Chuck Swiger cswiger at mac.com
Mon Apr 12 12:40:22 PDT 2004

Matthew Seaman wrote:
[ ... ]
> Your friend is being unnecessarily alarmist.  apache2 is not
> significantly different to apache13 in security terms.

There have been 16 CVE entries list for Apache 2, and 8 for Apache 1.x:


...so, if anything, one could argue that Apache 1 is a better bet in terms of 
security (not surprising, 1.x is more widely used and better tested).

> However, it is
> (I think) still a bit bigger and slower than apache13, plus support
> for all of the vast panoply of add-on modules etc. is yet to appear.
> However, apache2 works very well, and has some extra functionality
> (like improved IPv6 support and better threading) which may make it
> the preferrred choice at some sites.

I don't have rigorous benchmarks to prove this opinion :-), but observation 
suggests that platforms which have very good thread support (ie, Solaris and 
MacOS X) tend to run Apache 2 better than platforms which have OK thread 
support (Windows, FreeBSD, Linux).

The same observation tends to apply to Java as well, and if one is generating 
dynamic web content using a JVM, the condition of thread support on the local 
platform matters even more.


More information about the freebsd-questions mailing list