Web server

A web server is computer software that accepts requests via HTTP or its secure variant HTTPS. A user agent, commonly a web browser or web crawler, initiates communication by making a request for a web page or other resource using HTTP, and the server responds with the content of that resource or an error message. A web server can also accept and store resources sent from the user agent if configured to do so.
The hardware used to run a web server can vary according to the volume of requests that it needs to handle. At the low end of the range are embedded systems, such as a router that runs a small web server as its configuration interface. A high-traffic Internet website might handle requests with hundreds of servers that run on racks of high-speed computers.
A resource sent from a web server can be a pre-existing file available to the web server, or it can be generated at the time of the request by another program that communicates with the server software. The former usually can be served faster and can be more easily cached for repeated requests, while the latter supports a broader range of applications.
Technologies such as REST and SOAP, which use HTTP as a basis for general computer-to-computer communication, as well as support for WebDAV extensions, have extended the application of web servers well beyond their original purpose of serving human-readable pages.

History

This is a very brief history of web server programs, so some information necessarily overlaps with the histories of the web browsers, the World Wide Web and the Internet; therefore, for the sake of clarity and understandability, some key historical information below reported may be similar to that found also in one or more of the above-mentioned history articles.

Initial WWW project (1989–1991)

In March 1989, Sir Tim Berners-Lee proposed a new project to his employer CERN, with the goal of easing the exchange of information between scientists by using a hypertext system. The proposal titled "HyperText and CERN", asked for comments and it was read by several people. In October 1990 the proposal was reformulated and enriched, and finally, it was approved.
Between late 1990 and early 1991 the project resulted in Berners-Lee and his developers writing and testing several software libraries along with three programs, which initially ran on NeXTSTEP OS installed on NeXT workstations:

a graphical web browser, called WorldWideWeb;
a portable line mode web browser;
a web server, later known as CERN httpd.

Those early browsers retrieved web pages written in a simple early form of HTML from web servers using a new basic communication protocol that was named HTTP 0.9.
In August 1991 Tim Berners-Lee announced the birth of WWW technology and encouraged scientists to adopt and develop it. Soon after, those programs, along with their source code, were made available to people interested in their usage. Although the source code was not formally licensed or placed in the public domain, CERN informally allowed users and developers to experiment and further develop on top of them. Berners-Lee started promoting the adoption and the usage of those programs along with their porting to other operating systems.

Fast and wild development (1991–1995)

In December 1991, the was installed at SLAC. This was a very important event because it started trans-continental web communications between web browsers and web servers.
In 1991–1993, CERN web server program continued to be actively developed by the www group, meanwhile, thanks to the availability of its source code and the public specifications of the HTTP protocol, many other implementations of web servers started to be developed.
In April 1993, CERN issued a public official statement stating that the three components of Web software, along with their source code, were put in the public domain. This statement freed web server developers from any possible legal issue about the development of derivative work based on that source code.
At the beginning of 1994, the most notable among new web servers was NCSA httpd which ran on a variety of Unix-based OSs and could serve dynamically generated content by implementing the POST HTTP method and the CGI to communicate with external programs. These capabilities, along with the multimedia features of NCSA's Mosaic browser highlighted the potential of web technology for publishing and distributed computing applications.In the second half of 1994, the development of NCSA httpd stalled to the point that a group of external software developers, webmasters and other professional figures interested in that server, started to write and collect patches thanks to the NCSA httpd source code being available to the public domain. At the beginning of 1995 those patches were all applied to the last release of NCSA source code and, after several tests, the Apache HTTP server project was started.
At the end of 1994, a new commercial web server, named Netsite, was released with specific features. It was the first one of many other similar products that were developed first by Netscape, then also by Sun Microsystems, and finally by Oracle Corporation.
In mid-1995, the first version of IIS was released, for Windows NT OS, by Microsoft. This marked the entry, in the field of World Wide Web technologies, of a very important commercial developer and vendor that has played and still is playing a key role on both sides of the web.
In the second half of 1995, CERN and NCSA web servers started to decline because of the widespread adoption of new web servers which had a much faster development cycle along with more features, more fixes applied, and more [|performances] than the previous ones.

