Embedded C/C++ web server


CivetWeb CivetWeb

The official home of CivetWeb is https://github.com/civetweb/civetweb

License GitHub contributors

Continuous integration for Linux and macOS (Travis CI):

Travis Build Status

Continuous integration for Windows (AppVeyor):

Appveyor Build Status

Test coverage check (coveralls, codecov) (using different tools/settings):

Coveralls Coverage Status


Static source code analysis (Coverity):

Coverity Scan Build Status

Project Mission

Project mission is to provide easy to use, powerful, C (C/C++) embeddable web server with optional CGI, SSL and Lua support. CivetWeb has a MIT license so you can innovate without restrictions.

CivetWeb can be used by developers as a library, to add web server functionality to an existing application.

It can also be used by end users as a stand-alone web server running on a Windows or Linux PC. It is available as single executable, no installation is required.

Where to find the official version?

End users can download CivetWeb binaries / releases from SourceForge https://sourceforge.net/projects/civetweb/

Developers can contribute to CivetWeb via GitHub https://github.com/civetweb/civetweb

Due to a bug in Git for Windows V2.24 CivetWeb must be used with an earlier or later version (see also here).

Trouble tickets should be filed on GitHub https://github.com/civetweb/civetweb/issues

New releases are announced at Google Groups https://groups.google.com/d/forum/civetweb

Formerly some support question and discussion threads have been at Google groups. Recent questions and discussions use GitHub issues.

Source releases can be found on GitHub https://github.com/civetweb/civetweb/releases

A very brief overview can be found on GitHub Pages http://civetweb.github.io/civetweb/

Getting The Source

Download the source code by running the following code in your command prompt:

$ git clone https://github.com/civetweb/civetweb.git or simply grab a copy of the source code as a ZIP or TGZ file.

Quick start documentation


CivetWeb keeps the balance between functionality and simplicity by a carefully selected list of features:

  • Liberal, commercial-friendly, permissive, MIT license
  • Free from copy-left licenses, like GPL, because you should innovate without restrictions.
  • Forked from Mongoose in 2013, before it changed the licence from MIT to commercial + GPL. A lot of enhancements have been added since that time, see RELEASE_NOTES.md.
  • Works on Windows, Mac, Linux, UNIX, iPhone, Android, Buildroot, and many other platforms.
  • Scripting and database support (CGI, SQLite database, Lua Server Pages, Server side Lua scripts, Server side JavaScript). This provides a ready to go, powerful web development platform in a one single-click executable with no dependencies.
  • Support for CGI, SSI, HTTP digest (MD5) authorization, WebSocket, WebDAV.
  • HTTPS (SSL/TLS) support using OpenSSL.
  • Optional support for authentication using client side X.509 certificates.
  • Resumed download, URL rewrite, file blacklist, IP-based ACL.
  • May run as Windows service.
  • Download speed limit based on client subnet or URI pattern.
  • Simple and clean embedding API.
  • The source is in single file to make things easy.
  • Embedding examples included.
  • HTTP client capable of sending arbitrary HTTP/HTTPS requests.
  • Websocket client functionality available (WS/WSS).

Optionally included software








This project is very easy to install and use. Please read the documentation and have a look at the examples.

Recent questions and discussions usually use GitHub issues. Some old information may be found on the mailing list, but this information may be outdated.

Note: We do not take any liability or warranty for any linked contents. Visit these pages and try the community support suggestions at your own risk. Any link provided in this project (including source and documentation) is provided in the hope that this information will be helpful. However, we cannot accept any responsibility for any content on an external page.


Contributions are welcome provided all contributions carry the MIT license.

DO NOT APPLY fixes copied from Mongoose to this project to prevent GPL tainting. Since 2013, CivetWeb and Mongoose are developed independently. By now the code base differs, so patches cannot be safely transferred in either direction.

Some guidelines can be found in docs/Contribution.md.


CivetWeb has been forked from the last MIT version of Mongoose in 2013. Since then, CivetWeb has seen many improvements from various authors (Copyright (c) 2013-2021 the CivetWeb developers, MIT license).

A list of authors can be found in CREDITS.md.

CivetWeb is based on the Mongoose project. The original author of Mongoose was Sergey Lyubka (Copyright (c) 2004-2013 Sergey Lyubka, MIT license). However, on August 16, 2013, the license of Mongoose has been changed after writing and distributing the original code this project is based on. The license change and CivetWeb used to be mentioned on the Mongoose Wikipedia page as well, but it's getting deleted (and added again) there every now and then.

Using the CivetWeb project ensures the MIT licenses terms are applied and GPL cannot be imposed on any of this code, as long as it is sourced from here. This code will remain free with the MIT license protection.

  • Port the build system to cmake

    Port the build system to cmake

    Would there be interest for a pull request which replaces the makefiles with a CMake build implementation?

    This change will help maintain & improve the cross platform support.

    It would be beneficial if I could build Civetweb for multiple versions of visual studio for instance.


    opened by cdbishop 167
  • SSL request never gets to CW server

    SSL request never gets to CW server

    Following up on my prior question: we got the HTTP functionality (data format conversion) working properly with embedded CivetWeb, and we're now adding the HTTPS support. All the OpenSSL DLLs are (apparently) where they're supposed to be, and the configurations are set.

    It looks to me like all the relevant settings are good to go in web.config:

    listening_ports=8083, 8443s
    ssl_certificate server.pem
    ssl_cipher_list = DES-CBC3-SHA:AES128-SHA:AES128-GCM-SHA256
    ssl_protocol_version = 3

    I noted that the MD for OpenSSL doesn't mention doing something like

    callbacks.init_ssl = [](void *, void *) { return 1; };

    but we sorted that out on our own.

