Use the links below to download the Apache HTTP Server from one of our mirrors. You must verify the integrity of the downloaded files using signatures downloaded from our main distribution directory.
Only current recommended releases are available on the main distribution site and its mirrors. Older releases, including the 1.3 family of releases, are available from the archive download site.
Stable Release - Latest Version:
Legacy Release - 2.2 Branch:
If you are downloading the Win32 distribution, please read these important notes.
The currently selected mirror is http://mirror.cogentco.com/pub/apache/. If you encounter a problem with this mirror, please select another mirror. If all mirrors are failing, there are backup mirrors (at the end of the mirrors list) that should be available.You may also consult the complete list of mirrors.
The Apache HTTP Server Project is pleased to announce the release of version 2.4.7 of the Apache HTTP Server ("Apache" and "httpd"). This version of Apache is our latest GA release of the new generation 2.4.x branch of Apache HTTPD and represents fifteen years of innovation by the project, and is recommended over all previous releases!
The Apache HTTP Server Project is pleased to announce the release of Apache HTTP Server (httpd) version 2.2.26.
Add-in modules for Apache 2.0 are not compatible with Apache 2.2. If you are running third party add-in modules, you must obtain modules compiled or updated for Apache 2.2 from that third party, before you attempt to upgrade from these previous versions. Modules compiled for Apache 2.2 should continue to work for all 2.2.x releases.
Apache 2.0.65 is the final historical release of the 2.0 series, and is recommended over any previous 2.0 release. No further releases will occur, and all users are directed to install stable 2.4 or legacy 2.2 releases instead. This release fixes a few potential security vulnerabilites.
Apache 2.0 add-in modules are not compatible with Apache 2.2 modules. If you are running third party add-in modules, you will need to obtain modules compiled for or compatible with Apache 2.0 from that third party, before you attempt to use this specific release.
The Apache Software Foundation and the Apache HTTP Server Project are pleased to announce the release of version 2.3.9 of mod_fcgid, a FastCGI implementation for Apache HTTP Server versions 2.0, 2.2, and 2.4. This version of mod_fcgid is a security release.
For information about this module subproject, see the mod_fcgid module project page.
The Apache HTTP Server Project is pleased to announce the release of Apache FTP module for Apache HTTP Server, version 0.9.6 as beta.
Users are encouraged to test and provide feedback on this beta release. For information about this module subproject, see the mod_ftp module project page.
It is essential that you verify the integrity of the downloaded files using the PGP or MD5 signatures. Please read Verifying Apache HTTP Server Releases for more information on why you should verify our releases.
The PGP signatures can be verified using PGP or GPG. First download the
KEYS as well as the
signature file for the relevant distribution. Make sure you get these files
from the main distribution directory ,
rather than from a mirror. Then verify the signatures using
% pgpk -a KEYS
% pgpv httpd-2.2.0.tar.gz.asc
% pgp -ka KEYS or
% pgp httpd-2.2.0.tar.gz.asc
% gpg --import
% gpg --verify httpd-2.2.0.tar.gz.asc
httpd-2.4.7.tar.* are signed by Jim Jagielski
httpd-2.2.26.tar.* are signed by Jim Jagielski
httpd-2.0.65.tar.* are signed by William A Rowe Jr
httpd_2.4.7-netware-*.zip signed by Guenter Knauf
httpd-2.0.65-win32-src.zip and .msi signed by William A Rowe Jr
apache_2.0.65-netware-*.zip signed by Guenter Knauf
mod_fcgid-2.3.9.tar.* and mod_fcgid-2.3.9-crlf.zip are signed by Jeff
mod_ftp-0.9.6-beta* are signed by William A Rowe Jr
Alternatively, you can verify the MD5 signature on the files. A unix
md5sum is included in many unix distributions. It
is also available as part of GNU
users can get binary md5 programs from here
, here , or
here. An MD5 signature consists of 32 hex
characters, and a SHA1 signature consists of 40 hex characters. Ensure your
generated signature string matches the signature string published in the