1. What is a Web Server?

• A web server is software that listens for HTTP/HTTPS requests and serves responses (HTML, JSON, files, APIs).
• Acts as the middle layer between:
  • Client (browser)
  • Backend application (PHP, Python, Node.js, ASP.NET)
  • Database

📌 Example:

When you type https://example.com → request goes to the web server, which forwards it to the app and sends the response back.

2. Common Web Servers

🔹 Apache HTTP Server

• Oldest & most widely used.
• Modules-based (e.g., mod_rewrite, mod_php).
• Config file: .htaccess and httpd.conf.
• Runs PHP apps (WordPress, Joomla, etc.).

⚠️ Pentesting Weaknesses:

• Directory traversal if misconfigured.
• .htaccess exposure.
• Dangerous modules (e.g., mod_cgi → RCE).
• Verb tampering (HTTP TRACE enabled).

🔹 Nginx