Explosive growth and competition (1996–2014)

At the end of 1996, there were already over fifty known, different web-server-software programs that were available to everybody who wanted to own an Internet domain name or to host websites. Many of them lived only shortly and were replaced by other web servers.
The publication of RFCs about protocol versions HTTP/1.0 and HTTP/1.1, forced most web servers to comply with those standards. The use of TCP/IP persistent connections required web servers both to increase the maximum number of concurrent connections allowed and to improve their level of scalability.
Between 1996 and 1999, Netscape Enterprise Server and Microsoft's IIS emerged among the leading commercial options whereas among the freely available and open-source programs Apache HTTP Server held the lead as the preferred server.
In those years there was also another commercial, highly innovative and thus notable web server called Zeus that was known as one of the fastest and most scalable web servers available on market, at least till the first decade of 2000s, despite its low percentage of usage.
Apache resulted in the most used web server from mid-1996 to the end of 2015 when, after a few years of decline, it was surpassed initially by IIS and then by Nginx. Afterward IIS dropped to much lower percentages of usage than Apache.
From 2005–2006, Apache started to improve its speed and its scalability level by introducing new performance features. As those new performance improvements initially were marked as experimental, they were not enabled by its users for a long time and so Apache suffered, even more, the competition of commercial servers and, above all, of other open-source servers which meanwhile had already achieved far superior performances since the beginning of their development and at the time of the Apache decline were able to offer also a long enough list of well tested advanced features.
A few years after 2000 started, not only other commercial and highly competitive web servers but also many other open-source programs such as Hiawatha, Cherokee HTTP server, Lighttpd, Nginx and other derived and related products also available with commercial support emerged.
Around 2007–2008, most popular web browsers increased their previous default limit of 2 persistent connections per host-domain to 4, 6 or 8 persistent connections per host-domain, in order to speed up the retrieval of heavy web pages with lots of images, and to mitigate the problem of the shortage of persistent connections dedicated to dynamic objects used for bi-directional notifications of events in web pages. Within a year, these changes, on average, nearly tripled the maximum number of persistent connections that web servers had to manage. This trend definitely gave a strong impetus to the adoption of reverse proxies in front of slower web servers and it gave also one more chance to the emerging new web servers that could show all their speed and their capability to handle very high numbers of concurrent connections without requiring too many hardware resources.

New challenges (2015 and later years)

In 2015, RFCs published new protocol version, and as the implementation of new specifications was not trivial at all, a dilemma arose among developers of less popular web servers, about adding or not adding support for that new protocol version.
In fact supporting HTTP/2 often required radical changes to their internal implementation due to many factors and so a few developers of those web servers opted for not supporting new HTTP/2 version also because of these main reasons:

protocols HTTP/1.x would have been supported anyway by browsers for a very long time so that there would be no incompatibility between clients and servers in next future;
implementing HTTP/2 was considered a task of overwhelming complexity that could open the door to a whole new class of bugs that till 2015 did not exist and so it would have required notable investments in developing and testing the implementation of the new protocol;
adding HTTP/2 support could always be done in future in case the efforts would be justified.

Instead, developers of most popular web servers, rushed to offer the availability of new protocol, not only because they had the work force and the time to do so, but also because usually their previous implementation of SPDY protocol could be reused as a starting point and because most used web browsers implemented it very quickly for the same reason. Another reason that prompted those developers to act quickly was that webmasters felt the pressure of the ever increasing web traffic and they really wanted to install and to try – as soon as possible – something that could drastically lower the number of TCP/IP connections and speedup accesses to hosted websites.
In 2020–2021 the HTTP/2 dynamics about its implementation were partly replicated after the publication of advanced drafts of future RFC about HTTP/3 protocol.

Technical overview

The following technical overview should be considered only as an attempt to give a few very limited examples about some features that may be implemented in a web server and some of the tasks that it may perform in order to have a sufficiently wide scenario about the topic.
A web server program plays the role of a server in a client–server model by implementing one or more versions of HTTP protocol, often including the HTTPS secure variant and other features and extensions that are considered useful for its planned usage.
The complexity and the efficiency of a web server program may vary a lot depending on:

common features implemented;
common tasks performed;
performances and scalability level aimed as a goal;
software model and techniques adopted to achieve wished performance and scalability level;
target hardware and category of usage.

Common features

Although web server programs differ in how they are implemented, most of them offer the following [|common features].
These are basic features that most web servers usually have.

Static content serving: to be able to serve static content to clients via HTTP protocol.
HTTP: support for one or more versions of HTTP protocol in order to send versions of HTTP responses compatible with versions of client HTTP requests,.
Logging: usually web servers have also the capability of logging some information, about client requests and server responses, to log files for security and statistical purposes.

A few other more advanced and popular features are the following ones.

Dynamic content serving: to be able to serve dynamic content to clients via HTTP protocol.
Virtual hosting: to be able to serve many websites using only one IP address.
Authorization: to be able to allow, to forbid or to authorize access to portions of website paths.
Content cache: to be able to cache content in order to speed up server responses;
file support">Computer file">file support: to be able to serve files whose size is greater than 2 GB on 32 bit OS.
Bandwidth throttling: to limit the speed of content responses in order to not saturate the network and to be able to serve more clients;
Rewrite engine: to map parts of clean URLs to their real names.
Custom error pages: support for customized HTTP error messages.

Common tasks

A web server program, when it is running, usually performs several general tasks:

starts, optionally reads and applies settings found in its configuration files or elsewhere, optionally opens log file, starts listening to client connections and requests;
optionally tries to adapt its general behavior according to its settings and its current operating conditions;
manages client connections ;receives client requests :
* reads and verify each HTTP request message;
* usually performs URL normalization;
* usually performs URL mapping ;
* usually performs URL path translation along with various security checks;executes or refuses requested HTTP method:
* optionally manages URL authorizations;
* optionally manages URL redirections;
* optionally manages requests for static resources :
** optionally manages directory index files;
** optionally manages regular files;
* optionally manages requests for dynamic resources:
** optionally manages directory listings;
** optionally manages program or module processing, checking the availability, the start and eventually the stop of the execution of external programs used to generate dynamic content;
** optionally manages the communications with external programs or internal modules used to generate dynamic content;replies to client requests sending proper HTTP responses eventually verifying or adding HTTP headers to those sent by dynamic programs and modules;
optionally logs 'client requests or its responses to an external user log file or to a system log file by syslog, usually using common log format;
optionally logs process messages about detected anomalies or other notable events using syslog or some other system facilities; these log messages usually have a debug, warning, error, alert level which can be filtered depending on some settings, see also severity level;
optionally generates statistics' about web traffic managed or its performances;
other custom tasks.

Read request message

Web server programs are able:

to read an HTTP request message;
to interpret it;
to verify its syntax;
to identify known HTTP headers and to extract their values from them.

Once an HTTP request message has been decoded and verified, its values can be used to determine whether that request can be satisfied or not. This requires many other steps, including security checks.

URL normalization

Web server programs usually perform some type of URL normalization in order to:

make resource path always a clean uniform path from root directory of website;
lower security risks ;
make path of web resources more recognizable by human beings and web log analysis programs.

The term URL normalization refers to the process of modifying and standardizing a URL in a consistent manner. There are several types of normalization that may be performed, including the conversion of the scheme and host to lowercase. Among the most important normalizations are the removal of "." and ".." path segments and adding trailing slashes to a non-empty path component.

[|URL mapping]

"URL mapping is the process by which a web server or application framework determines how an incoming URL request is routed to the appropriate resource, handler, or action. Modern URL mapping mechanisms analyse the structure of the requested URL and use routing rules or configuration patterns to deliver [|static resources], invoke dynamic handlers, or perform rewrites and redirects without directly relying on file system paths. This approach allows clean, human-readable URLs and flexible application architectures.

In practice, web server programs that implement advanced features, beyond the simple static content serving, usually have to figure out how that URL has to be handled as a:

URL redirection, a redirection to another URL;static request of file content;dynamic request of:
* directory listing of files or other sub-directories contained in that directory;
* other types of dynamic request in order to identify the program or module processor able to handle that kind of URL path and to pass to it other URL parts,.

One or more configuration files of web server may specify the mapping of parts of URL path to a specific URL handler.
When a web server implements one or more of the above-mentioned advanced features then the path part of a valid URL may not always match an existing file system path under website directory tree because it can refer to a virtual name of an internal or external module processor for dynamic requests.

[|URL path translation] to file system

Web server programs are able to translate an URL path, that refers to a physical file system path, to an absolute path under the target website's root directory.
Website's root directory may be specified by a configuration file or by some internal rule of the web server by using the name of the website which is the host part of the URL found in HTTP client request.
Path translation to file system is done for the following types of web resources:

a local, usually non-executable, file ;
a local directory ;
a program name.

