The Web Server
Copyright © Ellis Horowitz 1998-2022 Web Servers 1
• Available Web Servers • Server Features
Copyright By PowCoder代写 加微信 powcoder
– Document Root – Authentication – Proxy Servers – Caching
– CGI Scripting
– Application Program Interface • Configuring a Server
• Analyzing a Server’s Performance • Server Log Files
Copyright © Ellis Horowitz 1998-2022
Web Servers 2
What Does the WWW Server Do?
• Enables browser requests • Mainly provides
– Support for retrieving hypertext documents
– Manages access to the Web site
– Provides several mechanisms for executing
server-side scripts
•Common Gateway Interface (CGI) •Application Program Interface (API) •Direct Module Interfaces (SAPI)
– provides log files and usage statistics
Copyright © Ellis Horowitz 1998-2022 Web Servers 3
What to Look for in a Web Server
• Main features
– platform they run on;
– complete support for HTTP 1.1 / HTTP 2 – Multithreading, load balancing
• Security features
– ability to provide IP address restriction – ability to provide domain name restriction – Support for secure transactions: SSL
– Ability to act as a proxy server
Copyright © Ellis Horowitz 1998-2022 Web Servers 4
How Servers Handle Multiple Requests
• For each request, a complete copy of the server is made and executed
– Initially a parent process waits for requests; for each new request a child process is spawned
• Or a single server program handles many requests simultaneously (multithreaded)
– the server must keep track of all requests and switch between them as needed
– writing multithreaded programs is easier in a language that supports multiple threads, e.g., Java, C#, Swift, Kotlin, …
Copyright © Ellis Horowitz 1998-2022 Web Servers 5
Application Web Server
• An application server is software that typically interfaces one or more databases to convey processed data to and from a user interface such as a web browser
• It performs business logic
• An application server acts as a set of components accessible through an API
• For web applications, these components are usually performed in the same machine where the web server is running, and their main job is to support the construction of dynamic pages.
• For example, Apache Tomcat is a popular, light-weight application container, but not a full application server as it doesn’t provide the services specified in the J2EE specification.
The web modules include servlets. Business logic resides in Enterprise JavaBeans (EJB).
Copyright © Ellis Horowitz 1998-2022 Web Servers 6
Some Available Web & Application Servers
Publisher Web Servers apache Microsoft NGINX NGINX (F5)
Product apache (2.4)
IIS 7-10.0
nginx (open source) NGINX Plus
Win32/UNIX Win32
Linux, BSD, Win32 Ubuntu, AWS
http://httpd.apache.org/ http://www.iis.net http://nginx.org http://www.nginx.com
Application Servers
Solaris/Win32/Linux Reference Implementation)
GlassFish 4.1 https://javaee.github.io/glassfish/
(now Open-Source Java EE
WebSphere Win32/UNIX/Linux https://www.ibm.com/cloud/websphere-application-server https://www.ibm.com/us-en/marketplace/java-ee-runtime
WebLogic Server Win32/UNIX/Linux https://www.oracle.com/java/weblogic/
For a comparison of web servers see http://www.serverwatch.com/, click on Server Comparison Tool
Copyright © Ellis Horowitz 1998-2022 Web Servers 7
Web Server Usage
• Netcraft has identified more than 1,167,715,133 sites (1/2022) – Apache no longer dominates Internet servers
– NGINX on top at 32%, Apache at #2 at 24%, OpenResty at 7%
• Statisticsonintranetsaredifficulttodetermine
– http://news.netcraft.com/archives/category/web-server-survey/
Copyright © Ellis Horowitz 1998-2022 Web Servers 8
Web Server Survey Takeaways
• From Netcraft January 2022 and previous surveys we can make these observations
– Nginx and Apache have each achieved their widespread popularity in the server market due to their general availability, but many large companies in the web industry choose to roll out their own solutions. Microsoft disappeared.
– Google’s custom server software (“GSE”) operates on over 37 million hostnames and 2.0 million domains. Google open-sourced the Google Servlet Engine, at the end of 2008, but the software has not received any official public updates in 11 years.
– Taobao, China’s largest online marketplace and part of Alibaba Group, developed their own fork of nginx. The fork, known as Tengine, was released back to the community as open source, leading to wider adoption. Tengine now runs on 56.8 million sites, making it the fourth most popular web server by this metric, despite it having only 1.2 million domains.
– OpenResty, based on nginx 1.21.4, a scalable Web Platform by Extending NGINX with Lua.
