Open Source Linux HTTP Servers
Sort By:
HTTP Servers for Linux
View 26 business solutionsBrowse free open source HTTP Servers and projects for Linux below. Use the toggles on the left to filter open source HTTP Servers by OS, license, language, programming language, and project status.
-
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
Our Free Plans just got better! | Auth0You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
1
PyLoris
A protocol agnostic application layer denial of service attack.
PyLoris is a scriptable tool for testing a server's vulnerability to connection exhaustion denial of service (DoS) attacks. PyLoris can utilize SOCKS proxies and SSL connections, and can target protocols such as HTTP, FTP, SMTP, IMAP, and Telnet. -
2
mod_qos
Quality of service module for Apache httpd
mod_qos is a quality of service module for the Apache Web Server. It implements control mechanisms that can provide different priority to different requests and controls server access based on available resources. -
3
Mod_auth_kerb is a module that provides Kerberos user authentication to the Apache web server. It allows to retrieve the username/password pair, and also supports full Kerberos authentication (also known as Negotiate or SPNEGO based authentication).
-
4
axTLS is a TLSv1 SSL library designed specifically for embedded devices, with a highly configurable interface for small memory footprints.
-
Simple, Secure Domain RegistrationRegister or renew your domain and pay only what we pay. No markups, hidden fees, or surprise add-ons. Choose from over 400 TLDs (.com, .ai, .dev). Every domain is integrated with Cloudflare's industry-leading DNS, CDN, and free SSL to make your site faster and more secure. Simple, secure, at-cost domain registration.
-
5
Hoverfly
Lightweight service virtualization/ API simulation / API mocking tool
Hoverfly is a lightweight, open source API simulation tool. Using Hoverfly, you can create realistic simulations of the APIs your application depends on. Replace unreliable test systems and restrictive API sandboxes with high-performance simulations in seconds. Run on MacOS, Windows or Linux, or use native Java or Python language bindings to get started quickly. Simulate API latency or failure when required by writing custom scripts in the language of your choice. -
6
LAMPSecurity training is designed to be a series of vulnerable virtual machine images along with complementary documentation designed to teach linux,apache,php,mysql security.
-
7
Hetty
An HTTP toolkit for security research
Hetty is an HTTP toolkit for security research. It aims to become an open-source alternative to commercial software like Burp Suite Pro, with powerful features tailored to the needs of the infosec and bug bounty communities. Machine-in-the-middle (MITM) HTTP proxy, with logs and advanced search. HTTP client for manually creating/editing requests, and replay proxied requests. Intercept requests and responses for manual review (edit, send/receive, cancel) Scope support, to help keep work organized. Easy-to-use web-based admin interface. Project-based database storage, to help keep work organized. -
8
Proxyee
HTTP proxy server,support HTTPS & websocket
Proxyee is a JAVA-written HTTP proxy server library that supports HTTP, HTTPS, and WebSocket protocols, and supports MITM (Man-in-the-middle), which can capture and tamper with HTTP, and HTTPS packets. The CA certificate (src/resources/ca.crt) from the project needs to be imported to a trusted root certificate authority. The CA certificate (src/resources/ca.crt) from the project needs to be imported to a trusted root certificate authority. You can use the CertDownIntercept interceptor to enable the web certificate download feature. -
9
go-mitmproxy
mitmproxy implemented with golang
go-mitmproxy is a Golang implementation of mitmproxy that supports man-in-the-middle attacks and parsing, monitoring, and tampering with HTTP/HTTPS traffic. Parses HTTP/HTTPS traffic and displays traffic details via a web interface. Supports a plugin mechanism for easily extending functionality. Various event hooks can be found in the examples directory. HTTPS certificate handling is compatible with mitmproxy and stored in the ~/.mitmproxy folder. If the root certificate is already trusted from the previous use of mitmproxy, go-mitmproxy can use it directly. Map Remote and Map Local support. -
Keep company data safe with Chrome EnterpriseMake AI work your way with Chrome Enterprise. Block unapproved sites and set custom data controls that align with your company's policies.
-
10
OpenCA
Open Source PKI solutions
The OpenCA PKI Development Project is a collaborative effort to develop a robust, full-featured and Open Source out-of-the-box Certification Authority implementing the most used protocols with full-strength cryptography world-wide. -
11
ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.
-
12
w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more. This project has been migrated to github! See details in our project site: http://w3af.org/
-
13
Free-SA
Free-SA is report generating tool for web, proxy and mail log files
Free-SA is logs processor and report generating tool. It can be used to control traffic usage, to evaluate conformance to the Internet access security policies, to investigate security incidents, to evaluate web server efficiency and to detect troubles with server configuration. -
14
*NOTE* Project moved to github.com/cgiwrap/cgiwrap More secure user access to cgi scripting. Runs scripts as the user who owns them. Initial inspiration for suexec. CGIwrap however is server independent.
-
15
A geoblock module created by Triple IT. It can be added to the IIS7 pipeline (now also on IIS 8.5). It uses the IPv4 address to determine the geographic location of the request by using maxminds geo IP file and takes action accordingly. Next to the module, 2 tools are included. 1 to quickly lookup the country for a specific IP address and 1 to help you automate the update of the MaxMind data file. An extensive manual is available to install and use the module.
-
16
cSploit
cSploit - cyb3r gladiat0r's cPanel mass password changer.
cSploit is a mass password changer interactive shell script for cpanel usernames along with their respective login passwords it also changes their FTP, MySQL passwords also. And save changed passwords with their respective usernames in a text file. It gives you flexibility to specify custom filename to save password. (This makes filename hard to guess.) This script also allows you to select the specific type of random generated passwords. -
17
Distributed session caching tools and APIs, primarily for SSL/TLS servers though perhaps useful for other (non-SSL/TLS) circumstances. Also includes a self-contained network abstraction library (libnal), and the sslswamp SSL/TLS benchmark/test utility.
-
18
The goal of this project is to create a functioning web server which is indistinguishable from Microsoft's IIS product at a topical level. This server can be run standalone, through inetd, or as a module of the "honeyd" project.
-
19
Aiakos is a suite of software components that together provide a collaborative Single-Signon System across multiple trusted websites. A simple open protocol is provided for collaboration, and working libraries are provided for ASP and Zope.
-
20
viewstate is a decoder and encoder for ASP .Net viewstate data. It supports the different viewstate data formats and can extract viewstate data direct from web pages. viewstate will also show any hash applied to the viewstate data.
-
21
-
22
SELinux modules which extend mandatory access control policies to the Citadel Groupware Server daemons (citserver and webcit).
-
23
DACS - Distributed Access Control System
Authentication, Access Control, and Single Sign-On
DACS,a light-weight single sign-on and role-based security system for Apache or server-based software, provides comprehensive authentication capabilities, and powerful, transparent rule-based authorization checking for any web service or CGI program. The latest release is DACS 1.5.1 (26-Oct-2025) It is not available here! Get it at https://dacs.dss.ca/download.html -
24
HPCP (High Performance Channel Protocol) is a transactional data exchange specification, defining an implementation and usage of HTTPS, XML, SOAP, and LDAP. The EEAT HPCP implementation is written in JAVA.
-
25
GPODCS is a Certification Authority developed in the ESA Grid Processing On Demand (gpod.eo.esa.int) project. It offers a PKI infrastructure and GSI authorization management. GPODCS is portable, reliable, easy to install, configure and personalize.