    Anyway--to the issue: The log is happy (no complaints about the PEM, nor about the DLLs).

    Firefox says SSL_ERROR_NO_CYPHER_OVERLAP, Chrome says ERR_SSL_VERSION_OR_CIPHER_MISMATCH, Postman just says it can't chat with the server, and IE spins. And spins. And spins.

    I followed up on all the articles I could find about ensuring that Chrome gets the cert added, but I'm up against a deadline here and I can't even figure out how to debug this. I could have a bad config, have missed a step in the coding--it could be a lot of things.

    Supposedly this is setting up for TLS1.2 but I can't confirm that. Should I be barking up this tree, up the OpenSSL tree, or some other tree? (The application will be queried by .a NET 4.5 application, not a browser, but the .NET end is even fussier in my experience.) Can you (or anyone reading this) point me in the right direction?



    opened by jbmonroe 48
  • SSL fails to pass security tests

    SSL fails to pass security tests

    I need to use SSL for webhook callbacks but my provider refuses to accept SSL as handled by civetweb.

    You can test it here (this test will accept specific ports to test): https://www.htbridge.com/ssl/

    It receives a grade of C while port 443 on my server receives a A+

    "The server is vulnerable to POODLE over SSL"

    ""SERVER DOES NOT HAVE CIPHER PREFERENCE The server does not have preferred cipher suites. We advise to enable this feature in order to use only the strongest suite available."

    "SERVER SUPPORTS CLIENT-INITIATED SECURE RENEGOTIATION The server supports client-initiated secure renegotiation which may be unsafe and allow Denial of Service attacks."

    opened by CrackerHax 42
  • FreeBSD build errors. - Travis CI integration for CivetWeb on FreeBSD

    FreeBSD build errors. - Travis CI integration for CivetWeb on FreeBSD

    The build script uses #!/bin/sh but then calls set -o pipefail. These are incompatible. Either use #!/usr/local/bin/bash or similar or drop the -o option to pipefail.

    Casting pthread_t to unsigned long fails in the compiler. This related code should be upgraded to use the correct CRYPTO_THREADID_ semantics. Failing that, just using the default (thread-local errno behaviour) is sufficient.

    I gave up with problems patching luasqlite and went back to v1.7 so there may be other problems.

    opened by Parakleta 34
  • Data race during shutdown

    Data race during shutdown

    There's a data race on ctx->stop_flag during shutdown. Didn't see an easy fix so creating an issue instead of a PR.

    WARNING: ThreadSanitizer: data race (pid=748655)
      Write of size 4 at 0x7b5c00000028 by main thread:
        #0 mg_stop src/civetweb.c:18842:17 (objectbox-http-server-test+0x26cd7f)
        #1 CivetServer::close() src/CivetServer.cpp:398:3 (objectbox-http-server-test+0x2833e8)
        #2 CivetServer::~CivetServer() src/CivetServer.cpp:329:2 (objectbox-http-server-test+0x2833e8)
      Previous read of size 4 at 0x7b5c00000028 by thread T1:
        #0 master_thread_run src/civetweb.c:18625:14 (objectbox-http-server-test+0x277935)
        #1 master_thread src/civetweb.c:18725:2 (objectbox-http-server-test+0x277935)
      Location is heap block of size 888 at 0x7b5c00000000 allocated by main thread:
        #0 calloc <null> (objectbox-http-server-test+0x7b468)
        #1 mg_calloc src/civetweb.c:1540:9 (objectbox-http-server-test+0x26d151)
        #2 mg_start2 src/civetweb.c:18973:34 (objectbox-http-server-test+0x26d151)
        #3 mg_start src/civetweb.c:19548:9 (objectbox-http-server-test+0x26d151)
        #4 CivetServer::CivetServer(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, CivetCallbacks const*, void const*) src/CivetServer.cpp:321:12 (objectbox-http-server-test+0x2830de)
      Thread T1 'civetweb-master' (tid=748660, running) created by main thread at:
        #0 pthread_create <null> (objectbox-http-server-test+0xb07ce)
        #1 mg_start_thread_with_id src/civetweb.c:6049:11 (objectbox-http-server-test+0x26e920)
        #2 mg_start2 src/civetweb.c:19482:9 (objectbox-http-server-test+0x26e920)
        #3 mg_start src/civetweb.c:19548:9 (objectbox-http-server-test+0x26e920)
        #4 CivetServer::CivetServer(std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > >, CivetCallbacks const*, void const*) src/CivetServer.cpp:321:12 (objectbox-http-server-test+0x2830de)
    SUMMARY: ThreadSanitizer: data race src/civetweb.c:18842:17 in mg_stop
    opened by vaind 32
  • Add option for building civetweb without timegm().

    Add option for building civetweb without timegm().

    Using the NO_TIMEGM option disables the caching feature. Civetweb will not be able to detect a unchanged file. On the other hand it allows to build civetweb on systems that don't implement timegm().

    opened by c-mauderer 31
  • Dot (.) character of URI issue

    Dot (.) character of URI issue

    I use "mg_set_request_handler" to hook the specified URI to my handler.

    for example, "curl" and "curl"

    If I use "." in my url, it looks like curl will remove "." from request url. If I use "%2e", it will send to civetweb directly and the conn->request_uri will be "/./SECURE_API/./neverseen.txt".

