Hiawatha (web server)

Hiawatha Webserver

Original author(s)	Hugo Leisink
Developer(s)	Hugo Leisink
Initial release	2002; 11 years ago (2002)
Stable release	8.6 / October 31, 2012; 4 months ago (2012-10-31)[1]
Written in	C
Operating system	POSIX, Cross-platform
Platform	Linux, Windows, Solaris, FreeBSD, OpenBSD, Unix-like, IBM AIX, HP-UX, QNX, Mac OS X, Haiku os[2]
Available in	English
Type	Web server
License	GPLv2
Website	www.hiawatha-webserver.org

Hiawatha is a web server available for multiple platforms. It has been developed by Hugo Leisink since 2002.^[3]

History

Hiawatha started in January 2002 as a very small web server, suitable for servers with old hardware. It was written originally for Internet servers in student houses in Delft of South Holland, the Netherlands. Because the author was a computer science student with special interest in IT security, all sorts of experimental security features were included. This resulted in a web server with many interesting security features which have proven useful. The author has said "I know for a long time that vulnerabilities [exist in other web servers] . [One thing] that bothers me: the runtime of a CGI. A CGI process [under other web servers] can run forever. A single CGI script can DoS a webserver. A system administrator is needed to kill the script. And what about a client [or hacker] that keeps on guessing passwords for HTTP authentication? These kind of issues inspired me to create Hiawatha, with settings for maximum request sending time, maximum CGI run time, client banning, etc. Features that, in my opinion, every daemon should have."^{[citation needed]}

The January 2009 edition of Linux Magazine contained an article about the Hiawatha web server.

Important releases

• 1.0: September 2002. A basic but functional web server.
• 2.0: March 2004. Use of multithreading instead of forking.
• 3.0: September 2004. SSL support.
• 4.0: December 2005. A CGI-wrapper^[4] for improved security was included.
• 5.0: October 2006. FastCGI support for improved CGI speed.
• 5.2: November 2006. First-time integration to the FreeBSD Ports system at version 5.2 in December 2006,^[5] to the OpenBSD ports tree at version 5.7 in March 2007.^[6]
• 5.12: August 2007. URL rewriting support.
• 6.0: October 2007. IPv6 support.
• 6.6: April 2008. XSLT support.
• 6.10 : October 2008. Prevent cross-site request forgery added.
• 7.0: February 2010. Remote monitoring support.
• 8.0: January 2012. Autoconf replaced with CMake, OpenSSL replaced with PolarSSL.

Features

Hiawatha web server implements all important functions of a modern web server, such as:

• CGI and load balancing FastCGI support
• Large file support
• Reverse proxy functionality
• Chroot support
• URL toolkit which support URL rewriting
• SSL and TLS support
• Basic and digest HTTP authentication
• Upload speed control by traffic shaping
• Internal file caching
• IPv6 support
• HTTP compression using gzip
• Virtual hosting
• Support for WebDAV applications
• Support for Server Name Indication included in v8.6

Hiawatha has many security features that no other web server has, like preventing SQL-injection, cross-site scripting (XSS), Cross-site request forgery (CSRF) prevention, denial-of-service protection, control external image linking, banning of potential hackers and limiting the runtime of CGI applications.^[7] The author worked on RFC3546 support, but "the OpenSSL documentation [on this subject] is just extremely poor"^{[citation needed]} so progress was difficult. Although, RFC3546 support has been included since v8.6 version which is developed with PolarSSLv1.2 .

Performance

Although security is the main focus, Hiawatha is also doing quite well in terms of speed and performance. According to a performance test carried out by an independent researcher (SaltwaterC), Hiawatha beats others for static content.^[8][9] Hiawatha supports load-balanced FastCGI and has its own PHP-FastCGI utility,^[10] which makes it fast and scalable for handling dynamic content.

Usage statistics

Usage statistics of Hiawatha web server is often underestimated. Due to its security traits, Hiawatha web server may reject unknown web crawlers not from web search engines, which may include some from web survey agencies.^[11]

See also

Free software portal

• Perbandingan -- web servers
• Perbandingan -- lightweight web servers

References

1. ^ "Changelog". http://www.hiawatha-webserver.org/cha ngelog. Retrieved 2012-06-08.
2. ^ Hiawatha on Haiku OS
3. ^ About page of Hiawatha webserver
4. ^ Manual page cgi-wrapper - Hiawatha webserver
5. ^ FreeBSD Ports of Hiawatha
6. ^ OpenBSD Ports of Hiawatha
7. ^ Daftar/Tabel -- features
8. ^ PHP_web_serving_study
9. ^ Benchmark of webservers
10. ^ Manual page php-fcgi - Hiawatha webserver
11. ^ Security measures suggested for defining websites

External links

• Official website
• 'Hiawatha Web Server' by Dru
• Der sichere Webserver Hiawatha (article in German Linux magazine)