(cache) Download - The Apache HTTP Server Project

Use the links below to download the Apache HTTP Server from one of our mirrors. You must verify the integrity of the downloaded files using signatures downloaded from our main distribution directory.

Only current recommended releases are available on the main distribution site and its mirrors. Older releases, including the 1.3 family of releases, are available from the archive download site.

Stable Release:

2.2.21 (released 2011-09-13)

Beta Release:

2.3.15-beta (released 2011-11-15)

Legacy Release:

2.0.64 (released 2010-10-19)

If you are downloading the Win32 distribution, please read these important notes.

Mirror

The currently selected mirror is http://ftp.riken.jp/net/apache/. If you encounter a problem with this mirror, please select another mirror. If all mirrors are failing, there are backup mirrors (at the end of the mirrors list) that should be available.

Other mirrors:

You may also consult the complete list of mirrors.

Apache HTTP Server (httpd) 2.2.21 is the best available version 2011-09-13

The Apache HTTP Server Project is pleased to announce the release of Apache HTTP Server (httpd) version 2.2.21. This release represents fifteen years of innovation by the project, and is recommended over all previous releases!

For details see the Official Announcement and the CHANGES_2.2 or condensed CHANGES_2.2.21 lists

Add-in modules for Apache 2.0 are not compatible with Apache 2.2. If you are running third party add-in modules, you must obtain modules compiled or updated for Apache 2.2 from that third party, before you attempt to upgrade from these previous versions. Modules compiled for Apache 2.2 should continue to work for all 2.2.x releases.

Unix Source: httpd-2.2.21.tar.gz [PGP] [MD5] [SHA1]

Unix Source: httpd-2.2.21.tar.bz2 [PGP] [MD5] [SHA1]

Win32 Source: httpd-2.2.21-win32-src.zip [PGP] [MD5] [SHA1]

Win32 Binary without crypto (no mod_ssl) (MSI Installer): httpd-2.2.21-win32-x86-no_ssl.msi [PGP] [MD5] [SHA1]

Win32 Binary including OpenSSL 0.9.8r (MSI Installer): httpd-2.2.21-win32-x86-openssl-0.9.8r.msi [PGP] [MD5] [SHA1]

NetWare Binary: apache_2.2.21-netware.zip [PGP] [MD5] [SHA1]

Other files

Apache HTTP Server 2.3.15-beta 2011-11-15

The Apache HTTP Server Project is pleased to announce the third Beta release of Apache HTTP Server 2.4: version 2.3.15-beta. This version of httpd is principally an beta release to test new technology and features that are incompatible or too large for the stable 2.2.x branch. This Beta release should not be presumed to be compatible with binaries built against any prior or future version although, as a Beta, the API is in a semi-frozen state.

All subsequent releases will be beta releases as we move towards 2.4.0-GA.

For details see the Official Announcement and the CHANGES_2.3 and CHANGES_2.3.15 lists

Unix Source: httpd-2.3.15-beta.tar.bz2 [PGP] [MD5] [SHA1]

Unix dependencies Source: httpd-2.3.15-beta-deps.tar.bz2 [PGP] [MD5] [SHA1]

Other files

Apache HTTP Server 2.0.64 is also available 2010-10-19

Apache 2.0.64 is the legacy stable version of the 2.0 series, and is recommended over any previous 2.0 release. This release fixes a few potential security vulnerabilites.

For details see the Official Announcement and the CHANGES_2.0 and CHANGES_2.0.64 lists.

Apache 2.0 add-in modules are not compatible with Apache 2.2 modules. If you are running third party add-in modules, you will need to obtain modules compiled for or compatible with Apache 2.0 from that third party, before you attempt to use this specific release.

Unix Source: httpd-2.0.64.tar.gz [PGP] [MD5]

Unix Source: httpd-2.0.64.tar.bz2 [PGP] [MD5]

Win32 Source: httpd-2.0.64-win32-src.zip [PGP] [MD5]

Win32 Binary without crypto (no mod_ssl) (MSI Installer): httpd-2.0.64-win32-x86-no_ssl.msi [PGP] [MD5] [SHA1]

Win32 Binary including OpenSSL 0.9.8o (MSI Installer): httpd-2.0.64-win32-x86-openssl-0.9.8o.msi [PGP] [MD5] [SHA1]

NetWare Binary: apache_2.0.64-netware.zip [PGP] [MD5] [SHA1]

Other files

Apache mod_fcgid FastCGI module for Apache HTTP Server released as 2.3.6 2010-11-06

The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.3.6 of mod_fcgid, a FastCGI implementation for Apache HTTP Server versions 2.0, 2.2, and future 2.4. This version of mod_fcgid is a bug fix release.

