I have only used the Apache HTTP Server on Windows for a couple of years since I mostly use Linux.
Until now I have downloaded the binaries from the Apache Software Foundation or one of its mirrors.
I have been missing the latest releases (2.2.23 and 2.2.24). First I thought that the reason they were not available was because the CVE was not relevant for Windows
After checking up on this I found that the Apache Software Foundation (ASF) has never supplied binaries for Windows.
The binaries was provide by a third-party. I do not know who, but they have stopped supplying them.
ASF has some mail lists and there it was suggested to get the binaries from http://www.apachelounge.com.
I have checked the site out and it looks safe. It have existed in years and have forums with thousands of users. Google did not reports any problems with them.
I have downloaded version 2.2.24 and installed it on a couple of servers. It works fine and https://www.ssllabs.com/ssltest does not report the servers as vulnerable to the CRIME attack anymore and they get an A rating
You can switched from “ASF” binaries to apachelounge via:
- Backup the current installation.
- Uninstall httpd and delete the Apache directory.
- Unzip httpd-2.2.24-win32-ssl_0.9.8.zip and copy the content of the Apache2 directory to the location of the old installation.
- Delete the conf directory and replace it with your old conf. Since we have placed it the same place you do not have to change anything else.
- Install the Windows service via httpd.exe -k install.
The apachelounge.com looks to be mostly a one man show. There is no warranty for anything so if this is a concern you should probably compile httpd yourself.
They do provide PGP signatures and SHA1-SHA512 checksums so you can validate the downloads.
New releases are announced via Twitter @ApacheLounge.
This is an independent site so remember to make a donation if you like their service.Google+