What is a web server?
A web server is a system of interconnected software and hardware that stores web resources, processes HTTP and HTTPS requests submitted by web clients (such as browsers or API clients), serves files, and handles dynamic content. However, in some contexts, “web server” can also be used to describe the constituent parts of the aforementioned system. To avoid confusion:
When talking about hardware, web servers are devices connected to the internet that host the web server software and website resources.
When talking about software, web servers are programs that process user requests for resources. At the very minimum, the web server software must be able to handle HTTP requests.
Dynamic vs. static web servers
There are two main types of web servers, static and dynamic. As the name suggests, static web servers do not change their content — they store the whole webpage and send it back to the user as is. Meanwhile, dynamic web servers use templates (most typically HTML templates) to create webpages with information taken from the designated database, allowing developers to create dynamic websites.
Both types of web servers must have a machine (whether physical hardware or a virtualized environment in the cloud) to host content and an HTTP server to process requests, but dynamic web servers also need an application server and a database to populate web templates. To summarize:
| | Static web servers | Dynamic web servers |
|---|---|---|
| Have hosting machine | | |
| Have an HTTP server | | |
| Have an application server | | |
| Have a database | | |
| Store complete webpages | | |
| Use templates to create pages | | |
How do web servers work?
Web servers work using the client-server model. When a device needs information hosted on a web server, it uses a web client to send an HTTP request to the latter. In turn, the web server locates the necessary data and sends a response back to the web client, which displays it to the end user. A typical request-response process could look like this:
01
The user types in a URL in their web browser.
02
The web browser resolves the web server’s IP address from a DNS server or its own cache.
03
The browser sends an HTTP request to the web server for a specific resource.
04
If the web server is static, it responds by sending the whole page to the user.
04
If the web server is dynamic, it sends a request to the application server to fill out a template, which it does by drawing on information from a dynamic database. The web server responds to the browser by sending the completed webpage.
06
The web browser displays the received content to the user.
What is the main function of a web server?
The primary function of web servers is to process requests from clients — namely, to retrieve a specific web resource from the data stored on the server and send it back to the user agent (usually a browser like Chrome or Firefox). Since these user requests are typically made using the HTTP or HTTPS web protocols, virtually every software web server is also an HTTP server.
In addition to storing web resources and processing client requests, some web servers may also be tasked with performing the following functions:
Provide virtual hosting
A web server can host multiple websites on a single machine, allowing different domains to share the same physical or virtual infrastructure. A web server can also host web-based applications.
Offer server-side scripting
Some web servers support server-side scripting (for example, using PHP, Python, or Node.js) to generate dynamic web pages based on user interactions and database content.
Control bandwidth
A web server can help regulate network traffic to balance loads.
What are web servers used for?
Web servers are mainly used for hosting websites and their web pages (plus additional content like applications) and delivering web content to online users. Web servers do not need to cater to large organizations or mass services — personal web servers at home can enhance many parts of a user’s online experience. Running a dedicated home server can make content available 24/7 to anyone with an internet connection.
Web server examples
Most web servers fit into one of four major classifications, based on the service provider, operating system used, and features offered:
Apache web server
Also known as an Apache HTTP server, this open-source, modular software works on multiple platforms. As a result, it’s one of the most popular web servers worldwide.
Linux web server
Known for its exceptional flexibility, the open-source Linux web server software allows for consistent, high-speed delivery of static and dynamic content to users.
NGINX web server.
Another open-source web server, NGINX is more lightweight than other server types, making it better-suited for delivering static web content. Web browsers that interact with NGINX servers can also benefit from features like email proxy or reverse proxy services.
IIS web server
Microsoft’s Internet Information Service (IIS) is the web server of choice for Windows operating systems. It’s mainly used as part of static web servers, FTP servers, or application servers looking to host PHP scripts. IIS web servers also support dynamic applications.
Want to keep learning?
Subscribe to our newsletter for cybersecurity news and online privacy tips.
Best web server security practices
Web servers make desirable targets for cybercriminals, making web server security an important consideration for organizations that wish to prevent unauthorized access. Although many web servers are protected with a firewall, IT personnel can further reduce the risk of cyber threats like malicious web shells by implementing the following security practices:
Stronger passwords for web server management tools
To prevent unauthorized access, passwords must be complex and only given to trusted users and personnel.
More secure web protocols
HTTPS communications (which rely on SSL and TLS protocols) are encrypted and more secure than standard HTTP, offering better protection for both the web server and the users who try to access its content.
Regular updates
DNS blocking helps prevent access to harmful websites by filtering out known malicious domains. It’s an effective way to restrict access to phishing sites and malware hosts.
Reverse proxies
A reverse proxy acts as an intermediary between web clients and their intended web servers, protecting potentially vulnerable internal servers from outside attacks. They can also balance traffic loads.
Secure Shell
Secure Shell (SSH) encryption provides additional security when logging in to remote web servers.
Frequently asked questions
Online security starts with a click.
Stay safe with the world’s leading VPN
