Please do not download from www.apache.org. Use a mirror site to help us save apache.org bandwidth and to speed up your download. Click here to find your nearest mirror.
For the latest information about Apache HTTP server on Windows, including other sources for binaries, see the platform documentation here.
TCP/IP must be correctly installed, configured and running in order to install and use Apache on Windows. If you use dial-up networking exclusively, you may need to be connected to the internet for Apache to correctly determine that TCP/IP is installed.
Read the LEGACY notes first!
Install the Windows XP Service Pack 3. Refer to KB article 317949 if you need the gory details exactly why you must not run the original Windows XP or SP1.
We suggest disabling the "Quality of Service" (or QoS) network driver from Microsoft if you primarily use the machine as an Apache Server, as Apache does not support the QoS extensions to the WinSock API.
Most Firewall programs, Web Spam filters and other TCP/IP driver-based products (including spyware!) do not correctly implement the entire WinSock API. The shortcuts taken by the developers of such products cause Apache to fail. If you insist on leaving such programs installed, and have problems with your Apache installation, consider the suggestion below.
If you encounter problems running Apache 2 under Windows, such as corrupted or incomplete file downloads, unexplained error messages, or a conflict with a software firewall, please place the following three directives in your httpd.conf configuration file to see if they eliminate the problems:
The general problem is that many people install various add-ons to windows (such as software firewalls, virus checkers, etc) that break some of the advanced functionality that Apache uses to speed the sending of files. The above directives turn off the advanced functionality and make Apache fall back to more basic (but slower) techniques. This resolves most, but not all of the potential problems. If you continue to experience problems, be certain that there is no spyware installed on the box, which exhibits exactly the same sorts of flaws (often more obviously).
If you encounter problems installing Apache .msi distributions, we have provided the TROUBLESHOOTING page to help you diagnose and fix most common installation problems.
The Apache User Support Mailing List and the comp.infosystems.www.servers.ms-windows newsgroup both provide peer to peer support. Pose your question or problem on only one forum at a time. If you do not follow these guidelines, your questions and pleas for assistance will likely go unanswered. To learn how to get questions answered effectively, you might want to read How to Ask Questions the Smart Way written by Eric S. Raymond and Rick Moen - which is a very good primer for end users to learn to pose effective questions to their fellow users and the project's developers. (NOTE they will only help you learn to ask questions, Eric and Rick do not provide you help with Apache HTTP Server!)
Apache 2.2 offers tremendous improvements in authentication, proxy, and cache features. The Apache HTTP Project encourages all Apache users to migrate to the 2.2 series. Apache 2.2 is not compatable with modules compiled for Apache 2.0, you will need to obtain updated modules compiled for Apache 2.2, specifically.
The -win32-x86-no_ssl.msi packages do not contain any cryptographic software, such as OpenSSL, mod_ssl, nor https: enabled utilities.
The -win32-x86-openssl-(version).msi package includes an https: enabled abs.exe utility, mod_ssl.so TLS/SSL protocol module, and a binary distribution of the specified version of OpenSSL. Please review the Cryptographic Software Notice carefully before downloading, using or redistributing this package.
Looking for an older version? Please, don't. There have been a number of essential bug and security fixes with the evolving support for Apache under Win32. Most critically, there were several denial of service, arbitrary code execution and other vulnerabilities affecting Win32 in previous releases. Please, avoid all earlier versions. That said;
Only current, recommended releases are available from www.apache.org and the mirror sites. Older releases, and their corresponding debugging -symbols.zip packages, can be obtained from the archive site.
You can find a corresponding -win32-x86-symbols.zip archive of the debugging databases in the symbols/ directory, these are typically not needed. This -win32-x86-symbols.zip archive can be unpacked into the Apache installation directory, providing all of the .pdb diagnostic files allowing most Win32 debugging tools (and the Dr. Watson utility) to produce useful crash analysis.
You will find the source code package in the /dist/httpd/ source tree. The -win32-src.zip file contains only source and build files, and contains no binary executable files.
This binary release was created with Visual Studio 6.0, using a more recent Platform SDK for the ldap api. It includes zlib1.dll for mod_deflate.so.
If you want to build against OpenSSL, that is available in source code form at http://www.openssl.org/source/.
This distribution may include software that has been designed for use with cryptographic software. The country in which you currently reside may have restrictions on the import, possession, use, and/or re-export to another country, of encryption software. BEFORE using any encryption software, please check your country's laws, regulations and policies concerning the import, possession, or use, and re-export of encryption software, to see if this is permitted. See http://www.wassenaar.org/ for more information.
The U.S. Government Department of Commerce, Bureau of Industry and Security (BIS), has classified this software as Export Commodity Control Number (ECCN) 5D002.C.1, which includes information security software using or performing cryptographic functions with asymmetric algorithms. The form and manner of this Apache Software Foundation distribution makes it eligible for export under the License Exception ENC Technology Software Unrestricted (TSU) exception (see the BIS Export Administration Regulations, Section 740.13) for both object code and source code.
The following provides more details on the included files that may be subject to export controls on cryptographic software:
Apache httpd 2 includes the mod_ssl module under modules/ssl/ for configuring and listening to connections over SSL encrypted network sockets by performing calls to a general-purpose encryption library, such as OpenSSL or the operating system's platform-specific SSL facilities.
In addition, some versions of apr-util provide an abstract interface for SSL encrypted network sockets in the files under the directory srclib/apr-util/ssl/ that makes use of a general-purpose encryption library, such as OpenSSL or the operating system's platform-specific SSL facilities. Apache httpd currently does not use that apr-util interface.
Some object code distributions of Apache httpd, indicated with the word "crypto" in the package name, may include object code for the OpenSSL encryption library as distributed in open source form from http://www.openssl.org/source/.
The above files are optional and may be removed if the cryptographic functionality is not desired or needs to be excluded from redistribution. Distribution packages of Apache httpd that include the word "nossl" in the package name have been created without the above files and are therefore not subject to this notice.