Skip to content

rohan-27p/HttpServer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
resources
resources
 
 
.gitignore
.gitignore
 
 
HttpServer.py
HttpServer.py
 
 
HttpServer.pyproj
HttpServer.pyproj
 
 
HttpServer.sln
HttpServer.sln
 
 
README.md
README.md
 
 

Repository files navigation

Multi-Threaded HTTP Server (Python)

Author: Jangam Rohan (24BCS10212)

Project: Final Project - Multi-Threaded HTTP Server Using Socket Programming

Overview

This project implements a multi-threaded HTTP server using Python sockets and threading. It handles multiple clients concurrently, serves HTML and binary files, processes JSON uploads via POST, and enforces HTTP/1.1 compliance with security protections.

Server Configuration

  • Default Host: 127.0.0.1
  • Default Port: 8080
  • Default Threads: 10

Usage

python HttpServer.py [PORT] [HOST] [MAX_THREADS]

Example:

python HttpServer.py 8000 0.0.0.0 20

Thread Pool & Concurrency

  • Implements a fixed-size thread pool for handling incoming connections.
  • Uses a shared connection queue (queue.Queue) for synchronization.
  • Each worker thread continuously picks and processes connections.
  • Logs all accepted, queued, and closed client connections.

Example Log:

[2025-10-10 19:38:09] [MainThread] Thread pool with 20 workers started.
[2025-10-10 19:38:09] [MainThread] Server started on http://127.0.0.1:8080
[2025-10-10 19:38:09] [MainThread] Serving files from 'resources' directory

Supported HTTP Methods

Method Description
GET Serves HTML, image (JPG/PNG), and text files from the resources/ directory.
POST Accepts JSON payloads, validates and stores them as .json files under resources/uploads/.

Other methods return 405 Method Not Allowed.

Directory Structure

HttpServer/
├── HttpServer.py
└── resources/
    ├── index.html
    ├── about.html
    ├── contact.html
    ├── sample.txt
    ├── images.jpg
    ├── favicon.ico
    └── uploads/

GET Request Handling

  • Serves files from resources/.
  • Default route /index.html.
  • Supports HTML rendering and binary downloads (images, txt files).
  • Implements path traversal protection using absolute path checks.

Example:

curl http://127.0.0.1:8080/index.html

POST Request Handling

  • Accepts only application/json.

  • Saves JSON body to resources/uploads/ with format:

    upload_<timestamp>_<id>.json

  • Returns a JSON confirmation:

    {
  "status": "success",
  "message": "File created successfully",
  "filepath": "/uploads/upload_20251010_203000_x7b9.json"
}

Example:

curl -X POST http://127.0.0.1:8080/upload \
     -H "Content-Type: application/json" \
     -d '{"name": "Rohan", "project": "HTTP Server"}'

Security Features

  • Blocks directory traversal attempts (../, ./, etc.).
  • Validates the Host header (must match server host and port).
  • Restricts access to files outside the resources/ directory.
  • Returns appropriate error codes: 400, 403, 404, 405, 415, 500.

Example blocked request:

curl --path-as-is http://127.0.0.1:8080/../../../etc/passwd
# → 403 Forbidden

Connection Management

  • Supports persistent connections (keep-alive).
  • Default: 30-second idle timeout.
  • Maximum: 100 requests per persistent connection.
  • Handles Connection: close gracefully.

Example:

[Worker-13] Request #1: GET /index.html HTTP/1.1
[Worker-13] Response: 200 OK for /index.html
[Worker-13] Request #2: GET /about.html HTTP/1.1
[Worker-13] Response: 200 OK for /about.html

Logging Format

Each log line contains a timestamp and thread name:

[2025-10-10 20:12:14] [Worker-15] Request #1: GET / HTTP/1.1
[2025-10-10 20:12:14] [Worker-15] Response: 200 OK for /index.html
[2025-10-10 20:12:44] [Worker-15] Closing connection with ('127.0.0.1', 42217) after serving 1 requests.

Test Scenarios

Test Expected Result
GET / Serves index.html
GET /about.html Serves about page
GET /images.jpg Downloads binary image
GET /nonexistent.html Returns 404
POST /upload (valid JSON) Saves JSON file, returns 201
POST /upload (non-JSON) Returns 415
GET /../etc/passwd Returns 403
Host: hecker.com Returns 403
Multiple simultaneous connections Handled by thread pool

Known Limitations

  • Files are read fully into memory before sending.
  • No 503 response for full connection queue (non-critical).
  • Limited MIME type mapping (only HTML, TXT, JPG, PNG, ICO).

Example Successful Run

2025-10-10 19:38:09 [MainThread] Thread pool with 20 workers started.
2025-10-10 19:38:09 [MainThread] Server started on http://127.0.0.1:8080
2025-10-10 19:38:47 [Worker-1] Request #1: GET /resources HTTP/1.1
2025-10-10 19:38:53 [Worker-1] Response: 404 Not Found
2025-10-10 19:46:11 [Worker-11] SECURITY: Path traversal attempt blocked ('/../../../etc/passwd').
2025-10-10 19:46:11 [Worker-11] Response: 403 Forbidden
2025-10-10 19:46:50 [Worker-13] Request #1: GET /index.html HTTP/1.1
2025-10-10 19:46:50 [Worker-13] Response: 200 OK for /index.html

License

This project is built for educational purposes. You are free to modify or distribute it with proper attribution.

© 2025 Jangam Rohan (RohanJ10212)

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

3 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages