necessary to grant write permission to a group they share in common. The following example grants shared write permission to /var/www/html to the group “webmasters”.

These commands recursively set the group permission on all files and directories in /var/www/html to allow reading, writing and searching of directories. Many admins find this useful for allowing multiple users to edit files in a directory tree.

Warning

The apache2 daemon will run as the www-data user, which has a corresponding www-data group. These should not be granted write access to the document root, as this would mean that vulnerabilities in Apache or the applications it is serving would allow attackers to overwrite the served content.

References

  • Apache2 Documentation contains in depth information on Apache2 configuration directives. Also, see the apache2-doc package for the official Apache2 docs.

  • O’Reilly’s Apache Cookbook is a good resource for accomplishing specific Apache2 configurations.

  • For Ubuntu specific Apache2 questions, ask in the #ubuntu-server IRC channel on freenode.net.

Apache Web Server Version Disclosure Vulnerability

Last updated 1 year, 10 days ago. Help improve this document in the forum.