Appweb™ — for Embedded Web Applications

Appweb is an embedded web server for web applications. It is blazing fast and has an extensive suite of security features. Appweb is optimized for hosting dynamic embedded web applications via an event-driven, multi-threaded core to deliver rapid response, fast throughput and effective memory utilization. It is compact and will embed using as little as 2MB of memory (typical 2-4MB).

Appweb has a strong set of features including: HTTP/1, HTTP/2, SSL/TLS, basic and digest authentication, virtual hosting, loadable modules, sandbox resource limits, logging, service monitoring process and extensive configuration and compilation controls. Appweb supports a wide variety of web frameworks including: ESP — the amazing "C" web framework, PHP, Python, Perl and CGI.

As one of the most widely deployed embedded web servers, Appweb is being used in networking equipment, telephony, mobile devices, consumer and office equipment as well high-speed web services.

Appweb Benefits and Features:

• Rapid Development. Appweb is the easiest and most cost-effective way to create dynamic device management applications. Appweb has all the features needed for embedded web applications so your development and post-release maintenance costs will be significantly lowered.

• Minimal Resource Requirements. Appweb is exceptionally fast and compact (from 2MB). It demands minimal resources from your system so your system can devote vital system resources to running your applications.

• Flexible Development Environment. Appweb is highly modular so you can choose the features you require. It supports both run-time module loading and extensive compile time controls for those who wish to rebuild from source.

• Security and Reliability. Appweb is one of the most widely deployed embedded web servers with a large body of users testing and hammering on the code. It has an extensive regression test suite that stresses the product well beyond the limits encountered in normal operation. Features like SSL/TLS, Authentication, sandbox directives and defensive counter-measures limit your exposure to potential attacks.

• Performance . Fastest performance in its class with an event-driven, multi-threaded core. Uses arena-based memory allocator to prevent memory leaks and offer the highest performance. Over 40,000 requests per second on a PC class device.

• Standards Compliance. Appweb supports HTTP/1.0, HTTP/1.1, HTTP/2, CGI/1.1, SSL RFC 2246, HTTP RFC 2617.

• Portable . Appweb has been ported to Linux, Windows, Mac OS and BSD and supports the following CPU architectures: ARM, MIPS, i386/X86/X86_64, PowerPC, SH and Sparc.

Embedded Device Applications

When used in embedded devices or applications, web servers must assume they are secondary to the essential functions that the device or application must perform. As such, the web server must minimize its resource demands and should be deterministic in the load it places on a system.

Appweb excels in this regard and is:

• Fast and compact with a small memory footprint (from 2MB, typical 2-4MB).
• Minimal in its demand on system resources — via configurable resource limits.
• ESP C web framework is the utmost in run-time efficiency without compromising developer features.
• Secure by design and by default.

Appweb Internals

The core of Appweb is an event-driven, multi-threaded HTTP pipeline above which modules are loaded to provide content specific handling and to extend its functionality.

Appweb has the following features:

• High performance multi-threaded core.
• Modular architecture with dynamic module loading.
• HTTP/1, HTTP/2 and WebSockets support.
• Flexible request pipeline with filters.
• Dedicated memory allocator and garbage collector for fast allocations that helps to eliminate memory leaks.
• Portable runtime layer to isolate platform dependencies.
• Sandboxing to limit resource consumption for more robust operation.
• Safe secure runtime to prevent common security vulnerabilities like buffer overrun exploits.
• Apache compatible configuration.
• Extensive logging and debug trace.

Request Pipeline

Appweb has an efficient, zero-copy request pipeline to process requests and generate responses. This consists of a mechanism of queues, packets, buffering and event scheduling. The pipeline architecture is highly optimized and uses sendfile, async I/O and vectored, scatter/gather writes to the network to avoid the costly aggregation of data and headers in a single buffer before writing to the network.

Security

Some web servers have become more secure by a painful process of discovery. While it is no guarantee, we believe that developing a web server to be secure by design is easier than trying to engineer-in security after the fact. For embedded web servers, the task is even more difficult, as it must be done without increasing memory footprint or degrading performance.

Appweb is designed to be secure from the foundation up, by using a secure Portable Runtime (MPR). The MPR is a cross-platform layer that permits over 97% of the Appweb code to be portable. It includes many mechanisms to assist in the creation of secure application. One such facility is a safe string and buffer handling module to help eliminate buffer overflows that have plagued many products.

Sandboxing

Appweb closely controls its use of system resources via a technique known as "sandboxing". This means running the web server within tightly controlled limits so that request errors will not compromise system operation. Appweb has also been hardened against several common denial of service attacks.

Appweb can be configured to:

• Limit memory use and not grow beyond predefined memory limits
• Reject requests that are too large
• Reject URLs that are too long
• Be run by a designated user account or user group

To build on this foundation, Appweb also provides a Secure Sockets Layer and Digest authentication and defensive counter-measures.

Learn More?

To learn more about Appweb, please read:

• Appweb Download
• Appweb Documentation