The bugs that can strike a database can also affect a web server. Of course, many web servers are part of client/server applications that query back-end database servers to service client requests. So, anything affecting the database server will have an adverse effect on the web server as well. However, there are many other places within the web server environment where things might go awry. There are many new places for bugs to crop up, including in the Common Gateway Interface (CGI), Perl, Java, JavaScript, or Active Server Page (ASP) code that manages the web page. If some set of circumstances causes a CGI program to get stuck in a loop, the web page it manages will never display, most likely causing the user to try another site. New technology turns up all over the world of web servers. Much of this technology has been tested in a relatively short time by lots of users, and so it is often quite reliable. However, web server refers to a collection of applications: the httpd or web server that handles requests for items on a web page (hits) and returns the HTML or image files; the CGI scripts that get executed to generate web pages or take action on forms or other postings from web clients; and whatever back-end database or file servers are used to manage the content and state information on the web site. A failure in any of these components appears to be a web site failure. Sitting in front of the web server, load-balancing hardware and software may be used to distribute requests over multiple, identical web servers, and on the client side a proxy cache server sits between a client and server and caches commonly accessed pages so that requests don’t have to go outside of the client’s network. Again, these systems can fail, making it appear that the web server has gone away. Much like database servers, disks, filesystems, and logs can fill; memory or CPU can be exhausted; and other system resources can run out, causing hangs, crashes, unresponsiveness, and other nasty behavior.

How do your CGI programs react if they cannot write to a required file? Or if they don’t get a necessary response from some upstream application? Make sure they continue to operate. Usually a web server is a front end for an application server, that nexus of business logic, data manipulation routines, and interfaces to existing back-end systems that does the “heavy lifting” of a web site. In the Java world, application servers are the frameworks that run the J2EE environment. The overall reliability of the application server is a function of all of the components that are layered on top of it. If you’re using J2EE, for example, but call a non-Java native method written in C or C++, that code poses a risk to the application server. Step on memory with some poorly written native code and it’s possible to corrupt the memory footprint of the application server. Since web and application servers represent the top of the software stack, they’re affected by the reliability and correct operation of all of the network pieces underneath them. Peter Deutsch, networking, security, and risk evaluation expert, points out that you can’t control the security, reliability, or latency of a network. Furthermore, there’s rarely a single point of control or single point of accountability for a network of systems.

Denial-of-Service Attacks

Not all problems involve the failure of a component. Making a resource unavailable to requestors is just as harmful to system availability as having that resource crash or fail. For example, a web server that is being bombarded by an exceptionally high request rate, absorbing all of the network connection capacity of the servers, appears to have failed to any web users attempting to access it. It hasn’t failed in the downtime sense, but it has been made unavailable through a denial-of-service (DoS) attack. DoS approaches have been well known in security circles for several years, and in February 2000, the first wide-scale distributed DoS (DDoS) attack known as trin or trin00 affected several popular web sites. DoS attacks consume all available bandwidth for a given resource, ranging from network bandwidth and network connections to web server request handling and database requests.

The following are some characteristic DoS attacks:

Network bandwidth flooding. A torrent of packets, valid or garbage, consumes all of your incoming network bandwidth. This type of attack typically causes routers or switches to begin dropping legitimate traffic.

Network connection flooding. An attempt by an attacker to send a series of ill-formed connection requests, filling up the incoming connection queue on web servers, database servers, or other back-end machines. The half-completed connection requests remain enqueued until they timeout, and of course more requests arrive during that interval, keeping the server’s network stack overloaded.

CGI or web interface abuse. A script or utility accessed by your web server is called repeatedly, or called with arguments that cause it to consume CPU, memory, or network resources. In many cases, these attacks may be signs of a security intrusion, with an attacker looking for a mail relay or other unsecured entry point. The SQLslammer attack in early 2003 fit this model loosely, with incoming requests attempting to access back-end database servers through well-known interfaces on publicfacing web sites.

DoS attacks are likely to become more common. Vendors frequently offer patches or workarounds for the more common DoS approaches; for example, one way to combat the network connection flooding attack is to put in-progress connections in a separate queue and then prune the badly behaved connections out of the queue at shorter intervals, freeing up connection slots for real work.

Confidence in Your Measurements

Measuring the availability of a system, or making investment decisions aimed at improving that availability, depends on having confidence in the data you collect. The relative value of your measurements is colored by three factors: Is the metric the right one, is the metric valid over time, and can you use the metric to drive a process of improvement?