A web server is a program that uses HTTP to serve files that create web pages to users in response to their requests, which are sent by their computer HTTP connection.
Dedicated computers and appliances may be referred to as Web servers as well. All computers that host Web sites must have Web server programs.
A web server requires both hardware and software. Attackers usually target the exploits in the software to gain authorized entry to the server.
The actual role of web servers is dependent on the way they are implemented; however, the generic web servers store HTML or server-side scripting files such as PHP, ASP, etc. that generate HTML files on the fly.
Always a web server is connected to the internet. Every web server that connects to the Internet will be having a unique address that contains a series of four numbers between 0 and 255.
A period (.) separates these numbers. Also, It enables the hosting providers to manage multiple domains(users) on a single server.
Types of Web Server
1. Apache
One of the most popular web servers in the world developed by the Apache Software Foundation. Apache is open-source software that supports almost all operating systems including Linux, Unix, Windows, FreeBSD, Mac OS X, and more. About 60% of machines run on Apache Web Servers.
The customization of the Apache webserver is easy as it contains a modular structure. It is also open-source which means that you can add your own modules to the server when required and make modifications that suit your requirements.
It is more stable than any other web server and is easier to solve administrative issues. It can be installed on multiple platforms successfully.
2. Internet Information Services (IIS)
It is developed by Microsoft. It runs on Windows and is the second most used web server on the internet. Most asp and aspx websites are hosted on IIS servers.
3. Apache Tomcat
Most Java servers pages (JSP) websites are hosted on this type of web server.
4. Other web servers
These include Novell’s Web Server and IBM’s Lotus Domino servers.
How do Web Server Works
Whenever you view a web page on the internet, you are requesting that page from a web server. When you type a URL into your browser (for example, https://www.zerosuniverse.com), your browser requests the page from the webserver and the web servers send the page back:
If you want to get into a bit more detail on the process of getting a Web page onto your computer screen, here are the basic steps that occurred behind the scenes here are the four steps
- Obtaining the IP Address from the domain name – Our web browser first obtains the IP address the domain name (for e.g., for this page the domain name is www.geeksforgeeks.org) resolves to. It can obtain the IP address in 2 ways-
- By searching in its cache.
- By requesting one or more DNS (Domain Name System) Servers.
Note: Any website is assigned an IP address when it is first created on the web servers.
- Browser requests the full URL – After knowing the IP Address, the browser now demands a full URL from the webserver.
- Web server responds to request – The web server responds to the browser by sending the desired pages, and in case, the pages do not exist or some other error occurs, it will send the appropriate error message.
- For example – You may have seen Error 404 while trying to open a webpage, which is the message sent by the server when the page does not exist. Another common one is Error 401 when access is denied to us due to incorrect credentials, like username or password, provided by us.
- Browser displays the web page: The Browser finally gets the webpages and displays it, or displays the error message.
Types of Web Server Attacks
- Website Defacement – With this type of attack, the attacker replaces the organization’s website with a different page that contains the hacker’s name, images and may include background music and messages.
- Directory Traversal – This is a vulnerability where an attacker is able to access beyond the webroot directory from the application. If he is able to access beyond web root directory, he might execute OS commands and get sensitive information or access restricted directories.
- Misconfiguration of operating systems and networks – certain configurations such as allowing users to execute commands on the server can be dangerous if the user does not have a good password.
- DOS attack
- Phishing Attack
- Brute Force
- Session Hijacking
Countermeasures
- Update and patch web servers regularly.
- Do not use the default configuration.
- Store configuration files securely.
- Scan the applications running on the webserver for all vulnerabilities.
- Use IDS and firewall with updated signatures.
- Block all unnecessary protocols and services.
- Use secure protocols.
- Disable default accounts, follow strict access control policy.
- Install Anti-virus, and update it regularly.
- All OS and software used should be latest and updated.