WP - Unit III

web server
• The aim of the web servers is to

deliver websites over the internet.
• It behaves as a middleman among
the client machines and servers to
achieve that aim.
• It can pull the content through the
server over every user request.
Dept of COMPUTER APPLICATIONS

06-02-2023 1
Session Number
Web Server

06-02-2023 2
Session Number
 One of the most critical tasks of any web
server is to provide services to various
different users of the web at the same time.
 Web servers execute files specified in a
different type of programming languages like
Java, Python, PHP, and many others.
 Web servers turn these files into static HTML
files. It provides services to these files within
the web server browser.
 Web browser can be defined as a tool liable
for decent client-server communication.

06-02-2023 3
Session Number
1.First, any web user is required to type the URL of
the web page in the address bar of web browser.
2.With the help of the URL, web browser will fetch

the IP address of your domain name either by
converting the URL via DNS (Domain Name
System) or by looking for the IP in cache memory.
The IP address will direct user’s browser to the
web server.
3.After making the connection, the web browser
will request for the web page from the web server
with the help of an HTTP request.
06-02-2023 4
Session Number
4. As soon as the web server receives this request,
it immediately responds by sending back the
requested page or file to the web browser HTTP.
5.If the web page requested by the browser does

not exist or if there occurs some error in the
process, the web server will return an error
message.
6.If there occurs no error, the browser will

successfully display the webpage.

06-02-2023 5
Session Number
Web servers are mostly used for:
•Sending and receiving mails on Internet by

using SMTP (Simple Mail transfer Protocol)
•Requests for File Transfer Protocol (FTP)
files
•Designing, developing, and publishing
websites.
06-02-2023 6
Session Number
S.NO. Static Web Servers Dynamic Web Servers
Static web servers refer to the
servers, which serve only the Dynamic web servers refer to the servers
1 static content i.e., the content where the content of the page can be
is fixed and being shown as it updated and altered.
is.
A static web server includes a A dynamic web server also includes a
computer and the HTTP computer with plenty of other software,
2
(Hyper Text Transfer Protocol) unlike an application server and database
software. model.
It is called static; the web
It is called dynamic because the
pages content won't change
application server is used to update the
unless the user manually
3 web pages files at the server-side, and
changes it, and the server will
due to which, it can change on every call
deliver web files as is to the
requested by the web browser.
web browser.
The Dynamic web server can only produce
the data when it is requested from the
Static web servers take less
4 database. Therefore, it is time consuming
time to load the data.
and more complicated when compared to
06-02-2023
Dept of COMPUTER static web servers.
APPLICATIONS
Session Number
7
• The word, Apache, has been taken from the name of
the Native American tribe ‘Apache’, famous for its
skills in warfare and strategy making.
• Apache is free and open-source software of web
server.
• Apache permits the owners of the websites for
serving content over the web
• It is the most widely used Web Server application in
the world with more than 50% share in the
commercial web server market.
• It is the most widely used Web Server application in
Unix-like operating systems but can be used on
almost all platforms such as Windows, OS X, OS/2,
etc.
06-02-2023 8
Session Number
• It is a modular, process-based web server
application that creates a new thread with each
simultaneous connection.
• It supports a number of feature: many of them are
compiled as separate modules and extend its core
functionality, and can provide everything from
server side programming language support to
authentication mechanism.
• Virtual hosting is one such feature that allows a
single Apache Web Server to serve a number of
different websites.

06-02-2023 9
Session Number
What is Virtual Host?
• An Apache web server can host multiple
websites on the SAME server.
• No need for separate server machine and
apache software for each website. This
can achieved using the concept of Virtual
Host or VHost.
• Any domain that user wants to host on
their web server will have a separate
entry in apache configuration file.
06-02-2023 10
Session Number
Types of Apache Virtualhost
1.Name-based Virtual host
2.Address-based or IP based virtual host and.
Name-based Virtual Host

Name based virtual hosting is used to host multiple virtual
sites on a single IP address.

