Web Servers

Protocols

Web Server
Definition :
A computer, including software package,
that provides a specific kind of service to
client software running on other
computers. ...
A Web server is a server-based product
that returns files to clients when
requested. These files are typically
returned in the form of Web pages to a
client Internet browser.

A Web Server is a server that hosts websites

and web applications for the internet or a
company intranet.
Microsoft Internet Information Server (IIS),
Apache,
WebLogic,
WebSphere,
Tomcat
Sun, and Lighttpd.

Most web servers are built for the Java

community, and some are open source like
Apache. Whatever decision you make on a
web server will lead you down a specific
development road (Microsoft vs Java).

How Web Servers Work

A Web server handles the HTTP protocol.

When the Web server receives an HTTP
request, it responds with an HTTP response,
such as sending back an HTML page. To
process a request, a Web server may
respond with a static HTML page or image,
send a redirect, or delegate the dynamic
response generation to some other program
such as CGI scripts, JSPs (JavaServer
Pages), servlets, ASPs (Active Server Pages),
server-side JavaScripts, or some other
server-side technology. Whatever their
purpose, such server-side programs
generate a response, most often in HTML,
for viewing in a Web browser.

When a request comes into the Web

server, the Web server simply passes
the request to the program best able to
handle it. The Web server doesn't
provide any functionality beyond
simply providing an environment in
which the server-side program can
execute and pass back the generated
responses. The server-side program
usually provides for itself such
functions as transaction processing,
database connectivity, and messaging.

There are some standard capabilities

that all web servers share.
Prices for web servers range from free
(Apache) to sort of free (you get IIS
automatically when you have a Windows
200x server) to expensive (WebSphere).
Most web servers share a common set of
features and functionality that include
content support, caching, virtual hosting,
authentication and performance.

Which server you use

depends on a number of
things such as:

Are you hosting internally or with a

service provider?
What are the development skills in
house?
Do you have Microsoft Windows
Servers or Unix Servers in house?
What is your budget?

The features and functionality of

web servers can be broken down
into several areas:
Content Support

Content Support
Most web servers serve both static and dynamic
content.
Static content is html and images, stylesheets, etc.
Dynamic content is made up of web pages that need to
be processed by some type of engine. Examples include
web pages with server side scripting such as PHP,
ASP.Net, and Javascript. Most websites and
applications today are built using dynamic content.
The ability to cache versions of a web page (whether its
html or a processed dynamic page) in a location that is
faster to retrieve than calling and processing the page
from the server again is another feature. Caching is an
important capability for websites server thousands or
millions of visitors.

Site Hosting

Generally sites are hosted with their own IP

address. Companies create domain names for their
websites (i.e. Suite101.com) and attach that
domain name to the IP address. When a visitor
types a domain name in the browser the internet
translates it to its IP address and sends the visitor
to the site accordingly. Some web servers have the
ability to host a number of websites on a single IP
address using a process called virtual hosting. This
involves associating sites to distinct port/IP
address combinations on the server.
Process isolation is an another feature for a web
server. Its important that if something happens to
a website and it crashes that it doesnt bring down
all the other websites that reside on the server.
Process isolation involves setting a website to run
in its own process on the server

Authentication

Web Servers must support the ability to authenticate

visitors to a site that is secure.
Anonymous authentication means that everyone has
access and there is no security required.
Basic authentication means that a user name and
password are required and are passed to the server in
clear text (usually by entering the username and
password in a login screen on the website. While this
is secure, its open to risk because the security
credentials are passed in clear text.
NTLM is a Microsoft security protocol that encrypts
the credentials before being passed.
Finally all web servers offer SSL (Secure Socket
Layer) which is a secure transport layer that encrypts
all communications between the browser and the web
server. Port 443 is the most common SSL port used. If
you use Basic authentication with SSL you have a
much more secure authentication process.

Performance

Another important aspect for web

servers is performance. How well do
they perform under load, how many
requests (pages) are server per minute
(throughput), how many users can
request content at any given time
(concurrency). Performance testing of
applications is an important activity
when developing a website and the web
server can be a bottle neck itself.

