CERN Accelerating science

This website is no longer maintained. Its content may be obsolete. Please visit for current CERN information.

CERN home pageCERN home pageDocuments by ReferenceDocuments by ReferenceCNLsCNLsYear 2001Year 2001Help, Info about this page


Editorial Information
If you need help
Announcements Special 35th Anniversary Physics Computing Desktop Computing Internet Services and Network Scientific Applications and Software Engineering Desktop Publishing The Learning Zone User Documentation Just For Fun ...
Previous:Internet Services and Network
Next:The CERN Search Engine
 (See printing version)

Upgrade of the NICEWWW Service

Per Hagen , IT/IS

NICEWWW, the service which implements web access to the NICE home directories, has been upgraded last September 2001. The new computer WEB10 has taken over the service from WEB2.

A new version of the NICEWWW gateway software (ISAPI filter) has replaced the current one. The following issues have been addressed in the ISAPI filter:

file handle leak
default page
cache coherence
performance optimized for Windows/2000 + IIS5
use of non-registered site names
directory browsing no longer returns link to root
quality assurance

File handle leak

The ISAPI filter introduced during the summer contains a file handle leak such that the server will run out of non-pageable memory after a few weeks, depending upon load. This problem has been fixed.

Default page

The ISAPI filter now handles default pages as for the central server. Previously, only default.htm was recognized as a default page. Now, default.html, index.htm* and welcome.* are also supported. The reasons for supporting all these is for historical consistency between Windows and UNIX web servers.

Cache coherence

The NICEWWW computer is using a disk cache ( > 30 GB) in order to efficiently serve pages between the web browser and the home directory servers.

The biggest issue since the birth of the NICEWWW software is that while pages were correctly brought into the cache "just in time", there was no proper handling to delete cache entries where the original had been deleted by the author.

This was a "nice" feature in the sense that when a home server was down, the NICEWWW web server could happily continue serving pages. To compensate for this artifact a scheduled job would delete pages which were not referenced for more than a few days (based on the last accessed date/time). This algorithm left 2 major problems unsolved:

The time between a user deleting web contents and the web server deleting the cache entry was of the order of days

A popular page might never expire in spite of being deleted. In particular world wide search engines would reread the page regularly.

During the summer the ISAPI filter was updated to delete cache entries "just in time" when discovering that the original contents no longer exist. The role of the scheduled job has changed to trim the overall size of the cache. This allows for using a larger cache size. The new server has currently 36 GB available for cache + log files.

This new software release changes the following behaviour: when a home server is down the corresponding cache is allowed to continue according to the uncertainty principle that the probability the page should be served is on average high. The caching algorithm would fail if there was a type mismatch between cache and original.

Scenario: User creates a page named X. X is read via the web and ends up in the cache. User deletes X and creates a directory called X. Inside the directory X the user creates the page Y. The page Y cannot be read via the web because the X in the cache is a file...

Performance optimized for Windows/2000 + IIS5

For historical reason the ISAPI filter was changing security context for each request. This is not necessary as the IIS web server is already running with the correct security context and furthermore only anonymous browse access is supported such that the security context is invariant for the lifetime of the web server.

For historical reasons the ISAPI was filter was issuing network connect and disconnect requests for each request. This is for example not needed for Windows/2000 and DFS which is handled transparently by the lower layers in the file system.

Use of non-registered site names

The ISAPI filter contained a historical feature which allowed the use of non-registered site names. Prior to spring 2000 NICEWWW web sites did not have to be registered and the syntax ~username was the way to access the service. The change in the spring 2000 mandate that all sites must be centrally registered and moderated. In addition, the character ~ is deprecated for site names as it cannot be used in the new web naming scheme.

The worst case scenario is that using ~sitenames could enable a user to get access to web contents where the owner had not intended web access although the contents would need to be public readable (Everyone or Domain Users).

This release suppresses this behaviour to enforce conformance to web policy and privacy.

Directory browsing no longer returns link to web root

The top-level page of the directory browsing used to return a link to the root of the web server. This is outside the site and consequently the NICEWWW web server would redirect the web browser to the default CNDCI site. This was rather confusing for the user and not useful and the link has therefore been suppressed.

Quality assurance

A new approach for debugging all of the code interactively has been used. A mechanism for real time diagnostics has been retained.

Please address any question about this change directly to the author (Per Hagen, IT/IS).

For matters related to this article please contact the author.

Vol. XXXVI, issue no 3

Last Updated on Fri Dec 07 14:18:28 CET 2001.
Copyright © CERN 2001 -- European Organization for Nuclear Research