Detailed parsing of HTTP requests and HTTP responses

HTTP Request Format

When the browser makes a request to the Web server, it passes a block of data to the server, which is the request information, and theHTTP request information consists of 3 parts:

L Request method URI protocol /version

L Requests Header ( request header)

L Request Body

The following is an example of an HTTP request:

get/sample.jsphttp/1.1

accept:image/gif.image/jpeg,*/*

Accept-language:zh-cn

Connection:keep-alive

Host:localhost

user-agent:mozila/4.0 (compatible; MSIE5.01; Window NT5.0)

Accept-encoding:gzip,deflate

username=jinqiao&password=1234

(1) Request method URI protocol /version

The first line of the request is "method URL negotiation /version":get/sample.jsp http/1.1

In the code above, "GET" represents the request method, "/sample.jsp" represents the URI, "http/1.1 represents the version of the Protocol and Protocol."

HTTP requests can use a variety of request methods, depending on the HTTP standard. For example:HTTP1.1 currently supports 7 methods of request:GET,POST,HEAD,OPTIONS,PUT, delete,and Tarce.

get       request access by the resource identified.
Post  append new data after request-uri
Head  request access by request-uri

The options request queries the server for performance, or queries for resource-related options and requirements.
The PUT Request server stores a resource and uses Request-uri as its identity.
the delete request server deletes the resource identified by Request-uri.
TRACE Requests the server to echo the received request information, the primary term of the test or diagnostics.
In Internet applications, the most common method is get and POST.

The URI completely specifies the network resource to be accessed, usually with a relative directory relative to the root of the server, always beginning with a "/", and finally, the version of the Protocol that declares the use of HTTP during communication.

(2) Requesting header ( request header)

The request header contains many useful information about the client environment and the request body. For example, the request header can declare the language used by the browser, the length of the request body, and so on.

accept:image/gif.image/jpeg.*/*

Accept-language:zh-cn

Connection:keep-alive

Host:localhost

user-agent:mozila/4.0 (Compatible:msie5.01:windows NT5.0)

Accept-encoding:gzip,deflate.

(3) Request Body

Between the request header and the request body is a blank line, which is very important, which indicates that the request header has ended, followed by the request body. The request body can contain query string information submitted by the customer:

username=jinqiao&password=1234

In the HTTP request for the example above , the body of the request has only one line of content. Of course, in real-world applications, theHTTP request body can contain more content.

HTTP request method I only discuss the Get method with the post method here

L Get method

The Get method is the default HTTP request method, and we routinely use the get method to submit the form data, but the form data submitted with the Get method is simply encoded, and it is used as part of the URL to The Web server sends, so if you use the Get method to submit form data there is a security risk. For example

Http://127.0.0.1/login.jsp?Name=zhangshi&Age=30&Submit=%cc%E+%BD%BB

From the URL request above, it is easy to identify what the form submits. （？ ) In addition, because the data submitted by the Get method is part of the URL request, the amount of data submitted cannot be too large

L POST method

The Post method is an alternative to the Get method, which is primarily to submit form data to the Web server, especially large batches of data. The Post method overcomes some of the drawbacks of the Get method. when submitting form data through the Post method, the data is not sent as part of the URL request but as standard data to the Web server, which overcomes the drawback that the information in the Get method is not confidential and the amount of data is too small. Therefore, for security reasons and respect for user privacy, the Post method is usually used for form submission .

From a programmatic point of view, if a user submits data through a GET method, the data is stored in the query_string environment variable, and the data submitted by the Post method can be obtained from the standard input stream.

HTTP response Format

HTTP replies are similar to HTTP requests, andHTTP responses are made up of 3 parts, namely:

L Status Line

L Response Header (Response header)

L Response Body

After the request message is received and interpreted, the server returns an HTTP response message.

The status line consists of the Protocol version, the status code in the number form, and the corresponding status description, separated by a space between the elements.

Format : http-version status-code reason-phrase CRLF

Example : http/1.1 OK \ r \ n

Status code:

The status code consists of 3 digits that indicate whether the request is understood or is satisfied.

Status Description:

The status description gives a short textual description of the status code.

The first number of the status code defines the category of the response, and the following two bits do not have a specific classification.

The first number has five possible values:

-1XX: Indicates information-Indicates that the request has been received and continues processing.