    For the case, my request handler is never be matched. The worse is that my URI filter will be bypass using "%2e".

    I see function "remove_double_dots_and_double_slashes" will try to remove "..". Maybe we should remove ".", too.

    opened by allenk 30
  • Appveyor tests failing

    Appveyor tests failing

    This environment works:

    Environment: compiler=msvc-18-seh, build_shared=NO, no_files=NO, enable_ipv6=NO, enable_ssl=YES, enable_websockets=YES, no_cgi=NO; Platform: x86

    This one fails:

    Environment: compiler=msvc-18-seh, build_shared=NO, no_files=NO, enable_ipv6=NO, enable_ssl=YES, enable_websockets=YES, no_cgi=NO; Platform: x64

    Note, the only difference is in the failure is in the 64bit windows version.

    Here is the summary:

      Test project C:/projects/civetweb/output/build
            Start  1: test-private-http-message
       1/19 Test  #1: test-private-http-message ...................   Passed    0.04 sec
            Start  2: test-private-url-parsing
       2/19 Test  #2: test-private-url-parsing ....................   Passed    0.02 sec
            Start  3: test-private-internal-parsing
       3/19 Test  #3: test-private-internal-parsing ...............   Passed    0.00 sec
            Start  4: test-private-encode-decode
       4/19 Test  #4: test-private-encode-decode ..................   Passed    0.01 sec
            Start  5: test-private-mask-data
       5/19 Test  #5: test-private-mask-data ......................   Passed    0.01 sec
            Start  6: test-publicfunc-version
       6/19 Test  #6: test-publicfunc-version .....................   Passed    0.01 sec
            Start  7: test-publicfunc-options
       7/19 Test  #7: test-publicfunc-options .....................   Passed    0.01 sec
            Start  8: test-publicfunc-mime-types
       8/19 Test  #8: test-publicfunc-mime-types ..................   Passed    0.01 sec
            Start  9: test-publicfunc-strcasecmp
       9/19 Test  #9: test-publicfunc-strcasecmp ..................   Passed    0.01 sec
            Start 10: test-publicfunc-url-encoding-decoding
      10/19 Test #10: test-publicfunc-url-encoding-decoding .......   Passed    0.01 sec
            Start 11: test-publicfunc-cookies-and-variables
      11/19 Test #11: test-publicfunc-cookies-and-variables .......   Passed    0.01 sec
            Start 12: test-publicfunc-md5
      12/19 Test #12: test-publicfunc-md5 .........................   Passed    0.00 sec
            Start 13: test-publicserver-check-test-environment
      13/19 Test #13: test-publicserver-check-test-environment ....   Passed    0.02 sec
            Start 14: test-publicserver-start-threads
      14/19 Test #14: test-publicserver-start-threads .............   Passed    1.16 sec
            Start 15: test-publicserver-start-stop-http-server
      15/19 Test #15: test-publicserver-start-stop-http-server ....   Passed    3.25 sec
            Start 16: test-publicserver-start-stop-https-server
      16/19 Test #16: test-publicserver-start-stop-https-server ...***Failed    1.03 sec
            Start 17: test-publicserver-tls-server-client
      17/19 Test #17: test-publicserver-tls-server-client .........***Failed    1.02 sec
            Start 18: test-publicserver-server-requests
      18/19 Test #18: test-publicserver-server-requests ...........***Failed    0.00 sec
            Start 19: test-exe-helper-funcs
      19/19 Test #19: test-exe-helper-funcs .......................   Passed    0.02 sec
      84% tests passed, 3 tests failed out of 19
      Total Test time (real) =   7.04 sec

    I think if test-publicserver-start-stop-https-server, test-publicserver-start-stop-https-server, test-publicserver-start-stop-https-server were to be run directly (seperately from CTest), it would give more useful information about the test failure, but CTest is suppressing that information.

    An alternative could be to turn on XML logging and have the xml files be uploaded to appveyor as test results.

    Here is the link explaining uploading: https://www.appveyor.com/docs/running-tests#uploading-xml-test-results here is the link explaining how to do xml logging in libcheck: ftp://www.eeng.dcu.ie/pub/ee454/cygwin/usr/share/doc/check-0.9.2/html/x232.html

    opened by jd-boyd 30
  • mg_read variable shadowing

    mg_read variable shadowing

    mg_read has a function param of void* buf, but also declares a local variable char buf[64].

    This should be fixed as it generates a warning with -Wshadow on clang. I can look at it later but figured I'd give you a heads up.

    opened by kainjow 29
  • Failed to load resource: net::ERR_CONTENT_LENGTH_MISMATCH when running embedded_cpp.cpp

    Failed to load resource: net::ERR_CONTENT_LENGTH_MISMATCH when running embedded_cpp.cpp


    I have succesfully compiled and run embedded_cpp.cpp in my QT Qt5.5.1-mingw492 environment using below: https://github.com/civetweb/civetweb/blob/master/examples/embedded_cpp/embedded_cpp.cpp

    And now I have put my index.html and its dependency files like css, js, image files to the DOCUMENT_ROOT folder, the index.html file itself can be loaded into my chrome browser but got below error in chrome console. All the files are correctly placed in the corresponding path.

    What is missing and how should I resolve the problem? I tried the precompiled binary files CivetWeb_Win32+64_V1.9.1.zip and it works very well, confused what is missing from my side...

    Any help is highly appreciated!

