Index of /dist/httpd/binaries/win32
Important Notices
Name Last modified Size Description
![[DIR]](/icons/back.gif)
Parent Directory - HTTP Server project
![[DIR]](/icons/folder.gif)
patches_applied/ 31-Jul-2010 06:00 - Official patches
symbols/ 31-Jul-2010 19:45 - HTTP Server project
![[TXT]](/icons/text.gif)
LEGACY.html 06-Mar-2010 02:25 5.6K HTTP Server project
TROUBLESHOOTING.html 03-Oct-2009 22:42 2.7K HTTP Server project
![[MSI]](/icons/box2.gif)
httpd-2.2.16-win32-x86-no_ssl.msi 31-Jul-2010 06:01 5.1M MSI Installer Package
![[SIG]](/icons/quill.gif)
httpd-2.2.16-win32-x86-no_ssl.msi.asc 31-Jul-2010 06:01 833 PGP signature
httpd-2.2.16-win32-x86-openssl-0.9.8o.msi 31-Jul-2010 06:01 5.8M MSI Installer Package
httpd-2.2.16-win32-x86-openssl-0.9.8o.msi.asc 31-Jul-2010 06:01 833 PGP signature
![[ZIP]](/icons/compressed.gif)
mod_fcgid-2.3.5-win32-x86.zip 07-Apr-2010 17:32 114K HTTP Server project
mod_fcgid-2.3.5-win32-x86.zip.asc 07-Apr-2010 17:32 850 PGP signature
mod_ftp-0.9.6-beta-win32-x86.zip 09-Oct-2009 07:11 154K HTTP Server project
mod_ftp-0.9.6-beta-win32-x86.zip.asc 09-Oct-2009 07:11 833 PGP signature
mod_isapi-CVE-2010-0425.zip 03-Apr-2010 04:50 71K HTTP Server project
mod_isapi-CVE-2010-0425.zip.asc 03-Apr-2010 04:50 850 PGP signature
mod_proxy_http-CVE-2010-2068.zip 12-Jun-2010 00:12 44K HTTP Server project
mod_proxy_http-CVE-2010-2068.zip.asc 12-Jun-2010 00:12 833 PGP signature
<h2><a name="mirrors">Download from your
<a href="http://www.apache.org/dyn/closer.cgi/httpd/binaries/win32/"
>nearest mirror site!</a></a></h2>
<p><strong>Please</strong> do not download from www.apache.org. Use a mirror
site to help us save apache.org bandwidth and to speed up your download.
<a href="http://www.apache.org/dyn/closer.cgi/httpd/binaries/win32/">Click
here</a> to find your nearest mirror.</p>
<h2><a name="warnings">Windows Users, Read These First...</a></h2>
<h3><strong>Warning:</strong> TCP/IP networking must be installed</h3>
<p>TCP/IP must be correctly installed, configured and running in
order to install and use Apache on Windows. If you use dial-up networking
exclusively, you may need to be connected to the internet for Apache to
correctly determine that TCP/IP is installed.</p>
<h3>If you are installing Apache on Windows 95, 98, ME or NT 4.0,
<strong>stop</strong></h3>
<p>Read the <a href="LEGACY.html">LEGACY</a> notes first!</p>
<h3>If you are installing Apache on Windows XP prior to Service Pack 3</h3>
<p>Install the Windows XP Service Pack 3. Refer to
<a href="http://support.microsoft.com/default.aspx?scid=kb;en-us;317949"
>KB article 317949</a> if you need the gory details exactly why you must
not run the original Windows XP or SP1.</p>
<h3><strong>Warning</strong> about the Quality of Service driver</h3>
<p>We suggest disabling the "Quality of Service" (or QoS) network driver from
Microsoft if you primarily use the machine as an Apache Server, as Apache
does not support the QoS extensions to the WinSock API.</p>
<h3><strong>Warning</strong> about Firewall and similar software</h3>
<p>Most Firewall programs, Web Spam filters and other TCP/IP driver-based
products (including spyware!) do not correctly implement the entire WinSock
API. The shortcuts taken by the developers of such products cause Apache
to fail. If you insist on leaving such programs installed, and have
problems with your Apache installation, consider the suggestion below.</p>
<h2><a name="problems">Problems Installing or Running Apache 2</a></h2>
<p>If you encounter problems running Apache 2 under Windows, such as
corrupted or incomplete file downloads, unexplained error messages, or
a conflict with a software firewall, please place the following three
directives in your httpd.conf configuration file to see if they eliminate
the problems:</p>
<blockquote><code>
<a href="http://httpd.apache.org/docs-2.2/mod/core.html#enablesendfile"
