Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
The Internet

Apache passes 2 million hosts 64

HoserHead writes "The new Netcraft Web Server Survey is out, and on it Apache has bypassed the two million site mark. In fact, it was the only web server software which increased in percentage: Everything else decreased. Apache now controls 54% of the web. Another Open Source Software triumph! "
This discussion has been archived. No new comments can be posted.

Apache passes 2 million hosts

Comments Filter:
  • mfh@gunboat:~$ queso * Linux 2.0.35 to 2.0.9999
  • > 2) what server is MS running on to have it listed by Netcraft as
    > "undisclosed"? Isn't that the one that popped up running Linux a few months ago, to the general amusement of /.-ers everywhere?
  • Yeah, and every so often someone over in portscans the academic domains.... (Like we're not capable of detecting it, huh, d00dz? Feh.)
  • you're going to have to edit your httpd.conf. Most likely it's using so much RAM (and spawns 6 sessions) because of the modules you're using and the configuration. You specifically tell Apache how many spare processes to leave lying around so it doesn't have to take time to fork().

    Apache is big in memory sometimes, but doesn't have to be.

  • With the Apache default distribution, apache_pb.gif is in Apache's /icons/ directory. I guess it's possible that they copied the contents of the Apache /icons/ directory into their IIS /icons/ directory, but odds are, the simpler explanation (they're running apache) is probably the correct one.
  • Covering up the identity of your server will not prevent someone from trying out the exploits anyhow. They just will be going through a longer list of expoloits to see which one will work. As long as you're hooked to the net you're open to exploits no matter what.

    Please correct me if I'm wrong (or just shoot me if you feel like it) but this seems to be a case of security through obscurity.

    Besides, I often check out what server someone is running out of curiosity if I can't tell from visiting their site (*.asp is is a dead giveaway but what about *.html?something=oranother ?). Seeing Apache in the headers always brings a smile to my face.

    curiosity killed the drunken monkey

  • You're correct in saying that each virtual host counts as a server -- just check out how many "hosts" use thttpd in the UK - and it's all down to Demon Internet's customer homepages.
  • Nope, the 'blindly' (in the justice sense) just look up the name and check it.

    If you have 500 hosts on one IP, they count as 500 in their servey.
  • I always found these statistics somewhat confusing. I believe they do NOT count virtual hosted sites as the same web server.

    Therefore, since many of the webservers out there are configured with Apache (which I don't doubt), and Apache is very easy to do virtual hosting with, I would have to believe that these statistics do not account for actual number of web servers in use using a specific product.

    Note, that this is both good and bad for Apache, in analysis. The statistics may be misleadingly high for Apache, and that fact comming into light will shine poorly on Apache. But then again, competeting products which don't do virtual hosting, or are more difficult to set up virtual hosts on (and therefore seprate servers are set up) would show a strength in Apache, because it shows the power of this software when you can get one machine to do what it takes several machines to do using a diffrent product.

    So, do they do this by IP or address? I would think, it would be most accrurately done based on IP alone... But it says "ystematically poll each one with an HTTP request for the server name." So, therefore, the statistics could be quite misleading.

  • I explored some sites that I KNOW to be running Apache, and I get this message "Sorry, no hostnames match." Therefore, I wonder how up-to-date or out-of-date thier dns is... and I have further suspicions about the accuracy of this survay.
  • That will not be of any help. If Netcraft can't get in touch with the web-server when gathering next month's stats, it will not be counted in.
  • See also [] for info about how PHP is doing (the graph doesn't have the January number yet, though).

  • by Forge ( 2456 )
    I wish they wold provide an OS listing. I get the
    distinct impresion that they compile such a
    listing by default but don't publish it.
  • Get the breakdown of usage within particular domains. 65.79% ofApache is *.com while 56.71% of IIS is the same. Apache has
    5.64% in *.UK while IIS has 2.77%.

    My translation of this is that

    1: The UK is one of the biggest net users outside of the US. (
    Not surprising even with the Cox family making up 10% or so of it

    2: Apache has a bigger lead outside of mainstream American
    business than it dose inside.

    3: That there is no market in which IIS has any advantage.

    Long term prognosis is that the lead will widen and eventually
    IIS installed base will start to decline as those deleting it toimprove performance and stability outnumber those installing it
  • It's GPL, it's single-process (HUGE advantage)
    open-source, and kicks Apache's butt!

    A REALLY BIG commercial website I know very well
    uses it for everything. Including https://

    Try it! And forget that
    Perl and CGI ever existed... you won't miss them.
  • Then why not just change it to say "Microsoft IIS" like they did with the rest of their servers?