Selecting the right Web

Server

If you have Microsoft windows servers in house, its

likely you will go with IIS. Its part of the server that
you just have to turn on. This means you are
developing in Microsoft technologies. You may
already have a team of Java or PHP developers in
house which means you are leaning toward web
servers like Apache and WebSphere.
Deciding to use open source software in house is
another decision you need to consider carefully.
Support is generally fairly good in the community
but there's no official support team when things go
wrong. Selecting a web server is an important
decision. Whatever decision you make will lead you
down a specific development road (Microsoft vs
Java). So make sure you understand their
capabilities overall and then select according to your
technology strategy.

Web server processing

steps

Web servers are designed around a

certain set of basic goals:
Accept network connections from browsers.
Retrieve content from disk.
Run local CGI programs or application
server programs.
Transmit data back to clients.
Keep a log of user activity.
Be as fast as possible.

Translate URL to filename

For example the URL of a document
may look like:
http://hamilton.bell.ac.uk/index.html
The internal path in the file system is
/var/www/html/index.html
Thus this step converts the URL into the
internal path where the document can
be found
on the server.

Parse request headers

The server analyzes HTTP headers of the
request
Access control
Access restrictions can be defined on the
resources of the server, according to
certain characteristics of the client (IP
address, or hostname).
Check user
If a resource is password protected, Apache
checks if the password and the login
provided by the client exist and are valid

Check MIME type of the object requested

Determines the MIME type of the document
required in order to carry out certain actions (for
example if it is a CGI file, the program is run).
Invoke handler (sends response)
The HTTP response is made up and sent to the
client. This The response can be a static
document, or can be generated dynamically,
depending on the request.
Log the request
Records a trace of the transaction carried out by
recording in one or more logfiles The logfiles can
be analysed to obtain information about site
visitors.

Top 5 Web Servers

According to Netcraft Surveys the

following are the most popular web
servers used as of September 2007:
Apache 50.48%
IIS 34.94%
Google 4.9%
Sun 1.64%
Lighttpd 1.12%

Protocol
An agreed-upon format for
transmitting data between two
devices. The protocol determines the
following:
The type of error checking to be used
Data compression method, if any
How the sending device will indicate that
it has finished sending a message
How the receiving device will indicate that
it has received a message

Hypertext Transfer Protocol

(HTTP)

HTTP is a communications protocol used to

transfer or convey information on intranets and the
World Wide Web. Its original purpose was to provide
a way to publish and retrieve hypertext pages.
HTTP is a request/response protocol between a
client and a server. The client making an HTTP
request - such as a web browser, spider, or other
end-user tool - is referred to as the user agent. The
responding server - which stores or creates
resources such as HTML files and images - is called
the origin server. In between the user agent and
origin server may be several intermediaries, such as
proxies, gateways, and tunnels. HTTP is not
constrained to using TCP/IP and its supporting
layers, although this is its most popular application
on the Internet.

HTTPS

- Hypertext Transfer Protocol

over Secure Socket Layer, or HTTP over
SSL

HTTPS is a Web protocol developed by Netscape

and built into its browser that encrypts and
decrypts user page requests as well as the pages
that are returned by the Web server. HTTPS is
really just the use of Netscape's Secure Socket
Layer (SSL) as a sublayer under its regular HTTP
application layering. (HTTPS uses port 443
instead of HTTP port 80 in its interactions with
the lower layer, TCP/IP.) SSL uses a 40-bit key
size for the RC4 stream encryption algorithm,
which is considered an adequate degree of
encryption for commercial exchange.

FTP or File Transfer

Protocol

FTP is used to transfer data from one

computer to another over the Internet, or
through a network.
Specifically, FTP is a commonly used protocol
for exchanging files over any netTCP/IP based
network to manipulate files on another
computer on that network regardless of which
operating systems are involved (if the
computers permit FTP access). There are
many existing FTP client and server
programs.

Secure Shell or SSH

SSH is a network protocol that allows
data to be exchanged over a secure
channel between two computers.
Encryption provides confidentiality and
integrity of data. SSH uses public-key
cryptography to authenticate the remote
computer and allow the remote computer
to authenticate the user, if necessary.
SSH is typically used to log into a remote
machine and execute commands

SSL (Secure Sockets

Layer)

The (SSL) is a commonly-used protocol for

managing the security of a message
transmission on the Internet. SSL has
recently been succeeded by Transport
Layer Security (TLS), which is based on
SSL. SSL uses a program layer located
between the Internet's Hypertext Transfer
Protocol (HTTP) and Transport Control
Protocol (TCP) layers. SSL is included as
part of both the Microsoft and Netscape
browsers and most Web server products