A few javaweb in the industry

1.DDoS Attack principle
DDoS refers to distributed denial of service (distributed denial of services): attempts to overload a system or network through malicious requests to continue to service. For a website, this means that the site will not load, the user cannot trade, view the content or log in to the account. For the network, DDoS attacks cause bandwidth saturation or even overwhelm network facilities, causing large-area outages for users throughout the network. Slowly, a one-to-one DOS attack pattern has slowly faded out, replaced by a DDoS attack, the principle is to find hundreds of/thousands of or tens of thousands of computers at the same time, the victim's server or computer to launch a joint attack, this is even stronger, in the face of such a scale attack, still no parry force.



What is the status of the 2.TCP connection?

LISTEN: Listening for connection requests from a remote TCP port

Syn-sent: Waits for a matching connection request (client state) After the connection request is sent. The client tries to link the server side by using the Open method

Syn-received: Waits for confirmation of the connection request (server state) after receiving and sending a connection request. After the service accepts the creation of a SYN of the request, which is the 2nd step in the TCP three handshake, before the ACK packet is sent

Established: Represents an open connection. The client accepts the status after the ACK packet to the server, and the server sends an ACK after a certain amount of time is established

Fin-wait-1: Waits for a remote TCP connection to interrupt the request, or an acknowledgement of a previous connection interruption request. The active shut-down party, after the fin request, is the 1th step in the TCP four handshake

Fin-wait-2: Waiting for connection interrupt request from remote TCP. The active closed party, after receiving an ACK to the passive closing party, is the 2nd step of the TCP four handshake.

Close-wait: Waits for a connection interrupt request from a local user. The passive shut-down party, after receiving the client's fin, is the 2nd step in the TCP four handshake

CLOSING: Waiting for remote TCP to confirm connection interruption

Last-ack: Waits for acknowledgement of the original connection interrupt request to the remote TCP. The passive closed party, after sending an ACK for a period of time (to ensure that the client has received it), initiates a fin request. The 3rd step of the TCP four handshake.

Time-wait: Wait enough time to ensure that the remote TCP receives an acknowledgement of the connection interrupt request. The active shut-off party sends an ACK after receiving the passive closed fin packet. The 4th step of the TCP four handshake.

CLOSED: No connection status




The role of keep-alive in 3.http/1.0 vs http/1.1
Keep-alive is what we usually call a long connection, and he can reduce the overhead of our TCP links and speed up the loading of our website. In HTTP1.0 and various reinforcement editions, you need to add the "connection:keep-alive" header in the request to support it, which is turned on by default in HTTP1.1.




The principle of 4.HTTPS
HTTPS is a security-based HTTP channel, and its security base is guaranteed by the SSL layer. Originally developed by Netscape Company, it mainly provides the identity authentication and encrypted communication methods of both sides of communication. It is now widely used in security-sensitive communications on the Internet. HTTP and HTTPS differences:
(1) Protocol base differs: HTTPS adds SSL layer under HTTP,
(2) Different communication methods: HTTPS before data communication requires the client, the server handshake (identity authentication), after establishing the connection, the transmission data is encrypted, communication port 443.

SSL Protocol Basics
The SSL protocol is located between the TCP/IP protocol and various application layer protocols, and is divided into two tiers:
SSL recording Protocol (SSL record Protocol): Based on the Reliable Transport Layer Protocol (TCP), provides the basic functions of data encapsulation, compression and encryption for the upper layer protocol.
SSL Handshake Protocol (SSL handshake Procotol): On the SSL record protocol, before the actual data transmission, the communication parties authenticate, negotiate the encryption algorithm, Exchange encryption key and so on.





5. How to gzip compress HTTP data
Gzip is a data compression format that, by default, only uses the DEFLATE algorithm to compress the data section; Deflate is a compression algorithm, is a Huffman coding enhancement, he can more effectively save bandwidth traffic. He first compresses the text into. GZ and then transmits it to the browser, and finally the browser is responsible for extracting it to the user, the following is the approximate process:

(1) First the browser requests a URL address, and sets the property accept-encoding value to gzip, deflate in the header of the request, indicating that the browser supports both gzip and deflate compression methods.
(2) After the Web server receives the request to determine whether the browser supports compression, if the support to transmit the compressed response content, otherwise transmit the content is not compressed;
(3) After the browser obtains the response content, determines whether the content is compressed, if it is uncompressed, and then displays the content of the response page.
Implementations in the servlet

String data = "Abcdabcdabcdabcdabcdabcdab"
System.out.println ("The size of the original data is:" + data.getbytes (). length);

Bytearrayoutputstream bout = new Bytearrayoutputstream ();
Gzipoutputstream gout = new Gzipoutputstream (bout); Buffer
Gout.write (Data.getbytes ());
Gout.close ();
Get the compressed data
byte g[] = Bout.tobytearray ();
Response.setheader ("content-encoding", "gzip");
Response.setheader ("Content-length", G.length + "");
Response.getoutputstream (). write (g);
The volume of data over the hour may occur after a larger situation of compression



6.Cookie Domain, Path, expires what role
expires– Expiration time. Specifies the lifetime of the cookie. The specific value is the expiration date. You must use this property if you want the cookie to exist longer than the current browser session. When the expiration date is over, the browser can delete the cookie file without any effect.

path– path. Specifies the Web page that is associated with the cookie. The value can be a directory, or a path. If http://www.zdnet.com/devhead/index.html establishes a cookie, then all pages in the http://www.zdnet.com/devhead/directory, and the pages in any subdirectory below the directory can access this cookie. This means that any page in Http://www.zdnet.com/devhead/stories/articles can access the cookie created by http://www.zdnet.com/devhead/index.html. But what if http://www.zdnet.com/zdnn/needs to access the Cookes set by http://www.zdnet.com/devhead/index.html? At this point, we want to set the path property of the cookie to "/". When specifying a path, cookies can be shared by all Web pages that have the same path in the URL from the same server. Now let's look at another example: if you want http://www.zdnet.com/devhead/filters/and http://www.zdnet.com/devhead/stories/to share cookies, set path to "/ Devhead ".

domain– domain. Specifies the associated Web server or domain. The value is a domain name, such as Zdnet.com. This is an extension to the Path property. What if we want catalog.mycompany.com to have access to cookies set by shoppingcart.mycompany.com? We can set the domain property to "mycompany.com" and set the Path property to "/". FYI: The cookie domain attribute cannot be set to a different value than the domain of the server where it is set




7. How the browser caches files
<meta http-equiv= "Pragma" content= "No-cache" >
Expires strategy
Expires is a Web server response message header field that, in response to an HTTP request, tells the browser that the browser can cache data directly from the browser before the expiration time, without having to request it again.
Cache-control strategy
Cache-control is consistent with expires, which indicates the validity of the current resource, whether the browser caches data directly from the browser or re-sends the request to the server. Just Cache-control choice more, set more carefully, if at the same time
If set, its priority is higher than expires.

A few javaweb in the industry