Indian Institute of Technology Kharagpur

World Wide Web – Part II

Prof. Indranil Sen Gupta

Dept. of Computer Science & Engg.
I.I.T. Kharagpur, INDIA

Lecture 12: World wide web – Part II

On completion, the student will be able to:

1. Design a skeletal web server for responding
to basic HTTP queries.
2. Explain the roles of proxy servers, and
network address translators.
3. Explain the various ways in which a network
address translator can work.

1
 How a Web Server Works?

Requirements of a Web Server

• Simple requirements:
¾Able to accept HTTP requests, and
respond to them.
¾Support for GET and HEAD, possibly
also POST.
¾Able to handle server-side scripts.
ƒ Executables residing on the server.
ƒ They get executed when specified.
ƒ Their output sent back to the client;
typically as a HTML page.

2
 Directory Structure

• When a web server is installed:

¾A http root directory gets created.
ƒ For example, “/home/httpd”
¾There is a directory under the http root
that acts as the http home directory.
ƒ For example, “/home/httpd/docs”
¾There is a directory under the http root
under which all the CGI and other
scripts are to be stored.
ƒ For example, “/home/cgi-bin”
ƒ Server-side exec permission provided

Directory Structure (contd.)

HTTP Root

HTTP Home cgi-bin Other

Web
Folders

3
 Default Web Page

• There is a default web page that gets

returned by the server if no explicit
document path is specified.
¾ index.htm or index.html.
¾Any other name can also be specified
through server script configuration.
• Can be accessed as:
GET www.xyz.com HTTP/1.0

How are Scripts Handled?

• Server-side scripts
¾A file that is to be executed by the
server, and the output sent back to the
client.
• How does the server know?
¾Two ways:
ƒ GET command with a “?”.
ƒ POST command.

4
 GET Command with a “?”

• Consider an example HTTP command:

GET /cgi-bin/xyz.pl ? roll=1234 & sex=M
• What happens?
¾Server identifies the “?” following the GET.
¾Identifies xyz.pl as a program to be
executed.
¾Allows the xyz.com program to read the
values present in the string following the
“?”.
ƒ How, to be discussed later
¾The output generated by the xyz.com
program is sent back to the client.

POST Command

• Works similar to get.

• Differences:
¾The name-value pairs are present as
data following the header lines and a
blank line.
¾Not limited by the maximum size of a
string (as in GET).
¾The executable program can read the
data values.
ƒ How, to be discussed later.

5
 POST Command :: Example

POST /cgi-bin/myscript.cgi HTTP/1.0

From: [email protected]
User-Agent: HTTPTool/1.0
Content-Type: application/x-www-form-
urlencoded
Content-Length: 32

Roll = 1234 & Sex = M & Age = 20

Points to Note

• The executable program that runs on the

server can be written in any language.
¾Shell script (C shell, bourne shell, etc.)
¾Perl
¾ASP
¾PHP
¾C, Java (requires servlet support)
ƒ Necessary support for executing
must be there in the server.
ƒ For example, ASP can run under IIS
but not under Apache.

6
 Proxy Server

Introduction

• What is a proxy server?

¾Acts on behalf of other clients, and
presents requests from other clients to
a server.
¾Acts as a server while talking with a
client, and as a client while talking with
a server.
• Commonly used HTTP proxy server:
¾Squid
ƒ available on all platforms.

7
 Where it is located?

User
agent

User PROXY Origin

agent SERVER server

User
agent Access
Rules

Cache

Functions of a HTTP Proxy

• Request forwarding
¾Primary function.
¾Acts as a rudimentary firewall.
• Access control
¾Allow or deny accesses, based on
ƒ Contents
ƒ Location
• Cache management
¾Efficient utilization of bandwidth.
¾Faster access.

8
 Network Address Translator
(NAT)

What is NAT?

• Allows a single device (router or a dedicated

box) to act as an agent between the Internet
(public network) and a local (private) network.
¾Tries to address the IP address distribution
problem.
¾RFC 1631.
¾Only one unique IP address is required to
represent an entire group of computers.
¾Several variations possible.

9
 Where does NAT reside?

NAT

Private
Network Internet

Various Forms of NAT

• Static NAT
¾Used to map an unregistered IP address to
a registered IP address.
¾One-to-one mapping.
ƒ N registered addresses for N machines.
• Dynamic NAT
¾Used to map an unregistered IP address to
a registered IP address.
ƒ From a given pool of registered IP addresses.
¾Addresses are assigned dynamically.
ƒ Any number of internal computers.
ƒ A limit N to the number communicating at a time.

10
 Various Forms of NAT (contd.)

• Overloading
¾A special form of dynamic NAT.
¾Used to map multiple unregistered IP
addresses to a single registered IP address
by using different ports.
ƒ Also called port address translation
(PAT).
ƒ Each computer on the private network
gets translated to the same IP address,
but with a different port number
assignment.
¾Widely used.

NAT Overloading ….

• Utilizes the multiplexing feature of

TCP/IP stack.
¾A computer maintains several concurrent
connections with a remote computer, using
different port numbers.
• The header of an IP packet contains:
ƒ Source IP address (32 bit)
ƒ Source port number (16 bit)
ƒ Destination IP address (32 bit)
ƒ Destination port number (16 bit)
¾The combination of above four elements
define a TCP/IP connection.

