WebWeb ServersServers ProtocolsProtocols
WebWeb ServerServer
DefinitionDefinition :: AA computer,computer, includingincluding softwaresoftware package,package, thatthat providesprovides aa specificspecific kindkind ofof serviceservice toto clientclient softwaresoftware runningrunning onon otherother computers.computers...... AA WebWeb serverserver isis aa server-basedserver-based productproduct thatthat returnsreturns filesfiles toto clientsclients whenwhen requested.requested. TheseThese filesfiles areare typicallytypically returnedreturned inin thethe formform ofof WebWeb pagespages toto aa clientclient InternetInternet browser.browser.
AA WebWeb ServerServer isis aa serverserver thatthat hostshosts websiteswebsites andand webweb applicationsapplications forfor thethe internetinternet oror aa companycompany intranet.intranet. MicrosoftMicrosoft InternetInternet InformationInformation ServerServer (IIS),(IIS), Apache,Apache, WebLogic,WebLogic, WebSphere,WebSphere, TomcatTomcat Sun,Sun, andand Lighttpd.Lighttpd. MostMost webweb serversservers areare builtbuilt forfor thethe JavaJava community,community, andand somesome areare openopen sourcesource likelike Apache.Apache. WhateverWhatever decisiondecision youyou makemake onon aa webweb serverserver willwill leadlead youyou downdown aa specificspecific
developmentdevelopment roadroad (Microsoft(Microsoft vsvs Java).Java). HowHow WebWeb ServersServers WorkWork
AA WebWeb serverserver handleshandles thethe HTTPHTTP protocol.protocol. WhenWhen thethe WebWeb serverserver receivesreceives anan HTTPHTTP request,request, itit respondsresponds withwith anan HTTPHTTP response,response, suchsuch asas sendingsending backback anan HTMLHTML page.page. ToTo processprocess aa request,request, aa WebWeb serverserver maymay respondrespond withwith aa staticstatic HTMLHTML pagepage oror image,image, sendsend aa redirect,redirect, oror delegatedelegate thethe dynamicdynamic responseresponse generationgeneration toto somesome otherother programprogram suchsuch asas CGICGI scripts,scripts, JSPsJSPs (JavaServer(JavaServer Pages),Pages), servlets,servlets, ASPsASPs (Active(Active ServerServer Pages),Pages), server-sideserver-side JavaScripts,JavaScripts, oror somesome otherother server-sideserver-side technology.technology. WhateverWhatever theirtheir purpose,purpose, suchsuch server-sideserver-side programsprograms generategenerate aa response,response, mostmost oftenoften inin HTML,HTML, forfor viewingviewing inin aa WebWeb browser.browser.
WhenWhen aa requestrequest comescomes intointo thethe WebWeb server,server, thethe WebWeb serverserver simplysimply passespasses thethe requestrequest toto thethe programprogram bestbest ableable toto handlehandle it.it. TheThe WebWeb serverserver doesn'tdoesn't provideprovide anyany functionalityfunctionality beyondbeyond simplysimply providingproviding anan environmentenvironment inin whichwhich thethe server-sideserver-side programprogram cancan executeexecute andand passpass backback thethe generatedgenerated responses.responses. TheThe server-sideserver-side programprogram usuallyusually providesprovides forfor itselfitself suchsuch functionsfunctions asas transactiontransaction processing,processing, databasedatabase connectivity,connectivity, andand messaging.messaging.
ThereThere areare somesome standardstandard capabilitiescapabilities thatthat allall webweb serversservers share.share. PricesPrices forfor webweb serversservers rangerange fromfrom freefree (Apache)(Apache) toto sortsort ofof freefree (you(you getget IISIIS automaticallyautomatically whenwhen youyou havehave aa WindowsWindows 200x200x server)server) toto expensiveexpensive (WebSphere).(WebSphere). MostMost webweb serversservers shareshare aa commoncommon setset ofof featuresfeatures andand functionalityfunctionality thatthat includeinclude contentcontent support,support, caching,caching, virtualvirtual hosting,hosting, authenticationauthentication andand performance.performance.
WhichWhich serverserver youyou useuse dependsdepends onon aa numbernumber ofof thingsthings suchsuch as:as: AreAre youyou hostinghosting internallyinternally oror withwith aa serviceservice provider?provider? WhatWhat areare thethe developmentdevelopment skillsskills inin house?house? DoDo youyou havehave MicrosoftMicrosoft WindowsWindows ServersServers oror UnixUnix ServersServers inin house?house? WhatWhat isis youryour budget?budget?
