• Get application security done the right way! Detect, Protect, Monitor, Accelerate, and more…
  • New features in Apache HTTP Server 2.4.x

    Apache 2.4.1 was released in Feb 2012 with much great enhancement and new features. The latest version as I write is 2.4.10 released in July 2014. 

    In this article, I will talk about some of the significant enhancement, new features included in Apache 2.4 version.


    KeepAliveTimeout: It’s possible to specify KeepAliveTimeout in milliseconds with this version. To do so, just add KeepAliveTimeout directive in httpd.conf file.


    KeepAliveTimeout 5
    #Obviously you have to change this value from 5 to something you wish.

    Memory Usage: Apache 2.4 claims to use less memory than 2.2.x

    Event MPM: Event MPM (Multi-Processing Module) is now fully supported. In an earlier version, it was experimental.

    mod_ssl: support OCSP stapling, can share SSL session data between servers through Memcached.

    mod_proxy: Location and LocationMatch block in ProxyPass directive offer the significant performance advantage.

    New Modules

    mod_heartmonitor, mod_lbmethod_heartbeat: This allows mod_proxy_balancer to check the number of active connections on the backend server and perform load balancing.

    mod_auth_form: This will enable you to use HTML login form to restrict access. This module has a dependency on mod_session, and these make use of HTTP cookies.

    mod_allowmethods: Now you can restrict HTTP methods in your Apache instance with the simple configuration.

    <Location /> 
    AllowMethods GET HEAD

    mod_ratelimit: if you are running a web server on low bandwidth or just want to limit the bandwidth, this module is for you. This can restrict client bandwidth to your configured location in httpd.conf file.

    Ex: –

    <Location /downloads> 
    SetOutputFilter RATE_LIMIT 
    SetEnv rate-limit 400

    Note – rate-limit is in KiB/s

    mod_data: This module converts response body into an RFC2397 data URL. Data URL is useful when you want to reduce the number of connections while loading page/application. This can also be included in PHP languages.

    I believe above are significant changes in Apache 2.4. You may also refer the official Apache 2.4 page for complete details.