Abyss Web Server: A reliable Web server providing advanced security, easy configuration, and multilanguage scripting support
Aprelium’s sleepy Web server is an economic and reliable offering that provides advanced security, easy configuration, and support for most scripting languages. If you’re looking for an Apache alternative, this is one to consider.
If you’re looking for a simple but powerful Web server, Abyss from Aprelium Technologies may be worth considering. The Abyss Web server supports CGI scripts, authentication, and just about every other commonly used feature of Apache. Abyss makes configuration easy, so if your needs fall within the capabilities of this canned Web server, you may save a tremendous amount of time.
The Abyss Web server supports a wide range of platforms: Windows (all versions), FreeBSD, Mac OS X, and Linux. Unfortunately, the source code is not public, so you can’t build it on any enterprise Unix systems. Although this server can certainly operate a production Web site, it is more commonly used for quickly setup testbeds. Getting Apache running with SSI, Perl, PHP, and ASP support can take at least a day. Abyss, unlike Apache, natively supports ASP and other popular scripting languages, which means a simple simple setup and time saved.
Abyss is not open source, but a free-of-charge version does exist. Unlike other “free” applications, Abyss’s free Web server is the same as the pay version. The pay version isn’t expensive and it comes with priority support, so it’s basically a support contract. Aprelium advertises that the pay version also comes with updates, but it isn’t clear what this really means. We suspect it means the commercial version gets updates periodically, while the free version is just updated when a new version is released.
Abyss’s thorough documentation is complete with screen shots and detailed installation and operation instructions. Windows and MacOS X versions come with an installer. Linux and FreeBSD seem to be an afterthought, as Abyss doesn’t provide much in the way of installation capabilities. It comes with a precompiled binary, which the admin must run. To stop the Web server, he or she must “Hit CTRL-C.” The Linux and FreeBSD versions do have the same GUI configuration tool as Windows and OS X, which is based on GLIBC 2.1. There is also a remote administration utility, accessible via a special Web page that obviously works the same across different operating systems.
After the simple installation process, Abyss is nearly ready to serve pages. First, however, it must be configured with a hostname and port on which to run. Then familiar “htdocs” and “cgi-bin” directories invite the user to start storing HTML and CGI files. That’s the extent of configuration necessary to start serving HTML Web pages or ASP, PHP, Perl, and SSI applications. It really couldn’t be any easier.
The Web server is generally configured through the remote console (a Web page), which is quite intuitive and easy to use. Abyss supports bandwidth throttling, custom directory listings, and virtual hosts — features that aren’t always easy to configure in Apache. Abyss also boasts password protection, but with the lack of SSL support it’s probably safer to limit Web sites to certain IP addresses than to send your password in plain text. Limiting Web page access to specific IP addresses is simple to configure as well. As far as user authentication, Abyss doesn’t support system authentication, so users, groups, and passwords must be manually created within the server.
Another interesting feature of Abyss is its promise of security. The Web server dynamically identifies malicious activity and blocks further requests from the source of a possible attack. It also boasts a URL “cleansing” mechanism, by which malicious Unicode is identified and blocked before the Web server processes the request. Security compromises via Web servers are very common, and a product that places security first is very valuable. The most common attack is to pass some obfuscated Unicode URL that actually attempts to traverse to a different directory on the server (i.e., “../../root.exe”). If a server can identify and block this type of activity, the admin no longer has to worry about vulnerable CGI applications that allow it to happen.
Resiliency is also pre-configured. Strangely enough, this important feature is often disregarded in many products. Abyss creates an error report and automatically restarts the server should it crash. When faced with crashing servers of any other variety, administrators generally resort to writing a script that checks the server’s status every so often and restarts as necessary. Abyss takes care of this for you, and much faster. You’ll be notified of a crash via the report, and Abyss will restart in less than a second.
The bandwidth-throttling feature is very similar to Apache’s mod_bandwidth. Unfortunately, looking into this feature led us to the realization that Abyss’s claim of their free vs. pay products being created equal isn’t exactly true. The advanced features of bandwidth throttling are available only in the commercial version, also known as the Abyss Web Server X2. Furthermore, the advertised virtual hosting feature is available only in the X2 version. However, these features will likely be used only when the Abyss Web server is used for hosting production Web sites, so the missing features may not be an important consideration for enterprises that plan to use the free version as a testing or development server for programmers.
The bottom line is that Abyss is reliable, secure, and insanely easy to administer. This is a great list of attributes, and something that can’t be said about many Web servers on the market. Abyss isn’t customizable, but the features it does support are all configurable.
Pros: Reliable; Secure; Affordable; Easier than Apache to administer.
Cons: Lack of customizability; Divergence between the claim that the free version is identical to the pay version and reality.
Reviewed by: Charlie Schluting
Original Review Date: 9/29/2005
Original Review Version: 2.0.6