    Failed to load resource: net::ERR_CONTENT_LENGTH_MISMATCH http://localhost:8081/static/css/AdminLTE.min.css Failed to load resource: net::ERR_CONTENT_LENGTH_MISMATCH http://localhost:8081/static/js/plugins/jQuery/jQuery-2.2.0.min.js Failed to load resource: net::ERR_CONTENT_LENGTH_MISMATCH http://localhost:8081/static/js/plugins/bootstrap/bootstrap.min.js Failed to load resource: net::ERR_CONTENT_LENGTH_MISMATCH app.min.js:13 Uncaught Error: AdminLTE requires jQuery at app.min.js:13 http://localhost:8081/static/js/vendor.ad881d6cc3a38d459a3a.js Failed to load resource: net::ERR_CONTENT_LENGTH_MISMATCH http://localhost:8081/static/js/app.f2ad0f34e4204ad3234c.js Failed to load resource: net::ERR_CONTENT_LENGTH_MISMATCH

    opened by xeoshow 27
  • wss not connecting?

    wss not connecting?

    I am using websocket on the same ports as a http server. I can connect fine via ws, http and https, but when I try to connect wss nothing happens. I get a error code 1000 (normal disconnect). Is this broken or s there something special I have to do beyond ws/http/http to get wss to work?

    opened by CrackerHax 27
  • Logging in Civet API

    Logging in Civet API

    How do I turn on the DEBUG_TRACE logging in Civet APIs?

    My code which uses civet web APIs is failing somewhere in mg_write and I want to debug it further. There are not enough logs to understand what could be the issue. I have enabled error_log_file and access_log_file.Would like to know how to get trace level info as well.

    opened by SajnaSreenivasan 1
  • Mixing statically served files with handler

    Mixing statically served files with handler

    Hi! This may be a stupid and/or beginner question but I have spent the last couple of days trying to figure out what the best solution for this might be:

    I have my document root directory set, containing a few static HTML files I want to serve whenever the user navigates to, for example, /admin/foo. I would now like to "secure" all files within the "admin" dir using a cookie / token based authentication method. My idea was to utilize the CivetAuthHandler to catch all requests to any site located within the "admin" dir, check the cookie and if it is still valid, serve the HTML file as if nothing ever happened (as if it was served statically without the handler intervening). If the cookie is not valid I would redirect the user to the login page.

    The content on the secured page would not change depending on the user, so it could still be totally static, I just need some very basic access control (doesn't even really need to be that "secure").

    Serving the file statically works just fine but when I try to use the CivetAuthHandler the things I print to the connection from within the handler are the only things that get displayed and the original HTML document within the root just gets ignored.

    Is there a way to use the handler and if the authentication was successful simply continue serving the file in the document root corresponding to the entered URL? Or should this be tackled differently using civetweb? (I need to be able to provide my own login form so I am guessing that using the digest access authentication is out of the question)

    Any help would be highly appreciated! Thanks!

    opened by Avriox 2
  • Incorrect Location header for 301(Redirect) when redirecting to an index file.

    Incorrect Location header for 301(Redirect) when redirecting to an index file.

    When accessing a directory from a browser, if index_files is set, civetweb will issue a 301 - Redirect, and provide a new URL in the "Location" header.

    In version v1.15 and earlier, the Location value is specified relative to the URL root. E.G. is redirected to /A/B/. The browser interprets this as, and a subsequent request from the browser uses the index.html file transparently without the browser being aware.

    In the latest version (commit c6e4e33b7863745b3a6af89cea78eecc8b509ac8 at time of writing), the Location header instead specifies a complete URL including the domain, using the authentication_domain value to populate the URL. E.G. is redirected to http://mydomain.com/A/B/. This causes a failed CORS request because the authentication_domain value was intentionally not set.

    This appears to be defective behavior because:

    • It is not documented either for authentication_domain or index_files.
    • This behavior prevents deliberately exposing the web server with multiple public-facing addresses.
    • Local-environment testing scenarios must either override the authentication_domain or use hostname hacks to experience the same behavior as higher environments.
    • This behavior has changed since v1.15, and is a breaking change.
    Status: analysis 
    opened by NEON725 0
  • is req8 at test_parse_http_message (unittest/private.c) corrent?

    is req8 at test_parse_http_message (unittest/private.c) corrent?

    1. At unittest/private.c:71, we have the following statements:
    START_TEST(test_parse_http_message) {
    char req8[] = "HTTP/1.0 404 Not Found\n\n";
    //  req8 is a valid response
    ck_assert_int_eq(lenreq8, get_http_header_len(req8, lenreq8));
    ck_assert_int_eq(-1, test_parse_http_request(req8, lenreq8, &ri));
    ck_assert_int_eq(lenreq8, test_parse_http_response(req8, lenreq8, &respi));

    But according to rfc7230 (https://www.rfc-editor.org/rfc/rfc7230):

    3.1.2. Status Line

    The first line of a response message is the status-line, consisting of the protocol version, a space (SP), the status code, another space, a possibly empty textual phrase describing the status code, and ending with CRLF.

     status-line = HTTP-version SP status-code SP reason-phrase CRLF

    So req8 does not seems to be valid. Instead, a valid response would have to be:

    char reqX[] = "HTTP/1.0 404 Not Found\r\n\r\n";
    1. A variation of that issue happens when civetweb reports a 404 to a client that makes a request to an invalid endpoint, causing trouble with some HTTP client libraries that can't find the "double CRLF" marking "end of header" (as per the RFC above) but only one CRLF. Seems that it's handled by mg_send_http_error with no body condition.
    opened by macedot 1
  • mg_store_body() not working with relative paths

    mg_store_body() not working with relative paths

    Calling mg_store_body() with a relative path like: "../../path/to/file.txt" does not work. It works if converting the path to an absolute one like => "c:/install_dir/path/to/file.txt"

    Is this an intended behavior? If so I think it should be documented.

