Introduction
In this post, we covered important web components such as load balancers, CDNs, Web application firewalls, DNS Servers ,etc as part of TryHackMe Putting it all together
To summarize, when you request a website, your computer needs to know the server’s IP address it needs to talk to; for this, it uses DNS. Your computer then talks to the web server using a special set of commands called the HTTP protocol; the webserver then returns HTML, JavaScript, CSS, Images, etc., which your browser then uses to correctly format and display the website to you. There are also a few other components that help the web run more efficiently and provide extra features.
- Load Balancers
- CDN (Content Delivery Networks)
- Databases
- WAF (Web Application Firewall)
DNS Server: The Internet’s Phonebook DNS, or Domain Name System, is what translates the website names we type into our browsers (like facebook.com) into the IP addresses that computers use to communicate. Think of it as the internet’s phonebook. There are a few different types of DNS servers that work together to find the right IP address, including local, authoritative, and root DNS servers.
Databases: The Brains of the Operation
Databases are where all the information that a website needs is stored. They work in the background, and there are two main types:
- Relational Databases (SQL): These store information in a structured way, using rows and columns, much like a spreadsheet.
- Non-Relational Databases (NoSQL): These are more flexible and can store data in a variety of formats.
Web Servers: The Gatekeepers
Web servers are the software that listens for incoming connections from your browser, usually on port 80 or 443. They use the HTTP protocol to communicate, with the most common methods being:
- GET: To retrieve a webpage.
- POST: To send information to the server.
Some of the most popular web server software out there are Apache, Nginx, and Internet Information Services (IIS). A web server can either pull information directly from its own files or by querying a database.
Web Application Firewall (WAF): The Bodyguard
A WAF sits between you and the web server, acting as a bodyguard to protect the server from cyberattacks and denial-of-service attacks. One of the ways it does this is by using rate limits, which control how many requests can be made from a single IP address in a certain amount of time.
Content Delivery Networks (CDNs)
CDNs are a network of servers spread across the globe that store static website content, like images, CSS, and JavaScript files. By serving this content from a server that’s geographically closer to you, CDNs can dramatically speed up website loading times.
Load Balancers
Load balancers are the traffic cops of the internet. They distribute incoming requests across multiple servers to make sure that no single server gets overloaded. They do this by sending your request to the server that is the least busy at that moment and by performing health checks to make sure all the servers are running correctly.
Putting It All Together: The Challenge
The TryHackMe challenge at the end of this video asks you to put these components in the correct order to show how a request for a website is processed. Here’s the correct sequence:
- You type tryhackme.com into your browser.
- Your computer checks its local cache to see if it already knows the IP address.
- If not, it queries a recursive DNS server.
- The recursive DNS server then queries a root DNS server.
- An authoritative DNS server provides the correct IP address for the website.
- Your request then passes through a web application firewall.
- The request is then passed to a load balancer.
- You connect to the web server on port 80 or 443.
- The web server receives your GET request.
- The web server communicates with the database to get the necessary information.
- Finally, your browser renders the HTML into the viewable website you see on your screen.
TryHackMe Putting it all together Room Answers
What does a load balancer perform to make sure a host is still alive?
What can be used to help against the hacking of a website?
What is the name for the type of content that can change?
Does the client see the backend code? Yay/Nay
Video Walkthrough