Open Source HTTP Servers
Sort By:
HTTP Servers
Browse free open source HTTP Servers and projects for Mac and BSD below. Use the toggles on the left to filter open source HTTP Servers by OS, license, language, programming language, and project status.
-
MongoDB Atlas runs apps anywhereMongoDB Atlas gives you the freedom to build and run modern applications anywhere—across AWS, Azure, and Google Cloud. With global availability in over 115 regions, Atlas lets you deploy close to your users, meet compliance needs, and scale with confidence across any geography.
-
Kinetic Software - Epicor ERPGrow, thrive, and compete in a global marketplace with Kinetic—an industry-tailored, cognitive ERP that helps you work smarter and stay connected.
-
1
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. Designed for interoperability, it publishes data from any major spatial data source using open standards: WMS, WFS, WCS, WPS and REST
">
-
2
HyperSQL Database Engine (HSQLDB)
Relational Database
HSQLDB is a relational database engine written in Java, with a JDBC driver, conforming to ANSI SQL:2023. A small, fast, multithreaded engine and server with memory and disk tables, LOBs, transaction isolation, multiversion concurrency and ACID. -
3
ooRexx (Open Object Rexx)
REXX interpreter
Home of the Open Object Rexx Project. ooRexx is the open source version of IBM's Object REXX Interpreter. It is upwardly compatible with classic REXX and will execute classic REXX programs unchanged. The project is managed by the Rexx Language Association. -
4
Caddy
Powerful, enterprise-ready, open source web server w/ automatic HTTPS
Caddy is a powerful, extensible, enterprise-ready server platform that uses TLS by default. Everything you would require in your infrastructure, from TLS certificate renewals and OCSP stapling, to reverse proxying and ingress, Caddy simplifies it all. Its modular architecture lets you do more with just a single static binary that compiles for any platform. Caddy is the only web server that uses HTTPS automatically and by default. It automatically renews TLS certificates, staples OCSP responses and more. Though used mostly as an HTTPS server, Caddy can be used to run Go applications, offering automated documentation, graceful on-line config changes via API and more to these apps. Caddy is very extensible, with a powerful plugin system unlike any other web server. -
Powerful Business Process AutomationWhen a message is received ThinkAutomation automatically executes one or more Automations. Automations are created using an easy to use drag-and-drop interface to run simple or complex tasks. Automations can perform many business process Actions, including: updating company databases, CRM systems and cloud services, sending outgoing emails, Teams & SMS messages, document processing, custom scripting, integration and much more. Over 100 built-in actions are included, plus ThinkAutomation is extensible with Custom Actions.
-
5
PyLoris
A protocol agnostic application layer denial of service attack.
PyLoris is a scriptable tool for testing a server's vulnerability to connection exhaustion denial of service (DoS) attacks. PyLoris can utilize SOCKS proxies and SSL connections, and can target protocols such as HTTP, FTP, SMTP, IMAP, and Telnet. -
6
Virtuoso is a scalable cross-platform server that combines Relational, Graph, and Document Data Management with Web Application Server and Web Services Platform functionality.
-
7
Nock
HTTP server mocking and expectations library for Node.js
HTTP server mocking and expectations library for Node.js. Nock can be used to test modules that perform HTTP requests in isolation. For instance, if a module performs HTTP requests to a CouchDB server or makes HTTP requests to the Amazon API, you can test that module in isolation. Nock works by overriding Node's http.request function. Also, it overrides http.ClientRequest too to cover for modules that use it directly. -
8
urllib3
Python HTTP library with thread-safe connection pooling
urllib3 is a powerful, user-friendly HTTP client for Python. Much of the Python ecosystem already uses urllib3 and you should too. Thread safety, connection pooling. Client-side TLS/SSL verification. File uploads with multipart encoding. Helpers for retrying requests and dealing with HTTP redirects. Support for gzip, deflate, brotli, and zstd encoding. Proxy support for HTTP and SOCKS. 100% test coverage. Professional support for urllib3 is available as part of the Tidelift Subscription. Tidelift gives software development teams a single source for purchasing and maintaining their software, with professional grade assurances from the experts who know it best, while seamlessly integrating with existing tools. -
9
OpenCA
Open Source PKI solutions
The OpenCA PKI Development Project is a collaborative effort to develop a robust, full-featured and Open Source out-of-the-box Certification Authority implementing the most used protocols with full-strength cryptography world-wide. -
No-Nonsense Code-to-Cloud Security for Devs | AikidoAikido provides a unified security platform for developers, combining 12 powerful scans like SAST, DAST, and CSPM. AI-driven AutoFix and AutoTriage streamline vulnerability management, while runtime protection blocks attacks.