06-02-2023 11
Session Number
• In order to configure name based virtual hosting, user has to set the IP
address on which she/he is going to receive the Apache requests for all
the desired websites.
• This can be done by NameVirutalHost directive within the apache
configuration i.e. httpd.conf/apache2.conf file.
Apache Name-based Virtual host Example:

NameVirtualHost *:80
<VirtualHost 192.168.0.108:80>
ServerAdmin webmaster@example1.com
DocumentRoot /var/www/html/example1.com
ServerName www.example1.com </VirtualHost>
<VirtualHost 192.168.0.108:80>
ServerAdmin admin@example2.com
ServerName www.example2.com
</VirtualHost>
06-02-2023 12
Session Number
To check web configuration files with:
[root@amsterdam ~]#httpd –t Syntax OK
If the configuration file has some wrong syntax, it will

throw an error
[root@115 conf.d]# httpd -t
Syntax error on line 978 of /etc/httpd/conf/httpd.conf:
Invalid command '*', perhaps misspelled or defined by a

module not included in the server configuration

06-02-2023 13
Session Number
IP-based Virtual host
• In order to setup IP based virtual hosting, user need more
than one IP address configured on their server.
• So, the number of vhost apache will depend on number of
IP address configured on server.
• If server has 10 IP addresses, 10 IP based virtual host can be
created.

06-02-2023 14
Session Number
Apache Address-based or IP based Virtual host Example:
Listen 192.168.0.100:80
<VirtualHost 192.168.10.108:80>
ServerAdmin webmaster@example1.com
</VirtualHost>
<VirtualHost 192.168.10.109:80>
ServerAdmin admin@example2.com
</VirtualHost>
06-02-2023 15
Session Number
How to Secure Apache Web Server
• Securing the web server is very important, it means allowing others to see
only the intended information & protecting data and restricting access.
• These are common things that enhance Apache web servers’ security.
1) Hiding Apache version and OS information:

Apache displays its version and the name of the operating system in errors as
shown in below

06-02-2023 16
Session Number
• A hacker can use this information to launch an attack using the
publicly available vulnerabilities in the particular version of the
server or OS.
• In order to prevent Apache webserver from displaying this
information, the user has to modify “server signature” option
available in the apache configuration file. By default, it is “on”,
need to set it “off”.
vim /etc/httpd/conf/httpd.conf
ServerSignature Off
ServerTokens Prod
• After modifying the configuration file, you have to restart/reload

your apache web server to make it effective.
service httpd restart
06-02-2023 17
Session Number
06-02-2023 18
Session Number
2. Disabling unnecessary modules
It is good practice to disable all unnecessary modules that are
not in use. You can see list of enabled module available in your
apache configuration file
[root@amsterdam ~]#httpd –M
perl_module (shared)
php5_module (shared)
proxy_ajp_module (shared)
python_module (shared)
ssl_module (shared)

06-02-2023 19
Session Number
3. Using mod_evasive to rebutting the DoS attack
• To protect your web server from Dos (i.e. Denial of Service),
mod_evasive module must be enabled.
• It is a third party module that detects Dos attack and prevents
the attack from doing as much damage as it would do if left to
run its course.
4. Using mod_security to
enhance apache security
This module works as a firewall
for Apache and allows you to
monitor traffic in real time. It
also prevents the web server
from brute force attacks. The
mod_security module could be
installed with the default
package manager of
distribution. Dept of COMPUTER APPLICATIONS
06-02-2023 20
Session Number
5. Limiting request size
• Apache does not have any restriction on the total
size of the http request that could lead to a DoS
attack.
• The request size of an Apache directive can be set
using “LimitRequestBody” directory tag.
• The value could be set anything from 0 to 2 GB (i.e.
2147483647 bytes) as per the requirement.
<Directory "/var/www/html/uploads">
LimitRequestBody 512000
</Directory>
06-02-2023 21
Session Number
MIME
• Multipurpose Internet Mail Extensions (MIME) is
an extension of the original Simple Mail Transport
Protocol (SMTP) email protocol.
• It allows users to exchange different kinds of data
files, including audio, video, images and
application programs over email.
• It is an Internet standard that extends the
format of email messages to support text in
character sets other than ASCII, as well as
attachments of audio, video, images, and
application programs.

06-02-2023 22
Session Number
• MIME (Multipurpose Internet Mail Extensions)
type is a standard way of describing a data
type in the body of an HTTP message or
email.
• The MIME type is passed in the Content-Type
header.
• For example, the Content-Type: text/html
header tells the browser that it received an
HTML page.

06-02-2023 23
Session Number
• text/html for normal web pages
• text/plain for plain text
• application/octet-stream for “download
this file”
• application/x-java-applet for Java applets
• application/pdf for Adobe PDF documents.
• By default, many web servers are
configured to report a MIME type of
text/plain or application/octet-stream for
unknown content types.
06-02-2023 24
Session Number
Why are correct MIME types
important?
• If the web server or application reports an incorrect MIME type for
content, a web browser has no way, according to the HTTP specification,
of knowing that the author actually intended the content to be processed
and displayed in a way different from that implied by the reported MIME
type.
• Some other web browsers, such as Internet Explorer, try to allow for
misconfigured web servers and applications by guessing what the correct
MIME type should be. This has sheltered many web administrators from
their own errors as, using this method, Internet Explorer will continue to
process content as expected even though the web server is misconfigured,
e.g., it may correctly display an image that is reported to be plain text.
• Serving content using the correct MIME type can also be important for
security reasons; it’s possible for malicious content to affect the user’s
computer by pretending to be a safe type of document when it is in fact
not.

06-02-2023 25
Session Number
Structure/Parts of a MIME type
• MIME types enable browsers to recognize the type of a

file which has been sent via HTTP by the webserver.
• A MIME type most-commonly consists of just two parts:
• a type and a subtype, separated by a slash (/) — with no
whitespace between:
• type/subtype

06-02-2023 26
Session Number
• The type represents the general category into
which the data type falls, such as video or
text.
• The subtype identifies the exact kind of data
of the specified type the MIME type
represents.
• For Example: It type of the file is image, the
subset says whether it is JPEG, PNG,BMP, TIFF

06-02-2023 27
Session Number
• Discrete Type
• Multipart Type

06-02-2023 28
Session Number
Advantages of MIME
• Multiple attachments of different types can be
included in the same email.
• There are no limits on message length.
• Multipart messages are supported.

06-02-2023 29
Session Number
Apache HTTP
• The Apache HTTP Server resides on this client
tier. It is the first server-side resource a client
interacts with when a request is made, and
sends a final response back to the client.
• If a request is for a simple, static file such as
HTML or an image, the Apache web server will
send that file back to the client. If the request
requires some logic, the Apache web server
passes the request to the Tomcat server.

06-02-2023 30
Session Number
• Apache is the mostly used and fully-featured
web server.
• It is an open source software which is totally
free and can be easily access by anyone.
• It is too easy, speedy and secure web server.
• For webmasters, Apache is the first choice for
testing and development purpose.

06-02-2023 31
Session Number
Use and benefits of Apache web server
• The main use of Apache web server is
‘Testing’.
• It is mainly used for troubleshooting
and testing of files and softwares.
• It is operate as a Tester, the user can
first test their files on local web based
server (Apache) and after confirmation
files can be transferred to the Internet.
06-02-2023 32
Session Number
• Free of cost
• Fast & Secure
• For developing websites before
making them ‘Live’
• For examining projects on server side
script languages like PHP, Perl, Ruby,.
etc..

06-02-2023 33
Session Number
How to install apache web server on
windows
• There are two types of installation :
• 1) Automatic From Softwares like – XAMPP,
Wampserver.
2) Manual Installation.

