Optimizing Apache performance reduces response time and increases throughput by lowering per-request work and keeping worker capacity available during traffic spikes. More predictable tail latency under bursty traffic often comes from small improvements in connection handling, caching, and concurrency limits.
Most performance levers sit in the concurrency model (MPM choice and worker limits), connection lifetime (KeepAlive and timeouts), protocol features (HTTP/2 multiplexing and TLS session reuse), and work avoidance (caching and compression). Modules such as mod_cache, mod_deflate, mod_brotli, and mod_http2 can remove repeated work, while logging and dynamic handlers can become the dominant cost at scale.
Tuning should be driven by measurement and applied incrementally, because changes can trade one bottleneck for another through memory pressure, longer queues, or unstable upstream behavior. Configuration paths and service names differ between apache2 and httpd distributions, so validation before reloads matters. Related pages provide step-by-step procedures for each tuning area.
Steps to optimize Apache web server performance:
- Benchmark current behavior to establish a baseline.
$ ab -n 1000 -c 50 -k http://host.example.net/ This is ApacheBench, Version 2.3 <$Revision: 1903618 $> ##### snipped ##### Concurrency Level: 50 Time taken for tests: 0.021 seconds Complete requests: 1000 Failed requests: 1 (Connect: 0, Receive: 0, Length: 1, Exceptions: 0) Non-2xx responses: 999 Keep-Alive requests: 999 Requests per second: 48188.13 [#/sec] (mean) Time per request: 1.038 [ms] (mean) ##### snipped #####
Keep the URL, headers, and options identical for before/after comparisons.
- Enable a restricted server-status endpoint for visibility during load tests.
$ curl -s http://127.0.0.1/server-status?auto | head 127.0.0.1 ServerVersion: Apache/2.4.58 (Ubuntu) OpenSSL/3.0.13 ServerMPM: event Server Built: 2025-08-11T11:10:09 CurrentTime: Sunday, 11-Jan-2026 05:40:03 +08 RestartTime: Sunday, 11-Jan-2026 05:40:03 +08 ParentServerConfigGeneration: 1 ParentServerMPMGeneration: 0 ServerUptimeSeconds: 0 ServerUptime:
Unrestricted server-status exposure leaks internal details (worker state, vhost names, client IPs) and can aid attackers.
- Identify the active MPM in use.
$ apachectl -V 2>/dev/null | grep -i '^server mpm:' Server MPM: event
On some Linux distributions the wrapper command is apache2ctl or httpd.
Related: How to enable the event MPM in Apache
Related: How to tune MaxRequestWorkers in Apache - Enable caching for static content.
Prefer long-lived cache headers on fingerprinted assets (app.3f2c1d.css) and short-lived or no-cache headers for HTML.
- Verify cache headers on a representative static asset.
$ curl -I --silent --show-error -k https://host.example.net/static/app.css | grep -i -E '^(cache-control|expires|etag):' etag: W/"16-6480f7c0e2f24" cache-control: public, max-age=604800
- Enable compression for text-based responses.
Compression helps HTML/CSS/JS/JSON, but usually wastes CPU on already-compressed formats like JPEG, PNG, WebP, MP4, and .gz files.
- Verify compression negotiation with response headers.
$ curl -I --silent --show-error -k -H 'Accept-Encoding: br,gzip' https://host.example.net/ | grep -i -E '^(content-encoding|vary):' vary: Accept-Encoding content-encoding: gzip
- Tune KeepAlive behavior to balance reuse against idle worker cost.
$ grep -h -i -E '^(KeepAlive|MaxKeepAliveRequests|KeepAliveTimeout|Timeout)' /etc/apache2/conf-enabled/keepalive.conf /etc/apache2/apache2.conf KeepAlive On MaxKeepAliveRequests 100 KeepAliveTimeout 2 Timeout 300 KeepAlive On MaxKeepAliveRequests 100 KeepAliveTimeout 5
A high KeepAliveTimeout can pin workers under bursty traffic, while disabling keepalive increases handshake and connection overhead.
Related: How to enable KeepAlive in Apache
- Enable HTTP/2 on compatible TLS virtual hosts.
HTTP/2 benefits many small requests (CSS/JS) through multiplexing, but it still relies on correct caching and sensible timeouts.