TheThe featuresfeatures andand functionalityfunctionality ofof webweb serversservers cancan bebe brokenbroken downdown intointo severalseveral areas:areas: ContentContent SupportSupport MostMost webweb serversservers serveserve bothboth staticstatic andand dynamicdynamic content.content. StaticStatic contentcontent isis htmlhtml andand images,images, stylesheets,stylesheets, etc.etc. DynamicDynamic contentcontent isis mademade upup ofof webweb pagespages thatthat needneed toto bebe processedprocessed byby somesome typetype ofof engine.engine. ExamplesExamples includeinclude webweb pagespages withwith serverserver sideside scriptingscripting suchsuch asas PHP,PHP, ASP.Net,ASP.Net, andand Javascript.Javascript. MostMost websiteswebsites andand applicationsapplications todaytoday areare builtbuilt usingusing dynamicdynamic content.content. TheThe abilityability toto cachecache versionsversions ofof aa webweb pagepage (whether(whether itsits htmlhtml oror aa processedprocessed dynamicdynamic page)page) inin aa locationlocation thatthat isis fasterfaster toto retrieveretrieve thanthan callingcalling andand processingprocessing thethe pagepage fromfrom thethe serverserver againagain isis anotheranother feature.feature. CachingCaching isis anan importantimportant capabilitycapability forfor websiteswebsites serverserver thousandsthousands oror millionsmillions ofof visitors.visitors.
SiteSite HostingHosting
GenerallyGenerally sitessites areare hostedhosted withwith theirtheir ownown IPIP address.address. CompaniesCompanies createcreate domaindomain namesnames forfor theirtheir websiteswebsites (i.e.(i.e. Suite101.com)Suite101.com) andand attachattach thatthat domaindomain namename toto thethe IPIP address.address. WhenWhen aa visitorvisitor typestypes aa domaindomain namename inin thethe browserbrowser thethe internetinternet translatestranslates itit toto itsits IPIP addressaddress andand sendssends thethe visitorvisitor toto thethe sitesite accordingly.accordingly. SomeSome webweb serversservers havehave thethe abilityability toto hosthost aa numbernumber ofof websiteswebsites onon aa singlesingle IPIP addressaddress usingusing aa processprocess calledcalled virtualvirtual hosting.hosting. ThisThis involvesinvolves associatingassociating sitessites toto distinctdistinct port/IPport/IP addressaddress combinationscombinations onon thethe server.server. ProcessProcess isolationisolation isis anan anotheranother featurefeature forfor aa webweb server.server. It’sIt’s importantimportant thatthat ifif somethingsomething happenshappens toto aa websitewebsite andand itit crashescrashes thatthat itit doesn’tdoesn’t bringbring downdown allall thethe otherother websiteswebsites thatthat residereside onon thethe server.server. ProcessProcess isolationisolation involvesinvolves settingsetting aa websitewebsite toto runrun inin itsits ownown processprocess onon thethe serverserver
AuthenticationAuthentication WebWeb ServersServers mustmust supportsupport thethe abilityability toto authenticateauthenticate visitorsvisitors toto aa sitesite thatthat isis secure.secure. AnonymousAnonymous authenticationauthentication meansmeans thatthat everyoneeveryone hashas accessaccess andand therethere isis nono securitysecurity required.required. BasicBasic authenticationauthentication meansmeans thatthat aa useruser namename andand passwordpassword areare requiredrequired andand areare passedpassed toto thethe serverserver inin clearclear texttext (usually(usually byby enteringentering thethe usernameusername andand passwordpassword inin aa loginlogin screenscreen onon thethe website.website. WhileWhile thisthis isis secure,secure, it’sit’s openopen toto riskrisk becausebecause thethe securitysecurity credentialscredentials areare passedpassed inin clearclear text.text. NTLMNTLM isis aa MicrosoftMicrosoft securitysecurity protocolprotocol thatthat encryptsencrypts thethe credentialscredentials beforebefore beingbeing passed.passed. FinallyFinally allall webweb serversservers offeroffer SSL SSL (Secure(Secure SocketSocket Layer)Layer) whichwhich isis aa securesecure transporttransport layerlayer thatthat encryptsencrypts allall communicationscommunications betweenbetween thethe browserbrowser andand thethe webweb server.server. PortPort 443443 isis thethe mostmost commoncommon SSLSSL portport used.used. IfIf youyou useuse BasicBasic authenticationauthentication withwith SSLSSL youyou havehave aa muchmuch moremore securesecure authenticationauthentication process.process.