The web server appends the path found in requested URL and appends it to the path of the website root directory. On an Apache server, this is commonly /home/www/website. See the following examples of how it may result.
URL path translation for a static file request
Example of a static request of an existing file specified by the following URL:
http://www.example.com/path/file.html
The client's user agent connects to www.example.com and then sends the following HTTP/1.1 request:
GET /path/file.html HTTP/1.1
Host: www.example.com
Connection: keep-alive
The result is the local file system resource:
/home/www/www.example.com/path/file.html
The web server then reads the file, if it exists, and sends a response to the client's web browser. The response will describe the content of the file and contain the file itself or an error message will return saying that the file does not exist or its access is forbidden.
URL path translation for a directory request
Example of an implicit dynamic request of an existing directory specified by the following URL:
http://www.example.com/directory1/directory2/
The client's user agent connects to www.example.com and then sends the following HTTP/1.1 request:
GET /directory1/directory2 HTTP/1.1
Host: www.example.com
Connection: keep-alive
The result is the local directory path:
/home/www/www.example.com/directory1/directory2/
The web server then verifies the existence of the directory and if it exists and it can be accessed then tries to find out an index file and so it passes the request to an internal module or a program dedicated to [|directory listings] and finally reads data output and sends a response to the client's web browser. The response will describe the content of the directory or an error message will return saying that the directory does not exist or its access is forbidden.
URL path translation for a dynamic program request
For a dynamic request the URL path specified by the client should refer to an existing external program used by the web server to generate dynamic content.
Example of a dynamic request using a program file to generate output:
http://www.example.com/cgi-bin/forum.php?action=view&orderby=thread&date=2021-10-15
The client's user agent connects to www.example.com and then sends the following HTTP/1.1 request:
GET /cgi-bin/forum.php?action=view&ordeby=thread&date=2021-10-15 HTTP/1.1
Host: www.example.com
Connection: keep-alive
The result is the local file path of the program :
/home/www/www.example.com/cgi-bin/forum.php
The web server [|executes] that program, passing in the path-info and the query string action=view&orderby=thread&date=2021-10-15 so that the program has the info it needs to run.. In addition to this, the web server reads data sent from the external program and resends that data to the client that made the request.

Manage request message

Once a request has been read, interpreted, and verified, it has to be managed depending on its method, its URL, and its parameters, which may include values of HTTP headers.
In practice, the web server has to handle the request by using one of these response paths:

if something in request was not acceptable, web server already sent an [|error response];
if request has a method that can be satisfied by general code of web server then a successful response is sent;
if URL requires authorization then an authorization error message is sent;
if URL maps to a redirection then a redirect message is sent;
if URL maps to a dynamic resource then its handler is called and request parameters are passed to it in order to allow it to reply to that request;
if URL maps to a static resource then the internal static handler is called to send that file;
if request method is not known or if there is some other unacceptable condition then an error response is sent.

Serve static content

If a web server program is capable of serving static content and it has been configured to do so, then it is able to send file content whenever a request message has a valid URL path matching that of an existing file under the root directory of a website and file has attributes which match those required by internal rules of web server program.
That kind of content is called static because usually it is not changed by the web server when it is sent to clients and because it remains the same until it is modified by some program.
NOTE: when serving static content only, a web server program usually does not change file contents of served websites and so it suffices to support only these HTTP methods:OPTIONS, HEAD, GET
Response of static file content can be sped up by a file cache.

Directory index files

If a web server program [|receives] a client request message with an URL whose path matches one of an existing directory and that directory is accessible and serving [|directory index files] is enabled then a web server program may try to serve the first of known static index file names found in that directory; if no index file is found or other conditions are not met then an error message is returned.
Most used names for static index files are: index.html, index.htm and Default.htm.

Regular files

If a web server program receives a client request message with an URL whose path matches the file name of an existing file and that file is accessible by web server program and its attributes match internal rules of web server program, then web server program can send that file to client.
Usually, for security reasons, most web server programs are pre-configured to serve only regular files or to avoid to use special file types like device files, along with symbolic links or hard links to them. The aim is to avoid undesirable side effects when serving static web resources.

