Advanced Web Hosting

● Different Apache Methods

● Reverse Proxy

● Apache Tomcat

● Node

● Hack attempts Investigation

● Concepts of CDN

● Inspecting Webpages

● Website Migration
1. Different Apache Methods:

What is HTTP?
The Hypertext Transfer Protocol (HTTP) is designed to enable communications between clients and servers.
HTTP works as a request-response protocol between a client and server.

Example: A client (browser) sends an HTTP request to the server; then the server returns a response to the client. The
response contains status information about the request and may also contain the requested content.

HTTP Methods
------------
GET
POST
PUT
HEAD
DELETE
PATCH
OPTIONS

The two most common HTTP methods are: GET and POST.
The GET Method
GET is used to request data from a specified resource.

GET is one of the most common HTTP methods

It appends form-data to the URL in name/ value pairs

The length of the URL is limited by 2048 characters.

Some other notes on GET requests:

● GET requests can be cached

● GET requests remain in the browser history
● GET requests can be bookmarked
● GET requests should never be used when dealing with sensitive data
● GET requests have length restrictions
● GET requests are only used to request data (not modify)
We can find logs in apache access_log
The POST Method
POST is used to send data to a server to create/update a resource.

The data sent to the server with POST is stored in the request body of the HTTP request:

POST is one of the most common HTTP methods.

A POST request is used to send data to the server; for example, customer information, file upload, etc., using HTML
forms. The HttpClient API provides a class named HttpPost which represents the POST request.

Some other notes on POST requests:

● POST requests are never cached

● POST requests do not remain in the browser history
● POST requests cannot be bookmarked
● POST requests have no restrictions on data length
Sample log for POST method
Compare GET vs. POST

The following table compares the two HTTP methods: GET and POST.

GET POST

BACK button/Reload Harmless Data will be re-submitted (the

browser should alert the user
that the data are about to be
re-submitted)

Bookmarked Can be bookmarked Cannot be bookmarked

Cached Can be cached Not cached

Encoding type application/x-www-form-urlen application/x-www-form-urlen

coded coded or multipart/form-data.
Use multipart encoding for
binary data

History Parameters remain in browser Parameters are not saved in

history browser history
 GET POST

Restrictions on data length Yes, when sending data, the No restrictions

GET method adds the data to
the URL; and the length of a
URL is limited (maximum URL
length is 2048 characters)

Restrictions on data type Only ASCII characters allowed No restrictions. Binary data is
also allowed

Security GET is less secure compared POST is a little safer than GET
to POST because data sent is because the parameters are
part of the URL not stored in browser history
or in web server logs
Never use GET when sending
passwords or other sensitive
information!

Visibility Data is visible to everyone in Data is not displayed in the

the URL URL
The PUT Method: PUT is used to send data to a server to create/update a resource.

The difference between POST and PUT is that PUT requests are idempotent. That is, calling the same PUT request
multiple times will always produce the same result. In contrast, calling a POST request repeatedly have side effects of
creating the same resource multiple times.

The HEAD Method: HEAD is almost identical to GET, but without the response body.

In other words, if GET /users returns a list of users, then HEAD /users will make the same request but will not return
the list of users. HEAD requests are useful for checking what a GET request will return before actually making a GET
request - like before downloading a large file or response body.

The DELETE Method: The DELETE method deletes the specified resource.
The OPTIONS Method: The OPTIONS method describes the communication options for the target resource.
Reverse Proxy - Nginx

What is a reverse proxy?

A reverse proxy is a server that sits in front of web servers and forwards client (e.g. web browser)
requests to those web servers. Reverse proxies are typically implemented to help increase security,
performance, and reliability.
Continue..
Common uses for a reverse proxy server

● Load balancing – A reverse proxy server can act as a “traffic cop,” sitting in front of your backend
servers and distributing client requests across a group of servers in a manner that maximizes speed
and capacity utilization while ensuring no one server is overloaded, which can degrade
performance. If a server goes down, the load balancer redirects traffic to the remaining online
servers.
● Web acceleration – Reverse proxies can compress inbound and outbound data, as well as cache
commonly requested content, both of which speed up the flow of traffic between clients and servers.
They can also perform additional tasks such as SSL encryption to take load off of your web servers,
thereby boosting their performance.
● Security and anonymity – By intercepting requests headed for your backend servers, a reverse
proxy server protects their identities and acts as an additional defense against security attacks. It
also ensures that multiple servers can be accessed from a single record locator or URL regardless
of the structure of your local area network.
Apache Tomcat
Tomcat can be used as both a web server and application server where all processing is done
by Tomcat. Apache Tomcat is a free and open-source implementation of the Java Servlet,
JavaServer Pages, Java Expression Language and WebSocket technologies. Tomcat provides a
"pure Java" HTTP web server environment in which Java code can run.