PerformancePerformance
AnotherAnother importantimportant aspectaspect forfor webweb serversservers isis performance.performance. HowHow wellwell dodo theythey performperform underunder load,load, howhow manymany requestsrequests (pages)(pages) areare serverserver perper minuteminute ((throughputthroughput),), howhow manymany usersusers cancan requestrequest contentcontent atat anyany givengiven timetime ((concurrencyconcurrency).). PerformancePerformance testingtesting ofof applicationsapplications isis anan importantimportant activityactivity whenwhen developingdeveloping aa websitewebsite andand thethe webweb serverserver cancan bebe aa bottlebottle neckneck itself.itself.
SelectingSelecting thethe rightright WebWeb ServerServer IfIf youyou havehave MicrosoftMicrosoft windowswindows serversservers inin house,house, it’sit’s likelylikely youyou willwill gogo withwith IIS.IIS. It’sIt’s partpart ofof thethe serverserver thatthat youyou justjust havehave toto turnturn on.on. ThisThis meansmeans youyou areare developingdeveloping inin MicrosoftMicrosoft technologies.technologies. YouYou maymay alreadyalready havehave aa teamteam ofof JavaJava oror PHPPHP developersdevelopers inin househouse whichwhich meansmeans youyou areare leaningleaning towardtoward webweb serversservers likelike ApacheApache andand WebSphere.WebSphere. DecidingDeciding toto useuse openopen sourcesource softwaresoftware inin househouse isis anotheranother decisiondecision youyou needneed toto considerconsider carefully.carefully. SupportSupport isis generallygenerally fairlyfairly goodgood inin thethe communitycommunity butbut there'sthere's nono officialofficial supportsupport teamteam whenwhen thingsthings gogo wrong.wrong. SelectingSelecting aa webweb serverserver isis anan importantimportant decision.decision. WhateverWhatever decisiondecision youyou makemake willwill leadlead youyou downdown aa specificspecific developmentdevelopment roadroad (Microsoft(Microsoft vsvs Java).Java). SoSo makemake suresure youyou understandunderstand theirtheir capabilitiescapabilities overalloverall andand thenthen selectselect accordingaccording toto youryour technology strategy. technology strategy. Web server processing steps
Web servers are designed around a certain set of basic goals: Accept network connections from browsers. Retrieve content from disk. Run local CGI programs or application server programs. Transmit data back to clients. Keep a log of user activity. Be as fast as possible.
Translate URL to filename For example the URL of a document may look like: http://hamilton.bell.ac.uk/index.html The internal path in the file system is /var/www/html/index.html Thus this step converts the URL into the internal path where the document can be found on the server.
Parse request headers The server analyzes HTTP headers of the request Access control Access restrictions can be defined on the resources of the server, according to certain characteristics of the client (IP address, or hostname). Check user If a resource is password protected, Apache checks if the password and the login provided by the client exist and are valid
Check MIME type of the object requested Determines the MIME type of the document required in order to carry out certain actions (for example if it is a CGI file, the program is run). Invoke handler (sends response) The HTTP response is made up and sent to the client. This The response can be a static document, or can be generated dynamically, depending on the request. Log the request Records a trace of the transaction carried out by recording in one or more logfiles The logfiles can be analysed to obtain information about site visitors.
TopTop 55 WebWeb ServersServers
AccordingAccording toto NetcraftNetcraft SurveysSurveys thethe followingfollowing areare thethe mostmost popularpopular webweb serversservers usedused asas ofof SeptemberSeptember 2007:2007: ApacheApache 50.48%50.48% IISIIS 34.94%34.94% GoogleGoogle 4.9%4.9% SunSun 1.64%1.64% LighttpdLighttpd 1.12%1.12%
ProtocolProtocol AnAn agreed-uponagreed-upon formatformat forfor transmittingtransmitting datadata betweenbetween twotwo devices.devices. TheThe protocolprotocol determinesdetermines thethe following:following: TheThe typetype ofof errorerror checkingchecking toto bebe usedused DataData compressioncompression method,method, ifif anyany HowHow thethe sendingsending devicedevice willwill indicateindicate thatthat itit hashas finishedfinished sendingsending aa messagemessage HowHow thethe receivingreceiving devicedevice willwill indicateindicate thatthat itit hashas receivedreceived aa messagemessage
HypertextHypertext TransferTransfer ProtocolProtocol (HTTP)(HTTP) HTTPHTTP isis aa communicationscommunications protocolprotocol usedused toto transfertransfer oror conveyconvey informationinformation onon intranetsintranets andand thethe WorldWorld WideWide WebWeb.. ItsIts originaloriginal purposepurpose waswas toto provideprovide aa wayway toto publishpublish andand retrieveretrieve hypertexthypertext pages.pages. HTTPHTTP isis aa request/responserequest/response protocolprotocol betweenbetween aa clientclient andand aa server.server. TheThe clientclient makingmaking anan HTTPHTTP requestrequest -- suchsuch asas aa webweb browserbrowser,, spiderspider,, oror otherother end-userend-user tooltool -- isis referredreferred toto asas thethe useruser agentagent.. TheThe respondingresponding serverserver -- whichwhich storesstores oror createscreates resourcesresources suchsuch asas HTMLHTML filesfiles andand imagesimages -- isis calledcalled thethe originorigin server.server. InIn betweenbetween thethe useruser agentagent andand originorigin serverserver maymay bebe severalseveral intermediaries,intermediaries, suchsuch asas proxiesproxies,, gatewaysgateways,, andand tunnelstunnels.. HTTPHTTP isis notnot constrainedconstrained toto usingusing TCP/IPTCP/IP andand itsits supportingsupporting layers,layers, althoughalthough thisthis isis itsits mostmost popularpopular applicationapplication onon thethe Internet.Internet.
