Introduction to the HTTP protocol

Brief introduction

HTTP (hypertext Transfer Protocol, Hypertext Transfer Protocol) is the core communication protocol used by Internet access, and is the communication protocol used by all Web applications.
Message model: The client sends a request message and the server returns a response message. The transport layer uses a TCP protocol with a State, but the HTTP protocol itself does not have a state.

HTTP request

HTTP request messages are divided into message headers and message bodies (optional), and message headers and message bodies are separated by blank lines. Instance:

1 2 3 4 5 6 7 8 9

GET/http/1.1 Host:www.cnbeta.com user-Agent:mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) gecko/20100101 firefox/39.0 Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q= 0.8 accept- language:zh-cn,zh;q= 0.8,en-us;q= 0.5,en;q= 0.3 accept- encoding:gzip, deflate Referer: https: //www.baidu.com/s?ie=utf-8&f=8 &rsv_bp=1&rsv_idx=1&ch=&tn=baidu&bar=&wd=cnbeta&rn=&rsv_pq=917ee072000177b3 &rsv_t=67c29bdcyxbklwxp5lmxvsvgqrswnkznmk4xghbaghkt7xqgt%2bfeup%2bmdo4 cookie:hm_lvt_ 4216c57ef1855492a9281acd553f8a6e= 1437836998; Hm_lpvt_4216c57ef1855492a9281acd553f8a6e= 1437836998; _ga=ga1 . 2.1311393193.1437836981; bfd_s= 208385984.21594488.1437837000279; Tma= 208385984.15187292.1437837000282.1437837000282.1437837000282.1; tmd= 1.208385984.15187292.1437837000282.; BFD_G=B56C782BCB75035D00000A500201BA8455B3A6CA connection:keep-alive

Description

1. The first line of the message header consists of three space-delimited elements, namely the HTTP method, the requested URL, and the HTTP version used

• HTTP method;
  1). Get: Used to get resources, parameters are submitted to the server via URL, no message body
  2). POST: Used to perform operations, parameters can be traced by URL to the string and the message body is submitted to the service
  3). HEAD: Used to detect if a resource exists, similar to get, except that the message body returned in the response message is empty
  4). TRACE: For diagnostics to determine if a proxy server exists between the client and server, the rationale: The server returns the specific contents of the received request message in the response body
  5). OPTIONS: Used to require the server to report an HTTP method that is valid for a resource, the server often returns an allow message header response, and lists all valid methods
  6). PUT: Upload the specified resource to the server using the contents of the request body
  7). Delete: Used to delete resources
  8). CONNECT:

• Request URL: Used to specify the requested resource name and to check the parameters

• HTTP version used: Common versions 1.0 and 1.1, in version 1.1 the request message must contain the host request header

2. Other

• Host: Specifies the hostname of the requested access, which needs to be used when multiple Web sites are deployed on the same host

• User-agent: Specifies information about the client software, such as browser type and version, operating system type and version, etc.

• Referer: Represents the original URL that made the request

• Cookies: Other parameters that the submission server wants the client to publish

HTTP response

HTTP response messages are divided into message headers and message bodies (optional), and message headers and message bodies are separated by blank lines. Instance:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21st

http/1.0OK Content-type:text/html Last-modified:sat, 15:52:02 GMT Vary:accept-encoding server:nginx/1.4.1 date:sat, 15:53:04 GMT ETag: " 55b3b0a2-2539c " age:74 x-cache:hit from rj-zsbgp-cdn-74 Set-cookie: uuid=aqaaaex080znuwoajh3pdhcux+ok943s; path=/; Expires=sat, 25-jul-15 17:09:08 GMT; HttpOnly <! DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 transitional//en" "Http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd "http://www.w3.org/1999/xhtml"; <meta http-equiv= "Content-type" content= "text/html; Charset=utf-8 <title>cnbeta.com? </title> <body> Hello, silence! </body>

Description

1. The first line of the message header consists of three space-separated elements representing the HTTP version, request status code (number), Request status Description
2. Other:

• Server: Flag that indicates the Web server software used

• Set-cookie: Sets cookie information that is returned by the cookie message header in subsequent requests sent to the server

• Content-type: Specifying the message body type

• Content-length: Specifies the byte length of the message body

Url

The URL (Uniform Resource Locator, Uniform Resource Locator) is the unique identity of the Web resource, in the format:

protocol://hostname[:port]/[path/]file[?param=value]

REST

Rest (express State transfer) is an architecture for distributed systems where the rest-style URL refers to the use of file paths instead of query strings in URLs

HTTP message Header

1. Common message headers

• Connection: Used to specify whether to close the TCP connection or keep the connection after the other end of the communication is told, http/1.1 default is keep-alive and can be set to close

• Content-encoding: Used to specify the encoding format in the body of the message

• content-length; The byte length used to specify the message body

• Content-type: The content type used to specify the message body

• Transfer-encoding: Often specified as transfer-encoding:chunked, which indicates that the edge produces a data edge transfer, identifies the end of the data in the last piece of data 0\r\n\r\n , and formats it in the other block data\r\ncontent\r\n