Apache Tomcat is a webcontainer which allows to run servlet and JavaServer Pages (JSP) based
web applications. Most of the modern Java web frameworks are based on servlets, e.g.
JavaServer Faces, Struts, Spring.

Apache Tomcat also provides by default a HTTP connector on port 8080, i.e., Tomcat can also be
used as HTTP server. But the performance of Tomcat is not as good as the performance of a
designated web server, like the Apache HTTP server.
Role of Tomcat server:
Tomcat is an application server designed to execute Java servlets and render web pages that
use Java Server page coding. Accessible as either a binary or a source code version,
Tomcat’s been used to power a wide range of applications and websites across the Internet.

The default port for the Apache Tomcat service is 8080.

Node

A Node.js server makes your app available to serve HTTP requests. It provides the
interaction between users and your application. It is a lightweight and efficient JavaScript
platform that is built based on Chrome’s V8 JavaScript engine and NPM is a default
NodeJS package manager.

How does a node server work

Node is completely event-driven. Basically the server consists of one thread processing one
event after another. A new request coming in is one kind of event. The server starts
processing it and when there is a blocking IO operation, it does not wait until it completes
and instead registers a callback function

Default port is 3000

 Node used for

Node. js is primarily used for non-blocking, event-driven servers, due to its single-threaded nature. It's
used for traditional web sites and back-end API services, but was designed with real-time, push-based
architectures in mind.
Hack attempts Investigation

1 - Check the last users connection on the host

From console digit:

# last

This command will show you all user that logged successfully in the host.This is a good point to
start to understand if somebody get an unauthorised access on your server.
2 – Check the running processes with TOP

With top you can verify if some application are using more resource than usual.

With this command you can also find other useful information, like free Ram, average load, number of task, CPU
load ect.
3 - Check SSH attempt connections:

Another step is to check the ssh logs to understand is somebody is trying to get access to the server,

You can check the access log to the server ( SSH ) in this way

From console digit:

# tail -n 500 /var/log/secure | grep ‘sshd’

4 - Netstat :Verify the current connections from and to the server

Another step is to verify the connection to your server with netstat

From console digit:

# netstat | more

this command is will show you 2 part the first is “Active Internet connections” (w/o servers) and the second
is “Active UNIX domain sockets (w/o servers)”

5-Antivirus scan

Scan website contents using clamscan and maldet. Which will show the infected files.
Running Clamscan

#clamscan -ir /path/to/scan -l /log/path.txt

Running maldet

#maldet –scan-all /path/to/scan

If you find any files infected, You can null route that file by giving no permission to that file by following
command.

#chmod 000 /path/to/file

5-Check Recently Modified Files
You can identify hacked files by seeing if they were recently modified.

To check recently modified files using terminal commands:

Type in your terminal:

$ find /location -type f -printf '%TY-%Tm-%Td %TT %p\n' | sort -r .

6-Check Diagnostic Pages

If your website has been blacklisted by Google or other website security authorities, you can use their
diagnostic tools to check the security status of your website.
Checking website speed test online

There are several online websites are available to test the website loading speed from world wide.

EX :- https://tools.pingdom.com/

https://gtmetrix.com/

https://developers.google.com/speed/pagespeed/insights/
Concept of CDN

CDN Definition. A CDN (Content Delivery Network) is a

highly-distributed platform of servers that helps minimize delays in
loading web page content by reducing the physical distance
between the server and the user. This helps users around the world
view the same high-quality content without slow loading times.
A model of CDN architecture
Cloudflare
Cloudflare is a CDN type product that protects against threats such as SQL injection
and identity theft. Cloudflare also improves site performance and speeds up loading
times by using their multiple data centers that are located around the world. The
Cloudflare network acts like a giant VPN.

EX : Clouflare Nameservers

● dns1.cloudflare.com
● dns2.cloudflare.com
Inspecting webpages

We can inspect any website from the browser itself by entering f12 key.
● Shows mixed contents
● Broken links
● Missing files
● Script errors
Website migration

Transfer of website from one server to another server.

Points to be checked before migration :

● Check database version

● Available php handlers
● SSL
Step 1

Take backup of document root and database dump, then copy to the destination server.

Step 2

Restore website backup in document root assigned for website on destination server.

Update the file ownership and permission accordingly.

Step 3

Create new database and restore database dump to the new database created.
Create new database user and grant all privileges to database user.

Once these steps are done successfully, the website starting working from new server. Once you verified
this you can update the DNS records on the DNS zone of the domain which is available in DNS server.

Online tool for website preview.

https://hosts.cx/

https://skipdns.link/
Thank you