Chapter 2
Introduction to Web servers
A web server is a software or hardware system that stores, processes, and delivers web pages to users over
the internet. It plays a crucial role in the architecture of the World Wide Web by handling the requests
from clients (web browsers) and serving them with the requested web pages or other content.
Key components and concepts related to web servers:
1. Client-Server Model: The interaction between web servers and clients (typically web browsers)
follows the client-server model. Clients send requests to the server, and the server responds by
providing the requested information. This model facilitates the distribution of tasks, with clients
making requests and servers handling the processing and delivery of content.
2. HTTP (Hypertext Transfer Protocol): Web servers use the HTTP or HTTPS (HTTP Secure) protocol
to communicate with web browsers. HTTP is a stateless protocol, meaning each request from a
client is treated as an independent transaction without any knowledge of previous requests.
3. Request-Response Cycle: The communication between a client and a web server follows a
request-response cycle. Clients send HTTP requests to the server, specifying the resource they
are seeking (e.g., a web page), and the server responds with the requested content or an error
message.
4. IP Address and Domain Name: Web servers are identified on the internet by their IP addresses
(e.g., 192.168.0.1). Domain names (e.g., www.example.com) provide a human-readable
alternative to IP addresses and are translated into IP addresses through the Domain Name
System (DNS).
5. DNS (Domain Name System): DNS is a hierarchical system that translates human-readable
domain names into IP addresses. When a user enters a domain name in a web browser, DNS
resolves it to the corresponding IP address, allowing the browser to connect to the correct web
server.
6. Static vs. Dynamic Content: Web servers can serve static or dynamic content. Static content
includes fixed files like HTML, CSS, and images. Dynamic content is generated on-the-fly by
server-side scripts (e.g., PHP, Python, or Node.js) in response to user requests.
7. Common Web Server Software: There are various web server software options, including
Apache HTTP Server, Nginx, Microsoft Internet Information Services (IIS), and others. Each has its
strengths, features, and configurations.
� 8. Port Number: Web servers listen for incoming requests on specific port numbers. The default
port for HTTP is 80, while HTTPS typically uses port 443. These port numbers help route the
requests to the appropriate server.
9. SSL/TLS Encryption: HTTPS (HTTP Secure) is an extension of HTTP that adds a layer of security
through SSL (Secure Sockets Layer) or its successor, TLS (Transport Layer Security). This
encryption ensures that data transmitted between the client and the server remains confidential
and secure.
Features of a web server
Web servers typically share common features that enable them to fulfill their role of handling incoming
requests and delivering web content to clients. Here are some common features of web servers:
1. HTTP Protocol Support: Web servers support the Hypertext Transfer Protocol (HTTP) for
communication between clients (web browsers) and the server. HTTPS is an extension that
provides a secure, encrypted version of HTTP.
2. Virtual Hosting: Virtual hosting allows a single web server to host multiple websites with
different domain names on the same IP address. This is achieved through techniques like name-
based or IP-based virtual hosting.
3. Logging and Monitoring: Web servers keep logs of incoming requests, error messages, and
other relevant information. Monitoring tools help administrators track server performance,
identify issues, and optimize resource usage.
4. Security Features: Web servers implement security measures to protect against common threats,
such as DDoS attacks, SQL injection, cross-site scripting (XSS), and more. Security features may
include access controls, firewalls, and SSL/TLS encryption.
5. Authentication and Authorization: Web servers often support user authentication and
authorization mechanisms. This ensures that only authorized users have access to specific
resources or functionalities on the server.
6. Directory Indexing: Web servers can automatically generate an index page for directories that
don't contain an index file. This feature makes it easier for users to navigate through the contents
of a website.
7. Caching: Caching mechanisms help improve performance by storing copies of frequently
requested resources. This reduces the need to regenerate content for each request, resulting in
faster response times.
� 8. Compression: Web servers can compress content before sending it to clients, reducing the
amount of data transferred over the network. This feature improves page load times, especially
for users with slower internet connections.
9. Support for Server-Side Scripting: Web servers often support server-side scripting languages
like PHP, Python, Ruby, or Node.js. These languages allow developers to create dynamic content
and interact with databases to generate personalized responses.
10. Proxy and Reverse Proxy Functionality: Web servers can act as proxies, forwarding requests to
other servers and returning the responses to clients. Reverse proxies handle requests on behalf of
backend servers, improving performance, load balancing, and security.
