Results 1 to 26 of 26
  1. #1
    Join Date
    Mar 2005
    Location
    New Jersey
    Posts
    177

    Apache 1.x vs Apache 2.x vs Apache 2.2.x?

    [Forgive me if this is not the right forum, and mod please move the the most appropriate forum..]

    Okay...

    So what is the best, most secure, and fastest Apache version right now?
    I have Apache 1.x installed on my server. I don't know why. I like to always use the newest and most up to date version for my site. I know the 1.x series is still being updated, but what's the difference between 1.x and 2.x and 2.2.x?

    I think I may want to use 2.2.x but don't want to use compatibility etc.

    My sites only use 301 redirects, modrewrite, and http hosts (from http:// to http://www.) - if I upgrade to 2.2.x, will my sites break?

    Thanks for your help.
    CHEAPEST Domain Registration, Renewals, & Transfers - Domain Transfers even CHEAPER to win your business! 100% satisfaction guaranteed! For personal support, PM me.
    Link Building & SEO Blog

  2. #2
    Join Date
    Jun 2003
    Location
    Proud She-Geek
    Posts
    1,722
    Moved to Technical and Security Issues
    <?php echo "Signature here"; ?>

  3. #3
    It question like "What car most faster". It's different apaches. It's have different advantages.

    What's new at apache2 you can see at http://httpd.apache.org/docs/2.0/new_features_2_0.html

    >if I upgrade to 2.2.x, will my sites break?

    I think it will work. But apache2 have own config file. And you will need write new virtualhost config.

    see to
    http://httpd.apache.org/docs/2.0/upgrading.html

  4. #4
    Join Date
    Feb 2007
    Posts
    184
    Depends on the modules you would be using. For the highest security and performance I would suggest Apache 1.3. There are plenty of modifications you can make to the configurations and the source itself form optimum performance. Make sure you cut down on unnecessary modules when you do this. Apache 2.2 would do fine, however it is still buggy and wouldn't give you the best security. For the differences you should consult the apache website.

    Also, there are a lot of websites that do use Apache 1.3. One of those is FaceBook.com that uses the 1.3 engine with their modifications.

  5. #5
    Quote Originally Posted by deltalayer View Post
    For the highest security and performance I would suggest Apache 1.3.
    Sorry to butt in, but what's your basis for saying Apache 1.3 is faster than Apache 2.x? In pretty much every benchmark I've seen, Apache 2.0 is faster, hands down.

  6. #6
    Join Date
    Jan 2006
    Location
    Athens, Greece
    Posts
    1,479
    However it is, Apache group never claimed that their http server is a
    performance server. Apache 2.x is good with multi-core systems.

    Plus the say that 2.2.8 is the best version of apache available, so they must know something.

  7. #7
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    11,687
    At the core (read: for most people), upgrading from 1.3 to 2.2 is a breeze. Sure you'll need to figure out how to convert your virtualhosts, but that shouldn't be too terribly complicated.

    Will you lose features? From what I've seen (again, this is my own experience), no you won't. You will , in fact GAIN them, so that's a good thing.

    Configuration really isn't terribly different, I managed to push 1.3 to 2.2 easily enough, and if you've got CPanel it'll do most of the legwork for you.
    WHMCS Guru - WHMCS addons, management, support and more.
    WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
    Always looking for Linux, WHMCS, Support Desk work. PM for details

  8. #8
    Join Date
    Feb 2007
    Posts
    184
    Quote Originally Posted by JulesR View Post
    Sorry to butt in, but what's your basis for saying Apache 1.3 is faster than Apache 2.x? In pretty much every benchmark I've seen, Apache 2.0 is faster, hands down.
    If your biggest factor is security then I would assume 1.3 is what you should go with. I've read an article that stated that Apache 2.x.x is 6% faster than 1.3. However, you really wont notice the difference if Apache 1.3 is tweaked properly. Even if that isn't the case then the network can be saturate. It also depends on the performance in discussion and the type of features you need.