    (I'm kidding about the "rest of their servers" bit, BTW)

  • following the platform link, they list Apache-derived servers, its at 58.29 %

    In march or april, the 60% mark will be reached if current trends continue..
  • This is the first month that Microsoft's web server market has actually shrunk.

    It's a good thing we have Apache, because it will keep any company from decommoditizing web server protocols.

    Considering how important the web is, Microsoft is losing a lot by not being able to control the server market. This is good for consumers and for open standards.
  • I don't know about your school, but mine doesn't let students run web servers in the dorms on their personal computers unless they sign a big paper full of restrictions: No web servers for anything but educational use. No anonymous FTP sites. No *anything* on non-standard ports. No firewalls. No portscan blockers. And on and on. If ya want, you can read about it at the Geek Oppression page [] under the story on UCLA.
  • queso seems to think that is running an old copy of linux

    (Linux 1.3.xx, 2.0.0 to 2.0.34)

    - MbM
  • In fact, it was the only web server software which increased in percentage: Everything else decreased.

    Not quite; thttpd increased by 0.01.

  • I wonder what the margin of error is.

    Doesn't look like anyone is really changing their servers, though. Too short of an interval to really be scientific, I am thinking...
  • I'm glad to see Apache doing well. I have found that is the BEST webserver out there. SSL, advanced logging, cookies, security.... everything. Even the Win32 version is great. I would tell all of you IIS users to move to Apache-Win32. It is perfect on NT!

    Ex Machina "From the Machine" []
  • Apache is bitchy and makes you put
    'Server: Apache/1.3.3' in your headers. mod_headers won't let you overwrite or append to this. However I KNOW it is possible because one
    "ServerTokens" directive will include modules you have installed... Has anyone written something to force headers on Apache/1.3.X? Bad enough that people can tell what webserver (and version) you're running (so they can attack it) but by default Apache will send what OS you use to anyone who connects. And if "ServerTokens Full" (I think.), they'll know what OS you run and ALL the module versions you have installed. I usually don't support security through obscurity, but this is an added layer so script kiddies can't scan every host for certain exploitable versions. On the same note, I'd recommend a lot of you sendmail users figure out a way so sendmail doesn't blab its version so all the spammers and people scanning for weak hosts don't find you. The same goes for ftpd `SYST` replies and telnet login banners. I know software like nmap ( rs/nmap-2_02.tgz) allows pretty accurate remote OS detection but there is no need to blab your vulnerabilities to the world.

    (Damn I'm off topic!)

    Ex Machina "From the Machine" []
  • yeah.. I was hoping for a more general solution so I can control all of my headers completely.... alas no :(. I wanted to be a wiseass and manipulate them dynaically.

    oh well

    Ex Machina "From the Machine" []
  • If the current servey does NOT include students, and you say about %50 are useing Apachie, then mathmatics say that includeing students would reduce the %. If infact 60 or 70% of students use apachie (which from what I see they don't) then it would raise the stats. BTW, I run apachie even tho I don't know anythign beyond putting the HTML and stuff in the directory and it works. :-)
  • If I'm not mistaken, isn't Apache under a BSD style license? Which technically means that if you have the source code, you can change one line in it and give it a new name, sell it, etc, as long as you give credit to the original copyright owners. That's how they're incorporating BSD into OS X Server on the Mac, and that's why we have FreeBSD, OpenBSD, NetBSD, BSDI, and probably other derivatives of BSD Lite that we don't know about yet.
  • Hm, they could have just put together a simple stack of source that listens on port 80 and returns that header too. Wait for a GET request and return a temporarily moved response. Couldn't be too difficult to do. Although the queso evidence in some of the other replies has been quite convincing.
  • by chrisv ( 12054 )
    Hmmm... I prefer my apache over most of the other webservers I've seen. It doesn't bug me that it sucks up 4 megs of ram or anything, and the fact that it spawns multiple instances is so that it is able to handle multiple requests at once. I often have 10 instances at once, but since they all share the same code (run multiple instances of the same program and the code gets reused, and the program gets a new data area), it's only taking memory for the data space it's using. And, having the extensibility is nice. PHP3 and SSL (even just for the hell of it) are things I'll eventually find a use for (I've already found one for php3), as is the responiveness of the server on a 56k line. And I like the fancy logging, I can easily find out who came, what page they went to, what page they came from (so I can track down those search engines) and what web browser they're running (did you know that StarOffice 5.0 has a Mozilla/3.0 HTML engine in it?) Personally I've only tried 4 web servers (3 of them on the Mac platform), and out of all of them I'd quickly jump on apache.

