Brief introduction
HTTP (hypertext Transfer Protocol, Hypertext Transfer Protocol) is the core communication protocol used by Internet access, and is the communication protocol used by all Web applications.
Message model: The client sends a request message and the server returns a response message. The transport layer uses a TCP protocol with a State, but the HTTP protocol itself does not have a state.
HTTP request
HTTP request messages are divided into message headers and message bodies (optional), and message headers and message bodies are separated by blank lines. Instance:
1 2 3 4 5 6 7 8 9
|
GET/http/1.1 Host:www.cnbeta.com user-Agent:mozilla/5.0 (Windows NT 6.3; WOW64; rv:39.0) gecko/20100101 firefox/39.0 Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q= 0.8 accept- language:zh-cn,zh;q= 0.8,en-us;q= 0.5,en;q= 0.3 accept- encoding:gzip, deflate Referer: https: //www.baidu.com/s?ie=utf-8&f=8 &rsv_bp=1&rsv_idx=1&ch=&tn=baidu&bar=&wd=cnbeta&rn=&rsv_pq=917ee072000177b3 &rsv_t=67c29bdcyxbklwxp5lmxvsvgqrswnkznmk4xghbaghkt7xqgt%2bfeup%2bmdo4 cookie:hm_lvt_ 4216c57ef1855492a9281acd553f8a6e= 1437836998; Hm_lpvt_4216c57ef1855492a9281acd553f8a6e= 1437836998; _ga=ga1 . 2.1311393193.1437836981; bfd_s= 208385984.21594488.1437837000279; Tma= 208385984.15187292.1437837000282.1437837000282.1437837000282.1; tmd= 1.208385984.15187292.1437837000282.; BFD_G=B56C782BCB75035D00000A500201BA8455B3A6CA connection:keep-alive |
Description
1. The first line of the message header consists of three space-delimited elements, namely the HTTP method, the requested URL, and the HTTP version used
HTTP method;
1). Get: Used to get resources, parameters are submitted to the server via URL, no message body
2). POST: Used to perform operations, parameters can be traced by URL to the string and the message body is submitted to the service
3). HEAD: Used to detect if a resource exists, similar to get, except that the message body returned in the response message is empty
4). TRACE: For diagnostics to determine if a proxy server exists between the client and server, the rationale: The server returns the specific contents of the received request message in the response body
5). OPTIONS: Used to require the server to report an HTTP method that is valid for a resource, the server often returns an allow message header response, and lists all valid methods
6). PUT: Upload the specified resource to the server using the contents of the request body
7). Delete: Used to delete resources
8). CONNECT:
Request URL: Used to specify the requested resource name and to check the parameters
HTTP version used: Common versions 1.0 and 1.1, in version 1.1 the request message must contain the host request header
2. Other
Host: Specifies the hostname of the requested access, which needs to be used when multiple Web sites are deployed on the same host
User-agent: Specifies information about the client software, such as browser type and version, operating system type and version, etc.
Referer: Represents the original URL that made the request
Cookies: Other parameters that the submission server wants the client to publish
HTTP response
HTTP response messages are divided into message headers and message bodies (optional), and message headers and message bodies are separated by blank lines. Instance:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21st
|
http/1.0OK Content-type:text/html Last-modified:sat, 15:52:02 GMT Vary:accept-encoding server:nginx/1.4.1 date:sat, 15:53:04 GMT ETag: " 55b3b0a2-2539c " age:74 x-cache:hit from rj-zsbgp-cdn-74 Set-cookie: uuid=aqaaaex080znuwoajh3pdhcux+ok943s; path=/; Expires=sat, 25-jul-15 17:09:08 GMT; HttpOnly <! DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 transitional//en" "Http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd "http://www.w3.org/1999/xhtml"; <meta http-equiv= "Content-type" content= "text/html; Charset=utf-8 <title>cnbeta.com? </title> <body> Hello, silence! </body> |
Description
1. The first line of the message header consists of three space-separated elements representing the HTTP version, request status code (number), Request status Description
2. Other:
Server: Flag that indicates the Web server software used
Set-cookie: Sets cookie information that is returned by the cookie message header in subsequent requests sent to the server
Content-type: Specifying the message body type
Content-length: Specifies the byte length of the message body
Url
The URL (Uniform Resource Locator, Uniform Resource Locator) is the unique identity of the Web resource, in the format:
protocol://hostname[:port]/[path/]file[?param=value]
REST
Rest (express State transfer) is an architecture for distributed systems where the rest-style URL refers to the use of file paths instead of query strings in URLs
HTTP message Header
1. Common message headers
Connection: Used to specify whether to close the TCP connection or keep the connection after the other end of the communication is told, http/1.1 default is keep-alive and can be set to close
Content-encoding: Used to specify the encoding format in the body of the message
content-length; The byte length used to specify the message body
Content-type: The content type used to specify the message body
Transfer-encoding: Often specified as transfer-encoding:chunked, which indicates that the edge produces a data edge transfer, identifies the end of the data in the last piece of data 0\r\n\r\n
, and formats it in the other block data\r\ncontent\r\n
2. Request message Header
Accept: Used to tell server clients which types of data to accept
Accept-encoding: Used to tell server clients which encoding formats to accept
Authorization: For built-in HTTP authentication for submitting a username/password to the server
Cookies: Submitting Cookies
If-modified-since: Used to inform the server of the last time a request resource was received, the server returns a status code of 304 when the resource is not changed to use a local cache