-
10
ProxyChains-NG
Hooks calls to sockets in dynamically linked programs
proxychains ng (new generation), a preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http proxies. continuation of the unmaintained proxychains project. proxychains is a hook preloader that allows to redirect TCP traffic of existing dynamically linked programs through one or more SOCKS or HTTP proxies. The way it works is basically a HACK; so it is possible that it doesn't work with your program, especially when it's a script, or starts numerous processes like background daemons or uses dlopen() to load "modules" (bug in glibc dynlinker). It should work with simple compiled (C/C++) dynamically linked programs though. -
11
jHTTPp2 is a very small HTTP/1.1 proxy server written in Java. It offers following features: IPv6 support, high-performance, blocks URL's based on a block-list, removes data from the HTTP-Header, blocks Cookies from untrusted hosts.
">
-
12
civetweb
Embedded C/C++ Web Server
Civetweb is a small footprint HTTP Server with optional Lua and SQLite support written in C. It can be embedded into C/C++ applications or used as stand alone web server for Windows, Linux, BSD or Mac-OS. This project is based on the Mongoose web server, but maintains the MIT license and is free from GPL licenses. Installation Guide https://github.com/civetweb/civetweb/blob/master/docs/Installing.md Contributions are welcome and encouraged. The official source code is at https://github.com/civetweb/civetweb Problems may be reported at https://github.com/civetweb/civetweb/issues Use the "Civetweb" Google groups for questions and discussion https://groups.google.com/d/forum/civetweb -
13
AOLserver
High-performance multithreaded web server
AOLserver is a multithreaded, Tcl-enabled, massively-scalable and extensible web server tuned for large scale, dynamic web sites. AOLserver also includes complete database integration and a dynamic page scripting language. -
14
Dredd
Language-agnostic HTTP API Testing Tool
Dredd is a language-agnostic command-line tool for validating API description documents against the backend implementation of the API. Dredd reads your API description and step by step validates whether your API implementation replies with responses as they are described in the documentation. Dredd supports writing hooks — a glue code for each test setup and teardown. -
15
Go Safe Web
Secure-by-default HTTP servers in Go
go-safeweb is a security-focused HTTP framework for Go that bakes in secure defaults so common web vulnerabilities are harder to introduce. Instead of leaving headers and policies to ad-hoc middleware, it sets Content Security Policy, X-Frame-Options, and other protections by default, and centralizes template escaping rules. Request handling emphasizes principled APIs for parsing and validating input, reducing the risk of injection and deserialization bugs. The framework’s routing and response layers are designed to be explicit and auditable, making it clearer when unsafe behaviors are being opted into. It also offers utilities for CSRF protection, secure cookies, and safe resource embedding that work well with Go’s standard library. By turning security posture into a first-class concern, go-safeweb helps teams achieve defense-in-depth without scattering security logic across a codebase. -
16
Martian Proxy
Martian is a library for building custom HTTP/S proxies
Martian Proxy is a programmable HTTP proxy designed to be used for testing. Martian is a great tool to use if you want to verify that all (or some subset) of requests are secure. Mock external services at the network layer. Inject headers, modify cookies or perform other mutations of HTTP requests and responses. Verify that pingbacks happen when you think they should. Unwrap encrypted traffic (requires install of CA certificate in browser) By taking advantage of Go cross-compilation, Martian can be deployed anywhere that Go can target. Martian Proxy added support for Go modules since v3.0.0. If you use a Go version that does not support modules, this will break you. The latest version without Go modules support was tagged v2.1.0. For logging of requests and responses a logging modifier is available or HAR logs are available if the -har flag is used. Once Martian is running, you need to configure its behavior. -
17
JETTY HAS MOVED TO ECLIPSE!!!! The latest releases of Jetty are hosted from http://eclipse.org/jetty. Jetty is an open-source project providing a HTTP server, HTTP client and javax.servlet container.
-
18
The State Threads Library is a small application library which provides a foundation for writing fast and highly scalable Internet applications (such as web servers, proxy servers, mail transfer agents, and so on) on UNIX-like platforms.
-
19
ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.
-
20
w3af, is a Web Application Attack and Audit Framework. The w3af core and it's plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more. This project has been migrated to github! See details in our project site: http://w3af.org/
-
21
phpShout is a PHP Extension that wraps around the libshout library available at http://www.icecast.org/. LibShout is used in conjunction with an Icecast server to create a streaming Internet radio station from your own music files.
-
22
PyFileSync is a set of tools for over-the-web file synchronization and data collection. Currently it consists of one component: PyFileServer - WSGI/Web application for sharing multiple filestructures/realms via WebDAV
-
23
-
24
Collection of plugins for Eclipse 2.1 (www.eclipse.org). Web-Application Development Environment (XML/HTML/CSS/JSP).
-
25
mod_setenvifplus
Apache httpd module to set environment variables
mod_setenvifplus is module for the Apache Web server which allows you to set environment variables and request/response headers according to whether different aspects of the request match regular expressions you specify.