06-02-2023 34
Session Number
Manual Installation:
• Step1: Vist the website
https://www.apachelounge.com/download/
• Step2: click httpd-2.4.23-win64-VC14.zip or
httpd-2.4.37-win32-VC15.zip to download it.
(Choose the package, according to windows
compatibility)
• Step3: Once the download finished, unzip the
file. (or Extract the file)

06-02-2023 35
Session Number
• Step 4:Copy it, and Paste it into the C:
drive of your local system. (Local Disk C)
• Step 5: Make sure the file location should
be like C:/Apache24 which means that
Apache24 folder is in C: drive.
• Step 6: Now to run Apache, (It requires
C++ Microsoft Visual Studio 2015. To
download it visit
https://www.microsoft.com/en-
us/download/details.aspx?id=53840)
06-02-2023 36
Session Number
• Step 7:After downloading, Double click and
Run it. (Click “Yes” if User Account Control
displays a pop-up)
• Step 8: Now, Install it normally & Finish the
installation process.

06-02-2023 37
Session Number
Configure Apache Web Server
• Step 1: Go to C:/ drive (Local Disk C) & Open
Apache24 folder.
• Step 2: Find folder named “conf” and open it.

06-02-2023 38
Session Number
• Step3: Here, Open a configuration file “httpd.conf”
in Notepad
• Step4: After it, Find “ServerRoot” (Use Ctrl + F)

• Step5: Replace the line with:
• ServerRoot “c:/Apache24”

06-02-2023 39
Session Number
Step5: Replace the line with:
ServerRoot “c:/Apache24” (Because, Apache24 folder moved
the in the C: drive & it specifies the root directory of Apache web
server)

06-02-2023 40
Session Number
• Step6: Now again Find “DocumentRoot” (Use
Ctrl + F)
• Step7: Now again Find “DocumentRoot” (Use
Ctrl + F)
– Note: It is the folder in which files would be
stored, but to manage the files of other different
websites, different folder which is C:/Websites is
used for storing files. So, that we can easily control
them]
06-02-2023 41
Session Number
Step 8: Now to do it, Replace the lines to:
DocumentRoot “c:/Websites”
<Directory “c:/Websites”>

06-02-2023 42
Session Number
• Step 9: Now we need to change the server
name and here we will use localhost as server
name
• Step 10: And to do it, Find “ServerName” (Use
Ctrl + F)
• Step 11: Now, Replace the line with:
• ServerName localhost:80

06-02-2023 43
Session Number
06-02-2023 44
Session Number
• Step12: Now, here comes the final change to
replace the Apache web server to port 80.
• Step13: And, to do it we need to Find “Listen
80”
• Step14: Replace the line with:
–Listen *:80

06-02-2023 45
Session Number
06-02-2023 46
Session Number
• Step15: Save the httpd.conf file and close
Notepad.
• Step16: Go to C:/ drive (Local Disk C) & Create
a folder named Websites to store files.

06-02-2023 47
Session Number
• Step17: Now, to install Apache web server use
“Command Prompt”
• Step18: Go to Start & Search “Command
Prompt“.
• Step19: Right click & select “Run as
administrator” option. If any popup appears,
Simply click “Yes”

06-02-2023 48
Session Number
06-02-2023 49
Session Number
• Step20: Now enter the following command in
CMD & hit Enter.

06-02-2023 50
Session Number
• Step21:Finally, enter the below command to
install Apache

06-02-2023 51
Session Number
• Step22: Apache web server will be installed on
computer. [If get a security alert, Simply click
Allow Access to install it]

06-02-2023 52
Session Number
• Step23: Now to Start Apache, Go to
C:/Apache24/bin/ Open ApacheMonitor.exe

06-02-2023 53
Session Number
• Step24:And, also open httpd.exe (Optional)
– [This will help you to monitor your Apache server.
If you need to start, follow the above steps & to
stop, close the ApacheMonitor program]
• Step25:For confirmation, Go to C:/
drive/Apache24/htdocs & copy the
“index.html‘ file to “c:/Websites”
• Step26: Finally, Open any web browser, type
localhost in URL bar and hit Enter

