Hiawatha (web server)

Last updated
Hiawatha Webserver
Original author(s) Hugo Leisink
Developer(s) Hugo Leisink
Initial release2002;22 years ago (2002)
Stable release
11.5 [1]   OOjs UI icon edit-ltr-progressive.svg / 23 October 2023
Repository
Written in C [2]
Operating system FreeBSD, Haiku os, HP-UX, IBM AIX, Linux, OpenBSD, OS X, QNX, Solaris, Unix-like and Windows [3]
Platform POSIX, Cross-platform
Available inEnglish
Type Web server
License GPL-2.0-only
Website www.hiawatha-webserver.org OOjs UI icon edit-ltr-progressive.svg

Hiawatha was a free and open source cross-platform web server developed by Hugo Leisink. [4]

Contents

History

Hiawatha development began in January 2002 as a web server. Leisink, a computer science student at the time, initially created the server to support internet servers based in student houses in South Holland and the Netherlands. The web server was designed with security as its focus.

The January 2009 edition of Linux Magazine included an article on the Hiawatha web server, describing it as "a light web server with good performance and some innovative security functions". [5] In 2015 Hiawatha was cited as a lightweight alternative to Apache, as it prioritized the installation experience and reduced storage over adding other features. [6] [7] [8]

In February 2019 Leisink announced the end of major development. [9] Releases since have focused on fixing bugs, and keeping components up to date. [10]

Major version history

In February 2019, Leisink announced the release of version 10.9 and the end of major development in blog posts. [9] As of December 2023, Leisink continued to publish bug fixes and small improvement releases. [10]

Features

The Hiawatha web server featured:

Hiawatha aimed to prevent SQL-injection, cross-site scripting (XSS), Cross-site request forgery (CSRF), and denial-of-service attacks. It allowed banning of potential hackers and had an option to limit the runtime of CGI applications. [14] RFC3546 support was included with version 8.6, which was developed with PolarSSLv1.2.

Performance

In 2012 a performance test was carried out by an independent researcher (SaltwaterC). It found that Hiawatha was faster than ten other servers with Drupal static content, while performing comparably to the rest in other metrics. [15]

Hiawatha supported load-balanced FastCGI and supported the PHP project's FastCGI Process Manager (PHP-FPM)). [16]

See also

Related Research Articles

<span class="mw-page-title-main">Apache HTTP Server</span> Open-source web server software

The Apache HTTP Server is a free and open-source cross-platform web server software, released under the terms of Apache License 2.0. It is developed and maintained by a community of developers under the auspices of the Apache Software Foundation.

<span class="mw-page-title-main">Wget</span> Computer command line program for downloading

GNU Wget is a computer program that retrieves content from web servers. It is part of the GNU Project. Its name derives from "World Wide Web" and "get". It supports downloading via HTTP, HTTPS, and FTP.

<span class="mw-page-title-main">OpenSSL</span> Open-source implementation of the SSL and TLS protocols

OpenSSL is a software library for applications that provide secure communications over computer networks against eavesdropping, and identify the party at the other end. It is widely used by Internet servers, including the majority of HTTPS websites.

curl is a computer software project providing a library (libcurl) and command-line tool (curl) for transferring data using various network protocols. The name stands for "Client for URL".

A BNC is a piece of software that is used to relay traffic and connections in computer networks, much like a proxy. Using a BNC allows a user to hide the original source of the user's connection, providing privacy as well as the ability to route traffic through a specific location. A BNC can also be used to hide the true target to which a user connects.

OpenVPN is a virtual private network (VPN) system that implements techniques to create secure point-to-point or site-to-site connections in routed or bridged configurations and remote access facilities. It implements both client and server applications.

netcat Computer networking utility

netcat is a computer networking utility for reading from and writing to network connections using TCP or UDP. The command is designed to be a dependable back-end that can be used directly or easily driven by other programs and scripts. At the same time, it is a feature-rich network debugging and investigation tool, since it can produce almost any kind of connection its user could need and has a number of built-in capabilities.

<span class="mw-page-title-main">FileZilla</span> Free software, cross-platform file transfer protocol application

FileZilla is a free and open-source, cross-platform FTP application, consisting of FileZilla Client and FileZilla Server. Clients are available for Windows, Linux, and macOS. Both server and client support FTP and FTPS, while the client can in addition connect to SFTP servers. FileZilla's source code is hosted on SourceForge.

lighttpd

lighttpd is an open-source web server optimized for speed-critical environments while remaining standards-compliant, secure and flexible. It was originally written by Jan Kneschke as a proof-of-concept of the c10k problem – how to handle 10,000 connections in parallel on one server, but has gained worldwide popularity. Its name is a portmanteau of "light" and "httpd".

Web server software allows computers to act as web servers. The first web servers supported only static files, such as HTML, but now they commonly allow embedding of server side applications.

Pound is a lightweight open source reverse proxy program and application firewall suitable to be used as a web server load balancing solution. Originally developed by an IT security company, it has a strong emphasis on security. The original intent on developing Pound was to allow distributing the load among several Zope servers running on top of ZEO. However, Pound is not limited to Zope-based installations. Using regular expression matching on the requested URLs, Pound can pass different kinds of requests to different backend server groups. A few more of its most important features:

Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache. The software was created by Russian developer Igor Sysoev and publicly released in 2004. Nginx is free and open-source software, released under the terms of the 2-clause BSD license. A large fraction of web servers use Nginx, often as a load balancer.