11. Static Content Delivery: Web servers efficiently serve static content such as HTML, CSS,
images, and multimedia files. This is often a fundamental function of a web server, and it helps
offload the processing of static content from application servers.
12. Load Balancing: In environments with high traffic or multiple servers, load balancing distributes
incoming requests across multiple servers to ensure optimal resource utilization and prevent
server overloads.
Types of Web servers
1. Proxy Server:
Manages and forwards requests between clients and other servers.
Acts as an intermediary to enhance security, performance, and content filtering.
2. Mail Server:
Handles the sending, receiving, and storage of email messages.
Common protocols include SMTP (Simple Mail Transfer Protocol) for sending emails and
POP3/IMAP for retrieving emails.
3. Application Server:
Executes application logic and business processes.
Often used in conjunction with a web server to process dynamic content.
4. Real-Time Communication Server:
Facilitates real-time communication between clients, often through WebSocket technology.
Used for applications like chat applications, online gaming, and collaborative tools.
5. FTP Server (File Transfer Protocol):
Manages the transfer of files between clients and servers.
Allows users to upload and download files securely.
� 6. Collaboration Server:
Supports collaborative tools, enabling multiple users to work together in real-time.
Examples include shared document editing platforms.
7. List Server:
Manages and distributes mailing lists, discussion groups, or newsletters.
Facilitates communication and information sharing among a group of users.
8. Telnet Server:
Allows remote terminal access to servers.
Transmits text-based communication between a client and a server.
9. Virtual Server:
Hosts multiple virtual environments on a single physical server.
Useful for resource optimization and efficient server management.
10. Secure Server:
Focuses on providing a secure environment for data transfer and communication.
Often incorporates encryption protocols such as SSL/TLS.
11. Commerce Server:
Specifically designed for handling e-commerce transactions.
Ensures secure and efficient processing of online transactions.
Webserver Error
These errors are typically displayed to the user as a message or code on the website, and they can indicate
that there is a problem with the server that needs to be addressed in order to access the website or web
application.
List of HTTP Response Codes:
500 Internal Server Error - A generic error message, given when no more specific message is
suitable.
501 Not Implemented - The server either does not recognise the request method, or it lacks the
ability to fulfill the request.
502 Bad Gateway - The server was acting as a gateway or proxy and received an invalid response
from the upstream server.
503 Service Unavailable - The server is currently unavailable (because it is overloaded or down
for maintenance). Generally, this is a temporary state.
� 504 Gateway Timeout - The server was acting as a gateway or proxy and did not receive a timely
response from the upstream server.
505 HTTP Version Not Supported - The server does not support the HTTP protocol version used
in the request.
506 Variant Also Negotiates (RFC 2295) - Transparent content negotiation for the request results
in a circular reference.
507 Insufficient Storage
509 Bandwidth Limit Exceeded - This status code, while used by many servers, is not specified in
any RFCs.
510 Not Extended - Further extensions to the request are required for the server to fulfill it.
400 Bad File Request - Usually means the syntax used in the URL is incorrect (e.g., uppercase
letter should be lowercase letter; wrong punctuation marks).
401 Unauthorized - Server is looking for some encryption key from the client and is not getting it.
Also, wrong password may have been entered. Try it again, paying close attention to case
sensitivity.
403 Forbidden/Access Denied - Similar to 401; special permission needed to access the site, a
password and/or username if it is a registration issue. Other times you may not have the proper
permissions set up on the server or the site's administrator just doesn't want you to be able to
access the site.
404 File Not Found - Server cannot find the file you requested. File has either been moved or
deleted, or you entered the wrong URL or document name. Look at the URL. If a word looks
misspelled, then correct it and try it again.
408 Request Timeout - Client stopped the request before the server finished retrieving it. A user
will either, hit the stop button, close the browser, or click on a link before the page loads. Usually
occurs when servers are slow or file sizes are large.
Connection Refused by Host - Either you do not have permission to access the site or your
password is incorrect.
File Contains No Data - Page is there but is not showing anything. Error occurs in the document.
Attributed to bad table formatting, or stripped header information.
Bad File Request - Browser may not support the form or other coding you are trying to access.
Failed DNS Lookup - The Domain Name Server can't translate your domain request into a valid
Internet address. Server may be busy or down, or incorrect URL was entered.
Host Unavailable - Host server down. Hit reload or go to the site later.
� Unable to Locate Host - Host server is down, Internet connection is lost, or URL typed
incorrectly.