    Tested on Windows, civeweb 1.15

    Status: analysis 
    opened by rickyviking 2
  • v1.15(Sep 1, 2021)


    bug fixes, remove legacy interfaces


    • New configuration for URL decoding
    • Sanitize filenames in handle form
    • Example "embedded_c.c": Do not overwrite files (possible security issue)
    • Remove obsolete examples
    • Remove "experimental" label for some features
    • Remove MG_LEGACY_INTERFACE that have been declared obsolete in 2017 or earlier
    • Modifications to build scripts, required due to changes in the test environment
    • Unix domain socket support fixed
    • Fixes for NO_SSL_DL
    • Fixes for some warnings / static code analysis
    • Update version number
    Source code(tar.gz)
    Source code(zip)
    CivetWeb_Win32+64_V1.15.zip(1.62 MB)
  • v1.14(Apr 6, 2021)


    mbedTLS, Lua API enhancements, log filtering


    • Change SSL default setting to use TLS 1.2 as minimum (set config if you need an earlier version)
    • Add local_uri_raw field (not sanitized URI) to request_info
    • Additional API functions and a callback after closing connections
    • Allow mbedTLS as OpenSSL alternative (basic functionality)
    • Add OpenSSL 3.0 support (OpenSSL 3.0 Alpha 13)
    • Support UNIX/Linux domain sockets
    • Fuzz tests and ossfuzz integration
    • Compression for websockets
    • Restructure some source files
    • Improve documentation
    • Fix HTTP range requests
    • Add some functions for Lua scripts/LSP
    • Build system specific fixes (CMake, MinGW)
    • Update 3rd party components (Lua, lfs, sqlite)
    • Allow Lua background script to use timers, format and filter logs
    • Remove WinCE code
    • Update version number
    Source code(tar.gz)
    Source code(zip)
    CivetWeb_Win32+64_V1.14.zip(3.18 MB)
  • v1.13(Sep 30, 2020)


    Various updates and fixes, additional API functions


    • Add arguments for CGI interpreters
    • Support multiple CGi interpreters
    • Buffering HTTP response headers, including API functions mg_response_header_* in C and Lua
    • Additional C API functions
    • Fix some memory leaks
    • Extended use of atomic operations (e.g., for server stats)
    • Add fuzz tests
    • Set OpenSSL 1.1 API as default (from 1.0)
    • Add Lua 5.4 support and deprecate Lua 5.1
    • Provide additional Lua API functions
    • Fix Lua websocket memory leak when closing the server
    • Remove obsolete "file in memory" implementation
    • Improvements and fixes in documentation
    • Fixes from static source code analysis
    • Additional unit tests
    • Various small bug fixes
    • Experimental support for some HTTP2 features (not ready for production)
    • Experimental support for websocket compression
    • Remove legacy interfaces declared obsolete since more than 3 years
    • Update version number
    Source code(tar.gz)
    Source code(zip)
    CivetWeb_Win32+64_V1.13.zip(3.16 MB)
  • v1.12(Mar 17, 2020)


    Multiple improvements and extensions in various areas, including compatibility enhancements, additional Lua scripting features and documentation.


    • Updates/improvements for LuaXML
    • Updates and tests for JSON for Lua
    • BoringSSL support
    • Add Remark: Do not use Git for Windows V2.24 (but <= V2.23 or >= V2.25)
    • Format configuration dialogs for Windows
    • Add option "hide_tray" to start without Windows systray icon
    • URI checking according to "remove_dot_segments" algorithm from RFC
    • Experimental support for a new server and client start API
    • Additional callbacks to initialize external SSL context
    • More cache control options for static files
    • Trace function for Lua server pages
    • Access to client certificate data for Lua pages
    • Allow to configure SOMAXCONN (max. number of waiting connections)
    • Include some build options for Zephyr
    • Support for flawed CGI interpreters returning only instead of
    • Add NO_FILESYSTEM flag for (embedded) system without any file system
    • Several fixes for server side Lua scripts
    • Disable SSL renegotiation for new OpenSSL version
    • Allow to force TLSv1.3 (disable TLSv1.2)
    • Prefer pre-compressed *.gz file, if it already exists
    • Fix some #include statements for various compilers / OS / SDK versions
    • Support for Linux Standard Base (LSB)
    • Fixes to mg_get_*_info() API functions
    • Fix some bugs/deficiencies in examples and tests
    • Fix some static source code analysis warnings
    • Add Conan package build
    • Fix include for Lua pages in "Kepler Syntax"
    • Replace some uses of deprecated Linux and OpenSSL API functions
    • Improved documentation and examples
    • Fixes for timeout handling
    • Fixes for the request queue (rare loss of requests)
    • Client side SNI
    • Update version number
    Source code(tar.gz)
    Source code(zip)
    CivetWeb_Win32+64_V1.12.zip(1.50 MB)
  • v1.11(Sep 10, 2018)

    Major Features

    Support multiple domains and certificates, support websocket ping-pong, on-the-fly compression, additional API functions


