Web Servers

Pre-lecture Survey: What is the #1 web server:

1. Apache2. Google3. MS IIS HTTP server4. nginx5. Sun6. Other

Apache

Google

MS IIS

HTTP se

rver

nginx

SunOth

er

0% 0% 0%0%0%0%

POPULAR WEB SERVERS

Who’s running the show?What are they?The big two:

Apache

http://en.wikipedia.org/wiki/Apache_web_server We’re number one!

Apache

Apache HTTP Server, referred to simply as Apache: A web server Notable for playing a key role in the initial growth of the

World Wide Web Apache

First viable alternative to Netscape Communications Corporation web server

Currently known as Sun Java System Web Server Evolved to rival other Unix-based web servers

Functionality and performance Since April 1996 Apache has been the most popular

HTTP server on the World Wide Web September 2007: Apache served 50% of all websites

Apache Project's name was chosen for two reasons:

Respect for the Native American Indian Apache tribe Well-known for their endurance and their skills in warfare

Project's root is a set of patches to the codebase of NCSA HTTPd 1.3

Making it "a patchy" server Apache is developed and maintained by

Open community of developers Under the auspices of the Apache Software Foundation

Available for a wide variety of OSs Microsoft Windows Novell NetWare Unix-like operating systems

e.g. Linux and Mac OS X z-OS (IBM mainframe) and more…

Released under the Apache License Apache is free software / open source software.

APACHE HISTORY

History

First version of the Apache web server created by Robert McCool Heavily involved with the National Center for

Supercomputing Applications web server Known simply as NCSA HTTPd

When Rob left NCSA in mid-1994 Development of httpd stalled Left a variety of patches for improvements circulating

through e-mails Rob McCool was not alone in his efforts

Several other developers helped form the original "Apache Group":

Brian Behlendorf, Roy T. Fielding, Rob Hartill, David Robinson, Cliff Skol nick, Randy Terbush, Robert S. Thau, Andrew Wilson, Eric Hagberg, Frank Peters, and Nicolas Pioch

History

Version 2 of the Apache server was a substantial re-write of much of the Apache 1.x code Strong focus on further modularization and the

development of a portability layer, the Apache Portable Runtime

Apache 2.x core - several major enhancements over Apache 1.x:

UNIX threading Better support for non-Unix platforms New Apache API IPv6 support

First alpha release of Apache March 2, 2000 First general availability release on April 6, 2002

Version 2.2 introduced a new authorization API that allows for more flexibility Also features improved cache modules and proxy

modules

FEATURES

Features

Apache supports a variety of features Many implemented as compiled modules

Extend the core functionality Range from server-side programming

language support to authentication schemes:

Common language interfaces support mod_perl, mod_python, Tcl, and PHP

Popular authentication modules include mod_access, mod_auth, and mod_digest

Features

Other features include: SSL and TLS support

mod_ssl A proxy module A useful URL rewriter

AKA a rewrite engine, implemented under mod_rewrite Custom log files

mod_log_config Filtering support

mod_include mod_ext_filter

Apache logs can be analyzed via web browsers with free scripts AWStats/W3Perl Visitors

Features

Virtual hosting allows one Apache installation to serve many different actual websites For example, one machine, with one Apache

installation could simultaneously serve: www.example.com www.test.com test47.test-server.test.com And more…

Apache features Configurable error messages DBMS-based authentication databases Content negotiation

Also supported by several graphical user interfaces (GUIs) Permit easier, more intuitive configuration of the server

USAGE

Usage

Apache can serve both static content and dynamic Web pages Many web applications are designed expecting the

environment and features that Apache provides Apache is the web server component of the

popular XAMPP web server application stack Partners with

OS LAMPP – Linux WAMPP – Windows MAMPP – Mac OS X

MySQL PHP/Perl/(Python) programming languages

Usage

Apache is redistributed as part of various proprietary software packages including the Oracle Database IBM WebSphere application server