Copyright © Ellis Horowitz 1998-2022 Web Servers 9
Web Server Features
• Document Root • Authentication • Proxy Servers • Caching
• CGI Scripting
• Application Program Interface
Copyright © Ellis Horowitz 1998-2022
Web Servers 10
Web Server Features – Document Root
• The Web server has access to a tree of files that it can deliver
– the files are created by content providers
– files may contain text, images, sound, video, other programs, etc.
• the document tree is organized by the web site administrator
• The root of the document tree is given to the web server when it starts
Copyright © Ellis Horowitz 1998-2022 Web Servers 11
Managing the Document Tree
http://domain/cs is mapped to /serverhome/htdocs/cs/index.html
usr public
/serverhome htdocs
index.html
page.html index.html images
index.html
Click here
Display Image
Click Here
banner.gif
The document root is /serverhome/htdocs
The last link is an error
Copyright © Ellis Horowitz 1998-2022 Web Servers 12
Web Server Features (1)
Virtually Hosted Document Roots
• Hosting multiple web sites by the same web server
• It uses the host name or IP address to distinguish the document roots, e.g.
GET /index.html HTTP/1.0
Host: www.hardware.com
might return documents from /htdocs/hardware, while GET /index.html HTTP/1.0
Host: www.antiques.com
might return documents from /htdocs/antiques
• This might be configured in, say apache by writing
ServerName www.hardware.com
DocumentRoot /htdocs/hardware
ServerName www.antiques.com
DocumentRoot /htdocs/antiques
Copyright © Ellis Horowitz 1998-2022 Web Servers 13
Web Server Features (2) – Directory Listing
• When the URL path resolves to a directory, not to a file, a web server can be configured to return more than just a default file; to the right you see the server returning a list of files in the directory including special icons for files and folders
• Important Note: Turn off this feature! Remove “Indexes” from Options Indexes in httpd.conf
Copyright © Ellis Horowitz 1998-2022
Web Servers 14
Web Server Features (3)
Basic User Authentication
• Basic authentication is supported by all HTTP servers
– The server administrator creates secure directories accessible via password files maintained by the server
– Client requests a resource from a secure directory; e.g., GET /secure/test.html HTTP/1.0
– Server responds with authentication request to the client; e.g., HTTP/1.0 401 Unauthorized
– Browser requests username and password, scrambles them, and retries the request
GET /secure/test.html HTTP/1.0
Authorization: Basic 0
2. per-directory access rules can be set by a file placed in a specific directory
• the name of the file is set by the directive AccessFileName
• .htaccess is the default name
• however, using .htaccess slows down the server;
• NOTE: initially .htaccess is turned OFF
• When the server attempts to retrieve a document, it looks for an access control file in the directory or the parent directory.
• The file it looks for is set by the directive AccessFileName
Copyright © Ellis Horowitz 1998-2022 Web Servers 33
Some Sectioning Directives
• The server configuration files use sectioning directives to define special access rights within a section or sub-directory
• Example:
• Options controls which server features are available
– FollowSymLinks follow symbolic links
– ExecCGI execution of CGI scripts allowed
– Includes server-side includes are enabled
– Indexes will automatically return a list of files in the directory
Copyright © Ellis Horowitz 1998-2022 Web Servers 34
Limit Sectioning Directive
•
– order in which deny and allow are evaluated
– deny from host1, host2, …
– allow from host1, host2, …
– require named-users or group-users or AuthUserFile
– referer allows access only from this directory
– satisfy all or any
Copyright © Ellis Horowitz 1998-2022 Web Servers 35
Using LIMIT
• Host Filtering is used to limit document trees to certain machines
• Example 1: to limit access to the cscixxx public_html documents to USC only
order deny,allow
deny from all
allow from .usc.edu
• If someone tries to access documents in this directory from outside of usc they get a 403 Forbidden message
Copyright © Ellis Horowitz 1998-2022 Web Servers 36
Using LIMIT (cont’d)
• Example 2: to limit documents so USC people
CANNOT access them
order allow,deny
allow from all
deny from from .usc.edu
Copyright © Ellis Horowitz 1998-2022
Web Servers 37
Using LIMIT (cont’d)
• Example 3: a directive used to limit access to
only USC and ISI domains
deny from all
allow from 128.125
allow from 128.9
Copyright © Ellis Horowitz 1998-2022
Web Servers 38
Using LIMIT (cont’d)
• Example 4: Suppose you want to restrict files in a directory called secure/ to the user named student1 and password XXXYYY
• Step 1. create a file called .htaccess in directory secure/ that contains these 7 lines:
AuthUserFile /otherdir/.htpasswd must be a full
UNIX pathname
AuthGroupFile /dev/null
AuthName ByPassword
AuthType Basic
require user student1
there is no group file
any name is OK here
Basic or Digest is OK
Copyright © Ellis Horowitz 1998-2022
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com