11
• Notations:
¾Stub domain: the internal or the private
network.
¾Address translation table (ATT):
maintained by router/NAT for address and
port mapping.
• Easy to implement dynamic NAT.
¾Address translation table need only
contain IP address mappings.
ƒ Private to public, and vice versa.
ƒ No port numbers needed.

How NAT overloading works?

• The scenario:
¾Internal network has non-routable IP
addresses.
¾NAT-enabled router contains a registered IP
address assigned by IANA.
¾An internal host X tries to connect to, say,
an outside Web server.
¾The router receives the packet from X.

12
¾The router will now:
ƒ Save IP address and port number from
X’s packet to an ATT.
ƒ In the packet, replace the IP address with
the router’s IP address.
ƒ Replace the port number with a port
number from the ATT (look for match).
For new connection, generate a unique
port number.

¾When a packet comes back.

ƒ Its destination port is used to search
ATT.
ƒ Source IP address and port numbers
can be obtained.
ƒ Addresses changed accordingly.

13
 ¾The ATT looks like:

Source Source IP Source NAT IP NAT port

Computer address port address number
number
A 10.5.17.112 500 203.11.16.5 1
B 10.5.17.85 75 203.11.16.5 2
C 10.23.10.5 2480 203.11.16.5 3
D 10.22.5.118 1120 203.11.16.5 4

Capability Limit of a NAT

• Maximum number of concurrent

translations:
¾Mainly determined by the size of the
memory to store the ATT.
¾Typical entry in the ATT takes about 160
bits.
¾Memory size of 8 Mbyte will support
about
8 x 1024 x 1024 x 8 / 160 = 4,19,000
concurrent translations.

14
 Which addresses to use inside?

• Private address classes.

¾Set aside by IANA an non-routable.
¾These addresses are considered
unregistered.
¾Routers discard these addresses, if
used as destination.
ƒ A packet from a host with a private
unregistered address can reach a
registered destination host, but not
the reverse.

The Private Address Classes

• Class A (one)
ƒ 10.0.0.0 to 10.255.255.255
• Class B (sixteen)
ƒ 172.16.0.0 to 172.31.255.255
• Class C (256)
ƒ 192.168.0.0 to 192.168.255.255

15
 Other Benefits of NAT

• Use of NAT automatically creates a

firewall between the internal and
external networks.
¾NAT will only allow connections that
has originated from within the internal
network.
¾An outside host cannot initiate a
connection with an internal host.
• Inbound mapping requires static
NAT.

Is NAT a Proxy Server?

• The answer is “NO”.

¾NAT is transparent to both source and
destination hosts. But a proxy server is
not transparent.
¾NAT is a layer 3 (network) protocol. In
contrast, a proxy server works at layer 4
(transport) or higher.

16
SOLUTIONS TO QUIZ
QUESTIONS ON
LECTURE 11

17
 Quiz Solutions on Lecture 11

1. Why is the traditional HTTP protocol called

stateless?
Because it closes a connection
immediately after completing a
transaction. No history is maintained.
2. What is a hypertext?
It is a text with links to other texts and
resources. The links are called hyperlinks.
3. What is the default port number of HTTP?
Port number 80.

Quiz Solutions on Lecture 11

4. What does the client request to a HTTP

server comprise of?
It consists of:
ƒ Request method
ƒ Path portion of the HTTP URL
ƒ Version number of the HTTP protocol
ƒ Optional request header information
ƒ Blank line
ƒ POST or PUT data, if present.

18
 Quiz Solutions on Lecture 11

5. How can the GET command be used to

submit forms?
By including a ‘?’ after the pathname,
and including a query string after that.
6. What is the purpose of the HEAD
command?
To return the header information of the
specified document.

Quiz Solutions on Lecture 11

7. In what way is POST different from GET,

when data in being sent to a CGI script?
In POST, data is not send as part of
the header line. It follows the headers,
and a blank line. The query string can
be larger than GET.
8. How are the data sent in POST
command?
After the blank line, following the
headers.

19
 Quiz Solutions on Lecture 11

9. What does the Connection field in the

HTTP request header signify?
Whether the connection is of type
“close” or “keep-alive”.
10. What does a typical HTTP response
consist of?
An initial response line, the headers, a
blank line, followed by the requested
data.

Quiz Solutions on Lecture 11

11. What are the basic differences in the HTTP

1.1 version from the 1.0 version?
Host identification, default support for
persistent connection, content
negotiation, request part of document,
caching, etc.
12. How does a proxy server act both as a client
and a server?
Server, when it receives a request. Client,
when it forwards the request.
13. What is the URL syntax for FTP?
ftp://user:password@<path-name>

20
 QUIZ QUESTIONS ON
LECTURE 12

Quiz Questions on Lecture 12

1. Which HTTP commands can result in the

execution of server side scripts?
2. What are the differences between root
directory and home directory in a web server
installation?
3. What are the main purposes behind the use
of proxy servers?
4. Name two web servers, and one proxy server
that are widely used.
5. In static NAT, on what factors will the
number of registered IP addresses depend
on?

21
 Quiz Questions on Lecture 12

6. For NAT overloading, what are the

typical entries in the fields of the
address translation table (ATT)?
7. Which of the fields would not be required
if it is only required to implement
dynamic NAT?
8. Can a machine with a private IP address
communicate with a public host in the
outside world?

22