06-02-2023 54
Session Number
HTTP
• HTTP stands for Hypertext Transfer Protocol, and it is a
protocol—or a prescribed order and syntax for presenting
information—used for transferring data over a network. Most
information that is sent over the Internet, including website
content and API calls, uses the HTTP protocol.
• There are two main kinds of HTTP messages:
– requests
– responses.
• HTTP requests are generated by a user's browser as the user
interacts with web properties. For example, if a user clicks on
a hyperlink, the browser will send a series of "HTTP GET"
requests for the content that appears on that page. These
HTTP requests go to either an origin server or a proxy caching
server, and that server will generate an HTTP response. HTTP
responses are answers to HTTP requests.
06-02-2023 55
Session Number
HTTP Request & Response
• HyperText Transfer Protocol
• The Communication happens using Request & Response
• https://www.tutorialspoint.com/http/http_requests.ht
m - Refer for further Explanation
06-02-2023 56
Session Number
Format of Requests
• To make a valid Request, the client needs to include 4
things to communicate to the server
– URL
• The resource to access
– Method
• Kind of action the client wants the server to take
– GET – Asks the server to retrieve a resource
– POST - Asks the server to create a new resource
– PUT - Asks the server to edit/update an existing resource
– DELETE - Asks the server to delete a resource
– Headers
• Provide a meta-information about a request
– Body
• Contains the data the client wants to ‘send to/receive from’ the server

06-02-2023 57
Session Number
Format of Response
• To make a Response, the server needs to
include 3 things to communicate to the client
– Status Code
• The 3 digit number usually 200 for successful request
– Headers
• Provide the content type
– Body
• Contains the data which the server responds

06-02-2023 58
Session Number
HTTP
• HTTP requests and responses are sent across the
Internet in plaintext. The problem is that anyone
monitoring the connection can read these plaintexts.
This is especially an issue when users submit
sensitive data via a website or a web application. This
could be a password, a credit card number, or any
other data typed into a form. Essentially, a malicious
actor can just read the text in the request or the
response and know exactly what information
someone is asking for, sending, or receiving, and
even manipulate the communication.
• The answer to above security problem is HTTPS.

06-02-2023 59
Session Number
HTTPS
• HTTPS stands for Hypertext Transfer Protocol Secure (also referred to as
HTTP over TLS or HTTP over SSL). HTTPS uses TLS (or SSL) to encrypt
HTTP requests and responses, so instead of the plaintext, an attacker
would see a series of seemingly random characters.
• TLS uses a technology called public key encryption: there are two keys, a
public key and a private key. The public key is shared with client devices
via the server's SSL certificate. The certificates are cryptographically
signed by a Certificate Authority (CA), and each browser has a list of CAs
it implicitly trusts. Any certificate signed by a CA in the trusted list is
given a green padlock lock in the browser’s address bar, because it is
proven to be “trusted” and belongs to that domain. Companies like Let’s
Encrypt have now made the process of issuing SSL/TLS certificates free.
• When a client opens a connection with a server, each machine needs a
verified identity. So, the two devices use the public and private key to
agree on new keys, called session keys, to encrypt further
communications between them. All HTTP requests and responses are
then encrypted with these session keys, so that anyone who intercepts
communications can only see a random string of characters, not the
plaintext.

06-02-2023 60
Session Number
HTTPS
• In addition to encrypting communication, HTTPS is used
for authenticating the two communicating parties.
Authentication means verifying that a person or machine
is who they claim to be. In HTTP, there is no verification of
identity—it is based on a principle of trust. But on the
modern Internet, authentication is essential.
• Just like an ID card confirms a person's identity, a private
key confirms server identity. When a client opens a
channel with an origin server (e.g. when a user navigates
to a website), possession of the private key that matches
with the public key in a website's SSL certificate proves
that the server is actually the legitimate host of the
website. This prevents or helps block a number of attacks
that are possible when there is no authentication, such as
Man-in-the-middle attacks, DNS hijacking, and domain
spoofing
06-02-2023 61
Session Number
06-02-2023 62
Session Number
HTTPD
• HTTPd stands for Hypertext Transfer Protocol
Daemon. HTTPd is a software program, that
usually runs in the background, as a process.
• It plays the role of server in a client-server
model using HTTP and/or HTTPS network
protocols.
• HTTPd waits for the incoming client requests
and for each request it answers by replying
with requested information.