Mac OS X integrates Apache Its built-in web server Support for its WebObjects application server

It is also supported by Borland Kylix and Delphi development tools

Usage

Apache included with Novell NetWare 6.5 Default web server

Apache used for many tasks where content needs to be available in a secure and reliable way Sharing files from a personal computer over the

Internet User who has Apache installed on their desktop can

put arbitrary files in the Apache's document root which can then be shared

Programmers developing web applications Locally installed version of Apache Preview and test code as it is being developed

Resume 3/11

LICENSE

License

Software license From the Apache Foundation Distinctive part of the Apache HTTP Server's history Apache License allows distribution of both open and

closed source derivations of the source code Free Software Foundation does not consider

the Apache License to be compatible with version 2 of the GNU General Public License (GPL) Software licensed under the Apache License cannot

be integrated with software that is distributed under the GPL

License

Free software license: Incompatible with the GPL

Has a specific requirement that is not in the GPL Has certain patent termination cases that the

GPL does not require Version 3 of the GPL includes a provision

(Section 7e) allows it to be compatible with licenses that have patent retaliation clauses, including the Apache License

Apache is a registered trademark May only be used with the trademark holder's

express permission

MICROSOFT IIS

http://en.wikipedia.org/wiki/IIS We’re # 2…

IIS

Microsoft Internet Information Services (IIS) Formerly called Internet Information Server Set of Internet-based services for servers using Microsoft

Windows World's second most popular web server in terms of

overall websites July 2010: it served 25.87% of all websites and 36.63%

of all active websites (Netcraft) IIS Services currently include servers for:

FTP SMTP NTP NNTP HTTP/HTTPS

History of IIS

Initially released as additional set of Internet based services for Windows NT 3.51

IIS 2.0 added support for the Windows NT 4.0

IIS 3.0 introduced the Active Server Pages dynamic

scripting environment IIS 4.0

dropped support for the Gopher protocol Bundled with Windows NT as a separate

"Option Pack" CD-ROM

History of IIS

Current shipping versions of IIS: 8.5

Windows Server 21012 R2 Windows 8.1

8.0 Windows Server 2012 Windows 8

7.5 Windows 7 Windows Server 2008 R2

7.0 Windows Vista Windows Server 2008

6.0 Windows Server 2003

Added support for IPv6 (support ending July 14,2015)

History of IIS

Windows Vista and 7 do not install IIS 7 by default Can be selected among the list of optionally

installed components IIS 7.0 on Vista does not limit the number of

connections allowed Restricts performance based on active

concurrent requests

SECURITY

Security

Earlier versions of IIS had lot of vulnerabilities Chief among them CA-2001-19

Led to the infamous Code Red worm

Version 7.0 currently has no reported issues In perspective, as of 11 September 2007, the

free software Apache web server has one unpatched reported issue Affecting only MS Windows systems Rated "less critical“

Security

IIS 6.0 opted to change the behavior of pre-installed ISAPI handlers Many of which were culprits in the

vulnerabilities on 4.0 and 5.0 Reduced the attack surface of IIS IIS 6.0 added a feature called "Web

Service Extensions“ Prevents IIS from launching any program

without explicit permission by an administrator

Security

IIS 7.0 the components were modularized Only the required components have to be

installed Further reducing the attack surface Security features such asURLFiltering

were added Rejects suspicious URLs based on a user

defined rule set

Security

In IIS 5.1 and lower: By default all websites were run

In-process Under the System account

a default Windows account with elevated rights

Security

In IIS 6.0 all request handling processes have been brought under a Network Services account Has significantly fewer privileges If there is an exploit in a feature or custom code

Wouldn't necessarily compromise the entire system

Given the sandboxed environment the processes run

Contains a new kernel HTTP stack (http.sys) Stricter HTTP request parser and response cache

for both static and dynamic content

AUTHENTICATION MECHANISMS

Authentication mechanisms

IIS 5.0 and higher support the following authentication mechanisms: Basic access authentication Digest access authentication Integrated Windows Authentication .NET Passport Authentication