    • Add API function to send file body for C and Lua
    • Fix several warnings from different compilers and static code analyzers
    • Drop Symbian support from the code
    • Improve examples
    • Timeout for CGI scripts
    • Fix for requests using IPv6 addresses as hostname
    • Shared data for Lua scripts and Lua server pages
    • Add API function for 30x redirect
    • Script for Linux bash auto-completion
    • Add HTTP JSON C callback example
    • Add helper function for HTTP 200 OK response
    • Allow Kepler Syntax for Lua Server pages
    • Update duktape to 2.2.0 and Lua to 5.3.4
    • Optional support for on-the-fly compression (if zlib is available and USE_ZLIB is set)
    • Add method to replace mg_cry and log_access by own implementation
    • Fixes for IPv6 support
    • Add server support for websocket ping pong protocol
    • Fix misspellings in source code and documentation
    • Add error msg to http_error callback
    • Move unit test to a new directory
    • Remove remote_ip request_info member (it has been legacy since several versions)
    • Use gmtime_r instead of gmtime, if available
    • Add some functions to C++ wrapper
    • Support multiple domains with different certificate files (TLS server name identification, SNI)
    • Provide client peer certificate (X509) in mg_client_cert structure
    • Add new callback (get_external_ssl_ctx) to provide pre-initialized TLS context
    • Improve unit tests
    • Fix ssl init for HTTPS clients
    • Update version number
    Source code(tar.gz)
    Source code(zip)
  • v1.10(Sep 26, 2017)

    Major Features

    OpenSSL 1.1 support, add server statistics and diagnostic data


    • Add missing mg_ or MG_ to symbols in civetweb.h. Symbols without will be removed a future version.
    • Add HTTPS server configuration example
    • Lua Pages: mg.include should support absolute, relative and virtual path types
    • Add API function for HTTP digest authentication
    • Improved interface documentation
    • Support parameters for Lua background scripts
    • Use new connection queue implementation (previously ALTERNATIVE_QUEUE) as default
    • Add USE_SERVER_STATS define, so the server collects statistics data
    • Convert system_info text output and all other diagnostic strings to JSON format
    • Add experimental function to query the connection status (may be dropped again)
    • Add document on proposed future interface changes (for comments)
    • Officially drop Symbian support
    • Ignore leading blank lines in multipart messages (for Android upload service)
    • Rewrite some functions, in particular request parsing
    • CORS preflight directly in the server, with additional config options
    • Solve some warnings from different static source code analysis tools
    • Collect server status data
    • Allow hostname in listening_ports
    • Make maximum request size configurable
    • Allow multiple Sec-Websocket-Protocol
    • Add configuration option to send additional headers
    • Add configuration option for Strict-Transport-Security
    • Mark "file in memory" feature is a candidate for deletion
    • Improve examples
    • Fix timeout error when sending larger files
    • Add mg_send_chunk interface function
    • Allow to separate server private key and certificate chain in two different files
    • Support for multipart requests without quotes (for some C# clients)
    • Initialize SSL in mg_init_library, so https client functions can be used when no server is running
    • Allow "REPORT" HTTP method for REST calls to scripts
    • Allow to compile civetweb.c wih a C++ compiler
    • Lua: Remove internal length limits of encode/decode functions
    • Allow sub-resources of index script files
    • Add config parameter allow_index_script_resource the aforementioned feature
    • Remove deprecated "uri" member of the request from the interface
    • Improve documentation
    • Make auth domain check optional (configuration)
    • Update unit test framework to check 0.11.0 (C89/C90 compilers still need a patched version)
    • Limit depth of mg.include for Lua server pages
    • Additional unit tests
    • OpenSSL 1.1 support
    • Update version number
    Source code(tar.gz)
    Source code(zip)
  • v1.9.1(Jan 4, 2017)

    Bug fix version


    • Fix for connections closed prematurely
    • Update to a new check unit test framework and remove patches required for previous version
    • Add "open website" button for pre-built Windows binaries (so end users can easily check for new versions)
    • Update version number
    Source code(tar.gz)
    Source code(zip)
  • v1.9(Dec 30, 2016)


    Read SSI client certificate information, improve windows usability, use non-blocking sockets, bug fixes


    • Add library init/exit functions (call is now optional, but will be required in V1.10)
    • Windows: Show system information from the tray icon
    • Windows: Bring overlaid windows to top from the tray icon
    • Add Lua background script, running independent from server state
    • Move obsolete examples into separated directory
    • Change name of CMake generated C++ library to civetweb-cpp
    • Add option to set linger timeout
    • Update Duktape and Lua (third-party code)
    • Add continuous integration tests
    • Add API documentation
    • Limit recursions in .htpasswd files
    • Fix SCRIPT_NAME for CGI directory index files (index.php)
    • Use non-blocking sockets
    • stdint.h is now required and no longer optional
    • Rewrite connection close handling
    • Rewrite mg_fopen/mg_stat
    • Enhanced tray icon menu for Windows
    • Add subprotocol management for websocket connections
    • Partially rewrite timeout handling
    • Add option keep_alive_timeout_ms
    • Improve support for absolute URIs
    • Allow some additional compiler checks (higher warning level)
    • Add option for case sensitive file names for Windows
    • Short notation for listening_ports option when using IPv4 and IPv6 ports
    • Make usage of Linux sendfile configurable
    • Optimize build matrix for Travis CI
    • Retry failing TLS/HTTPS read/write operations
    • Read client certificate information
    • Do not tolerate URIs with invalid characters
    • Fix mg_get_cookie to ignore sub-strings
    • Fix memory leak in form handling
    • Fix bug in timer logic (for Lua Websockets)
    • Updated version number
    Source code(tar.gz)
    Source code(zip)
  • v1.8(May 27, 2016)