Refused by the Server - The Web server is bus.
Web server overload
Web server overload can occur for various reasons, leading to degraded performance or even service
outages. Some common causes of web server overload include:
1. High Traffic Volume: Sudden spikes in website traffic, especially during events like product
launches, promotions, or viral content, can overwhelm web servers.
2. Distributed Denial of Service (DDoS) Attacks: Malicious attempts to flood a website with traffic
from multiple sources can lead to a web server overload, causing a denial of service for legitimate
users.
3. Inefficient Code or Database Queries: Poorly optimized code or inefficient database queries can
increase server resource usage, leading to slower response times and potential overload.
4. Insufficient Resources: If a web server is not adequately provisioned with enough CPU, memory,
or bandwidth resources to handle the incoming traffic, it may become overloaded.
5. Hardware Failures: Hardware failures, such as a malfunctioning hard drive or memory module,
can significantly impact a web server's performance.
6. Software Bugs or Issues: Bugs in the web server software or underlying operating system can
lead to resource leaks, crashes, or other issues that contribute to overload.
7. Inadequate Configuration: Poorly configured web servers, load balancers, or other infrastructure
components can result in inefficient resource utilization and contribute to overload.
8. Bot Traffic: Web crawlers, scrapers, and other automated bots can generate a significant amount
of traffic, potentially overwhelming a web server.
9. Resource-Intensive Content: Serving large media files, high-resolution images, or other resource-
intensive content without proper optimization can strain server resources.
10. Networking Issues: Network congestion, packet loss, or other issues in the network infrastructure
can impact the communication between clients and the web server.
11. Software Updates or Deployments: Introducing new software updates or deploying changes
without proper testing can lead to unexpected performance issues or server overload.
�Web server overload
Web server overload can manifest in various symptoms, and identifying these signs promptly is crucial
for maintaining the health and performance of your web infrastructure. Here are common symptoms of
web server overload:
1. Sluggish Response Times: Increased response times for web page requests is one of the most
noticeable symptoms. Users may experience delays in loading pages or executing actions.
2. Increased Error Rates: Higher rates of HTTP error responses, such as 500 Internal Server Errors
or 503 Service Unavailable, may occur when the server is overloaded and struggling to process
requests.
3. Timeouts: Users might encounter timeouts when attempting to access your website or perform
specific actions, indicating that the server is taking too long to respond.
4. Decreased Throughput: A reduction in the number of successful requests served per second is a
clear indicator of a server struggling to handle the incoming traffic.
5. Connection Failures: Users might experience difficulties establishing connections to the server,
resulting in connection failures or dropped connections.
6. Increased CPU Usage: Monitoring the server's CPU usage is crucial. A significant increase in
CPU utilization may indicate that the server is under heavy load.
7. High Memory Usage: Insufficient memory availability can lead to increased swapping or memory
exhaustion, impacting the server's ability to handle concurrent requests.
8. Disk I/O Issues: If the server experiences high levels of disk I/O (Input/Output), it might struggle
to read or write data efficiently, affecting overall performance.
9. Increased Network Traffic: Monitoring network bandwidth and traffic patterns can help identify if
the server is handling more data than it can manage effectively.
10. Queue Buildup: Queues for processing requests, especially in load balancing scenarios, may build
up as the server struggles to keep up with incoming requests.
11. Inability to Serve Static Content: If the server becomes overloaded, it may prioritize dynamic
content over static content, leading to difficulties in serving images, stylesheets, or other static
assets.
12. Log Warnings/Errors: Checking server logs for warnings or errors related to resource exhaustion,
connection limits, or other issues can provide valuable insights.
�Web server Anti-overload techniques
To prevent or mitigate web server overload, several anti-overload techniques and best practices can be
employed. Here are some strategies to enhance the resilience and performance of web servers:
1. Load Balancing: Distribute incoming traffic across multiple servers using a load balancer. This
helps evenly distribute the load, preventing a single server from becoming overwhelmed.
2. Content Delivery Network (CDN): Use a CDN to cache and distribute static content closer to
users. This reduces the load on the origin server and improves response times for static assets.
3. Caching: Implement caching mechanisms for both dynamic and static content to reduce the load
on the server. Caching can be done at various levels, including server-side caching, reverse proxy
caching, and client-side caching.
4. Optimized Code and Queries: Ensure that your web application code is well-optimized, and
database queries are efficient. This reduces the server's resource usage and improves response
times.
