This article has multiple issues. Please help talk page. (Learn how and when to remove these template messages)( or discuss these issues on the Learn how and when to remove this template message)
|Original author(s)||Hugo Leisink|
10.8.3 / 16 September 2018
|Operating system||FreeBSD, Haiku os, HP-UX, IBM AIX, Linux, OpenBSD, OS X, QNX, Solaris, Unix-like and Windows|
Hiawatha started in January 2002 as a small web server, suitable for servers with old hardware. Leisink, a computer science student at the time, initially created the server to support Internet servers in student houses in Delft of South Holland, the Netherlands. As the server was designed with improved security as its focus, Leisink states that "there are a lot of security features in Hiawatha you won't find in any other webserver."
The author has said "I know for a long time that vulnerabilities [exist in other web servers] . [One thing] that bothers me: the runtime of a CGI. A CGI process [under other web servers] can run forever. A single CGI script can DoS a webserver. A system administrator is needed to kill the script. And what about a client [or hacker] that keeps on guessing passwords for HTTP authentication? These kind of issues inspired me to create Hiawatha, with settings for maximum request sending time, maximum CGI run time, client banning, etc. Features that, in my opinion, every daemon should have."
The January 2009 edition of Linux Magazine included an article on the Hiawatha web server, describing it as "a light web server with good performance and some innovative security functions". Hiawatha is frequently cited as a lightweight alternative to Apache, as it prioritizes easy installation and reduced storage over including many other additional features.
Hiawatha web server implements all important functions of a modern web server, such as:
Hiawatha has many security features that no other web server has, like preventing SQL-injection, cross-site scripting (XSS), Cross-site request forgery (CSRF) prevention, denial-of-service protection, control external image linking, banning of potential hackers and limiting the runtime of CGI applications. The author worked on RFC3546 support, but "the OpenSSL documentation [on this subject] is just extremely poor" so progress was difficult. Although, RFC3546 support has been included since v8.6 version which is developed with PolarSSLv1.2.
Although security is the main focus, Hiawatha users also speak highly of its speed and performance. According to a performance test carried out by an independent researcher (SaltwaterC), Hiawatha is faster than the ten other servers tested for Drupal static content, while performing comparably to the rest in other metrics. Hiawatha supports load-balanced FastCGI and had its own PHP-FastCGI utility, although the latter has been deprecated and replaced with the PHP project's FastCGI Process Manager (PHP-FPM). This makes it fast and scalable for handling dynamic content.
Manage research, learning and skills at defaultlogic.com. Create an account using LinkedIn to manage and organize your omni-channel knowledge. defaultlogic.com is like a shopping cart for information -- helping you to save, discuss and share.