Serve dynamic content

If a web server program is capable of serving dynamic content and it has been configured to do so, then it is able to communicate with the proper internal module or external program in order to pass to it the parameters of the client request. After that, the web server program reads from it its data response and then it resends it to the client program who made the request.
NOTE: when serving static and dynamic content, a web server program usually has to support also the following HTTP method in order to be able to safely receive data from clients and so to be able to host also websites with interactive forms that may send large data sets to web server, external programs or modules:POST
In order to be able to communicate with its internal modules or external programs, a web server program must have implemented one or more of the many available gateway interfaces.
The three standard and historical gateway interfaces are the following ones.
; CGI
; SCGI
; FastCGI

Directory listings

A web server program may be capable to manage the dynamic generation of a directory index list of files and sub-directories.
If a web server program is configured to do so and a requested URL path matches an existing directory and its access is allowed and no static index file is found under that directory then a web page, containing the list of files or subdirectories of above mentioned directory, is dynamically generated. If it cannot be generated an error is returned.
Some web server programs allow the customization of directory listings by allowing the usage of a web page template—an HTML document containing placeholders,, $ that are replaced with the field values of each file entry found in directory by web server or the usage of HTML and embedded source code that is interpreted and executed or by supporting the usage of dynamic index programs such as CGIs, SCGIs, FCGIs.
Usage of dynamically generated directory listings is usually avoided or limited to a few selected directories of a website because that generation takes much more OS resources than sending a static index page.
The main usage of directory listings is to allow the download of files as they are, without requiring to provide further information to requesting user.

Program or module processing

An external program or an internal module can execute some sort of application function that may be used to get data from or to store data to one or more data repositories:

files ;
databases ;
other sources located in local computer or in other computers.

A processing unit can return any kind of web content, also by using data retrieved from a data repository:

a document ;
an image;
a video;
structured data .

In practice whenever there is content that may vary, depending on one or more parameters contained in client request or in configuration settings, then, usually, it is generated dynamically.

Send response message

Web server programs are able to send response messages as [|replies] to client request messages.
An error response message may be sent because a request message could not be successfully read or decoded or analyzed or executed.
NOTE: the following sections are reported only as examples to help to understand what a web server, more or less, does; these sections are by any means neither exhaustive nor complete.

Error message

A web server program may reply to a client request message with many kinds of error messages, anyway these errors are divided mainly in two categories:

HTTP client errors, due to the type of request message or to the availability of requested web resource;
HTTP server errors, due to internal server errors.

When an error response or message is received by a client browser, then if it is related to the main user request then usually that error message is shown in some browser window or message.

URL authorization

A web server program may be able to verify whether the requested URL path:

can be freely accessed by everybody;
requires a user authentication ;
access is forbidden to some or all kind of users.

If the authorization or access-rights feature has been implemented and enabled and access to web resource is not granted, then, depending on the required access rights, a web server program:

can deny access by sending a specific error message ;
may deny access by sending a specific error message that usually forces the client browser to ask human user to provide required user credentials; if authentication credentials are provided then web server program verifies and accepts or rejects them.

[|URL redirection]

A web server program may have the capability of doing URL redirections to new URLs which consists in replying to a client request message with a response message containing a new URL suited to access a valid or an existing web resource.
URL redirection of location is used:

to fix a directory name by adding a final slash '/';
to give a new URL for a no more existing URL path to a new path where that kind of web resource can be found.
to give a new URL to another domain when current domain has too much load.

Example 1: a URL path points to a directory name but it does not have a final slash '/' so web server sends a redirect to client in order to instruct it to redo the request with the fixed path name.
From:

/directory1/directory2

To:

/directory1/directory2/
Example 2: a whole set of documents has been moved inside website in order to reorganize their file system paths.
From:

/directory1/directory2/2021-10-08/

To:

/directory1/directory2/2021/10/08/
Example 3: a whole set of documents has been moved to a new website and now it is mandatory to use secure HTTPS connections to access them.
From:

http://www.example.com/directory1/directory2/2021-10-08/

To:

https://docs.example.com/directory1/2021-10-08/
Above examples are only a few of the possible kind of redirections.

Successful message

A web server program is able to reply to a valid client request message with a successful message, optionally containing requested web resource data.
If web resource data is sent back to client, then it can be static content or dynamic content depending on how it has been retrieved.

Content cache

In order to speed up web server responses by lowering average HTTP response times and hardware resources used, many popular web servers implement one or more content caches, each one specialized in a content category.
Content is usually cached by its origin:

static content:
* file cache;
dynamic content:
* dynamic cache.

