Web server is a program that uses HTTP to serve files that create web pages to users in response to their requests, which is sent by their computers HTTP connection. Dedicated computers and appliances may be referred to as Web servers as well. All computers that host Web sites must have Web server programs.
A web server requires both hardware and software. Attackers usually target the exploits in the software to gain authorized entry to the server. The actual role of web servers is dependent on the way they are implemented; however, the generic web servers store HTML or server-side scripting files such as PHP, ASP, etc. that generate HTML files on-the-fly.
Always a web server is connected to the internet. Every web server that connects to the Internet will be having a unique address which contains a series of four numbers between 0 and 255. A period (.) separates these numbers. Also, It enables the hosting providers to manage multiple domains(users) on a single server.
Types of Web Servers
- Apache – One of the most popular web servers in the world developed by the Apache Software Foundation. Apache is an open source software which supports almost all operating systems including Linux, Unix, Windows, FreeBSD, Mac OS X and more. About 60% of machines run on Apache Web Servers. Customization of
Apacheweb server is easy as it contains a modular structure. It is also an open source which means that you can add your own modules to the server when to require and make modifications that suit your requirements. It is more stable than any other web servers and is easier to solve administrative issues. It can be installed on multiple platforms successfully.
- Internet Information Services (IIS)– It is developed by Microsoft. It runs on Windows and is the second most used web servers on the internet. Most asp and
aspxwebsites are hosted on IIS servers.
- Apache Tomcat – Most Java servers pages (JSP) websites are hosted on this type of web servers.
- Other web servers – These include Novell’s Web Server and IBM’s Lotus Domino servers.
How do Web Server Works
Whenever you view a web page on the internet, you are requesting that page from a web server. When you type a URL into your browser (for example, http://www.zerosuniverse.com), your browser requests the page from the web server and the web servers sends the page back:
If you want to get into a bit more detail on the process of getting a Web page onto your computer screen, here are the basic steps that occurred behind the scenes here are the
- Obtaining the IP Address from domain name – Our web browser first obtains the IP address the domain name (for e.g., for this page the domain name is www.geeksforgeeks.org) resolves to. It can obtain the IP address in 2 ways-
- By searching in its cache.
- By requesting one or more DNS (Domain Name System) Servers.
Note: Any website is assigned an IP address when it is first created on
- Browser requests the full URL – After knowing the IP Address, the browser now demands a full URL from the web server.
Webserver responds to request – The web server responds to the browser by sending the desired pages, and in case, the pages do not exist or some other error occurs, it will send the appropriate error message.
For example – You may have seen Error
- Browser displays the web page: The Browser finally gets the webpages and displays it, or displays the error message.
Types of Web Server Attacks
- Website Defacement – With this type of attack, the attacker replaces the organization’s website with a different page that contains the hacker’s name, images and may include background music and messages.
- Directory Traversal – This is vulnerability where an attacker is able to access beyond the web root directory from the application. If he is able to access beyond web root directory, he might execute OS commands and get sensitive information or access restricted directories.
- Misconfiguration of operating systems and networks – certain configuration such as allowing users to execute commands on the server can be dangerous if the user does not have a good password.
- DOS attack
- Phishing Attack
- Brute Force
- Session Hijacking
- Update and patch web servers regularly.
- Do not use the default configuration.
- Store configuration files securely.
- Scan the applications running on the web server for all vulnerabilities.
- Use IDS and firewall with updated signatures.
- Block all unnecessary protocols and services.
- Use secure protocols.
- Disable default accounts, follow strict access control policy.
- Install Anti-virus, and update it regularly.
- All OS and software used should be latest and updated.