Add to ORKGThe Web Server is currently the most widely deployed type of distributed data server. This paper presents an intrusion-tolerant web server based on the Deterministic IntruSion ToleRance ArChiTecture (DISTRACT), which is also introduced. The objective of this architecture is to support fault- and intrusion-tolerant services based on the state machine approach. DISTRACT uses a set of intrusiontolerant protocols based on the TTCB, a secure and synchronous distributed component. This paper reports on the first implementation of an intrusion-tolerant replicated service based on the TTCB. The solution proposed requires no modifications either on the clients or the servers, which are respectively web browsers and standard web servers. An evaluatio...