Use the links below to download the Apache HTTP Server from one of our mirrors. You must verify the integrity of the downloaded files using signatures downloaded from our main distribution directory.

Only current recommended releases are available on the main distribution site and its mirrors. Older releases are available from the archive download site.

If you are downloading the Win32 distribution, please read these important notes.

Mirror

The currently selected mirror is http://apache.mirror.pacific.net.au. If you encounter a problem with this mirror, please select another mirror. If all mirrors are failing, there are backup mirrors (at the end of the mirrors list) that should be available. Other mirrors: http://apache.mirror.pacific.net.auhttp://apache.mirrors.ilisys.com.auhttp://apache.planetmirror.com.au/disthttp://apache.ausgamers.com ftp://mirror.pacific.net.au/apache-distftp://mirror.aarnet.edu.au/pub/apache/distftp://ftp.planetmirror.com/pub/apache/dist http://www.apache.org/dist (backup)http://nagoya.apache.org/mirror (backup) You may also consult the complete list of mirrors.

Apache 2.0.48 is the best available version

This release fixes security problems described in CAN-2003-0789 and CAN-2003-0542. It also contains bug fixes and some new features. For details see the Official Announcement and the CHANGES_2.0 list. Apache 2.0 add-in modules are not compatible with Apache 1.3 modules. If you are running third party add-in modules, you will need to obtain new modules written for Apache 2.0 from that third party before you attempt to upgrade from Apache 1.3. Unix Source: httpd-2.0.48.tar.gz [PGP] [MD5] Unix Source: httpd-2.0.48.tar.Z [PGP] [MD5] Win32 Source: httpd-2.0.48-win32-src.zip [PGP] [MD5] Win32 Binary (MSI Installer): apache_2.0.48-win32-x86-no_ssl.msi [PGP] [MD5] Other files

Apache 1.3.29 is also available

Apache 1.3.29 is the best available version of the 1.3 series, and is recommended over all previous 1.3 releases. This release fixes a number of bugs and addresses a security issue ( CAN-2003-0542). For additional details, read the Official Announcement. The Apache 1.3 series is being actively maintained, but not actively developed. Releases will be made to address security issues, or after a comfortable number of bug fixes have been made. New features will more than likely not be added to 1.3 in preference to 2.0. Use the Apache 1.3.29 version if you need to use third party modules that are not yet available as an Apache 2.0 module. Apache 1.3 is not compatibile with Apache 2.0 modules. Unix Source: apache_1.3.29.tar.gz [PGP] [MD5] Unix Source: apache_1.3.29.tar.Z [PGP] [MD5] Win32 Binary (Self extracting): apache_1.3.29-win32-x86-no_src.exe [PGP] [MD5] Other files

Verify the integrity of the files

It is essential that you verify the integrity of the downloaded files using the PGP or MD5 signatures. Please read Verifying Apache HTTP Server Releases for more information on why you should verify our releases. The PGP signatures can be verified using PGP or GPG. First download the KEYS as well as the asc signature file for the particular distribution. Make sure you get these files from the main distribution directory, rather than from a mirror. Then verify the signatures using % pgpk -a KEYS % pgpv apache_1.3.24.tar.gz.asc or % pgp -ka KEYS % pgp apache_1.3.24.tar.gz.asc or % gpg --import KEYS % gpg --verify apache_1.3.24.tar.gz.asc httpd-2.0.48.tar.gz is signed by Sander Striker DE885DD3 httpd-1.3.29.tar.gz is signed by Jim Jagielski 08C975E5 Alternatively, you can verify the MD5 signature on the files. A unix program called md5 or md5sum is included in many unix distributions. It is also available as part of GNU Textutils. Windows users can get binary md5 programs from here, here, or here.