06-02-2023 63
Session Number
Apache Configuration & Debugging
• https://youtu.be/oJnCEqeAsUk
• Refer the above video for configuring Apache
• Below is a detailed written document
https://www.hostkarle.in/blog/how-to-install-
apache-and-configure-on-windows-10
For Apache Debugging refer
Apache HTTPD Debugging Guide - The Apache
HTTP Server Project
06-02-2023 64
Session Number
Apache .htaccess
An.htaccess (hypertext access) file is a directory-level
configuration file supported by web servers, used for
configuration of website-access issues, such as URL
redirection, URL shortening, access control (for different
web pages and files), and more. The 'dot' (period or full
stop) before the file name makes it a hidden file in Unix-
based environments.
For Video to understand
https://youtu.be/0Vz2cUHBDPA
Refer the below link for complete details
Apache HTTP Server Tutorial: .htaccess files - Apache
HTTP Server Version 2.4
06-02-2023 65
Session Number

WP - Unit III

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

WP - Unit III

Uploaded by

Copyright:

Available Formats

web server

• The aim of the web servers is to

Dept of COMPUTER APPLICATIONS

Dept of COMPUTER APPLICATIONS

Dept of COMPUTER APPLICATIONS

2.With the help of the URL, web browser will fetch

5.If the web page requested by the browser does

6.If there occurs no error, the browser will

Dept of COMPUTER APPLICATIONS

•Sending and receiving mails on Internet by

Dept of COMPUTER APPLICATIONS

Name-based Virtual Host

Dept of COMPUTER APPLICATIONS

Apache Name-based Virtual host Example:

If the configuration file has some wrong syntax, it will

Invalid command '*', perhaps misspelled or defined by a

Dept of COMPUTER APPLICATIONS

Dept of COMPUTER APPLICATIONS

1) Hiding Apache version and OS information:

Dept of COMPUTER APPLICATIONS

• After modifying the configuration file, you have to restart/reload

Dept of COMPUTER APPLICATIONS

Dept of COMPUTER APPLICATIONS

Dept of COMPUTER APPLICATIONS

Dept of COMPUTER APPLICATIONS

• MIME types enable browsers to recognize the type of a

Dept of COMPUTER APPLICATIONS

Dept of COMPUTER APPLICATIONS

Dept of COMPUTER APPLICATIONS

Dept of COMPUTER APPLICATIONS

Dept of COMPUTER APPLICATIONS

Dept of COMPUTER APPLICATIONS

Dept of COMPUTER APPLICATIONS

Dept of COMPUTER APPLICATIONS

Dept of COMPUTER APPLICATIONS

Dept of COMPUTER APPLICATIONS

Dept of COMPUTER APPLICATIONS

• Step4: After it, Find “ServerRoot” (Use Ctrl + F)

Dept of COMPUTER APPLICATIONS

Dept of COMPUTER APPLICATIONS

Dept of COMPUTER APPLICATIONS

Dept of COMPUTER APPLICATIONS

Dept of COMPUTER APPLICATIONS

Dept of COMPUTER APPLICATIONS

Dept of COMPUTER APPLICATIONS

Dept of COMPUTER APPLICATIONS

Dept of COMPUTER APPLICATIONS

Dept of COMPUTER APPLICATIONS

Dept of COMPUTER APPLICATIONS

Dept of COMPUTER APPLICATIONS

Dept of COMPUTER APPLICATIONS

Dept of COMPUTER APPLICATIONS

• The answer to above security problem is HTTPS.

Dept of COMPUTER APPLICATIONS

Dept of COMPUTER APPLICATIONS

You might also like