Web Servers
What is a Web Server?
- A web server is an application running on a back-end server that handles all HTTP traffic between clients (browsers) and web applications.
- Primarily listens on TCP ports 80 (HTTP) and 443 (HTTPS).
- Responsible for:
- Accepting HTTP requests
- Routing them to the correct resource
- Processing the request
- Sending the appropriate HTTP response
Workflow
- Clients send HTTP requests (e.g., GET, POST).
- The web server returns appropriate HTTP responses.
Common HTTP Response Codes
| Code | Type | Description |
|---|---|---|
| 200 | Success | OK - Request succeeded |
| 201 | Success | Created - Requested resources created on server |
| 301 | Redirection | Moved Permanently |
| 302 | Redirection | Found (Temporary Redirect) |
| 400 | Client Error | Bad Request |
| 401 | Client Error | Unauthorized |
| 403 | Client Error | Forbidden |
| 404 | Client Error | Not Found |
| 405 | Client Error | Method Not Allowed |
| 408 | Client Error | Request Timeout |
| 500 | Server Error | Internal Server Error |
| 502 | Server Error | Bad Gateway |
| 504 | Server Error | Gateway Timeout |
Request Example Using cURL
Get headers only:
[curl -I https://academy.hackthebox.com](<m4cc18@htb[/htb]$ curl -I https://academy.hackthebox.com
HTTP/2 200
date: Tue, 15 Dec 2020 19:54:29 GMT
content-type: text/html; charset=UTF-8
...SNIP...>)
Get full response:
m4cc18@htb[/htb]$ curl https://academy.hackthebox.com
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8" />
<title>Cyber Security Training : HTB Academy</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
- Shows us the source code of the webpage
User Input
- Web servers accept:
- Text
- JSON
- Binary data (e.g., file uploads)
Common Web Servers
Apache (httpd)
- Most common web server (~40% of sites)
- Pre-installed on most Linux distros
- Supports:
- PHP (with
mod_php) - .NET, Python, Perl, Bash (via CGI)
- PHP (with
- Open-source and well-documented
- Popular with:
- Apple
- Adobe
- Baidu
NGINX
- Second most common (~30%)
- Uses asynchronous architecture for high performance
- Low memory/CPU usage
- Preferred by high-traffic websites (~60% of top 100K sites)
- Used by:
- Cisco
- Intel
- Netflix
- HackTheBox
IIS (Internet Information Services)
- Developed by Microsoft (~15%)
- Runs on Windows Server
- Used with:
- .NET framework
- PHP
- FTP services
- Integrates with Active Directory
- Used by:
- Microsoft
- Office365
- Skype
- Stack Overflow
- Dell
Other Web Servers
- Apache Tomcat: for Java applications
- Node.js: for JavaScript back-end applications
Exercise
If a web server returns an HTTP code 201, what does it stand for?
flag: Created
An HTTP status code of 201 indicates "Created." This means that the request made by the client was successfully fulfilled and, as a result, one or more new resources were created on the server.
This status code is commonly returned after a POST request, which is typically used to submit data to the server to create a new resource (e.g., creating a new user account, submitting a new blog post). It can also be used with some PUT requests if the PUT operation results in the creation of a new resource at the specified URL.
The response to a 201 Created status code often includes a Location header, which provides the URL of the newly created resource, allowing the client to access it directly. The body of the response may also contain a representation of the newly created resource or a description of it.