Shulou(Shulou.com)05/31 Report--

How to analyze Web containers, middleware and Web servers, I believe that many inexperienced people do not know what to do. Therefore, this paper summarizes the causes and solutions of the problems. Through this article, I hope you can solve this problem.

Web server:

The web server is used to provide http services, that is, to return information to the client, which can process the HTTP protocol and respond to requests for static pages or pictures. Popular said that you can hang static websites, the common web servers are Apache, IIS, Nginx.

Middleware:

To understand middleware, you should first understand what is a web application? a Web application is an application that can be accessed through Web. The biggest advantage of the program is that it is easy for users to access the application. Users only need to have a browser and do not need to install other software. Cramp S is a client / server program, which means that such programs generally run independently. BBPX S is browser-side / server-side applications, which usually run with browsers such as IE. WEB applications are generally in Bamp S mode. Web applications are first and foremost "applications", which are not fundamentally different from programs written in standard programming languages such as C, C++, etc. However, the Web application has its own unique feature, which is that it is based on Web rather than traditional methods. In other words, it is the product of a typical browser / server architecture.

A Web application is made up of various Web components (web components) that perform specific tasks and presents services to the outside world through Web. In practical application, Web application is composed of multiple Servlet, JSP pages, HTML files, image files and so on. All these components coordinate with each other to provide users with a complete set of services.

Next to middleware, in fact, middleware is not a fixed thing, as long as it meets the defined function can be said to be middleware. Middleware vulnerabilities can be said to be the most easily ignored by web administrators for a simple reason, because they are not vulnerabilities in application code, but are caused by improper configuration or improper use of an application deployment environment. So from the actual situation, the biggest difficulty in preventing such vulnerabilities is who should be responsible for the security of middleware.

When dealing with emergency response events, we often encounter a situation where the customer's website code is outsourced, that is, a third-party company is responsible for the development, and the deployment may be carried out by the customer's internal operation and maintenance staff. Aside from the importance and understanding of middleware security for the time being, it is a mess to talk about how to deal with vulnerabilities. The developer shrugged off that it was not a code problem, and that they followed the security development process (SDL) completely, so it had nothing to do with him. The operation and maintenance staff were blinded and retorted: you didn't tell me what to configure, but just asked me to install a program to ok. How do I know?

In addition, developers and operators' lack of security awareness of middleware is also an important factor. Some developers may conduct security testing on their own code, but it is far from enough to review only part of the code.

Focus on analysis:

The web server only provides static web page parsing (such as apache), or a service that provides redirects. Web middleware or application server (which contains web containers) can parse dynamic languages, such as tomcat can parse jsp (because tomcat contains jsp containers), of course, it can also parse static resources, so it is both web middleware and web server. However, tomcat is not as fast as apache in parsing static resources, so it is often used in combination. Middleware is used to provide the connection between system software and application software to facilitate the communication between software components, and it can provide containers for one or more applications. Take the web server as an example. The web server is the middleware when the web server parsing is needed to run the bounce S structure. * .asp can only be run on the windows service IIS, and IIS is the middleware of the BCMIS architecture. There are also such as small companies, entry-level servers, tomcat,jboss (usually used with small database mysql, the classic architecture on Linux LAMP,linux+apache+mysql+php,apache is middleware, sometimes also called Web container), large program servers (bean's weblogic, IBM's websphere. (usually with Oracle). Middleware is called middleware server, also known as application server. In web, the web server is usually called middleware.

Web container

The web container is used to provide an environment for the application components (JSP,SERVLET) in it. It is a part of middleware and implements the parsing of dynamic languages. For example, tomcat can parse jsp because there is a jsp container inside it.

Category to which it belongs

Web servers: IIS, Apache, nginx, tomcat, weblogic, websphere, etc.

Web middleware: apache tomcat, BEA WebLogic, IBM WebSphere, etc.

Web containers: JSP containers, SERVLET containers, ASP containers, etc.

Note: web middleware overlaps with web server because web middleware such as tomcat also has the function of web server.

After reading the above, have you mastered how to analyze Web containers, middleware, and Web servers? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.