HTTPSHTTPS -- HypertextHypertext TransferTransfer ProtocolProtocol overover SecureSecure SocketSocket Layer,Layer, oror HTTPHTTP overover SSLSSL HTTPSHTTPS isis aa WebWeb protocolprotocol developeddeveloped byby NetscapeNetscape andand builtbuilt intointo itsits browserbrowser thatthat encryptsencrypts andand decryptsdecrypts useruser pagepage requestsrequests asas wellwell asas thethe pagespages thatthat areare returnedreturned byby thethe WebWeb server.server. HTTPSHTTPS isis reallyreally justjust thethe useuse ofof Netscape'sNetscape's SecureSecure SocketSocket LayerLayer (SSL)(SSL) asas aa sublayersublayer underunder itsits regularregular HTTPHTTP applicationapplication layering.layering. (HTTPS(HTTPS usesuses portport 443443 insteadinstead ofof HTTPHTTP portport 8080 inin itsits interactionsinteractions withwith thethe lowerlower layer,layer, TCP/IP.)TCP/IP.) SSLSSL usesuses aa 40-bit40-bit keykey sizesize forfor thethe RC4RC4 streamstream encryptionencryption algorithm,algorithm, whichwhich isis consideredconsidered anan adequateadequate degreedegree ofof encryptionencryption forfor commercialcommercial exchange.exchange.
FTPFTP oror FileFile TransferTransfer ProtocolProtocol FTPFTP isis usedused toto transfertransfer datadata fromfrom oneone computercomputer toto anotheranother overover thethe Internet,Internet, oror throughthrough aa network.network. Specifically,Specifically, FTPFTP isis aa commonlycommonly usedused protocolprotocol forfor exchangingexchanging filesfiles overover anyany netTCP/IPnetTCP/IP basedbased networknetwork toto manipulatemanipulate filesfiles onon anotheranother computercomputer onon thatthat networknetwork regardlessregardless ofof whichwhich operatingoperating systemssystems areare involvedinvolved (if(if thethe computerscomputers permitpermit FTPFTP access).access). ThereThere areare manymany existingexisting FTPFTP clientclient andand serverserver programs.programs.
SecureSecure ShellShell oror SSHSSH SSHSSH isis aa networknetwork protocolprotocol thatthat allowsallows datadata toto bebe exchangedexchanged overover aa securesecure channelchannel betweenbetween twotwo computers.computers. EncryptionEncryption providesprovides confidentialityconfidentiality andand integrityintegrity ofof data.data. SSHSSH usesuses public-keypublic-key cryptographycryptography toto authenticateauthenticate thethe remoteremote computercomputer andand allowallow thethe remoteremote computercomputer toto authenticateauthenticate thethe user,user, ifif necessary.necessary. SSHSSH isis typicallytypically usedused toto loglog intointo aa remoteremote machinemachine andand executeexecute commandscommands
SSLSSL ((SecureSecure SocketsSockets Layer)Layer) TheThe (SSL)(SSL) isis aa commonly-usedcommonly-used protocolprotocol forfor managingmanaging thethe securitysecurity ofof aa messagemessage transmissiontransmission onon thethe Internet.Internet. SSLSSL hashas recentlyrecently beenbeen succeededsucceeded byby TransportTransport LayerLayer SecuritySecurity (TLS),(TLS), whichwhich isis basedbased onon SSL.SSL. SSLSSL usesuses aa programprogram layerlayer locatedlocated betweenbetween thethe Internet'sInternet's HypertextHypertext TransferTransfer ProtocolProtocol (HTTP)(HTTP) andand TransportTransport ControlControl ProtocolProtocol (TCP)(TCP) layers.layers. SSLSSL isis includedincluded asas partpart ofof bothboth thethe MicrosoftMicrosoft andand NetscapeNetscape browsersbrowsers andand mostmost WebWeb serverserver productsproducts