Server Name Indication (SNI) is an extension to the Transport Layer Security (TLS) computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. The extension allows a server to present one of multiple possible certificates on the same IP address and TCP port number and hence allows multiple secure (HTTPS) websites to be served by the same IP address without requiring all those sites to use the same certificate. It is the conceptual equivalent to HTTP/1.1 name-based virtual hosting, but for HTTPS. This also allows a proxy to forward client traffic to the right server during TLS/SSL handshake. The desired hostname is not encrypted in the original SNI extension, so an eavesdropper can see which site is being requested. The SNI extension was specified in 2003 in RFC 3546

<span class="mw-page-title-main">WeeChat</span> IRC client

WeeChat is a free and open-source Internet Relay Chat client that is designed to be light and fast. It is released under the terms of the GNU GPL-3.0-or-later and has been developed since 2003.

Mbed TLS is an implementation of the TLS and SSL protocols and the respective cryptographic algorithms and support code required. It is distributed under the Apache License version 2.0. Stated on the website is that Mbed TLS aims to be "easy to understand, use, integrate and expand".

<span class="mw-page-title-main">Cherokee (web server)</span> Open source web server software application

Cherokee is an open-source cross-platform web server that runs on Linux, BSD variants, Solaris, OS X, and Windows. It is a lightweight, high-performance web server/reverse proxy licensed under the GNU General Public License. Its goal is to be fast and fully functional yet still light. Major features of Cherokee include a graphical administration interface named cherokee-admin, and a modular light-weight design.

FastCGI is a binary protocol for interfacing interactive programs with a web server. It is a variation on the earlier Common Gateway Interface (CGI). FastCGI's main aim is to reduce the overhead related to interfacing between web server and CGI programs, allowing a server to handle more web page requests per unit of time.

In computer networking, TCP Fast Open (TFO) is an extension to speed up the opening of successive Transmission Control Protocol (TCP) connections between two endpoints. It works by using a TFO cookie, which is a cryptographic cookie stored on the client and set upon the initial connection with the server. When the client later reconnects, it sends the initial SYN packet along with the TFO cookie data to authenticate itself. If successful, the server may start sending data to the client even before the reception of the final ACK packet of the three-way handshake, thus skipping a round-trip delay and lowering the latency in the start of data transmission.

<span class="mw-page-title-main">ProFTPD</span> Open-source FTP server software

ProFTPD is an FTP server. ProFTPD is Free and open-source software, compatible with Unix-like systems and Microsoft Windows . Along with vsftpd and Pure-FTPd, ProFTPD is among the most popular FTP servers in Unix-like environments today. Compared to those, which focus e.g. on simplicity, speed or security, ProFTPD's primary design goal is to be a highly feature rich FTP server, exposing a large amount of configuration options to the user.

<span class="mw-page-title-main">LibreSSL</span> Open-source implementation of TLS protocols; forked from OpenSSL in 2014

LibreSSL is an open-source implementation of the Transport Layer Security (TLS) protocol. The implementation is named after Secure Sockets Layer (SSL), the deprecated predecessor of TLS, for which support was removed in release 2.3.0. The OpenBSD project forked LibreSSL from OpenSSL 1.0.1g in April 2014 as a response to the Heartbleed security vulnerability, with the goals of modernizing the codebase, improving security, and applying development best practices.

References

  1. "v11.5 · Tags · Hugo Leisink / Hiawatha web server · GitLab".
  2. "Hiawatha - Ohloh". Ohloh.net. Archived from the original on 21 December 2013. Retrieved 12 April 2013.
  3. Hiawatha on Haiku OS
  4. Leisink, Hugo. "Hiawatha About Page" . Retrieved 22 January 2015.
  5. Schürmann, Tim. "Safe Passage » Linux Magazine". Linux Magazine. Retrieved 2021-01-19.
  6. Wadge, Chris. "Why I Use the Hiawatha Webserver". Dotbalm.org. Archived from the original on 23 January 2015. Retrieved 23 January 2015.
  7. Vaughan-Nichols, Steven J. "Picking the Right Web Server for the Right Job". SmartBear. Retrieved 23 January 2015.
  8. Lavigne, Dru. "Hiawatha Web Server". Toolbox.com. Archived from the original on 18 July 2014. Retrieved 23 January 2015.
  9. 1 2 Leisink, Hugo. "Hiawatha webserver". www.hiawatha-webserver.org. Retrieved 2023-08-04.
  10. 1 2 Leisink, Hugo (2023-10-13). "Hiawatha Changelog". Hiawatha Webserver. Retrieved 2024-01-16.
  11. Manual page cgi-wrapper - Hiawatha webserver Archived 2012-10-19 at the Wayback Machine
  12. "FreshPorts -- www/hiawatha: Advanced and secure webserver for Unix". www.freshports.org. Retrieved 2021-01-19.
  13. "OpenPorts.se | The OpenBSD package collection". openports.se. Archived from the original on 2021-02-25. Retrieved 2021-01-19.
  14. Leisink, Hugo (13 December 2023). "Features". Hiawatha webserver. Retrieved 13 December 2023.
  15. PHP_web_serving_study Archived 2012-04-26 at the Wayback Machine
  16. Leisink, Hugo. "Hiawatha webserver". www.hiawatha-webserver.org. Retrieved 2021-01-18.