    Enough with the long comment already, I'm done.
  • Hehehe, doesn't this show anything:
    8:25am, up 5 days, 13:06, 9 users, load average: 0.36, 0.27, 0.19
    (since the last time i accidentally unplugged my box :oP)

    And nice ISP with the static IP's for $5/mo too :o)
  • Does it handle PHP3? Multiple server processes when netscape or IE hits the site? You know, you can run apache down to a single server, and it still starts more server processes to handle all of the incoming requests.

    And, besides, I like being able to have the little "Powered by Apache" logo at the bottom of my page :o)
  • [] if it's not apache well they must have did a good with with IIS BUT the directory Icons dosen't work it's a unix box
  • StartServers 1
    MinSpareServers 1
    MaxSpareServers 2

    Would do you a lot of good. Or something close to that. If you don't want apache to be big, direct it to be small.
  • If I understand the way they derive their figures, in the next survey the percentage for Apache will fall. They seem to list anything that is not vanilla Apache as something else. With so many changing to PHP-Apache, the success of PHP will distort their figures further.

    Its a pity they can't measure Web throughput by server. I bet that would show an amazing bias towards Apache and its derivatives.

    One dark cloud on the horizon. I assume a lot of the Web's commercial growth will now be in various forms of e-business. If Apache isn't part of an effective e-business suite it may loose out. I know IBM is using it in their e-business suite, but that isn't fully open source. I wonder how this will play out.
  • After reading throught the Netcraft results, I was left wondering two things...

    1) how much of Microsofts web server market share is comprised of PWS users

    2) what server is MS running on to have it listed by Netcraft as "undisclosed"?

  • First of all, Roxen supports CGI's (of course). There is however no reason to use them most of the time, since you can do the same easier with a module or pike script.

    Also, image handling is something Roxen is very good at (with on-the-fly graphical header generation and much more). I made a little script that does about what your script does, but with float scaling and support for GIF, PNG and JPEG.

    Click here for a demonstration [] or view the source [].

    As you can see, my script is only 80 lines and 2300 chars, compared to your 509 lines and 1900 chars.

  • I'm both novice in IIS and Apache, but I'd like
    to know how do I actually migrate a site that
    may have used asp to Apache, is there any extension on Apache to work with asp?

  • The fact is, if you're running a version of sendmail or Apache for which there are known and published exploits, you are going to get exploited eventually, regardless of what information you put out, and you deserve what you get for being a crappy sysadmin and not staying aware of security issues in the software you run.

    And regardless of the admittedly weak ``you shoulda fixed your software'' argument, it is important for network software that interacts with other software to make itself identifiable to other software so that the software that interacts with it can work around its brain-damages. Admittedly, in a perfect world, software shouldn't have brain-damages, but one man's feature is another man's blemish.

  • Actually, their survey could be quite statistically accurate (with regard to the percentages) even with just a few thousand hosts, as long as the sample is representative.

    I know of lots of IIS sites that isn't in the survey too. And I'm sure there's lots of all the major webserver types that aren't in the survey.

    They've never claimed to sample all servers on the internet.

  • i'm almost completely positive that i was not included in this least according to logs. in any case, what about the countless thousands of students running resnet webpages and such? this past semester doing a few subnet sweeps i noticed that a majority of students running webservers were running apache...even about 50% of windows users running webservers. i'm sure that would increase the stats a few points.
  • I'm a student at Virginia Tech who remains somewhat liberal towards resnet operations. all students are given a static IP and hostname which corresponds to their personal id. i think this is the way it ought to be, but there have been talks about imposing DHCP (which doesn't make too much sense, sysadmin wise).
  • oh my god..aren't we geniuses.
    #O SmtpGreetingMessage=I am paranoid

    as for OS detection, queso does a good job of doing that by the way icmp packets are constructed.
  • well that's kinda pointless isn't it? there are two essential points to using DHCP. 1) for security reasons over static (which, incidentally don't apply to a DHCP server assigning static addresses, anyhow) 2) for lightening the bandwidth load of computers remain up, but don't necessarilly need to be connected (which doesn't really apply much as most DHCP clients startup at init). Chances are, if your DHCP servers are linux, they're running the ISC DHCP server, straight out of the box. even if your school assigned random addresses, you could bypass this by hijacking a leased address, in which it won't expire until 2038. one nice thing i can think of with your setup is that sysadmins can grab your NIC anytime you obtain a lease...that in combination with a VLAN ready hub, will guarantee quick and painless lock-outs of code of conduct violators. all in all, in my opinion, DHCP wouldn't be worth the fuss as an administrator if you lease it in a static manner. let me know if you can think of any added benefits over static addressing.
  • Apache. =]
  • good point...reduce the troubleshooting aspect. DHCP actually makes sense...just not when you're using it for static allocation.

"I have not the slightest confidence in 'spiritual manifestations.'" -- Robert G. Ingersoll