CERN Accelerating science

NICEWWW, the service which implements web access to the NICE home directories, has been upgraded last September 2001. The new computer WEB10 has taken over the service from WEB2.

A new version of the NICEWWW gateway software (ISAPI filter) has replaced the current one. The following issues have been addressed in the ISAPI filter:

	file handle leak
	default page
	cache coherence
	performance optimized for Windows/2000 + IIS5
	use of non-registered site names
	directory browsing no longer returns link to root
	quality assurance

File handle leak

The ISAPI filter introduced during the summer contains a file handle leak such that the server will run out of non-pageable memory after a few weeks, depending upon load. This problem has been fixed.

Default page

The ISAPI filter now handles default pages as for the central server. Previously, only default.htm was recognized as a default page. Now, default.html, index.htm* and welcome.* are also supported. The reasons for supporting all these is for historical consistency between Windows and UNIX web servers.

Cache coherence

The NICEWWW computer is using a disk cache ( > 30 GB) in order to efficiently serve pages between the web browser and the home directory servers.

The biggest issue since the birth of the NICEWWW software is that while pages were correctly brought into the cache "just in time", there was no proper handling to delete cache entries where the original had been deleted by the author.

This was a "nice" feature in the sense that when a home server was down, the NICEWWW web server could happily continue serving pages. To compensate for this artifact a scheduled job would delete pages which were not referenced for more than a few days (based on the last accessed date/time). This algorithm left 2 major problems unsolved:

	The time between a user deleting web contents and the web server deleting the cache entry was of the order of days
	A popular page might never expire in spite of being deleted. In particular world wide search engines would reread the page regularly.

During the summer the ISAPI filter was updated to delete cache entries "just in time" when discovering that the original contents no longer exist. The role of the scheduled job has changed to trim the overall size of the cache. This allows for using a larger cache size. The new server has currently 36 GB available for cache + log files.

This new software release changes the following behaviour: when a home server is down the corresponding cache is allowed to continue according to the uncertainty principle that the probability the page should be served is on average high. The caching algorithm would fail if there was a type mismatch between cache and original.

Scenario: User creates a page named X. X is read via the web and ends up in the cache. User deletes X and creates a directory called X. Inside the directory X the user creates the page Y. The page Y cannot be read via the web because the X in the cache is a file...

Performance optimized for Windows/2000 + IIS5

For historical reason the ISAPI filter was changing security context for each request. This is not necessary as the IIS web server is already running with the correct security context and furthermore only anonymous browse access is supported such that the security context is invariant for the lifetime of the web server.

For historical reasons the ISAPI was filter was issuing network connect and disconnect requests for each request. This is for example not needed for Windows/2000 and DFS which is handled transparently by the lower layers in the file system.

Use of non-registered site names

The ISAPI filter contained a historical feature which allowed the use of non-registered site names. Prior to spring 2000 NICEWWW web sites did not have to be registered and the syntax ~username was the way to access the service. The change in the spring 2000 mandate that all sites must be centrally registered and moderated. In addition, the character ~ is deprecated for site names as it cannot be used in the new web naming scheme.

The worst case scenario is that using ~sitenames could enable a user to get access to web contents where the owner had not intended web access although the contents would need to be public readable (Everyone or Domain Users).

This release suppresses this behaviour to enforce conformance to web policy and privacy.


Directory browsing no longer returns link to web root

The top-level page of the directory browsing used to return a link to the root of the web server. This is outside the site and consequently the NICEWWW web server would redirect the web browser to the default CNDCI site. This was rather confusing for the user and not useful and the link has therefore been suppressed.

Quality assurance

A new approach for debugging all of the code interactively has been used. A mechanism for real time diagnostics has been retained.

Please address any question about this change directly to the author (Per Hagen, IT/IS).