lighttpd is a secure, fast, compliant, and very flexible Web server which has been optimized for high-performance environments. It has a very low memory footprint compared to other Web servers, and it takes care of CPU load. It has an advanced feature set that includes FastCGI (load balanced), CGI, Auth, Output-Compression, URL-Rewriting, SSL, and much more.
| Tags | Internet Web HTTP Servers |
|---|---|
| Licenses | BSD Revised |
| Operating Systems | POSIX |
| Implementation | C |
Recent releases


Release Notes: This version fixes a signedness error in http_auth (CVE-2011-4362), disables client initiated renegotiations, supports mitigating BEAST attacks (both SSL), and fixes connection stalls.


Release Notes: This release fixes a name conflict with OpenSSL, some cgi* bugs, should improve SSL support, and adds the "solaris-eventports" fdevent handler.


Release Notes: 1.4.27 introduced some serious bugs in the fdevent system; one resulted in segfaults with FreeBSD. This should be fixed now.


Release Notes: This release fixes SSL (SNI handling and SSL_CTX_set_options) and mod_cgi and mod_proxy (response handling). There is a new fdevent handler "libev" ("linux-rtsig" was removed). IPv6 sockets are now bound to IPv6 only in almost all cases ("dual-stack" is disabled).


Release Notes: There have been some important bugfixes (request parser handling for split header data, an fd leak in mod_cgi, a segfault with broken configs in mod_rewrite/mod_redirect, HUP detection, and an OOM/DoS vulnerability).