the bozotic HTTP server


bozohttpd is a small and secure http version 1.1 server. its main feature is the lack of features, reducing the code size and improving verifiability.

please note that bozohttpd versions prior to 20181215 have a flaw in the handling of bozohttpd special files, and can expose the contents of .htpasswd files which contain both encrypted passwords and usernames. please update to 20181215 or newer as soon as possible.

please ensure that your openssl has been updated and any private keys used while using openssl 1.0.1 to 10.01f, and 1.0.2-beta are regenerated to deal with the problem described in CVE-2014-0160 . please see old security issues for older information.

it supports CGI/1.1, HTTP/1.1, HTTP/1.0, HTTP/0.9, ~user translations, virtual hosting support, as well as multiple IP-based servers on a single machine. it is capable of serving pages via the IPv6 protocol. it has ssl support. it has no configuration file by design. you can also read the english manual or french manual pages, the french translation kindly provided by Anna Chekovsky.

bozohttpd originally only ran on NetBSD, but it now supports several modern operating systems such as solaris 10, freebsd and linux. there is no "configure" script, and the distributed Makefile only works with BSD make, however there is a simple Makefile.boot that should work for any make program.


you can pick up bozohttpd from these locations:

or install it from the NetBSD packages collection.


here is a copy of the latest CHANGES file.


This page has been translated into French language by Natalie Harmann.


Contact the web master