- Verify HTTP/2 negotiation from a client.
$ curl -I --silent --show-error --http2 -k https://host.example.net/ HTTP/2 200 last-modified: Sat, 10 Jan 2026 21:15:28 GMT etag: "29af-6480f24215cc8" accept-ranges: bytes content-length: 10671 vary: Accept-Encoding content-type: text/html date: Sat, 10 Jan 2026 21:40:03 GMT server: Apache/2.4.58 (Ubuntu) ##### snipped #####
- Evaluate HTTP/3 support when a QUIC frontend is available.
HTTP/3 is commonly terminated by a CDN or reverse proxy that speaks QUIC to clients and forwards to Apache over HTTP/2 or HTTP/1.1.
Related: How to enable HTTP/3 in Apache
- Enable TLS session caching to reduce handshake overhead on HTTPS traffic.
TLS session reuse reduces CPU spent on repeated handshakes during keepalive churn or short-lived client connections.
- Verify TLS session reuse from a reconnecting client.
$ openssl s_client -connect host.example.net:443 -servername host.example.net -reconnect -tls1_2 < /dev/null 2>&1 | grep -i '^reused,' Reused, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Reused, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 ##### snipped #####
- Use PHP-FPM for PHP sites when the event MPM is desired.
mod_php typically requires the prefork MPM, which removes many concurrency benefits of event and worker.
Related: How to configure PHP-FPM with Apache
Related: How to enable the event MPM in Apache - Tune MaxRequestWorkers to match available RAM and concurrency goals.
Setting workers too high can trigger swapping and collapse throughput under load.
- List loaded modules to identify candidates for removal.
$ apachectl -M | head Loaded Modules: core_module (static) so_module (static) watchdog_module (static) http_module (static) log_config_module (static) logio_module (static) version_module (static) unixd_module (static) access_compat_module (shared)
- Disable modules that are not required for the deployed workload.
Removing unused modules reduces memory usage and attack surface.
- Add a reverse proxy or load balancing layer only when the architecture requires it.
Measure upstream latency and application bottlenecks before introducing extra hops.
- Tune proxy timeouts to prevent queueing and stalled connections.
Align client, proxy, and upstream timeouts so long requests do not fail mid-flight.
Related: How to tune proxy timeouts in Apache
- Reduce access log overhead on high-traffic endpoints where impact is measured.
Disabling logs can hide incidents and complicate forensics; reduce or sample logging only where the benefit is confirmed.
- Validate configuration syntax after each edit.
$ sudo apachectl -t
- Reload Apache after configuration changes.
$ sudo apachectl graceful
- Re-run the baseline benchmark after each change to confirm improvement.
$ ab -n 1000 -c 50 -k http://host.example.net/ ##### snipped ##### Failed requests: 134 (Connect: 0, Receive: 0, Length: 133, Exceptions: 1) Non-2xx responses: 867 Keep-Alive requests: 867 Requests per second: 51578.30 [#/sec] (mean) Time per request: 0.969 [ms] (mean) ##### snipped #####
- Review logs after each change to catch regressions.
$ apachectl -t -D DUMP_RUN_CFG | grep -i '^main errorlog:' Main ErrorLog: "/var/log/apache2/error.log" $ sudo tail -n 20 /var/log/apache2/error.log ##### snipped ##### [Sun Jan 11 05:38:23.802419 2026] [mpm_event:notice] [pid 9575:tid 277800512544800] AH00493: SIGUSR1 received. Doing graceful restart AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message [Sun Jan 11 05:38:23.807626 2026] [ssl:warn] [pid 9575:tid 277800512544800] AH01906: host.example.net:443:0 server certificate is a CA certificate (BasicConstraints: CA == TRUE !?) [Sun Jan 11 05:40:03.448625 2026] [mpm_event:notice] [pid 11285:tid 272091756462112] AH00489: Apache/2.4.58 (Ubuntu) OpenSSL/3.0.13 configured -- resuming normal operations [Sun Jan 11 05:40:03.448642 2026] [core:notice] [pid 11285:tid 272091756462112] AH00094: Command line: '/usr/sbin/apache2' ##### snipped #####
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.
