Okay,

here's my question...
on http://httpd.apache.org/ there are 2 versions for download... 1.3.x and 2.0.x....

Now my question is, WHY should I or should I NOT pick 2.0.x?
Has anyone used it before? What's your comment on 2.0? What sites/servers SHOULD have 2.0, and what sites definately not?

Thanks for your input! :)

AFAIK, Apache 2 isn't stable yet.

Originally posted by Daniel Jarre
AFAIK, Apache 2 isn't stable yet.

What does AFAIK stand for? :)

AFAIK=As Far As I know

Actually, Apache 2.0, while still in beta, has proven to be very stable. There have a been a couple of excellent articles written about the performance benchmarks, etc:

http://www.linuxjournal.com/article.php?sid=4559

Covalent has also based their enterprise web server on Apache 2.0, as opposed to 1.3.x. If I were rolling out a new server, I would definitely choose 2.0 over 1.3.x.

Originally posted by Daniel Jarre
AFAIK, Apache 2 isn't stable yet.

LOL, you're trying to invent your own characters.

Originally posted by uuallan
If I were rolling out a new server, I would definitely choose 2.0 over 1.3.x.

It may be "stable", but it's still beta. Even the apache group says:

"This is a beta release, and is not intended for production use; use it at your own risk...

If you are not familiar with software development, and wish to use a stable, working, web server, we strongly recommend you download Apache 1.3 instead."

I might use it for a personal site, or even a commercial site where no one minded being a beta tester. But I wouldn't use it on a shared server where beta wasn't expected. And good luck at getting Tomcat's module and others to work, because I'm pretty sure you're on your own.

Originally posted by bitserve

I might use it for a personal site, or even a commercial site where no one minded being a beta tester. But I wouldn't use it on a shared server where beta wasn't expected. And good luck at getting Tomcat's module and others to work, because I'm pretty sure you're on your own.

Interesting, the people at Covalent would disagree with you...they are using Apache 2.0 in production enterprise environments, with no proble.

Although I do agree with you about Tomcat.

FYI, Apache.org itself uses Apache 2.x. Anyway, personally, I would want to investigate it a little more, before I put it on a server with a lot of accounts -- but it also depends on what you are using it for. I already considered it and came to the conclusion that it's worthwhile to test it on a high traficked site I have, where no other sites are on the server other than myself. I believe it's stable enough for that, but I am just not sure it's ready for all the modules and stuff we might throw at it. Then again, it's not like 1.3.x is really too much more stable, if you look at the code and the development.

Originally posted by uuallan
Interesting, the people at Covalent would disagree with you...they are using Apache 2.0 in production enterprise environments, with no proble.

Although I do agree with you about Tomcat.

I actually wasn't disagreeing with you or Covalent. I was agreeing with you. I would personally use it as long as no one minded. But I wouldn't offer it to web hosting customers, because some of them would not want to be beta testers.

But for an organizational web site where at least the "boss" said that I could get away with playing with 2.x, I'd use it, even if everyone else complained.

whats are the benefits of 2.0 over 1.3?

new features:
http://httpd.apache.org/docs-2.0/new_features_2_0.html

or see
http://www.linuxjournal.com/article.php?sid=4559

Apache 2 offers greater security, currently in shared hosting all php* and perl scripts* run under the username nobody or webserver, hence the permissions need to set in such a way that everyone can read your files via another script. The potential of such is dangerous, one can read a mysql password from someone else's php file and then get somone else's credit card details should they be stored in a shopping cart mysql datbase.**

Also Apache 2 offers greater filtering, can process output before being sent to client, those fimamilar with working with XSLT will appreciate this.


Well that's all I'm interested in. :)

* i know you can use Suexec but its hardly efficient.
** i know you can use various workaround to minize the potential of such an attack, however they are ultimately workarounds and security by obsecurity should never be a first measure.

I will be installing either 1.3 or 2.0 on a dedicated which I will be using for a network.. free email, free homepage, etc etc....

What do you suggest then?

1.3? 2.0?

I would say go with 2.0, considering it will be used for free services. You will have no problems with refunds because of SLA's that come with paying customers just in case you run into problems.

Originally posted by uuallan


Interesting, the people at Covalent would disagree with you...they are using Apache 2.0 in production enterprise environments, with no proble.

Although I do agree with you about Tomcat.

The folk at Covalent more than likely have the level of internal support and knowledge to mitigate the risk of using the 2.x beta.

For my new server, I'm staying with 1.3.x, even though my tests have shown 2.x to be fairly solid.

I'm really looking forward to Apache 2.0.1, though. :D