Hiawatha (web server)

From Wikipedia, the free encyclopedia
Hiawatha Webserver
Original author(s)Hugo Leisink
Developer(s)Hugo Leisink
Initial release2002; 21 years ago (2002)
Stable release
11.5[1] Edit this on Wikidata / 23 October 2023
Written inC[2]
Operating systemFreeBSD, Haiku os, HP-UX, IBM AIX, Linux, OpenBSD, OS X, QNX, Solaris, Unix-like and Windows[3]
PlatformPOSIX, Cross-platform
Available inEnglish
TypeWeb server
Websitewww.hiawatha-webserver.org Edit this at Wikidata

Hiawatha is a web server available for multiple platforms. It is developed by Hugo Leisink.[4]


Hiawatha started in January 2002 as a small web server for servers with older hardware. Leisink, a computer science student at the time, initially created the server to support internet servers in student houses in Delft of South Holland, the Netherlands. As the server was designed with improved security as its focus, Leisink states that "there are a lot of security features in Hiawatha you won't find in any other webserver."[4]

The January 2009 edition of Linux Magazine included an article on the Hiawatha web server, describing it as "a light web server with good performance and some innovative security functions".[5] Hiawatha is frequently cited as a lightweight alternative to Apache, as it prioritizes easy installation and reduced storage over adding many other features.[6][7][8]

Important versions
  • 1.0: September 2002. A basic but functional web server.
  • 2.0: March 2004. Use of multithreading instead of forking.
  • 3.0: September 2004. SSL support.
  • 4.0: December 2005. A CGI-wrapper[9] for improved security was included.
  • 5.0: October 2006. FastCGI support for improved CGI speed.
  • 5.2: November 2006. First-time integration to the FreeBSD Ports system at version 5.2 in December 2006,[10] to the OpenBSD ports tree at version 5.7 in March 2007.[11]
  • 5.12: August 2007. URL rewriting support.
  • 6.0: October 2007. IPv6 support.
  • 6.6: April 2008. XSLT support.
  • 6.10 : October 2008. Prevent cross-site request forgery added.
  • 7.0: February 2010. Remote monitoring support.
  • 8.0: January 2012. Autoconf replaced with CMake, OpenSSL replaced with PolarSSL.
  • 9.0: March 2013. Clients handled via thread pool instead of creating threads on the fly.
  • 10.0: November 2015. Streamlined handling of Directory sections in server configuration.
  • 10.9: February 2019. Last major developed release.

In February 2019 Leisink simultaneously announced the release of version 10.9 and the end of major development in a pair of blog posts.[12]


The Hiawatha web server has features such as:

Hiawatha has many security features that no other web server has, like preventing SQL-injection, cross-site scripting (XSS), Cross-site request forgery (CSRF) prevention, denial-of-service protection, control external image linking, banning of potential hackers and limiting the runtime of CGI applications.[13] The author worked on adding RFC3546 support, but "the OpenSSL documentation [on this subject] is just extremely poor"[citation needed] so progress was difficult. Although, RFC3546 support has been included since v8.6 version which is developed with PolarSSLv1.2.


Although security is the main focus, Hiawatha users also speak highly of its speed and performance. According to a performance test carried out by an independent researcher (SaltwaterC), Hiawatha is faster than ten other servers tested for Drupal static content, while performing comparably to the rest in other metrics.[14]

Hiawatha supports load-balanced FastCGI and had its own PHP-FastCGI utility (although that has been deprecated and replaced with the PHP project's FastCGI Process Manager (PHP-FPM)).[15] This makes it fast and scalable for handling dynamic content.

See also[edit]


  1. ^ "v11.5 · Tags · Hugo Leisink / Hiawatha web server · GitLab".
  2. ^ "Hiawatha - Ohloh". Ohloh.net. Archived from the original on 21 December 2013. Retrieved 12 April 2013.
  3. ^ Hiawatha on Haiku OS
  4. ^ a b Leisink, Hugo. "Hiawatha About Page". Retrieved 22 January 2015.
  5. ^ Schürmann, Tim. "Safe Passage » Linux Magazine". Linux Magazine. Retrieved 2021-01-19.
  6. ^ Wadge, Chris. "Why I Use the Hiawatha Webserver". Dotbalm.org. Archived from the original on 23 January 2015. Retrieved 23 January 2015.
  7. ^ Vaughan-Nichols, Steven J. "Picking the Right Web Server for the Right Job". SmartBear. Retrieved 23 January 2015.
  8. ^ Lavigne, Dru. "Hiawatha Web Server". Toolbox.com. Archived from the original on 18 July 2014. Retrieved 23 January 2015.
  9. ^ Manual page cgi-wrapper - Hiawatha webserverArchived 2012-10-19 at the Wayback Machine
  10. ^ "FreshPorts -- www/hiawatha: Advanced and secure webserver for Unix". www.freshports.org. Retrieved 2021-01-19.
  11. ^ "OpenPorts.se | The OpenBSD package collection". openports.se. Archived from the original on 2021-02-25. Retrieved 2021-01-19.
  12. ^ Leisink, Hugo. "Hiawatha webserver". www.hiawatha-webserver.org. Retrieved 2023-08-04.
  13. ^ Leisink, Hugo. "Hiawatha Webserver". www.hiawatha-webserver.org. Retrieved 2023-09-08.
  14. ^ PHP_web_serving_studyArchived 2012-04-26 at the Wayback Machine
  15. ^ Leisink, Hugo. "Hiawatha webserver". www.hiawatha-webserver.org. Retrieved 2021-01-18.

External links[edit]