File cache

Historically, static contents found in files which had to be accessed frequently, randomly and quickly, have been stored mostly on electro-mechanical disk drive|disk]s since mid-late 1960s and 1970s; regrettably reads from and writes to those kind of devices have always been considered very slow operations when compared to RAM speed and so, since early OSs, first disk caches and then also OS file cache sub-systems were developed to speed up I/O operations of frequently accessed data.
Even with the aid of an OS [|file cache], the relative or occasional slowness of I/O operations involving directories and files stored on disks became soon a bottleneck in the increase of performances expected from top level web servers, specially since mid-late 1990s, when web Internet traffic started to grow exponentially along with the constant increase of speed of Internet or network lines.
The problem about how to further efficiently speed-up the serving of static files, thus increasing the maximum number of requests or responses per second, started to be studied and researched since mid 1990s, with the aim to propose useful cache models that could be implemented in web server programs.
In practice, nowadays, many web server programs include their own userland file cache, tailored for a web server usage and using their specific implementation and parameters.
The wide spread adoption of RAID and fast solid-state drives has slightly reduced but of course not eliminated the advantage of having a file cache incorporated in a web server.

Dynamic cache

Dynamic content, output by an internal module or an external program, may not always change very frequently and so, maybe for a while, the resulting output can be cached in RAM or even on a fast disk.
The typical usage of a [|dynamic cache] is when a website has dynamic web pages about news, weather, images, maps, etc. that do not change frequently and that are accessed by a huge number of clients per minute per hour; in those cases it is useful to return cached content too because clients often do not have an updated copy of the requested content in their browser caches.
Anyway, in most cases those kind of caches are implemented by external servers or by storing dynamic data output in separate computers, managed by specific applications, in order to not compete for hardware resources with web servers.

Kernel-mode and user-mode web servers

A web server software can be either incorporated into the OS and executed in kernel space, or it can be executed in user space.
Web servers that run in kernel mode can have direct access to kernel resources and so they can be, in theory, faster than those running in user mode, but there are disadvantages in running a web server in kernel mode whereas run-time critical errors may lead to serious problems in OS kernel.
Web servers that run in user-mode have to ask the system for permission to use more memory or more CPU resources. Not only do these requests to the kernel take time, but they might not always be satisfied because the system reserves resources for its own usage and has the responsibility to share hardware resources with all the other running applications. Executing in user mode can also mean using more buffer or data copies which can lead to a decrease in the performance of a user-mode web server.
Nowadays almost all web server software is executed in user mode. See also comparison of web server software to discover which of them run in kernel mode or in user mode.

Performances

To improve the user experience, a web server should reply quickly to client requests; unless content response is throttled for some type of files, also returned data content should be sent as fast as possible.
In other words, a web server should always be very responsive, even under high load of web traffic, in order to keep total user's wait for a response as low as possible.

Performance metrics

For web server software, main key performance metrics usually are at least the following ones:

;
, is the number of connections per second accepted by web server ;
+ response time for each new client request; usually benchmark tool shows how many requests have been satisfied within a scale of time laps or the shortest, the average and the longest response time;
, in bytes per second.

Among the [|operating conditions], the of used during a test is an important parameter because it allows to correlate the supported by web server with results of the tested performance metrics.

Software efficiency

The specific web server software design and model adopted:

single process or multi-process;
single thread or multi-thread for each process;
usage of coroutines or not;

... and other programming techniques, such as:

minimization of possible CPU cache misses;
minimization of possible CPU branch mispredictions in critical paths for speed;
minimization of the number of system calls used to perform a certain function or task;
other tricks;

... used to implement a web server program, can bias a lot the performances and in particular the scalability level that can be achieved under heavy load or when using high end hardware.
In practice some web server software models may require more OS resources than others to be able to work well and so to achieve target performances.

Operating conditions

There are many operating conditions that can affect the performances of a web server; performance values may vary depending on:

the settings of web server ;
the HTTP version used by client requests;
the average HTTP request type ;
whether the requested content is static or dynamic;
whether the content is cached or not cached ;
whether the content is compressed on the fly, pre-compressed or not compressed at all;
whether the connections are or are not encrypted;
the average network speed between web server and its clients;
the number of active TCP connections;
the number of active processes managed by web server ;
the hardware and software limitations or settings of the OS of the computers on which the web server runs;
other minor conditions.

Benchmarking

Performances of a web server are typically benchmarked by using one or more of the available
automated load testing tools.