2. Request message Header

• Accept: Used to tell server clients which types of data to accept

• Accept-encoding: Used to tell server clients which encoding formats to accept

• Authorization: For built-in HTTP authentication for submitting a username/password to the server

• Cookies: Submitting Cookies

• If-modified-since: Used to inform the server of the last time a request resource was received, the server returns a status code of 304 when the resource is not changed to use a local cache

• If-none-match: Used to specify the entity label, which describes the identifier of the principal content, and when the requested resource was last received, the browser submits the entity label published by the server. The server can determine whether the browser uses a cached copy by using the entity tag

• Origin: Used in an AJAX cross-domain request to specify the domain name that made the request

• Referer: Specifies the original URL of the request amount to be made

• User-agent: Used to specify client information

3. Response message Header

• Access-control-allow-origin: Used to refer to whether a resource can be obtained through a cross-domain Ajax request

• Cache-control: Used to send cache instructions to the browser (no-cache)

• Etag: Specifies the entity label, in which the client can obtain the same resources as the If-none-match message header on subsequent commit entity tags, notifying the server browser which version of the resource is currently cached

• Expires: Specifies the valid time for the message body, in which the browser can use a cached copy of the resource

• Location: Redirect response, said with redirected target

• Pragma: Transferring cache instructions to the browser (no-cache)

• Server: Tell browser server software related information

• Set-cookie: Publish cookies to the browser

• Www-authenticate: For 401 status Code response, providing information such as authentication type supported by the server

• X-frame-options: Indicates whether the browser Frame and how to load the current response

Cookies

The server uses the Set-cookie response message header to publish cookie information to the browser, can use multiple response message headers to publish multiple cookies, and the browser can use the cookie request message header to submit multiple cookie information separated by semicolons to the server

The cookie has a name, value, valid time, valid domain, valid path, whether it is an HTTPS request, whether the property can be modified on the client, and can be set through the Set-cookie response message header, with the following list of parameters:

• Expires: Specifies the cookie validity time, if not specified, is only saved in the current browser reply

• Domain: Specifies the cookie valid domain and must be the same as the domain where the cookie was received or its parent domain

• Path: Specify a valid URL path for the cookie

• Secure: Cookie information is only submitted in HTTPS requests

• HttpOnly: Used to specify whether the client can modify cookie information via JS

Status code

The status code is used to describe the request result, divided into 5 main categories:

• 1XX: Provide information

• 2XX: Request succeeded

• 3XX: Request Redirection

• 4XX: Request contains error

• 5XX: Server Execution error

Common Status Code Description:

• Continue: When a client submits a request that contains a principal, the response is sent, indicating that a request message header has been received and the client continues to send the principal

• OK: The request is successful and the response body contains the request result

• 201 Created:put The requested response returns a status code indicating that the request was successfully submitted

• 301 Moved Permanently: instructs the browser to permanently redirect to the URL specified by the location, and the client replaces the original URL with the new URL

• 302 Found: Instructs the browser to temporarily redirect to the URL specified by the location, and the client's subsequent request reverts to the original URL

• 304 Not Modified: Instructs the browser to use a copy of the resource saved in the cache

• Bad Request: Indicates an invalid HTTP request was initiated

• 401 Unauthorized: HTTP Authentication required for server

• 403 Forbidden: Disable access to request resources

• 404 Not Found: Indicates that the resource does not exist

• 405 Method Not Allowd: Indicates that the URL does not support request methods

• 413 Request Entity Too Large: Indicates that the requested principal is too long and the server cannot process

• 413 Request URI Too Long: Indicates that the requested URL is too long and the server cannot process

• Internal Server error: Indicates server execution encountered an error

• 503 Service Unavailable: Indicates that the server is functioning properly but cannot respond

HTTPS

HTTP uses non-encrypted TCP as a transport mechanism, with the disadvantage that attackers in the appropriate location of the network can intercept the sending content, and HTTPS and HTTP are both application-layer protocols, and when HTTPS transmits data through Secure Sockets Layer (Secure socket LAYER,SSL), Protects the confidentiality and integrity of data transmitted over the network

SSL has been replaced by TLS (Transport layer Security, Transport layer safety)

HTTP Proxy

The proxy server runs between the client browser and the Web server, the browser submits all requests to the proxy server, the proxy server transmits the request to the relevant Web server, and returns the response to the browser

HTTP proxy Server working mechanism:

• When the browser sends an HTTP request to the proxy server, the proxy server inserts the full URL into the request, and the proxy server extracts the host name and port and uses that information to point the request to the correct destination Web server

• When the browser sends an HTTPS request to the proxy server, the browser uses the proxy as a TCP-level relay, the browser submits an HTTP request to the proxy server using the Connect method, and specifies the destination host name and port number in the URL to establish the trunk. If the proxy allows the request, the HTTP response of the 200 status code is returned, and the TCP link is open all the time, and thereafter as the TCP-level relay for the target Web server

HTTP identity Authentication

HTTP has its own user authentication mechanism, and the main scenarios are:

• Basic: The user certificate is sent as a Base64 encoded string in the request message header with each message

• NTLM: is a challenge-response mechanism that uses the Windows NTLM protocol version

• Digest: is a challenge-response mechanism that uses a random value MD5 checksum along with the user certificate

Introduction to the HTTP protocol