5. Scalability: Design the infrastructure to be scalable, allowing for the addition of resources or
servers as needed. This can be achieved through horizontal scaling (adding more servers) or
vertical scaling (upgrading server resources).
6. Monitoring and Alerts: Implement robust monitoring tools to continuously track server
performance, resource utilization, and traffic patterns. Set up alerts to notify administrators when
certain thresholds are exceeded.
7. Automatic Scaling: Use auto-scaling solutions that can dynamically adjust the number of server
instances based on real-time demand. Cloud providers often offer auto-scaling features.
8. Web Application Firewalls (WAF): Deploy a WAF to protect against malicious traffic, including
DDoS attacks. WAFs can filter out and block unwanted traffic before it reaches the web server.
9. Rate Limiting: Implement rate limiting to control the number of requests a user or IP address can
make within a specific timeframe. This helps prevent abuse and protects against certain types of
attacks.
10. Connection and Request Limits: Configure web servers to limit the number of concurrent
connections or requests from a single IP address. This can help prevent a single client from
monopolizing server resources.
11. Efficient Resource Management: Regularly optimize and review server configurations, ensuring
that resources are allocated efficiently. This includes tuning the web server, database, and other
components.
� 12. Failover and Redundancy: Implement failover mechanisms and redundancy to ensure high
availability. If one server fails, traffic can be redirected to a backup server to maintain service
continuity.
13. Security Measures: Employ security best practices to protect against security vulnerabilities and
potential exploitation. A secure system is less likely to be compromised and used for malicious
purposes.
14. Distributed Architecture: Consider a distributed architecture where different components of your
application are spread across multiple servers or services. This can enhance scalability and fault
tolerance.
15. Regular Testing: Conduct regular load testing and performance testing to identify potential
bottlenecks and weaknesses in your system. This allows for proactive optimization and capacity
planning.
Definition of other web server related terms
Common Gateway Interface (CGI) is a standard that defines how web server software can
delegate the generation of web pages to a stand-alone application or an executable file. Such
applications, known as CGI scripts, can be written in any programming language, although
scripting languages are often used.
Virtual Web site - A Web site hosted on a server that shares resources with other Web sites, as
opposed to a single machine dedicated to processing HTTP requests for a single Web site. Web
sites on the same server will share common resources. Also called shared Web hosting.
Hosting server - A server dedicated to hosting a service or services for users. Hosting servers are
most often used for hosting Web sites but can also be used for hosting files, images, games and
similar content. Hosting servers can be shared among many clients (shared hosting servers) or
dedicated to a single client (dedicated servers), the latter of which is particularly common for
larger Web sites where the hosting needs of the Web site owner necessitate more control and/or
bandwidth.
Web host - A Web host is in the business of providing server space, Web services and file
maintenance for Web sites controlled by individuals or companies that do not have their own Web
servers. Many ISPs, such as America Online, will allow subscribers a small amount of server
space to host a personal Web page. Other commercial ISPs will charge the user a fee depending
on the complexity of the site being hosted.
� Web stack - The term used to refer to software stacks in Web development environments. The
stack of software, mainly comprised of open-source software, will contain an operating system,
Web server, database server, and programming language. e.g. WAMP server and
LAMP software bundle. Traffic shaping (also known as "packet shaping" or ITMPs: Internet
Traffic Management Practices) is the control of computer network traffic in order to optimize or
guarantee performance, improve latency, and/or increase usable bandwidth for some kinds of
packets by delaying other kinds of packets that meet certain criteria.
The Slashdot effect, also known as slashdotting, occurs when a popular website links to a smaller
site, causing a massive increase in traffic. This overloads the smaller site, causing it to slow down
or even temporarily close. The name stems from the huge influx of web traffic those results from
the technology news site Slashdot linking to websites.
Load balancing is a computer networking methodology to distribute workload across multiple
computers or a computer cluster, network links, central processing units, disk drives, or other
resources, to achieve optimal resource utilization, maximize throughput, minimize response time,
and avoid overload. Using multiple components with load balancing, instead of a single
component, may increase reliability through redundancy. The load balancing service is usually
provided by dedicated software or hardware, such as a multilayer switch or a Domain Name
System server.
Bandwidth management is the process of measuring and controlling the communications (traffic,
packets) on a network link, to avoid filling the link to capacity or overfilling the link, which
would result in network congestion and poor performance of the network.
