A production-ready, multi-threaded HTTP/1.1 server built from scratch
Demonstrating advanced Python networking, concurrent programming, security implementation
This project showcases a complete HTTP server implementation. Built entirely from scratch using Python's standard library, it demonstrates :
- System Programming - Low-level socket programming and network protocols
- Concurrent Programming - Multi-threading with bounded thread pools
- Security Engineering - Comprehensive security measures and attack prevention
- Production Operations - Monitoring, logging, and deployment automation
- Modern DevOps - Production deployment and monitoring practices
See it in action! Run the comprehensive test suite to showcase all features:
# Start the server
python server.py 8080 127.0.0.1 4
# Run the comprehensive test suite
python final_demo_test.pyDemo Output:
Screenshots:
- β Persistent Connections - Keep-alive with 30-second idle timeout
- β Request Limits - Maximum 100 requests per connection
- β Proper Headers - Connection, Keep-Alive, Content-Type, Content-Length
- β Status Codes - 200, 201, 400, 403, 404, 405, 415, 503
- β Thread Pool - Fixed-size worker thread pool with bounded queue
- β Graceful Degradation - 503 responses when thread pool is saturated
- β Connection Management - Efficient socket handling and cleanup
- β Resource Optimization - Bounded queue prevents memory exhaustion
- β High Throughput - 500+ requests/second capability
- β
Path Traversal Protection - Blocks
../and percent-encoded attacks - β Host Header Validation - Prevents Host header injection attacks
- β Input Sanitization - JSON validation and content-type checking
- β Security Logging - Comprehensive audit trail for security violations
- β Rate Limiting - Per-IP rate limiting with burst protection
- β Request Size Limiting - DoS protection with configurable limits
- β CORS Support - Cross-origin resource sharing for web applications
- β Security Dashboard - Real-time attack monitoring and visualization
- β Thread Tracking - Real-time thread status monitoring
- β JSON Logging - Structured logging for analysis
- β Security Audit - Detailed security violation logging
- β Performance Metrics - Request timing and thread utilization
- β Response Time Tracking - Per-request performance monitoring
- β Memory Monitoring - System resource usage tracking
- β
Prometheus Metrics -
/metricsendpoint for monitoring systems - β Connection Pooling - Efficient resource management
- β Unit Tests - 28+ tests with 100% pass rate
- β Integration Tests - Complete end-to-end testing
- β Load Testing - Thread pool saturation and 503 behavior
- β Security Testing - Path traversal and Host header validation
- β Performance Testing - Concurrent request handling
- Python 3.11 or higher
- No external dependencies (uses only standard library)
# Clone the repository
git clone https://github.com/ujjwaljain16/multi-threaded-http-server.git
# Install dependencies (optional - for monitoring features)
pip install -r requirements.txt# Basic usage (default: 127.0.0.1:8080, 10 threads)
python server.py
# Custom configuration
python server.py 9090 0.0.0.0 20# Get performance metrics
curl http://127.0.0.1:8080/metrics
# View security dashboard
curl http://127.0.0.1:8080/security-dashboard
# Test CORS
curl -H "Origin: http://localhost:3000" http://127.0.0.1:8080/
# Test advanced features
python test_advanced_features.pyThis project includes comprehensive documentation:
- Technical Documentation - Implementation details, architecture, and technical specifications
βββ server.py # Main server entry point
βββ server_lib/ # Core server modules
β βββ __init__.py # Package initialization
β βββ http_parser.py # HTTP request parsing
β βββ threadpool.py # Thread pool implementation
β βββ security.py # Security and validation
β βββ response.py # HTTP response building
β βββ logger.py # Enhanced logging system
β βββ metrics.py # Performance metrics collection
β βββ metrics_endpoint.py # Metrics API endpoint
β βββ rate_limiter.py # Rate limiting implementation
β βββ request_limiter.py # Request size limiting
β βββ cors.py # CORS support
β βββ security_dashboard.py # Security monitoring dashboard
β βββ connection_pool.py # Connection pooling
β βββ utils.py # Utility functions
βββ resources/ # Static files and samples
β βββ index.html # Professional homepage
β βββ about.html # Technical documentation
β βββ contact.html # Interactive API testing
β βββ logo.png # Logo image
β βββ photo.jpg, photo2.jpg # Sample images
β βββ big.png # Large image for testing
β βββ readme.txt # Text file for testing
β βββ sample.txt # Sample text file
β βββ sample_data.json # Sample JSON data
β βββ simple_test.json # Test JSON file
β βββ test_payload.json # Test payload
β βββ uploads/ # POST upload directory
β βββ upload_*.json # Uploaded files
βββ final_demo_test.py # Comprehensive test suite (28 tests)
βββ quick_test.py # Quick functionality test
βββ requirements.txt # Python dependencies
βββ REQUIREMENTS_CHECKLIST.md # Requirements verification
βββ TECHNICAL_DOCUMENTATION.md # Technical implementation docs
βββ THEORETICAL_DOCUMENTATION.md # Theoretical concepts docs
βββ security.log # Security violation logs
βββ README.md # This file
| Method | Endpoint | Description | Status |
|---|---|---|---|
GET |
/ |
Homepage with features showcase | 200 OK |
GET |
/about.html |
Technical documentation | 200 OK |
GET |
/contact.html |
Interactive API testing | 200 OK |
GET |
/readme.txt |
Text file download | 200 OK |
GET |
/sample.txt |
Sample text file | 200 OK |
GET |
/logo.png |
Logo image file | 200 OK |
GET |
/photo.jpg |
Sample image | 200 OK |
GET |
/photo2.jpg |
Sample image | 200 OK |
GET |
/big.png |
Large image for testing | 200 OK |
GET |
/sample_data.json |
Sample JSON data | 200 OK |
GET |
/simple_test.json |
Test JSON file | 200 OK |
GET |
/test_payload.json |
Test payload | 200 OK |
GET |
/metrics |
Performance metrics | 200 OK |
GET |
/security-dashboard |
Security monitoring | 200 OK |
POST |
/upload |
JSON data upload | 201 Created |
# Get homepage
curl http://127.0.0.1:8080/
# Download text file
curl -O http://127.0.0.1:8080/readme.txt
# Download image
curl -O http://127.0.0.1:8080/logo.png
# Get JSON data
curl http://127.0.0.1:8080/sample_data.json
# Upload JSON
curl -X POST -H "Content-Type: application/json" \
-d '{"test": "data"}' http://127.0.0.1:8080/upload
# Get metrics
curl http://127.0.0.1:8080/metrics
# View security dashboard
curl http://127.0.0.1:8080/security-dashboard
# Test security (should return 403)
curl http://127.0.0.1:8080/../etc/passwdpython server.py [port] [host] [thread_pool_size]-
port: Server port (default: 8080) -
host: Server host (default: 127.0.0.1) -
thread_pool_size: Number of worker threads (default: 10
