Web Servers : Must Know Introduction
Web Server Definition
A Web server is a program that generates and transmits responses to client requests for Web resources.
Handling a client request consists of several key steps:
Parsing the request message
Checking that the request is authorized
Associating the URL in the request with a file name
Constructing the response message
Transmitting the response message to the requesting client
The server can generate the response message in a variety of ways:
The server simply retrieves the file associated with the URL and returns the contents to the client.
The server may invoke a script that communicates with other servers or a back-end database to construct the response message.
Web Site versus Web Server
Web site and Web server are different:
A Web site consists of a collection of Web pages associated with a particular hostname.
A Web server is a program to satisfy client requests for Web resources.
Steps in Handling a Client Request
A Web server proceeds through the following steps in handling an HTTP request:
Read and parse the HTTP request message for example GET the resource /foo.htm
Translate the URL to a file name for example the resource be located in the base directory such as /www, where the URL http://www.bar.com/foo/index.html corresponds to the file of www/foo/index.html
Determine whether the request is authorized
Generate and transmit the response that includes header to show the status information
A Web server may limit which users can access certain resources. Access control requires a combination of authentication and authorization.
Authentication identifies the user who originated the request. Authorization determines which users have access to a particular resource.
Most client-server systems authenticate a user by asking for a name and password.
Web server must perform authentication for every request for a resource that has access restrictions.
The server returns an HTTP response that indicates that the request requires authorization.
The response also identifies what kind of authentication is required.
The response also identifies the realm a string that associates a collection of resources at the server
To control access to Web resources, the server must employ an authorization policy.
A policy typically expressed in terms of an access control list that enumerates the users who are granted or denied access to the resources.
In addition to checking the user name, the server may allow or deny access to the resource based on other information associated with the HTTP request, such as the host name or IP address of the requesting client.
Authenticating HTTP requests can impose a heavy load on the Web server.
Dynamically Generated Responses
This feature differentiates the Web from earlier file transfer services on the Internet.
Dynamically generated responses are created in a variety of ways:
A server-side include instructs the Web server to customize a static resource based on directives in an HTML-like file.
A server script is a separate program that generates the request resource.
The program may run as
Part of the server
A separate process
The main role of the Web server is
To associate the requested URL with the appropriate script
To pass data to/from the script
The main role of the script is
To process the input from the server
To generate the content to the client
The server can interact with the script in several different ways:
Separate process invoked by the server
Software module in the same process
Persistent process contacted by the server