Everything you need, plus all the goodies you know you want!


65 Reasons why the HTTP/2 Server is in Your Future

Read Write Serve is packed with all the features you need from a fully fledged HTTP/2 server.


  1. Stateful roles eliminate the need for session identifiers, safely carrying user roles inside an AES-192 symmetric encryption cookie.
  2. The IP whitelisting/blacklisting module provides immediate temporary relief from bad actors.
  3. The forbidden resources module blocks access to hidden files and special directories, as configured by the webmaster.
  4. The Role Based Access Control (RBAC) module provides fully configurable resource protection.


  1. Configurable cipher suites provide DevOps with the ability to quickly handle Zero Day vulnerabilities.
  2. The https: scheme is used exclusively; http: requests are rejected.
  3. The TLS 1.2 protocol is used on all initial handshakes.


  1. Easily configured content security policy can enlist the browser's support in enforcing your safe coding practices.
  2. Mobile device feature policy can stop accidental and nefarious use of device features.
  3. Network error logging lets you know when DNS, TLS, or HTTP errors unexpectedly occur for your visitors.
  4. Referrer policy prevents outsiders from tracking your visitor's every move.
  5. Report-to header lets the browser send policy reports when something out-of-the-ordinary happens.
  6. Built-in policy reports plugin turns any ordinary web server into a policy report handler as well.

Cross origin requests

  1. Simple CORS and preflight CORS fully configurable by resource pattern, including:
    • access-control-allow-origin,
    • access-control-allow-credentials,
    • access-control-allow-methods,
    • access-control-allow-headers,
    • access-control-expose-headers,
    • access-control-max-age.


  1. HTTP/2 advanced optimizations for sending fewer bytes like HPACK header compression and elimination of redundant header for follow-on requests.
  2. Framed stream control reduces latency and eliminates the pipeline blocking problem.
  3. Long connections without the need for keep-alive headers.
  4. Multiplexed traffic flow, allowing the server to push resources before they are requested by the user.
  5. Push prioritization allowing DevOps to fine tuned the order of resource delivery.


  1. Clustered request handlers allow memory usage to be balanced against request frequency.
  2. Scale from 2 to 64 clustered worker threads.
  3. Crash-proof — worker threads automatically restart on unexpected failure.
  4. Virtual hosting via Server Name Indication allows one server to handle many hostnames.
  5. Separate SSL certificates can be deployed for each virtual hostname.
  6. Each virtual host can be configured differently, adopting server-wide settings by default while overriding individual module settings as required.


  1. Operates on either standard port 443 or an alternate.
  2. Installs as a systemd service with systemctl start|restart|stop control.
  3. Logs output to journald service with journalctl monitoring.


  1. Conveniently configure the server using the blue-phrase declarative language.
  2. Enable and disable server modules by toggling on/off settings while experimenting and troubleshooting.
  3. Configuration files can easily be versioned using git, or your favorite SCM, allowing new settings to be deployed with confidence.

URL rewrites

  1. URL rewrites are enabled using the resource mask module.
  2. SEO-friendly URLs are easy to implement with named capture groups, a more palatable GREP.
  3. Status code 302 redirects with location response headers can instruct the browser to reissue the request.
  4. Resource masks are configured using straightforward resource patterns and replacement patterns.
  5. Advanced configuration can include scheme, authority and port.

Content Negotiation

  1. MIME-types are configurable by filename extension.
  2. User-agent and server can negotiate these exchanges:
    • accept-type request header and content-type response header,
    • accept-language request header and content-language response header,
    • accept-encoding request header and content-encoding response header,
    • OPTIONS request method and allow response header.


  1. Caching instructions can be configured per resource MIME-type.
  2. ETag caching is the default for user-agents that handle it, with timestamp caching as a fallback.
  3. Standard 304 response code protocol fully honored.
  4. Compiled MIME-type text/blue pages are cached on the server until modified.
  5. Compressed gzip/deflate resources are cached on the server until modified.
  6. Speculative server caching can be set up to push resources to the user before they are requested.

Range requests

  1. Partial content range requests from robots and crawlers are allowed.
  2. Conditional range requests are fully honored.
  3. Both simple and multipart range requests are implemented.

Blue-phrase files

  1. MIME-type text/blue source files are compiled from blue-phrase into HTML just-in time.
  2. Compiled HTML is cached on the server until the source is modified.
  3. Compiled linkmaps provide a hassle-free mechanism to keep source and cache fresh.
  4. Linkmaps are examined by the server to automatically select resources to be pushed to the user.
  5. Server speculative push prioritization can be configured on a MIME-type basis.


  1. Extensive logging operations can record as much or as little as needed for each request/response cycle.
  2. RWSERVE "information headers" provide contextual data to help webmasters with root cause analysis.
  3. Custom 404 error pages provide a soft landing for visitors when necessary.
  4. Real time counters provide on-demand statistics on current usage.

JavaScript Plugins

  1. Plugins are developed using Javascript with Node.js.
  2. Plugins can be configured using the same configuration file the server uses.
  3. Plugins have full access to the work order for each request/response cycle.
  4. Every plugin is chained to the server's dynamic module stack to handle compression, caching, permissions, security, logging, and monitoring.


  1. Any standard method may be targeted: HEAD, GET, POST, PATCH, PUT and DELETE.
  2. Virtual resource targets are configured using resource masks.
  3. Incoming requests have their URLs preprocessed into resourcePath, queryString and parameterMap for convenience.
  4. Incoming cookies are preprocessed into a cookieMap.
  5. Incoming form data with content-type application/x-www-form-urlencoded is preprocessed into a formDataMap.

★ Top 7 Reasons Why ★

  1. Standard port 443 hosting
  2. Declarative routing
  3. Easy to configure CORS
  4. Plugins with the full power of Node.js
  5. Best in class logging
  6. Security from the ground up
  7. Crash proof worker threads

Everything you need, plus all the goodies you know you want!