    CMake integration, new unit tests based on the check framework, continuous integration with Travis CI and AppVeyor, code analysis with Coverity, some additional API functions, bug fixes and updates


    • Replace mg_upload by mg_handle_form_request
    • CGI-scripts must receive EOF if all POST data is read
    • Add API function to handle all kinds of HTML form data
    • Do not allow short file names in Windows
    • Callback when a new thread is initialized
    • Support for short lived certificates
    • Add NO_CACHING compile option
    • Update Visual Studio project files to VS2015; rename directory VS2012 to VS
    • Sec-Wesocket-Protocol must only return one protocol
    • Mark some examples and tests as obsolete
    • Remove no longer maintained test utils
    • Add some default MIME types and the mg_send_mime_file API function.
    • Client API using SSL certificates
    • Send "Cache-Control" headers
    • Add alternative to mg_upload
    • Additional configuration options
    • Fix memory leaks
    • Add API function to check available features
    • Add new interface to get listening ports
    • Add websocket client interface and encode websocket data with a simple random number
    • Support SSL client certificates
    • Add configuration options for SSL client certificates
    • Stand-alone server: Add command line option -I to display information about the system
    • Redirect stderr of CGI process to error log
    • Support absolute URI; split uri in mg_request_info to request_uri and local_uri
    • Some source code refactoring, to improve maintainability
    • Use recursive mutex for Linux
    • Allow CGI environment to grow dynamically
    • Support build for Lua 5.1 (including LuaJIT), Lua 5.2 and Lua 5.3
    • Improve examples and documentation
    • Build option CIVETWEB_SERVE_NO_FILES to disable serving static files
    • Add Server side JavaScript support (Duktape library)
    • Created a "civetweb" organization at GitHub.
    • Repository moved from https://github.com/bel2125/civetweb to https://github.com/civetweb/civetweb
    • Improved continuous integration
    • CMake support, continuous integration with Travis CI and Appveyor
    • Adapt/port unit tests to CMake/Travis/Appveyor
    • Bug fixes, including issues from static code analysis
    • Add status badges to the GitHub project main page
    • Updated version number
    Source code(tar.gz)
    Source code(zip)
  • v1.7(Jul 5, 2015)


    Enhanced examples and documentation, additional API functions, some functions rewritten, bug fixes and updates


    • Format source with clang_format
    • Use function 'sendfile' for Linux
    • Fix for CRAMFS in Linux
    • Fix for file modification times in Windows
    • Use SO_EXCLUSIVEADDRUSE instead of SO_REUSEADDR for Windows
    • Rewrite push/pull functions
    • Allow to use Lua as shared objects (WITH_LUA_SHARED)
    • Fixes for many warnings
    • URI specific callbacks and different timeouts for websockets
    • Add chunked transfer support
    • Update LuaFileSystem
    • Update Lua to 5.2.4
    • Fix build for MinGW-x64, TDM-GCC and clang
    • Update SQLite to
    • Set TCP_USER_TIMEOUT to deal faster with broken connections
    • Add a Lua form handling example
    • Return more differentiated HTTP error codes
    • Add log_access callback
    • Rewrite and comment request handling function
    • Specify in detail and document return values of callback functions
    • Set names for all threads (unless NO_THREAD_NAME is defined)
    • New API functions for TCP/HTTP clients
    • Fix upload of huge files
    • Allow multiple SSL instances within one application
    • Improve API and user documentation
    • Allow to choose between static and dynamic Lua library
    • Improve unit test
    • Use temporary file name for partially uploaded files
    • Additional API functions exported to C++
    • Add a websocket client example
    • Add a websocket client API
    • Update websocket example
    • Make content length available in request_info
    • New API functions: access context, callback for create/delete, access user data
    • Upgraded Lua from 5.2.2 to 5.2.3 and finally 5.2.4
    • Integrate LuaXML (for testing purposes)
    • Fix compiler warnings
    • Updated version number
    Source code(tar.gz)
    Source code(zip)
  • v1.6(Jun 27, 2014)


    Enhance Lua support, configuration dialog for windows, new examples, bug fixes and updates


    • Add examples of Lua pages, scripts and websockets to the test directory
    • Add dialog to change htpasswd files for the Windows standalone server
    • Fix compiler warnings and warnings from static code analysis
    • Add new unit tests
    • Support includes in htpasswd files
    • Add a basic option check for the standalone executable
    • Support user defined error pages
    • Method to get POST request parameters via C++ interface
    • Re-Add unit tests for Linux and Windows
    • Allow to specify title and tray icon for the Windows standalone server
    • Fix minor memory leaks
    • Redirect all memory allocation/deallocation through mg functions which may be overwritten
    • Support Cross-Origin Resource Sharing (CORS) for static files and scripts
    • Win32: Replace dll.def file by export macros in civetweb.h
    • Base64 encode and decode functions for Lua
    • Support pre-loaded files for the Lua environment
    • Server should check the nonce for http digest access authentication
    • Hide read-only flag in file dialogs opened by the Edit Settings dialog for the Windows executable
    • Add all functions to dll.def, that are in the header
    • Added Lua extensions: send_file, get_var, get_mime_type, get_cookie, url_decode, url_encode
    • mg_set_request_handler() mod to use pattern
    • Solved, tested and documented SSL support for Windows
    • Fixed: select for Linux needs the nfds parameter set correctly
    • Add methods for returning the ports civetweb is listening on
    • Fixes for Lua Server Pages, as described within the google groups thread
    • Added support for plain Lua Scripts, and an example script
    • A completely new, and more illustrative websocket example for C
    • Websocket for Lua
    • An optional websocket_root directory, including URL rewriting
    • Update of SQLite3 to 3.8.1.
    • Add "date" header field to replies, according to the requirements of RFC 2616 (the HTTP standard), Section 14.18
    • Fix websocket long pull
    • Updated API documentation
    • Fixed Posix locking functions for Windows
    • Updated version number
    Source code(tar.gz)
    Source code(zip)
Embedded C/C++ web server