-2xx: Success-Indicates that the request has been successfully received, understood, accepted.

-3xx: Redirect-A further action must be made to complete the request.

-4xx: Client Error-The request has a syntax error or the request cannot be implemented.

-5xx: Server-side error-the server failed to implement a legitimate request.

Status Code Status Description description

OK Client Request succeeded

The bad request is not understood by the server because of a syntax error in client requests.

401 Unauthonzed request is not authorized. This status code must be used with the www-authenticate header field

The 403 Forbidden server received the request but refused to provide the service. The server typically gives reasons for not serving in the response body

404 Not Found The requested resource does not exist, for example, the wrong URL was entered .

The Internal server error server has unexpected errors that could result in the client's request not being completed.

The 503 Service unavailable server is currently not able to process client requests, and the server may return to normal after a certain period of time.

Response header

The response header may include:

Location:

The Location response header field is used to redirect the recipient to a new position. For example, the client requested that the page no longer exists, in order to redirect the client to the new location of the page, the server can send back to the site response header after the use of redirection statements, so that the client to access the new domain name corresponding to the resources on the servers. When we use the redirect statement in the JSP, the server side sends back the response header to the client, and there is a location response header field.

Server:

The server Response header field contains the software information that the server uses to process the request. It corresponds to the user-agent request header domain, which sends information about the server-side software, which sends the client software (browser ) and the operating system. The following is an example of the Server response header field:server:apache-coyote/1.1

Www-authenticate:

The Www-authenticate response header field must be included in the 401 (Unauthorized ) response message, which is related to the header domain of the authorization request mentioned earlier when the client receives 401 response message, decide whether to request the server to validate it. If the server is required to validate it, a request containing the authorization header domain can be sent, and here is An example of the Www-authenticate response header field:www-authenticate: Basic realm= "Basic Auth test!"

From this response header domain, you can know that the server side is using the Basic authentication mechanism for the resources we request.

Content-encoding:

The Content-encoding Entity header field is used as the modifier for the media type, and its value indicates the additional content encoding that has been applied to the entity body, so the corresponding decoding mechanism must be used to obtain the media type referenced in the Content-type header domain. content-encoding The main terms of the document compression method, here is an example: content-encoding:gzip. If an entity body is stored in an encoded manner, it must be decoded before it is used.

Content-language:

The Content-language Entity header field describes the natural language used by the resource. Content-language allows users to identify and differentiate entities according to their preferred language. if the entity content is intended only for Danish readers, the Entity header field can be set as follows:Content-language:da.

If the content-language header field is not specified, then the entity content is provided to the reader of the language.

Content-length:

The Content-length Entity header field is used to indicate the length of the body, expressed as a decimal number stored in bytes, that is, a numeric character occupies one byte and is transmitted using its corresponding ASCII code storage.

Note that this length is only the length of the entity body and does not include the length of the entity header.

Content-type

The Content-type Entity header field term indicates the media type that is sent to the recipient's entity body. For example:

Content-type:text/html;charset=iso-8859-1

content-type:text/html;charset=gb2312

Last-modified

The Last-modified Entity header field is used to indicate the last modification date and time of the resource.

Expires

The Expires Entity header field gives the date and time when the response expires. Typically, a proxy server or browser caches some pages. When users visit these pages again, they are loaded directly from the cache and displayed to the user , which shortens the response time and reduces the load on the server. In order for the proxy server or browser to update the page after a period of time, we can use the Expires Entity header field to specify the time between pages that expire . When the user accesses the page again, if the date and time given by the Expires header field are earlier (or the same) than the date and time given by the date normal header field , then the proxy server or browser The cached page is no longer used, but the updated page is requested from the server. Note, however, that even if the page expires, it does not mean that the original resource on the server has changed before or after this time.

The date and time used by the expires Entity header field must be a date format in RFC 1123, for example:

Expires:thu, Sep 2005 16:00:00 GMT

The HTTP1.1 client and cache must treat other illegal date formats (also including 0) as expired. For example, to let the browser do not cache the page, we can also take advantage of the Expires entity header field, set its value to 0, as follows (JSP):response.setdateheader ("Expires", 0);

The following is an example of an HTTP response:

http/1.1 OK

Server:apache tomcat/5.0.12

date:mon,6oct2003 13:23:42 GMT

content-length:112

Detailed parsing of HTTP requests and HTTP responses