| Original author(s) | Hugo Leisink |
|---|---|
| Developer(s) | Hugo Leisink |
| Initial release | 2002 |
| Stable release | 6.19 / 2009-12-06 |
| Written in | C |
| Operating system | Cross-platform |
| Platform | Linux, Unix-like, Mac OS X, Windows |
| Available in | English |
| Type | Web server |
| License | GNU GPL 2 |
| Website | http://www.hiawatha-webserver.org/ |
Hiawatha is a secure webserver available for multiple platforms. It was developed by Hugo Leisink in 2002 due to his dissatisfaction with the existing solutions.[citation needed]
Contents |
History
Hiawatha started in January 2002 as a very small webserver, suitable for servers with old hardware. It was written for internet servers in student houses in Delft. Because the author was a computer science student with special interest in IT security, all sorts of experimental security features were included. This resulted in a webserver with many interesting security features which have proved useful. The author has said "I know for a long time that vulnerabilities [exist in other webservers] . [One thing] that bothers me: the runtime of a CGI. A CGI process [under other webservers] can run forever. A single CGI script can DoS a webserver. A system administrator is needed to kill the script. And what about a client that keeps on guessing passwords for HTTP authentication? These kind of issues inspired me to create Hiawatha, with settings for maximum request sending time, maximum CGI run time, client banning, etc. Features that, in my opinion, every daemon should have."[citation needed]
The January 2009 edition of Linux Magazine contained an article about the Hiawatha webserver[citation needed].
- Main releases
- 1.0: September 2002. A basic but functional webserver.
- 2.0: March 2004. Use of multithreading instead of forking.
- 3.0: September 2004. SSL support.
- 4.0: December 2005. A CGI-wrapper for improved security was included.
- 5.0: October 2006. FastCGI support for improved CGI speed.
- 6.0: October 2007. IPv6 support.
- 6.6: April 2008. XSLT support.
- 6.10 : October 2008. Prevent cross-site request forgery added.
Features
Hiawatha has many security features that no other webserver has, like preventing SQL-injection, cross-site scripting (XSS), Cross-site request forgery (CSRF) prevention, Denial-of-service protection, control external image linking, banning of potential hackers and limiting the runtime of CGI applications.[1] The author is currently working on RFC3546 support, but "the OpenSSL documentation is just extremely poor"[citation needed] so progress is difficult.
Performance
Although security is the main focus of this webserver, Hiawatha has excellent performance. Hiawatha is twice as fast as Apache for static content.[citation needed] Hiawatha supports load-balanced FastCGI, which makes it fast and scalable for handling dynamic content.
See also
References
External links
 |
This Web software related article is a stub. You can help Wikipedia by expanding it. |
This entry is from Wikipedia, the leading user-contributed encyclopedia. It may not have been reviewed by professional editors (see full disclaimer)
