It have been a long time since I'm trying to understand how does a web hosting host thousands of websites without being hacked since the users runs there own code. Does each website runs on a separate server or virtual machine?
0
Add a comment
|
2 Answers
Shared hosting typically — and historically — happens on a single machine with Apache name-based virtual hosts and per-user web directories enabled.
In 2020 “it depends” might be a valid answer, but in general there are very clear and specific ways shared web hosting using Apache has worked in the past and still works in the present in many cases.
“Does each website runs on a separate server or virtual machine?”
In the majority of shared hosting setups, there is a single web server — typically running Apache web server software — and each “host” is basically just a separate and distinct user account on the system; not a separate server or a VM.
The way hacking is avoided is everyone’s Apache document root is isolated from everyone else’s in their home directory or a similar setup. If one site gets hacked means one user’s website get’s hacked; not the whole server. Sure a DDoS against one site might slow down the web server for all, but shared hosting setups often have safeguards to throttle — or just pull down a site — if it is clearly a hacking target.
And as far as how many sites can be on a shared web server like this, there can be 100s of different accounts but hey are never “logged in at the same time.” They have separate user accounts and the web server software — typically Apache — allows multiple connections to the machine. Web server software like Apache only delivers content on a per request basis. So if you have 100s of websites, and nobody is really visiting more than 5 websites at a specific moment, only the content directories of this 5 websites are ever being accessed.
For more information read up on name based virtual hosts and per user web directories in Apache.
Name-based vs. IP-based Virtual Hosts
IP-based virtual hosts use the IP address of the connection to determine the correct virtual host to serve. Therefore you need to have a separate IP address for each host.
With name-based virtual hosting, the server relies on the client to report the hostname as part of the HTTP headers. Using this technique, many different hosts can share the same IP address.
Name-based virtual hosting is usually simpler, since you need only configure your DNS server to map each hostname to the correct IP address and then configure the Apache HTTP Server to recognize the different hostnames. Name-based virtual hosting also eases the demand for scarce IP addresses. Therefore you should use name-based virtual hosting unless you are using equipment that explicitly demands IP-based hosting. Historical reasons for IP-based virtual hosting based on client support are no longer applicable to a general-purpose web server.
Name-based virtual hosting builds off of the IP-based virtual host selection algorithm, meaning that searches for the proper server name occur only between virtual hosts that have the best IP-based address.
Per-user web directories
On systems with multiple users, each user can be permitted to have a web site in their home directory using the UserDir directive. Visitors to a URL
http://example.com/~username/will get content out of the home directory of the user "username", out of the subdirectory specified by the UserDir directive.
answered Jan 26, 2020 at 17:06
There is no single answer. It can be either or both. It depends entirely on how the host implements their infrastructure and what options and features are offered or the customer requires.
-
So, in a web hosting there can't be 2 or more websites from different account on the same environment (server or virtual machine). Commented Jan 26, 2020 at 2:08
-