INTERNET INFORMATION SERVICES 7.0

Internet Information Services 7.0

Debuted with Windows Vista Included in Windows Server 2008

IIS 7.0 features a modular architecture Instead of a monolithic server which features all

services IIS 7 has a core web server engine Modules offering specific functionality can be

added to the engine to enable its features Advantages

Only the features required need be enabled The functionalities can be extended by using

custom modules

Internet Information Services 7.0

IIS 7 ships with a handful of modules Microsoft will make other modules available

online Following sets of modules ship with the server:

HTTP Modules Security Modules Content Modules Compression Modules Caching Modules Logging and Diagnostics Modules

Integrates with the new configuration store New management environment

Internet Information Services 7.0

Significant change from previous versions: All web server configuration information is stored

solely in XML configuration files Instead of in the metabase

Server has a global configuration file Provides defaults Each virtual web's document root (and any

subdirectory thereof) may contain a web.config Containing settings that augment or override the

defaults

Internet Information Services 7.0

Changes to these files take effect immediately Marks a significant departure from previous

versions whereby web interfaces, or machine administrator access, were required to change simple settings such as default document, active modules and security/authentication

Eliminates the need to perform metabase synchronization between multiple servers in a farm of web servers

Internet Information Services 7.0

Features a completely rewritten administration interface Takes advantage of modern MMC

features such as Task panes Asynchronous operation

Configuration of ASP.NET is more fully integrated into the administrative interface.

NGINX

nginx

NGINX Plus is the web server, reinvented World’s most popular open source web

server for high-traffic websites. NGINX Plus adds enterprise-ready

features load balancing session persistence monitoring advanced management.

nginx

High-performance HTTP Server Delivers web and video assets with

Unparalleled speed Maximizing performance and efficiency

Web Accelerator Provides SSL and SPDY acceleration HTTP connection optimization High-performance caching HTTP compression

Application Gateway PHP, Ruby, Java and other application types supported Supports FastCGI, uWSGI and HTTP Proxy interfaces

Load Balancer and Application Delivery solution Gives

reliability control consistent performance for HTTP and TCP applications.

The "spiel"

The following from http://nginx.com/products/?_bt=669021

62345&_bk=nginx&_bm=b&gclid=CNy26dbm5MMCFWRk7AodWwoAXw

Capability

Future-proof, IPv6-ready reverse proxy with: Load balancing High availability

For: HTTP and TCP services Application request routing Content acceleration and caching

Predictability

Works predictably, without spikes, on: Low power chipsets Virtual machines with limited RAM

Eliminate unexpected issues with operations Reduce infrastructure costs

Simplicity

Flexible, logical, easily scalable setup Ten lines of directives enable:

Load balancing- or - Static content delivery

Don’t waste engineering hours on tweaking unreadable configurations

nginx

Virtualized Built to optimize CPU and memory

resource utilization. Extremely efficient in virtualized public

and private cloud environments Pay less, get more

nginx

Automation Easily automated with tools like Puppet

and Chef Can be managed by independent

development teams Shift engineering focus from

maintenance to innovation

Scalability and Performance

Serves Million users or more per server Tens of thousands of requests per

second Best in class multi-tenancy for virtual

hosts Easily scales for unparalleled efficiency

Post-survey: What is the #1 web server:

1. Apache2. Google3. MS IIS HTTP server4. nginx5. Sun

Apache

Google

MS IIS

HTTP se

rver

nginx

Sun

99%

0% 0%1%0%

SUMMARY

Summary

Concentrated on HTTP servers Apache and IIS are the main web

serving tools nginx is rising fast

Apache still king Currently declining IIS Up and down, wandering

Usage tracked Netcraft Web Server Survey