  9. #9
    How do you determine that Apache 1.3 is more secure than 2.xx?

    Whilst I agree that a 6% performance increase is negligable and is subject to individual configuration tweaks, I have to disagree when you say you won't notice the difference. The wealth of benchmarks I've seen indicate much higher performance increases, usually around the 30% mark. As these will naturally have their own custom configurations and different server specifications, I think it's safe to say that if we average those results out and took the lower end readings which would be, I assume, around the 15-20% mark, that's still a very significant performance increase.

    In regards to network saturation, that's irrelevant because we're discussing the Apache server itself and assuming that all tests/benchmarks are executed locally for optimal results with no network activity.
    Last edited by JulesR; 05-23-2008 at 08:31 PM.

  10. #10
    Join Date
    Feb 2007
    Posts
    184
    How do you determine that Apache 1.3 is more secure than 2.xx?
    Why don't you read the source code of the two and determine it yourself? I am basing my opinion from Apache's change logs.

  11. #11
    If it was your opinion then you needed to state that, thank you. Since there's no factual basis for your claims that Apache 1.3 is more secure than Apache 2.0, the people reading this thread should disregard your previous comments on its security unless they are otherwise justified and proven.

    Apologies if I appear rude, but there are far too many sources of misinformation on the Internet with little to no justification. Telling someone software is less secure when it's not is simply bad practice and gives people the wrong idea.

  12. #12
    Join Date
    Feb 2007
    Posts
    184
    Look at it this way, 1.3 has no where near as many bugs as 2.x currently does. Also, 1.3 is used my numerous large website which trust its stability. Finally, this is a forum and most of the time everything is an opinion. If you really want you question answered contact apache, or google since they know it all.

  13. #13
    Which bugs are you referring to? You can't make a statement like that without backing it up with facts

  14. #14
    Join Date
    Feb 2007
    Posts
    184

  15. #15
    Changelogs are no indication of how "buggy" something is - merely how much development is performed on something. Not all items within a changelog are vulnerability fixes, but perhaps additional functionality, code cleanups, you name it.

    Whilst Apache 1.3 is indeed older and some may consider it more "tried and tested", there are absolutely no security concerns that I'm aware of when using 2.2.8 - which, incidentally, is the version that Apache themselves recommend you use. If you know of any specific reason why people shouldn't use this version, or are familiar with specific bugs or vulnerabilities, I urge you to report them to Apache directly so that everybody can benefit. Comparing changelogs, however, is no indication of security or reliability.

  16. #16
    Join Date
    Feb 2007
    Posts
    184
    Quote Originally Posted by JulesR View Post
    Changelogs are no indication of how "buggy" something is - merely how much development is performed on something. Not all items within a changelog are vulnerability fixes, but perhaps additional functionality, code cleanups, you name it.

    Whilst Apache 1.3 is indeed older and some may consider it more "tried and tested", there are absolutely no security concerns that I'm aware of when using 2.2.8 - which, incidentally, is the version that Apache themselves recommend you use. If you know of any specific reason why people shouldn't use this version, or are familiar with specific bugs or vulnerabilities, I urge you to report them to Apache directly so that everybody can benefit. Comparing changelogs, however, is no indication of security or reliability.
    Yes it does, it shows you how much "unknown" there in the version. Also, Apache recommends users to use the latest version of Apache so they can discover new bugs. This may not be a huge deal, but when you're dealing with a massive website where a flaw can cost you tons of mula then you'd go with 1.3.

  17. #17
    It doesn't show you anything of the sort. Changelogs only show you the "known" and fixed issues, so using a changelog as your basis for security vulnerability assessment is nonsensical because you'd be looking at issues that are already fixed. You could claim that more fixes in the changelog means overall less secure code, but the logical rebuttal to that is that far more work is being performed on the latest version of Apache which means more enhancements and fixes will take place as a result. Apache 1.3 isn't going to be as actively maintained as the latest version, obviously.