>EnableSendfile Off</a><br />
<a href="http://httpd.apache.org/docs-2.2/mod/core.html#enablemmap"
>EnableMMAP Off</a><br />
<a href="http://httpd.apache.org/docs-2.2/mod/mpm_winnt.html#win32disableacceptex"
>Win32DisableAcceptEx</a><br />
</code></blockquote>
<p>The general problem is that many people install various add-ons to
windows (such as software firewalls, virus checkers, etc) that break
some of the advanced functionality that Apache uses to speed the
sending of files. The above directives turn off the advanced
functionality and make Apache fall back to more basic (but slower)
techniques. This resolves most, but not all of the potential problems.
If you continue to experience problems, be certain that there is no
spyware installed on the box, which exhibits exactly the same sorts
of flaws (often more obviously).</p>
<p>If you encounter problems installing Apache .msi distributions, we have
provided the <a href="TROUBLESHOOTING.html">TROUBLESHOOTING</a> page
to help you diagnose and fix most common installation problems.</p>
<h3>Do not report configuration or installation questions as bugs!</h3>
<p>The <a href="http://httpd.apache.org/userslist.html"
>Apache User Support Mailing List</a> and the
<a href="news:comp.infosystems.www.servers.ms-windows"
>comp.infosystems.www.servers.ms-windows</a> newsgroup both provide
peer to peer support. Pose your question or problem on only one forum
at a time. If you do not follow these guidelines, your questions and
pleas for assistance will likely go unanswered. To learn how to get
questions answered effectively, you might want to read
<a href="http://www.catb.org/~esr/faqs/smart-questions.html"
>How to Ask Questions the Smart Way</a> written by Eric S. Raymond
and Rick Moen - which is a very good primer for end users to learn to
pose effective questions to their fellow users and the project's
developers. (NOTE they will only help you learn to ask questions,
Eric and Rick do not provide you help with Apache HTTP Server!)</p>
<h2><a name="released">The current stable release is Apache 2.2.16</a></h2>
<p>Apache 2.2.16 offers tremendous improvements in authentication, proxy,
and cache features. The Apache HTTP Project encourages all Apache users
to migrate to the 2.2 series. Apache 2.2 is not compatable with modules
compiled for Apache 2.0, you will need to obtain updated modules compiled
for Apache 2.2, specifically.</p>
<p>The -win32-x86-no_ssl.msi packages do not contain any cryptographic software,
such as OpenSSL, mod_ssl, nor https: enabled utilities.</p>
<p>The -win32-x86-openssl-(version).msi package includes an https: enabled
abs.exe utility, mod_ssl.so TLS/SSL protocol module, and a binary
distribution of the specified version of OpenSSL. Please review the
<a href="#crypto">Cryptographic Software Notice</a> carefully before
downloading, using or redistributing this package.</p>
<h3><a name="archive">Older Releases</a></h3>
<p><strong>Looking for an older version?</strong> Please, don't. There
have been a number of essential bug and security fixes with the evolving
support for Apache under Win32. Most critically, there were several
denial of service, arbitrary code execution and other vulnerabilities
affecting Win32 in previous releases. This is especially true of any
versions prior to 2.0, the older 1.3 series was never designed to run
on Windows, but that support was 'hacked in', introducing a large number
of potential thread saftey issues and other confirmed problems. Please,
avoid all earlier versions. That said;</p>
<p>Only current, recommended releases are available from www.apache.org
and the mirror sites. Older releases, and their corresponding debugging
-symbols.zip packages, can be obtained from the <a
href="http://archive.apache.org/dist/httpd/binaries/win32/"
>archive site</a>.</p>
<h2><a name="source">Debugging and Source Code</a></h2>
<p>You can find a corresponding -win32-x86-symbols.zip archive of the
debugging databases in the <a href="symbols/#symbols">symbols/</a>
directory, these are typically not needed. This -win32-x86-symbols.zip
archive can be unpacked into the Apache installation directory, providing
all of the .pdb diagnostic files allowing most Win32 debugging tools
(and the Dr. Watson utility) to produce useful crash analysis.</p>
<p>You will find the source code package at
<a href="../../httpd-2.2.16-win32-src.zip"
>/dist/httpd/httpd-2.2.16-win32-src.zip</a>. That -win32-src.zip file
contains <strong>only</strong> source and build files, and contains
<strong>no</strong> binary executable files.</p>
<p>This binary release was created with Visual Studio 6.0, using a more recent
Platform SDK for the ldap api. It includes zlib1.dll for mod_deflate.so.</p>
<p>If you want to build against OpenSSL 0.9.8o it is available in source code
form at <a href="http://www.openssl.org/source/openssl-0.9.8o.tar.gz"
>http://www.openssl.org/source/openssl-0.9.8o.tar.gz</a>. Due to quirks
in the build, and our need to create .pdb diagnostic files, we offer
the patch <a href="patches_applied/openssl-0.9.8o-vc32.patch"
>patches_applied/openssl-0.9.8o-vc32.patch</a> to modify that build, and
have proposed this patch back to its project for consideration.</p>
<h2><a name="crypto">Cryptographic Software Notice</a></h2>
<p>This distribution may include software that has been designed for use with
cryptographic software. The country in which you currently reside may have
restrictions on the import, possession, use, and/or re-export to another
country, of encryption software. BEFORE using any encryption software, please
check your country's laws, regulations and policies concerning the import,
possession, or use, and re-export of encryption software, to see if this is
permitted. See <a href="http://www.wassenaar.org/">http://www.wassenaar.org/</a>
for more information.</p>
<p>The U.S. Government Department of Commerce, Bureau of Industry and Security
(BIS), has classified this software as Export Commodity Control Number (ECCN)
5D002.C.1, which includes information security software using or performing
cryptographic functions with asymmetric algorithms. The form and manner of
this Apache Software Foundation distribution makes it eligible for export
under the License Exception ENC Technology Software Unrestricted (TSU)
exception (see the BIS Export Administration Regulations, Section 740.13)
for both object code and source code.</p>
<p>The following provides more details on the included files that may be
subject to export controls on cryptographic software:</p>
<p>Apache httpd 2 includes the mod_ssl module under modules/ssl/ for
configuring and listening to connections over SSL encrypted network sockets
by performing calls to a general-purpose encryption library, such as OpenSSL
or the operating system's platform-specific SSL facilities.
</p>
<p>In addition, some versions of apr-util provide an abstract interface for
SSL encrypted network sockets in the files under the directory
srclib/apr-util/ssl/ that makes use of a general-purpose encryption library,
such as OpenSSL or the operating system's platform-specific SSL facilities.
Apache httpd currently does not use that apr-util interface.</p>
<p>Some object code distributions of Apache httpd, indicated with the word
"crypto" in the package name, may include object code for the OpenSSL
encryption library as distributed in open source form from
<a href="http://www.openssl.org/source/">http://www.openssl.org/source/</a>.
</p>
<p>The above files are optional and may be removed if the cryptographic
functionality is not desired or needs to be excluded from redistribution.
Distribution packages of Apache httpd that include the word "nossl" in the
package name have been created without the above files and are therefore not
subject to this notice.</p>