A fix is included for CVE-2010-3872, a potential vulnerability which can affect sites with untrusted FastCGI applications.

Additionally, default configuration settings for request body handling have been changed to prevent large system resource use. Administrators of all versions of mod_fcgid are strongly cautioned to ensure that FcgidMaxRequestLen is configured appropriately.

For information about this module subproject, see the mod_fcgid module project page.

Unix Source as gzip with LF line endings: mod_fcgid-2.3.6.tar.gz [PGP] [MD5] [SHA1]

Unix Source as bz2 with LF line endings: mod_fcgid-2.3.6.tar.bz2 [PGP] [MD5] [SHA1]

Win32, Netware or OS/2 Source with CR/LF line endings: mod_fcgid-2.3.6-crlf.zip [PGP] [MD5] [SHA1]

Win32 binary build (unzip over the installed Apache 2.2 directory): mod_fcgid-2.3.6-win32-x86.zip [PGP] [MD5] [SHA1]

A patch is available here for a regression in this release. The patch has not been applied to the Windows binaries.

Apache FTP module for Apache HTTP Server released as 0.9.6-beta 2008-10-08

The Apache HTTP Server Project is pleased to announce the release of Apache FTP module for Apache HTTP Server, version 0.9.6 as beta.

Users are encouraged to test and provide feedback on this beta release. For information about this module subproject, see the mod_ftp module project page.

Unix Source with LF line endings (bzip2 compressed): mod_ftp-0.9.6-beta.tar.bz2 [PGP] [SHA1] [MD5]

Unix Source with LF line endings (gzip compressed): mod_ftp-0.9.6-beta.tar.gz [PGP] [SHA1] [MD5]

Win32, Netware or OS/2 Source with CR/LF line endings: mod_ftp-0.9.6-beta-crlf.zip [PGP] [SHA1] [MD5]

Win32 binary build (unzip over the installed Apache 2.2 directory): mod_ftp-0.9.6-beta-win32-x86.zip [PGP] [SHA1] [MD5]

Verify the integrity of the files

It is essential that you verify the integrity of the downloaded files using the PGP or MD5 signatures. Please read Verifying Apache HTTP Server Releases for more information on why you should verify our releases.

The PGP signatures can be verified using PGP or GPG. First download the KEYS as well as the asc signature file for the relevant distribution. Make sure you get these files from the main distribution directory, rather than from a mirror. Then verify the signatures using

% pgpk -a KEYS % pgpv httpd-2.2.0.tar.gz.asc or
% pgp -ka KEYS % pgp httpd-2.2.0.tar.gz.asc or
% gpg --import KEYS % gpg --verify httpd-2.2.0.tar.gz.asc

httpd-2.3.15-beta* are signed by Jim Jagielski 791485A8

httpd-2.2.21.tar.* are signed by William A Rowe Jr B55D9977(60C5442D)

httpd-2.0.64.tar.* are signed by William A Rowe Jr B55D9977(7F7214A7)

httpd-2.2.21-win32-src.zip and .msi signed by William A Rowe Jr B55D9977(60C5442D)

httpd-2.0.64-win32-src.zip and .msi signed by William A Rowe Jr B55D9977(7F7214A7)

apache_*-netware.zip are signed by Guenter Knauf E55B0D0E

mod_fcgid-2.3.6.tar.* and mod_fcgid-2.3.6-crlf.zip are signed by Jeff Trawick 39FF092C

mod_fcgid-2.3.6-win32-x86.zip is signed by William A Rowe Jr B55D9977(7F7214A7)

mod_ftp-0.9.6-beta* are signed by William A Rowe Jr B55D9977(7F7214A7)

Alternatively, you can verify the MD5 signature on the files. A unix program called md5 or md5sum is included in many unix distributions. It is also available as part of GNU Textutils. Windows users can get binary md5 programs from here, here, or here. An MD5 signature consists of 32 hex characters, and a SHA1 signature consists of 40 hex characters. Ensure your generated signature string matches the signature string published in the files above.

Apache HTTP Server, Apache, and the Apache feather logo are trademarks of The Apache Software Foundation.