A comprehensive HTTP server implementation using low-level socket programming with multi-threading support, binary file transfers, and security features.
- Socket Programming: Low-level TCP socket implementation with proper lifecycle management
- Multi-threading: Custom thread pool with configurable size for concurrent connections
- HTTP/1.1 Protocol: Full support including persistent connections and proper header parsing
- Binary Transfers: Efficient binary file serving for images and documents
- JSON Processing: POST endpoint for JSON data upload and storage
- Path Traversal Protection: Blocks dangerous patterns like
..,./, etc. - Host Header Validation: Prevents host header injection attacks
- Request Size Limits: 8KB maximum request size to prevent DoS
- Safe Path Resolution: Canonicalized paths confined to resources directory
- Thread Pool: Prevents thread creation overhead with worker pool
- Connection Persistence: Keep-Alive support reduces connection overhead
- Connection Queuing: Graceful handling when thread pool is saturated
- Efficient Buffering: Optimized for large file transfers
- Python 3.7 or higher
- No external dependencies for the server
- PIL/Pillow optional for generating test images
# Clone or download the project
cd http-server
# Ensure resources directory exists
mkdir -p resources/uploads
# Make server executable
chmod +x server.pyBasic usage (defaults to localhost:8080):
python3 server.pyWith custom configuration:
python3 server.py [port] [host] [thread_pool_size]
# Examples:
python3 server.py 8000 # Port 8000, localhost, 10 threads
python3 server.py 8000 0.0.0.0 # Port 8000, all interfaces, 10 threads
python3 server.py 8000 127.0.0.1 20 # Port 8000, localhost, 20 threads- port (optional): Port number to bind to (default: 8080)
- host (optional): Host address to bind to (default: 127.0.0.1)
- thread_pool_size (optional): Maximum number of worker threads (default: 10)
http-server/
├── server.py # Main server implementation
├── README.md # This file
├── resources/ # Static file directory
│ ├── index.html # Default landing page
│ ├── about.html # About page
│ ├── contact.html # Contact demonstration page
│ ├── sample.txt # Sample text file for download
│ ├── readme.txt # Resources documentation
│ ├── logo.png # PNG image (400x400)
│ ├── large_image.png # Large PNG (>1MB) for testing
│ ├── photo.jpg # JPEG image
│ ├── landscape.jpg # Another JPEG image
│ └── uploads/ # Directory for POST uploads
├── create_simple_images.py # Image generation script
└── test_client.py # Testing utilities
/or/index.html- Main landing page/about.html- About page/contact.html- Contact page- Any
.htmlfile in resources directory
/sample.txt- Text files served as binary/logo.png- PNG images/photo.jpg- JPEG images- Any
.txt,.png,.jpg,.jpegfile
- Endpoint:
/upload - Content-Type:
application/json - Response: 201 Created with file path
Example:
curl -X POST http://localhost:8080/upload \
-H "Content-Type: application/json" \
-d '{"test": "data", "value": 123}'HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Content-Length: [size]
Date: [RFC 7231 date]
Server: Multi-threaded HTTP Server
Connection: keep-alive
Keep-Alive: timeout=30, max=100
[HTML content]HTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-Length: [size]
Content-Disposition: attachment; filename="file.png"
Date: [RFC 7231 date]
Server: Multi-threaded HTTP Server
Connection: keep-alive
[binary data]- 400 Bad Request: Malformed request or missing Host header
- 403 Forbidden: Path traversal attempt or invalid Host
- 404 Not Found: Resource doesn't exist
- 405 Method Not Allowed: Unsupported HTTP method
- 415 Unsupported Media Type: Invalid Content-Type or file type
- 500 Internal Server Error: Server-side errors
- 503 Service Unavailable: Thread pool exhausted
The server uses a custom thread pool implementation:
- Worker threads wait on a task queue