    Again, there is absolutely no factual or logical reason to believe that Apache 1.3 is any more secure than Apache 2.0 - unless of course you're aware of security vulnerabilities that exist in 2.0 but not 1.3? If so, have you reported these?

    Apache don't recommend downloading the latest version so they can "test" it, they have enough beta testers already. They recommend it because it is literally the most secure version out there. For the extremely paranoid people who are worried they might encounter bugs that may bring their sites down, there's the possibility of using Apache 2.0.63 which is labelled as "stable".

  18. #18
    Join Date
    Feb 2007
    Posts
    184
    Just use whatever you're most comfortable with. I recommend the latest version of 1.3.

  19. #19
    In response to your "I think there's a typo in your signature": Not that I'm aware of.

    I agree, use what you're comfortable with. But don't believe the myths about 1.3 being more secure.
    Last edited by JulesR; 05-23-2008 at 09:56 PM.

  20. #20
    Join Date
    Feb 2007
    Posts
    184
    1.3 will help you cut down on updates and keeping track? That's a plus!

  21. #21
    So now you're advocating that you shouldn't update software to obtain the latest security fixes?

  22. #22
    2.2 in my experience is about twice as fast. That impression comes from years of checking 15 servers every 2 minutes, and retrieving a page from those servers in 10 seconds on the best of days.

    Since upgrading to Apache 2.2 the time it takes to go down the list went from about 10-15 seconds to about 5 seconds, consistently.

    Also it helps to be able to use mod_security, which stopped supporting Apache 1.x a long time ago.

  23. #23
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    11,687
    Quote Originally Posted by JulesR View Post
    So now you're advocating that you shouldn't update software to obtain the latest security fixes?
    It's called sarcasm, come on now, lighten up
    WHMCS Guru - WHMCS addons, management, support and more.
    WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
    Always looking for Linux, WHMCS, Support Desk work. PM for details

  24. #24
    Join Date
    Feb 2007
    Posts
    184
    Quote Originally Posted by JulesR View Post
    So now you're advocating that you shouldn't update software to obtain the latest security fixes?
    Just stop posting!

  25. #25
    Quote Originally Posted by linux-tech View Post
    It's called sarcasm, come on now, lighten up
    You're hardly one to talk, judging from your post history

    Quote Originally Posted by deltalayer
    Just stop posting!
    I will if you stop spouting garbage

  26. #26
    Join Date
    Mar 2005
    Location
    New Jersey
    Posts
    177
    Conclusive Statement

    From what I have read the 2.x series of Apache is significantly faster than the 1.x series, and there is the fact that the 2.x series of Apache handles/performs much better than the 1.x series with multiple [core] processors.

    My server is run using an Intel Quad Core Q6600 processor. I have just updated my server from 1.3 to 2.0.63 (latest version of 2.0 series) of Apache.

    I noticed a small update in performance (sites load a little bit faster).

    Was it worth it? In the long-run, I think yes. I was recommended to upgrade to the 2.0 series specifically because of the following reasons:
    - 1.x series is old and IS coming to an end (old technology doesn't tend to always work the best with new technology, and being the fact that the series is coming to an end, though recently updated, it is still best to upgrade to a more stable and supported version).
    - The 2.x series handles a lot better with multiple/multi-core processors. This is important to me because my server is using an Intel Q6600 processor and I'd like to take as much advantage of the processor as I can.
    - The 2.x series is continued and will be continued (for longer than the 1.x series) to be supported and updated.
    - The 2.0 series specifically has shown great stages of stability and security. Server administrators and hosts have recommended to stay away from the 2.2.x series for another 6-12 months as that is usually a good "testing" stage for the organization to find bugs and security exploits and fix them (2.2.x series to me is like a beta series, and I'd rather be better safe than sorry so I don't have to be updating my server everyday).

    I hope my concluding statement/decision has been a good one.
    CHEAPEST Domain Registration, Renewals, & Transfers - Domain Transfers even CHEAPER to win your business! 100% satisfaction guaranteed! For personal support, PM me.
    Link Building & SEO Blog

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •