Apache is just like all the other projects that grow too big and people get ignorent towards the basic things like fast performance and security.
Apache is kind of PHP of the web servers. It's easy to use, it's supported by every webhost since everybody is used to it, and their developers don't spend too much consideration on security and perfomance. And this is coming from someone who uses Apache and PHP.
If you truly want secure, fast-performance web server, use nginx [wikipedia.org]. It's much better done than Apache.
They're not even close to comparable. Apache has served me very well. My server is not even vulnerable to this as I don't have mod_deflate loaded or compiled. (I tested using the kill script.)
Apache is too bloated (Score:0)
Apache is kind of PHP of the web servers. It's easy to use, it's supported by every webhost since everybody is used to it, and their developers don't spend too much consideration on security and perfomance. And this is coming from someone who uses Apache and PHP.
If you truly want secure, fast-performance web server, use nginx [wikipedia.org]. It's much better done than Apache.
Re:Apache is too bloated (Score:2)
They're not even close to comparable. Apache has served me very well. My server is not even vulnerable to this as I don't have mod_deflate loaded or compiled. (I tested using the kill script.)
Re: (Score:1)
The link in the blurb claiming to point to the advisory from Apache isn't correct.
The actual advisory from Apache notes that mod_deflate's presence is orthogonal (irrelevant) to the exploitability of this issue.
The correct link:
http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3C20110824161640.122D387DD@minotaur.apache.org%3E [apache.org]
Re: (Score:2)
Re: (Score:2)
Lets not forget that being a proper admin and having Apache locked down by, for example, some SELinux policies... it's kind of a tough nut to break.