- New connections are submitted to the pool
- Connections queue when all threads are busy
- Proper synchronization with locks
- Graceful shutdown handling
Binary files are handled specially:
- Files read in binary mode (
rb) - Content-Type set to
application/octet-stream - Content-Disposition header triggers download
- Full file content sent in response body
- Maintains data integrity for all file types
-
Path Validation:
- Remove query strings
- Check for dangerous patterns
- Resolve to absolute path
- Verify within resources directory
-
Host Header Validation:
- Required for all requests
- Must match server's configured host
- Prevents host header injection
-
Request Limits:
- Maximum 8KB request size
- Connection timeout after 30 seconds
- Maximum 100 requests per connection
- HTTP/1.1 defaults to Keep-Alive
- HTTP/1.0 defaults to close
- Connection header overrides default
- Timeout after 30 seconds of inactivity
- Maximum 100 requests per persistent connection
# Test HTML serving
curl http://localhost:8080/
curl http://localhost:8080/about.html
# Test binary downloads
curl -O http://localhost:8080/logo.png
curl -O http://localhost:8080/sample.txt
# Test POST with JSON
curl -X POST http://localhost:8080/upload \
-H "Content-Type: application/json" \
-d '{"test": "data"}'
# Test error responses
curl http://localhost:8080/nonexistent.html # 404
curl -X PUT http://localhost:8080/ # 405
curl http://localhost:8080/../etc/passwd # 403# Multiple simultaneous downloads
for i in {1..10}; do
curl -O http://localhost:8080/large_image.png &
done
# Multiple POST requests
for i in {1..5}; do
curl -X POST http://localhost:8080/upload \
-H "Content-Type: application/json" \
-d '{"request": '$i'}' &
done# Path traversal attempts (should return 403)
curl http://localhost:8080/../../../etc/passwd
curl http://localhost:8080/../../sensitive.txt
curl http://localhost:8080//etc/hosts
# Host header validation (should return 403)
curl -H "Host: evil.com" http://localhost:8080/
# Missing host header (should return 400)
curl -H "Host:" http://localhost:8080/# Test Keep-Alive
curl -v http://localhost:8080/ http://localhost:8080/about.html
# Large file transfer
time curl -O http://localhost:8080/large_image.png
# Thread pool saturation
for i in {1..20}; do
(sleep 1; curl http://localhost:8080/) &
doneThe server provides comprehensive logging with timestamps:
[2024-03-15 10:30:00] HTTP Server started on http://127.0.0.1:8080
[2024-03-15 10:30:00] Thread pool size: 10
[2024-03-15 10:30:15] [Thread-1] Connection from 127.0.0.1:54321
[2024-03-15 10:30:15] [Thread-1] Request: GET /logo.png HTTP/1.1
[2024-03-15 10:30:15] [Thread-1] Host validation: localhost:8080 ✓
[2024-03-15 10:30:15] [Thread-1] Sending binary file: logo.png (34171 bytes)
[2024-03-15 10:30:15] [Thread-1] Response: 200 OK (34171 bytes transferred)
[2024-03-15 10:30:15] [Thread-1] Connection: keep-alive
- File Types: Only supports HTML, TXT, PNG, and JPEG files
- Request Size: Limited to 8KB for security
- Methods: Only GET and POST are implemented
- Chunked Encoding: Not supported
- Compression: No gzip/deflate support
- HTTPS: No TLS/SSL support (HTTP only)
- WebSocket: Not supported
- Check if port is already in use:
lsof -i :8080 - Ensure Python 3.7+ is installed:
python3 --version - Verify resources directory exists
- Check file exists in resources directory
- Ensure file extension is supported (.txt, .png, .jpg)
- Verify no path traversal patterns in URL
- Confirm Host header matches server address
- Check firewall isn't blocking the port
- Verify thread pool isn't exhausted (check logs)
- Ensure Content-Type is
application/json - Verify JSON is valid
- Check uploads directory exists and is writable
This project is created for educational purposes as part of a Computer Networks course assignment.
Multi-threaded HTTP Server Implementation Computer Networks Project Assignment