More detailed instructions on HTTP

For more detailed instructions on http:

HTTP uses URIs to locate resources in the Internet:

URI and URL:

URI (Uniform Resource Identifier), URL (Uniform Resource Locator).

A URL is a Web page address that you need to enter when you visit Web pages.

URI is the location identifier of the resource represented by a protocol scheme, which refers to the name of the protocol type used to access the resource, the protocol scheme is HTTP when the HTTP protocol is used, and in addition, FTP, Telnet, file, etc., there are more than 30 standard

Examples of several URIs:

Ftp://ftp.is.co.za/rfc/rfc1808.txt

Http://ftp.is.co.za/rfc/rfc1808.txt

Ldap://[2001:db8::7]/c=gb?objectclass?one

Mailto:[email protected]

tel:+1-816-555-1212

telnet://192.0.2.16:80/

URI format:

Represents the specified URI, using an absolute URI that covers all necessary information, an absolute URL, and a relative URL

The format of the absolute URL:

Http://user:[email protected]:80/dir/index.htm?uid= #ch1

/HTTP	Protocol Scheme name
User	Login information (authentication)	Specify user name password as necessary login information (authentication) (optional)
www.example.com	Server address	But the domain name, Ipv4,ipv6 (shaped like [0:0:0:0:0:0:0:1]
80	Server port number	Omit to use the default port number
/dir/index.htm	File path with hierarchy	Specify a file path on the server to locate the specified resource
Uid=1	Query string	You can use the query string to pass in arbitrary parameters for resources within the specified file path (optional)
Ch1	Fragment identifier	Using fragment identifiers usually marks a child resource in the acquired resource (a location within the document), which is not explicitly specified by the RFC, and optional

Simple http:

• HTTP protocol for communication between client and server side

• Communicate through the exchange of requests and responses

• HTTP is a protocol that does not save state

That the protocol itself does not record information about all previous requests or response messages

• Use URIs to locate resources on the Internet

There are many ways to specify request URIs

URI is the full request URI

Specify the network domain name or IP address in the header field host

In addition, instead of accessing a specific resource, it initiates a request to the server itself, using a * instead of a request URI

• HTTP method that informs the server of intent

Self without security authentication mechanism, anyone can upload files, there is a security problem if you cooperate with the Web application validation mechanism, or the architecture design of a similar web site with the rest standard, you may open the use of the Put method

Example:

Request	Put/example.html http/1.1 Host:www.hackr.jp Content-type:text/html content-length:1560
Response	204No Content (for example, the HTML already exists on the server)

If the requested resource is text, it is returned as it is, and if a program like CGI returns the executed result

Get: Get resource post: Transfer entity body put: Transfer file head: Gets the same message header as the Get method, but not the body part of the message, which confirms the validity of the URI and the date time of the resource's availability. Delete: Delete the file, delete and put instead, Used to delete files and not secure options: Query supported methods are used to query the method example for the resource support specified for the request URI:

• • • • Request	option* http/1.1 Host:www.hackr.jp
        Response	http/1.1200 OK Allow:get,post,head. OPTIONS

• • Trace: Trace Path

    The trace method is a method that allows the Web server to loop back the previous request communication to the client

    The client uses the trace method to query how requests sent out are processed and modified/tampered with, because the request to connect to the target server may be brokered through a proxy, and the trace method is used to confirm a sequence of actions that occur during the connection

  • Connect: Require tunneling protocol to connect proxies

• Use method to release commands

• Durable connections Save Traffic

In the initial version of the HTTP protocol, a TCP connection is disconnected once per HTTP communication

http/1.1 and part http/1.0 use persistent connection pipelining to wait and receive a response before sending a request before sending the next request. After pipeline technology appears, you can send the next request without waiting for a response. State management of cookie usage

HTTP is stateless by itself

Cookie technology controls client state by writing cookie information in request and response messages

The cookie notifies the client to save the cookie based on a header field information called Set-cookie in the response message from the server. When the next client sends a request to the server, the client automatically adds the cookie value to the request message and sends it out.

The server side will find the cookie sent by the client, compare the records on the server, and finally get the status information.

HTTP messages in HTTP messages

• HTTP messages

  • The HTTP message itself is a string literal consisting of multirow (with Cr+lf as a newline character) data.

  • The HTTP message can be roughly divided into the message header and the message body two pieces, initially by the empty line (CR+LF) to divide, usually, does not necessarily have the message body

Message structure:

• Message header

  Blank Line (CR+LF)

  Message body

Message header format:

Header of Request message header response message

• Request Line	Status line
  Request Header Field	Response Header Field
  Generic header Field	Generic header Field
  Entity header Field	Entity header Field
  Other	Other

Request Line: Contains the requested method, request Uri,http version

Status line: Contains status code indicating the response result, reason phrase, HTTP version

Header field: Contains various headers that represent the various conditions and attributes of the request and response

Other: An undefined header (such as a cookie) in an RfC that may contain HTTP

HTTP Header Details:

• Header field Structure

Header Field Name: Field value

Example: content-type:text/html

A field can have more than one value: keep-alive:timeout=15,max=100

• Important fields

  • Host, the only request field that you must have, if the host IP is the same, you need the host field to differentiate

  • User-agent, types of pass-through browsers

• The header field for the cookie service:

  • Set-cookie (Response message)

    Field Properties:

Name=value	Give the name of the cookie and its value (must Items)
Expires=data	The expiration date of the cookie, the default value is closed by the browser
Path=path	Use the document directory on the server as the applicable object for the cookie (default to the file directory where the document is located if not specified)
domain= domain name	The domain name of the object to which the cookie applies (default to the domain name of the server that created the cookie, if not specified)
Secure	Only in HT A cookie is sent only if the TPS is secure communication
HttpOnly	To restrict use of cookies cannot be accessed by JavaScript scripts

• Other header fields:

  • X-frame-options

    A problem that controls the display of site content in the frame tags of other web sites primarily to prevent click hijacking

    Deny: Deny

    Sameorign: Only on the same-Origin page (which means all pages on the domain name Fram can load the page)

  • X-xss-protection

    Switches to control the browser XSS protection mechanism

  • Dnt

    DoNot Track

    0: Consent to be traced

    1: Refusal to be traced

Finally

Http://freerainbowtables.com

This article is from http://qianyang.blog.51cto.com/, please be sure to indicate the source

More detailed instructions on HTTP