Load limits

A web server usually has pre-defined load limits for each combination of operating conditions, also because it is limited by OS resources and because it can handle only a limited number of concurrent client connections.
When a web server is near to or over its load limits, it gets overloaded and so it may become unresponsive.

Causes of overload

At any time web servers can be overloaded due to one or more of the following causes:Excess legitimate web traffic. Thousands or even millions of clients connecting to the website in a short amount of time.

Distributed Denial of Service attacks. A denial-of-service attack or distributed denial-of-service attack is an attempt to make a computer or network resource unavailable to its intended users.
Computer worms that sometimes cause abnormal traffic because of millions of infected computers.
XSS worms can cause high traffic because of millions of infected browsers or web servers.
Internet bots Traffic not filtered or limited on large websites with very few network resources or hardware resources.
Internet slowdowns so that client requests are served more slowly and the number of connections increases so much that server limits are reached.
Web servers, serving dynamic content, waiting for slow responses coming from back-end computers, maybe because of too many queries mixed with too many inserts or updates of DB data; in these cases web servers have to wait for back-end data responses before replying to HTTP clients but during these waits too many new client connections or requests arrive and so they become overloaded.
Web servers partial unavailability. This can happen because of required or urgent maintenance or upgrade, hardware or software failures such as back-end failures; in these cases the remaining web servers may get too much traffic and become overloaded.

Symptoms of overload

The symptoms of an overloaded web server are usually the following ones:

Requests are served with delays.
The web server returns an HTTP error code, such as 500, 502, 503, 504, 408, or even an intermittent 404.
The web server refuses or resets TCP connections before it returns any content.
In very rare cases, the web server returns only a part of the requested content. This behavior can be considered a bug, even if it usually arises as a symptom of overload.

Anti-overload techniques

To partially overcome above average load limits and to prevent overload, most popular websites use common techniques like the following ones:

Tuning OS parameters for hardware capabilities and usage.
Tuning web servers parameters to improve their security and performances.
Deploying techniques.
Managing network traffic, by using:
* Firewalls to block unwanted traffic coming from bad IP sources or having bad patterns;
* HTTP traffic managers to drop, redirect or rewrite requests having bad HTTP patterns;
* Bandwidth management and traffic shaping, in order to smooth down peaks in network usage.
Using different domain names, IP addresses and computers to serve different kinds of content; the aim is to separate big or huge files from small and medium-sized files and from main dynamic site ; the idea is to be able to efficiently serve big or huge files and to fully cache small and medium-sized files, without affecting performances of dynamic site under heavy load, by using different settings for each of web server computers:
* https://download.example.com
* https://static.example.com
* https://www.example.com
Using many web servers that are grouped together behind a load balancer so that they act or are seen as one big web server.
Adding more hardware resources to each computer.
Using more efficient computer programs for web servers.
Using the most efficient to process dynamic requests.
Using other programming techniques and workarounds, especially if dynamic content is involved, to speed up the HTTP responses, that never change or change very rarely, by copying that content to static files once and then keeping them synchronized with dynamic content.
Using latest efficient versions of HTTP in order to reduce a lot the number of TCP/IP connections started by each client and the size of data exchanged. This may not prevent overloads of RAM and CPU caused by the need for encryption. It may also not address overloads caused by excessively large files uploaded at high speed, because they are optimized for concurrency.

Market share

Below are the latest statistics of the [|market share] of all sites of the top web servers on the Internet by Netcraft.

Date	nginx	Apache	OpenResty	Cloudflare Server	IIS	GWS	Others
October 2021	34.95%	24.63%	6.45%	4.87%	4.00%	4.00%	Less than 22%
February 2021	34.54%	26.32%	6.36%	5.0%	6.5%	3.90%	Less than 18%
February 2020	36.48%	24.5%	4.00%	3.0%	14.21%	3.18%	Less than 15%
February 2019	25.34%	26.16%	N/A	N/A	28.42%	1.66%	Less than 19%
February 2018	24.32%	27.45%	N/A	N/A	34.50%	1.20%	Less than 13%
February 2017	19.42%	20.89%	N/A	N/A	43.16%	1.03%	Less than 15%
February 2016	16.61%	32.80%	N/A	N/A	29.83%	2.21%	Less than 19%

NOTE: percentage rounded to integer number, because its decimal values are not publicly reported by source page.