Total Pageviews

Tuesday 26 June 2012

Hiawatha - a secure web server


Introduction

Hiawatha is an open source webserver with a focus on security. I started Hiawatha in January 2002. Before that time, I had used several webservers, but I didn't like them. They had unlogical, almost cryptic configuration syntax and none of them gave me a good feeling about their security and robustness. So, I decided it was time to write my own webserver. I never thought that my webserver would become what it is today, but I enjoyed working on it and liked to have my own open source project. In the years that followed, Hiawatha became a fully functional webserver.

Project goals

Because of my great interest in IT security, I paid extra attention to security while I was working on Hiawatha. Beside all the default security measures you can expect from a modern webserver, there are a lot of security features in Hiawatha you won't find in any other webserver. Many of them started as an experiment, but in the meantime, most of them have proven to be very usefull.

A second thing I wanted my webserver to be is easy-to-use. This resulted in a readable configuration syntax and not having to be a HTTP or CGI expert in order to get Hiawatha running.

I was reading the blog of Hugo Leisink and came across a performance study that was posted there. I have been using Hiawatha on several of my test servers and recently a production server. I love it for its security features, ease of setup and performance. You can find the link to the PDF document below. I just used the same link provided on Hugo's blog. As you can see from the study, Hiawatha does a great job in performance too. And coupling this with security and ease of use, why would anyone want to use another web server? 

Link to the study:

You can also read my testimony of Hiawatha on how we reduced excessive and abusive bandwidth usage on our server from over 1000 GB/day to 40 GB/day.

Link to the testimony:
http://www.hiawatha-webserver.org/about
--------------------------------------------------
 
轻量级Web服务器Hiawatha

Hiawatha是一款开源的Web 开源服务器,  作者Hugo Leisink 2002年在荷兰学习计算机科学时开发的,设计目的为安全,快速易于配置的轻量级服务器。Hiawatha支持Linux, BSD 以及 MacOS X。

特点:
    高级访问控制
    防止 SQL 注入和跨站点脚本攻击
    检查客户的异常行为并进行自动阻止
    可使用任意 UID/GID 来运行 CGIs 程序
    易于配置和管理

[repo owner=”hsleisink” name=”hiawatha”]