Multi-threaded HTTP Server

This is a multi-threaded HTTP server implementation using Python socket programming. The server can handle multiple concurrent clients, serve static files, process JSON POST requests, and includes security measures to prevent directory traversal attacks.

Features

1. Server Configuration

   • Runs on localhost (127.0.0.1) by default on port 8080
   • Accepts command-line arguments for port, host, and thread pool size
   • Example: python server.py 8000 0.0.0.0 20

2. Socket Implementation

   • Uses TCP sockets for communication
   • Binds to specified host and port
   • Listens for incoming connections with a queue size of 50
   • Properly manages socket lifecycle

3. Multi-threading & Concurrency

   • Thread pool implementation with configurable maximum size (default: 10 threads)
   • New client connections are assigned to available threads
   • Connections are queued when thread pool is saturated
   • Proper synchronization using locks to prevent race conditions

4. HTTP Request Handling

   • Parses HTTP requests to extract method, path, version, and headers
   • Supports GET and POST methods
   • Returns 405 "Method Not Allowed" for other methods
   • Handles requests up to 8192 bytes in size

5. GET Request Implementation

   • Serves HTML files from the resources directory
   • Serves index.html by default when root path / is requested
   • Supports binary file transfer for images (PNG, JPEG) and text files (TXT)
   • Sets appropriate Content-Type headers:
     • .html → text/html; charset=utf-8 (rendered in browser)
     • .txt, .png, .jpg, .jpeg → application/octet-stream (downloaded as files)
   • Returns 415 "Unsupported Media Type" for other file types

6. POST Request Implementation

   • Accepts only application/json Content-Type
   • Parses and validates JSON from request body
   • Returns 400 "Bad Request" for invalid JSON
   • Returns 415 "Unsupported Media Type" for non-JSON content
   • Creates files in resources/uploads/ directory with format: upload_[timestamp]_[random_id].json
   • Returns 201 "Created" with file path in response body

7. Security Requirements

   • Path traversal protection by validating and canonicalizing paths
   • Blocks requests containing "..", "./", or absolute paths
   • Returns 403 "Forbidden" for unauthorized path access attempts
   • Host header validation to ensure requests are made to the correct server address
   • Returns 400 "Bad Request" for missing Host header
   • Returns 403 "Forbidden" for mismatched Host header

8. Connection Management

   • Keep-Alive support based on Connection header
   • Connection timeout of 30 seconds for persistent connections
   • Maximum of 100 requests per persistent connection
   • Includes Keep-Alive header with timeout and max values in responses

Implementation Details

Binary Transfer Implementation

The server handles binary file transfers by:

1. Opening files in binary mode (rb)
2. Reading the entire file content as bytes
3. Setting appropriate headers:
   • Content-Type: application/octet-stream
   • Content-Length: Size of the file in bytes
   • Content-Disposition: attachment; filename="[filename]"
4. Sending both headers and binary content as bytes

Thread Pool Architecture

The server implements a thread pool with the following characteristics:

1. Fixed number of worker threads (configurable)
2. Connection queue for when all threads are busy
3. Lock-based synchronization for shared resources
4. Daemon threads to ensure proper cleanup on server shutdown

Security Measures

1. Path Validation: All requested paths are validated to prevent directory traversal
2. Host Validation: Every request must have a valid Host header matching the server
3. File Type Restriction: Only specific file types are served
4. Logging: Security violations are logged for monitoring

Known Limitations

1. The server does not support HTTPS
2. Limited file type support (only HTML, TXT, PNG, and JPEG)
3. No authentication or authorization mechanisms
4. No caching mechanisms implemented
5. No support for chunked transfer encoding
6. Basic error handling without detailed error pages

Testing

The server has been tested with the following scenarios:

1. Basic Functionality

   • ✅ GET / → Serves resources/index.html (displayed in browser)
   • ✅ GET /about.html → Serves HTML file
   • ✅ GET /contact.html → Serves HTML file
   • ✅ GET /logo.png → Downloads PNG file as binary
   • ✅ GET /photo.jpg → Downloads JPEG file as binary
   • ✅ GET /sample1.txt → Downloads text file as binary
   • ✅ POST /upload with JSON → Creates file in uploads directory
   • ✅ GET /nonexistent.png → Returns 404
   • ✅ PUT /index.html → Returns 405

2. Security Tests

   • ✅ GET /../etc/passwd → Returns 403
   • ✅ GET /./././../config → Returns 403
   • ✅ Request with Host: evil.com → Returns 403
   • ✅ Request without Host header → Returns 400

3. Concurrency Tests

   • ✅ Handle multiple simultaneous file downloads
   • ✅ Queue connections when thread pool is full

How to Run

1. Clone this repository

2. Run the server with default settings:

   python server.py
   

3. Or run with custom settings:

   python server.py [port] [host] [max_threads]
   

   Example:

   python server.py 8000 0.0.0.0 20
   

4. Access the server at http://127.0.0.1:8080 (or your specified host and port)

Directory Structure

project/
├── server.py
├── README.md
├── resources/
│   ├── index.html
│   ├── about.html
│   ├── contact.html
│   ├── sample1.txt
│   ├── sample2.txt
│   ├── logo.png
│   ├── photo.jpg
│   ├── image.jpeg
│   ├── image2.png
│   └── uploads/  (directory for POST uploads)

Requirements

• Python 3.x