Tuesday, February 26, 2019

A forking tiny web server

This is the uncommonly low denominator in HTTP servers. It does very little, and conforms to HTTP spec in only the most absurdly rudimentary way. Clearly, it's very insecure and poorly coded.

This toy HTTP server is supposed to be used as a tool of last resort. It's implemented in perl because perl version 5 remains ubiquitous - it comes with git on Windows!?! When you need a web server to have a particular behavior, to test a scenario, to break a client in just the right way, it's perfect - all it requires is more code. About the only thing it abstracts is raw socket handling (a bit - thanks perl), and the actual implementation of fork().

However, it's small enough to type in if you're in one of those annoyingly secure sites where you can't just download random rubbish from the Internet and execute it (where's the excitement in that?).

Features:

  • Serves multiple HTTP clients simultaneously
  • Will run in the most constrained environments (like ancient Unixes, or Visual Studio with git).
  • Simple enough to be easily re-written for different test scenarios.
  • Implements enough of the HTTP spec that curl won't complain.
  • It's moderately secure (because it doesn't do much).
  • No bugs (because it doesn't claim to do much)
  • Is small enough to be typed in on a coffee break.
  • Does some logging
  • Serves up 10 GiB fast enough to flood some networks and crash some clients.
  • Has enough problems that everyone can find something to fix
  • Supports CPUs (more than one!)
  • Has comments(? - ok, I'm stretching here)





No comments: