the bozotic HTTP server


bozohttpd is a small and secure http version 1.1 server. its main feature is the lack of features, reducing the code size and improving verifiability.

please note that bozohttpd versions prior to 20140708 have a flaw in the handling of basic HTTP authentication (aka ".htaccess") and it is possible to bypass the authentication. please update to 20140708 or newer as soon as possible.

please note that a bozohttpd versions 20090522 to 20100512, inclusive, have a serious wrong code generation interaction with GCC that has been fixed in the 20100617 release. additionally, all bozohttpd verisons prior to 20100920 have a flaw in the virtual hosting support, enabling access to files outside of the virtual root, that fixed in the 20100920 release. any one using these versions should upgrade to the 20100920 release, or newer.

please ensure that your openssl has been updated and any private keys used while using openssl 1.0.1 to 10.01f, and 1.0.2-beta are regenerated to deal with the problem described in CVE-2014-0160 .

it supports CGI/1.1, HTTP/1.1, HTTP/1.0, HTTP/0.9, ~user translations, virtual hosting support, as well as multiple IP-based servers on a single machine. it is capable of serving pages via the IPv6 protocol. it has ssl support. it has no configuration file by design. you can also read the manual page.

bozohttpd originally only ran on NetBSD, but it now supports several modern operating systems such as solaris 10, freebsd and linux. there is no "configure" script, and the distributed Makefile only works with BSD make, however there is a simple Makefile.boot that should work for any make program.


you can pick up bozohttpd from these locations:

or install it from the NetBSD packages collection.


here is a copy of the latest CHANGES file.


Contact the web master