Web Servers

Lecture 4
 WEB SERVERS

– A web server is software and hardware that uses HTTP (Hypertext Transfer
Protocol) and other protocols to respond to client requests made over the World
Wide Web. The main job of a web server is to display website content through
storing, processing and delivering webpages to users.
– Besides HTTP, web servers also support SMTP (Simple Mail Transfer Protocol)
and FTP (File Transfer Protocol), used for email, file transfer and storage.
– Web server hardware is connected to the internet and allows data to be
exchanged with other connected devices, while web server software controls
how a user accesses hosted files. The web server process is an example of
the Client/Server model. All computers that host websites must have web server
software.

– Web servers are used in web hosting, or the hosting of data for websites and
web-based applications -- or web applications.
Web Server

– A Web server is a program that generates and transmits responses to client

requests for Web resources.
– Handling a client request consists of several key steps:
 Parsing the request message
 Checking that the request is authorized
 Associating the URL in the request with a file name
 Constructing the response message
 Transmitting the response message to the requesting client
• When client sends request for a web page, the web server search for the
requested page if requested page is found then it will send it to client with
an HTTP response.
• If the requested web page is not found, web server will the send
an HTTP response: Error 404 Not found.
• If client has requested for some other resources, then the web server will
contact to the application server and data store to construct the HTTP
response.
Access Control

– A Web server may limit which users can access certain

resources. Access control requires a combination of
authentication and authorization .
 Authentication identifies the user who originated
the request.
 Authorization determines which users have access to
a particular resource.
AUTHENTICATION

– Most client-server systems authenticate a user by asking for a name and

password.
– Web server must perform authentication for every request for a resource that
has access restrictions.
– The server returns an HTTP response that indicates that the request requires
authorization.
– The response also identifies what kind of authentication is required. The
response also identifies the realm
 a string that associates a collection of resources at the server
AUTHORIZATION

– To control access to Web resources, the server must employ an authorization

policy
– A policy typically expressed in terms of an access control list that enumerates
the users who are granted or denied access to the resources.
– In addition to checking the user name, the server may allow or deny access to
the resource based on other information associated with the HTTP request,
such as the host name or IP address of the requesting client.
– Authenticating HTTP requests can impose a heavy load on the Web server.
Dynamically Generated Responses

– This feature differentiates the Web from earlier file transfer services on the
Internet.
– Dynamically generated responses are created in a variety of ways:
 Server-side include
 Server script
Server-Side Include

– A server-side include instructs the Web server to

customize a static resource based on directives in a
HTML-like file.
Server Script

A server script is a separate program that generates the request resource.

– The program may run as
 Part of the server
 A separate process
– The main role of the Web server is
 To associate the requested URL with the appropriate script
 To pass data to/from the script
– The main role of the script is
 To process the input from the server
 To generate the content to the client
Server Script

– The server can interact with the script in several different ways:
 Separate process invoked by the server
 Software module in the same process
 Persistent process contacted by the server
Passing Data to/from the Script
– Decoupling the scripts from the Web server requires a well-defined interface for passing data
between the two pieces of software.
– Common Gateway Interface (CGI) defines interfaces for a variety of operating system platforms.
Example of CGI environment variables is shown below
Creating and Using Cookies
– Cookies are typically created, used, and modified by scripts invoked to generate dynamic
responses, rather than by the Web server.
– The browser can be instructed to include a unique cookie in each HTTP request.
– If the request does not include cookie, the script create a new cookie and include the cookie in
the header of the response message
Set-Cookie: Customer="user17"; Version="1"; Path="/book"
Subsequent requests from the user would include the cookie
Cookie: Customer="user17"; Version="1"; Path="/book"
– A script can use a cookie as a user identifier in interacting with a back-end database.
– Storing history information in the cookie may obviate the need to retain information about the
user in a back-end database.
Server Architecture

– Some techniques for allocating system resources among competing client

requests are :
 Event-driven server architecture
 Process-driven server architecture
 Hybrid server architecture
Event-Driven Server Architecture

– An event-driven server
 Has a single process that alternates between servicing different requests
 Allows the server to serialize operations that modify the same data
 Performs nonblocking system calls
 Not used in Most high-end Web servers
Process-Driven Server Architecture

– A process-driven server
– Allocates each request to a separate process
 One master process listens for new connection
 The master process creates a separate process for each new connection
– Terminates the process after parsing the client request and transmitting the
response
 To prevent memory leak
– Introduces overhead for switching from one process to another
Hybrid Server Architecture

– In Hybrid server architectures

 The strengths of the event-driven and process-driven models are combined
 Each process would become an event-driven server that alternates between a small
collection of requests
 A single process has multiple independent threads
 Main process instructs a separate helper process to perform time-consuming
operations
Server Hosting
– Multiple Web sites on a single machine
– Multiple machine for a single Web

Hosting complex with surrogate in front of four server machines

Software

– There are thousands of different web server programs available

 Many specialized for very specific purposes
 About 50 mainstream
 The fact that a web server is not very popular does not necessarily mean
o Lot of bugs
o Poor performance
Examples of Web Servers

– Apache (Apache group)

– Tomcat (Apache group)
– IIS (Microsoft Internet Information Services)
 Apache web server
– Apache – follows process-driven model
– Maintained by Apache Software Foundation
– Currently most popular Web server
o Stable
o Efficient
o Portable

– (got it’s name from the original developers who called it ‘a patchy server’)
– Open source
– Freely distributed on the Internet
– Huge amount of end-user support
– Has earned the reputation of being one of the most reliable web server available
– Uses server modules to add functionality to the core HTTP server
– i.e. extra services that it can provide (e.g. security authentication)
Advantages of Apache web server

– Compatibility
– Technical Support
– Numerous features
 Tomcat web server
– Tomcat
– Similar to Apache and also maintained by Apache Software Foundation
– Fast becoming a popular Web server
– Built in Servlet container (engine)
– Requires no add-ons to support Servlets
– To launch Tomcat, successively select
– Start, Programs, Apache Tomcat 4.x and Start Tomcat
Advantages of Tomcat

– It is an open source application server

– It is a light weight server
– It is easily configured with apache and IIS
– Very stable on Unix systems
– Good documentation online
– Java Sun compliant
– Does not require a lot of memory at start up
– It is free, yet high quality!
Internet Information Services(IIS) web server

– Developed by Microsoft
– IIS 5.0
– Enterprise-level Web server
– Included with Windows 2000
– Allows computer to serve documents
– Uses an Internet Services Manager to administrate
Server Errors

– 500 internal sever error - The request was not completed. The server met an unexpected
condition.
– 501 not implemented - The request was not completed. The server did not support the
functionality required.
– 502 bad gateway - The request was not completed. The server received an invalid
response from the upstream server.
– 503 service unvailable - he request was not completed. The server is temporarily
overloading or down.
– 504 gateway timeout - The gateway has timed out.
– 505 http version not supported - The server does not support the "http protocol" version.