Hiawatha is a secure and advanced Web server for Unix. It has been written with security as its main goal. It features advanced access control, prevention of SQL injection and cross-site scripting, banning of clients who try such exploits, the ability to run CGIs under any UID/GID you want, and many other features. These features make Hiawatha an interesting Web server for those who need more security than what the other available Web servers are offering. Hiawatha is also fast and easy to configure.
mod_jail is an Apache module that supports 1.3.x and 2.x branches. It is similar to mod_chroot, but uses FreeBSD's specific system call "jail", which is more secure than chroot. Thus, it is intended to run on FreeBSD only. This module allows you to run Apache in a secure jail easily, without creating a real jail environment containing a copy of /lib, /libexec, /usr/lib, etc. Also, it is able to change the securelevel within a created jail prison.
Pound is a reverse HTTP proxy, load balancer, and SSL wrapper. It proxies client HTTPS requests to HTTP backend servers, distributes the requests among several servers while keeping sessions, supports HTTP/1.1 requests even if the backend server(s) are HTTP/1.0, and sanitizes requests.
Cherokee is a very fast, flexible and easy to configure Web server. It supports widespread technologies including FastCGI, SCGI, uWSGI, PHP, CGI, SSI, TLS and SSL encrypted connections, virtual hosts, authentication, on the fly encoding, load balancing, Apache compatible log files, database balancing, reverse HTTP proxy, traffic shaping, video streaming, and much more. A user friendly interface called cherokee-admin is provided for no-hassle configuration of the server. It allows you to configure the server from top to bottom without editing a text configuration file.
mod_vhs is an Apache 2.2+ Web server module allowing mass virtual hosting without the need for file-based configuration. The virtual host paths are translated from any database supported by mod_ldap or mod_dbd at request time from MySQL, LDAP, PAM, or a system password file. PHP security can be basically auto-configured from the database using this module. Requests are cached by mod_ldap when configured.
muhttpd (mu HTTP deamon) is a simple but complete Web server written in portable ANSI C. It supports static pages, CGI scripts, and MIME type based handlers. It drops privileges before accepting any connections, and can log received requests. It has been tested on OpenBSD, GNU/Linux, NetBSD, FreeBSD, Mac OS X, and Cygwin. It runs successfully on 32-bits, 64-bit, little endian, and big endian systems.
PasTmon (Passive Application Response Time Monitor) passively monitors your application servers, measuring and reporting user response times, throughput and congestion. It currently works with HTTP, telnet, rlogin, rsh, FTP (control channel), SMTP, POP3, and IRC. Measurements are recorded in a PostgreSQL database and are presented graphically via a PHP Web front-end using R statistical analysis scripts to create the plots.