CivetWeb The official home of CivetWeb is https://github.com/civetweb/civetweb Continuous integration for Linux and macOS (Travis CI): Continuous inte

null 2.3k Jan 8, 2023
🌱Light and powerful C++ web framework for highly scalable and resource-efficient web application. It's zero-dependency and easy-portable.

Oat++ News Hey, meet the new oatpp version 1.2.5! See the changelog for details. Check out the new oatpp ORM - read more here. Oat++ is a modern Web F

Oat++ 6k Jan 4, 2023
A C++11 RESTful web server library

Served Overview Served is a C++ library for building high performance RESTful web servers. Served builds upon Boost.ASIO to provide a simple API for d

Meltwater 696 Dec 28, 2022
cserv is an event-driven and non-blocking web server

cserv is an event-driven and non-blocking web server. It ideally has one worker process per cpu or processor core, and each one is capable of handling thousands of incoming network connections per worker. There is no need to create new threads or processes for each connection.

null 43 Nov 6, 2022
Crow is very fast and easy to use C++ micro web framework (inspired by Python Flask)

Crow is C++ microframework for web. (inspired by Python Flask) #include "crow.h" int main() { crow::SimpleApp app; CROW_ROUTE(app, "/")([]()

Jaeseung Ha 7k Jan 8, 2023
A C++ Web Framework built on top of Qt, using the simple approach of Catalyst (Perl) framework.

Cutelyst - The Qt Web Framework A Web Framework built on top of Qt, using the simple and elegant approach of Catalyst (Perl) framework. Qt's meta obje

Cutelyst 809 Dec 19, 2022
Drogon: A C++14/17 based HTTP web application framework running on Linux/macOS/Unix/Windows

English | 简体中文 | 繁體中文 Overview Drogon is a C++14/17-based HTTP application framework. Drogon can be used to easily build various types of web applicat

An Tao 8.5k Dec 31, 2022
Your high performance web application C framework

facil.io is a C micro-framework for web applications. facil.io includes: A fast HTTP/1.1 and Websocket static file + application server. Support for c

Bo 1.7k Dec 29, 2022
QDjango, a Qt-based C++ web framework

QDjango - a Qt-based C++ web framework Copyright (c) 2010-2015 Jeremy Lainé About QDjango is a web framework written in C++ and built on top of the Qt

Jeremy Lainé 249 Dec 22, 2022
TreeFrog Framework : High-speed C++ MVC Framework for Web Application

Small but Powerful and Efficient TreeFrog Framework is a high-speed and full-stack web application framework based on C++ and Qt, which supports HTTP

TreeFrog Framework 1.1k Dec 22, 2022
C library to create simple HTTP servers and Web Applications.

Onion http server library Travis status Coverity status Onion is a C library to create simple HTTP servers and Web Applications. master the developmen

David Moreno Montero 1.9k Dec 31, 2022
This is a proof-of-concept of a modern C web-framework that compiles to WASM and is used for building user interfaces.

DanCing Web ?? ?? (DCW) Getting Started Dancing Web is now distributed with the Tarantella Package Manager — a tool I've made to simplify setup of pro

Danilo Chiarlone 3 Sep 11, 2021
CppCMS - High Performance C++ Web Framework

CppCMS - High Performance C++ Web Framework What is CppCMS? CppCMS is a Free High Performance Web Development Framework (not a CMS) aimed at Rapid Web

Artyom Beilis 375 Dec 25, 2022
A high performance, middleware oriented C++14 http web framework please use matt-42/lithium instead

A high performance, middleware oriented C++14 http web framework please use matt-42/lithium instead

Matthieu Garrigues 1.7k Dec 17, 2022
The C++ REST SDK is a Microsoft project for cloud-based client-server communication in native code using a modern asynchronous C++ API design. This project aims to help C++ developers connect to and interact with services.

Welcome! The C++ REST SDK is a Microsoft project for cloud-based client-server communication in native code using a modern asynchronous C++ API design

Microsoft 7.2k Jan 8, 2023
Experimental, scalable, high performance HTTP server

Lwan Web Server Lwan is a high-performance & scalable web server. The project web site contains more details. Build status OS Arch Release Debug Stati

Leandro A. F. Pereira 5.7k Jan 9, 2023
Embeddable Event-based Asynchronous Message/HTTP Server library for C/C++

libasyncd Embeddable Event-based Asynchronous Message/HTTP Server library for C/C++. What is libasyncd? Libasyncd is an embeddable event-driven asynch

Seungyoung 166 Dec 5, 2022
A lightweight Bedorck Dedicated Server Plugin Loader

LiteLoader 简体中文 A lightweight Bedorck Dedicated Server Plugin Loader Based on BedrockX Install Download LiteLoader from Releases or Actions, unzip it

null 572 Dec 31, 2022
A http/websocket server framework on linux.

The framework is a Web-Server on unix based system. Without using any third-party libraries, the framework writes from unix system calls and standard C library functions.

xingyuuchen 17 Oct 15, 2022