Server-side:
The Server
Parke Godfrey
28 September 2011
3 October 2011
CSE-2041
Parke Godfrey
28 September 2011
3 October 2011
CSE-2041
These slides are based in part on ones from the following sources.
KISS: Keep It Short & Simple
stateless
Keep the HTTP Daemon (server program) stateless.
Will use database services, etc., to affect state.
high concurrency
Many clients with open HTTP sessions at the same time.
short sessions
A session may still be longer than what we want...
E.g., keep-alive, lots of silly images, ...
E.g., video!!!
What to do about this?
bind
listen
fork
Important! Server is listening for other processes while servicing existing sessions.
But, there is a limit to # open sessions.
Listen on port 80.
Fork to handle when an HTTP request arrives.
Extract the path/file from the URL.
Check whether file exists.
If not, return
status 404
.
Check whether File is reachable & readable (chmod
).
If not, return
status 403
.
Determine the content type.
Return
with status 200
(OK
)
and a type header.
Serve file as the payload.
Close HTTP session.
Or, on keep-alive,
wait brief time for another request.
Status codes are part of the HTTP protocol.
We will use Apache running on Linux as our working model.
Availability via fork‐and‐serve.
Confidentiality via HTTPS on port 443
Authentication via .htaccess
and 401
.
Client‐Side caching: 304
Request is a directory.
No slash at end: 301
.
Else, serve welcome file (if any).
ls
(if directory readable)
Else, 403
.
Refresh for redirecting and fake‐pushing.
different payload / same URL
Can deliver different content for the same URL, depending on who asks.
server-side pre-processing
PHP
server-side includes
server-side programs: CGI (Common Gateway Interface)
Server executes a program, and sends the output of the program to the client.
Same as static up to Step #4.
Check that file is reachable. (Readable not needed!)
If not, return
status 403
.
Masquerade as file owner.
Check that file is executable by owner.
If not, return
status 500
.
Run the file and capture its output.
Check the validity of the output.
Not valid?
Return
status 500
.
Valid?
Return
status 200
(OK
),
and the output as the payload.
Hey, this looks easy!
Server code can be quite short!
(Client code? Not so much...!)
An “httpd” in python (226 lines of code).
“Engineering” issues are what is hard.
Scalability is hard.
Must design carefully what to serve from where.
Security can be tricky.
Do not serve anything that shouldn't be.
Programs on the server-side must be well behaved.