Apache is the most widely used web server on the Internet today, according to a Netcraft survey of active websites in October 2007, which is shown in Table 17.1.

TABLE 17.1 Netcraft Survey Results (October 2007)

*All web server products

Note that these statistics do not reflect Apache's use on internal networks, known as intranets.

The name Apache appeared during the early development of the software because it was "a patchy" server, made up of patches for the freely available source code of the NCSA HTTPd web server. For a while after the NCSA HTTPd project was discontinued, a number of people wrote a variety of patches for the code, to either fix bugs or add features they wanted. A lot of this code was floating around and people were freely sharing it, but it was completely unmanaged.

After a while, Brian Behlendorf and Cliff Skolnick set up a centralized repository of these patches, and the Apache project was born. The project is still composed of a small core group of programmers, but anyone is welcome to submit patches to the group for possible inclusion in the code.

There's been a surge of interest in the Apache project over the past several years, partially buoyed by a new interest in open source on the part of enterprise-level information services. It's also due in part to crippling security flaws found in Microsoft's Internet Information Services (IIS); the existence of malicious web task exploits; and operating system and networking vulnerabilities to the now-infamous Code Red, Blaster, and Nimda worms. IBM made an early commitment to support and use Apache as the basis for its web offerings and has dedicated substantial resources to the project because it makes more sense to use an established, proven web server.

In mid-1999, The Apache Software Foundation was incorporated as a nonprofit company. A board of directors, elected on an annual basis by the ASF members, oversees the company. This company provides a foundation for several open-source software development projects, including the Apache Web Server project.

The best places to find out about Apache are the Apache Software Foundation's website, http://www.apache.org/, and the Apache Week website, http://www.apacheweek.com/, where you can subscribe to receive Apache Week by email to keep up on the latest developments in the project, keep abreast of security advisories, and research bug fixes.

Fedora ships with Apache 2.2, and the server (named httpd) is included on this book's CD-ROMs and DVD. You can obtain the latest version of Apache as an RPM installation file from a Fedora FTP server; upgrade using up2date, yum, or apt-get; or get the source code from the Apache website and, in true Linux tradition, build it for yourself.

To determine the version of Apache included with your system, use the web server's -V command-line option like this:

$ /usr/sbin/httpd -V

Server version: Apache/2.2.4 (Unix)

Server built: April 10 2007 12:47:09

Server's Module Magic Number: 20051115:4

Architecture: 32-bit

Server MPM: Prefork

 threaded: no

  forked: yes (variable process count)

Server compiled with....

The output displays the version number, build date and time, platform, and various options used during the build. You can use the -v option to see terser version information.

You can install Apache through Pirut, from your own RPMs, or build it yourself from source code. The Apache source builds on just about any Unix-like operating system and on Win32. If you elect to install the Web Server group of files when first installing Fedora, Apache and related software and documentation in 17 packages are installed automatically.

If you're about to install a new version of Apache, you should shut down the old server. Even if it's unlikely that the old server will interfere with the installation procedure, shut ting it down ensures that there will be no problems. If you don't know how to stop Apache, see the "Starting and Stopping Apache" section later in this chapter.

Although the "Web Server" category was available during install, it's often best to install Fedora clean of any services so that you minimize your attack vectors out of the box. As soon as Fedora is installed, you can use Pirut to add Apache by choosing Web Server from the Servers category.

However, you might find it useful to use the List tab rather than the Browse tab, because all the Apache modules start with "mod" to help you find them easily. Fedora ships with many Apache modules, some of which are discussed in the following sections. However, only a handful are enabled by default — you need to use Pirut to install and activate them.

You can find the Apache RPM on the Fedora installation media, on the Fedora FTP server, or at one of its many mirror sites. Check the Fedora site as often as possible to download updates as they become available. Updated RPM files usually contain important bug and security fixes. When an updated version is released, install it as quickly as possible to keep your system secure.