If-none-match: Used to specify the entity label, which describes the identifier of the principal content, and when the requested resource was last received, the browser submits the entity label published by the server. The server can determine whether the browser uses a cached copy by using the entity tag
Origin: Used in an AJAX cross-domain request to specify the domain name that made the request
Referer: Specifies the original URL of the request amount to be made
User-agent: Used to specify client information
3. Response message Header
Access-control-allow-origin: Used to refer to whether a resource can be obtained through a cross-domain Ajax request
Cache-control: Used to send cache instructions to the browser (no-cache)
Etag: Specifies the entity label, in which the client can obtain the same resources as the If-none-match message header on subsequent commit entity tags, notifying the server browser which version of the resource is currently cached
Expires: Specifies the valid time for the message body, in which the browser can use a cached copy of the resource
Location: Redirect response, said with redirected target
Pragma: Transferring cache instructions to the browser (no-cache)
Server: Tell browser server software related information
Set-cookie: Publish cookies to the browser
Www-authenticate: For 401 status Code response, providing information such as authentication type supported by the server
X-frame-options: Indicates whether the browser Frame and how to load the current response
Cookies
The server uses the Set-cookie response message header to publish cookie information to the browser, can use multiple response message headers to publish multiple cookies, and the browser can use the cookie request message header to submit multiple cookie information separated by semicolons to the server
The cookie has a name, value, valid time, valid domain, valid path, whether it is an HTTPS request, whether the property can be modified on the client, and can be set through the Set-cookie response message header, with the following list of parameters:
Expires: Specifies the cookie validity time, if not specified, is only saved in the current browser reply
Domain: Specifies the cookie valid domain and must be the same as the domain where the cookie was received or its parent domain
Path: Specify a valid URL path for the cookie
Secure: Cookie information is only submitted in HTTPS requests
HttpOnly: Used to specify whether the client can modify cookie information via JS
Status code
The status code is used to describe the request result, divided into 5 main categories:
Common Status Code Description:
Continue: When a client submits a request that contains a principal, the response is sent, indicating that a request message header has been received and the client continues to send the principal
OK: The request is successful and the response body contains the request result
201 Created:put The requested response returns a status code indicating that the request was successfully submitted
301 Moved Permanently: instructs the browser to permanently redirect to the URL specified by the location, and the client replaces the original URL with the new URL
302 Found: Instructs the browser to temporarily redirect to the URL specified by the location, and the client's subsequent request reverts to the original URL
304 Not Modified: Instructs the browser to use a copy of the resource saved in the cache
Bad Request: Indicates an invalid HTTP request was initiated
401 Unauthorized: HTTP Authentication required for server
403 Forbidden: Disable access to request resources
404 Not Found: Indicates that the resource does not exist
405 Method Not Allowd: Indicates that the URL does not support request methods
413 Request Entity Too Large: Indicates that the requested principal is too long and the server cannot process
413 Request URI Too Long: Indicates that the requested URL is too long and the server cannot process
Internal Server error: Indicates server execution encountered an error
503 Service Unavailable: Indicates that the server is functioning properly but cannot respond
HTTPS
HTTP uses non-encrypted TCP as a transport mechanism, with the disadvantage that attackers in the appropriate location of the network can intercept the sending content, and HTTPS and HTTP are both application-layer protocols, and when HTTPS transmits data through Secure Sockets Layer (Secure socket LAYER,SSL), Protects the confidentiality and integrity of data transmitted over the network
SSL has been replaced by TLS (Transport layer Security, Transport layer safety)
HTTP Proxy
The proxy server runs between the client browser and the Web server, the browser submits all requests to the proxy server, the proxy server transmits the request to the relevant Web server, and returns the response to the browser
HTTP proxy Server working mechanism:
When the browser sends an HTTP request to the proxy server, the proxy server inserts the full URL into the request, and the proxy server extracts the host name and port and uses that information to point the request to the correct destination Web server
When the browser sends an HTTPS request to the proxy server, the browser uses the proxy as a TCP-level relay, the browser submits an HTTP request to the proxy server using the Connect method, and specifies the destination host name and port number in the URL to establish the trunk. If the proxy allows the request, the HTTP response of the 200 status code is returned, and the TCP link is open all the time, and thereafter as the TCP-level relay for the target Web server
HTTP identity Authentication
HTTP has its own user authentication mechanism, and the main scenarios are:
Basic: The user certificate is sent as a Base64 encoded string in the request message header with each message
NTLM: is a challenge-response mechanism that uses the Windows NTLM protocol version
Digest: is a challenge-response mechanism that uses a random value MD5 checksum along with the user certificate
Introduction to the HTTP protocol