HTTP request message and HTTP Response Message

HTTP packets are text-oriented. Each field in the packet is an ASCII string, and the length of each field is uncertain. HTTP has two types of packets: Request Message and Response Message.

HTTP Request Message

An HTTP request Message consists of four parts: request line, request header, empty line, and request data.

Or

<Request-line>

<Headers>

<Blank line>

[<Request-body>

 

1. Request Header

A request line consists of three fields: Request Method Field, URL field, and HTTP Protocol version field, which are separated by spaces. For example, GET/index.html HTTP/1.1.

HTTP request methods include GET, POST, HEAD, PUT, DELETE, OPTIONS, TRACE, and CONNECT.

The following are common examples:

1). GET

The most common request method is that when the client wants to read documents from the server, when it clicks a link on the webpage or enters a URL in the address bar of the browser to browse the webpage, the GET method is used. The GET method requires the server to place the URL-located resource in the data part of the Response Message and send it back to the client. When the GET method is used, the request parameters and corresponding values are appended to the URL, and a question mark ("?") is used. It indicates the end of the URL and the start of the request parameter. The length of the transfer parameter is limited. For example,/index. jsp? Id = 100 & op = bind, so that the data transmitted in the GET method is directly expressed in the address, so we can send the request results to friends in the form of links. Take google search for domety as an example. The Request format is as follows:

GET /search?hl=zh-CN&source=hp&q=domety&aq=f&oq= HTTP/1.1  Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, 
application/msword, application/x-silverlight, application/x-shockwave-flash, */*  Referer: <a href="http://www.google.cn/">http://www.google.cn/</a>  Accept-Language: zh-cn  Accept-Encoding: gzip, deflate  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; TheWorld)  Host: <a href="http://www.google.cn">www.google.cn</a>  Connection: Keep-Alive  Cookie: PREF=ID=80a06da87be9ae3c:U=f7167333e2c3b714:NW=1:TM=1261551909:LM=1261551917:S=ybYcq2wpfefs4V9g; 
NID=31=ojj8d-IygaEtSxLgaJmqSjVhCspkviJrB6omjamNrSm8lZhKy_yMfO2M4QMRKcH1g0iQv9u-2hfBW7bUFwVh7pGaRUb0RnHcJU37y-
FxlRugatx63JLv7CWMD6UB_O_r  

As you can see, a GET request generally does not contain the "request content" part. The request data is expressed in the request line in the form of an address. The URL is as follows:

<a href="http://www.google.cn/search?hl=zh-CN&source=hp&q=domety&aq=f&oq=">http://www.google.cn/search?hl=zh-CN&source=hp
&q=domety&aq=f&oq=</a> 

"?" In the address "?" The later part is the request data sent through GET. We can clearly see in the address bar that each data is separated by the "&" symbol. Obviously, this method is not suitable for transmitting private data. In addition, because different browsers have different character restrictions on the address, generally only up to 1024 characters can be identified. Therefore, if you need to transmit a large amount of data, it is not suitable to use the GET method.

 

2). POST

If the above mentioned method is not suitable for the GET method, you can consider using the POST method, because the POST method allows the client to provide more information to the server. The POST method encapsulates Request Parameters in the HTTP request data in the form of Names/values and can transmit a large amount of data. In this way, the POST method has no limit on the size of the transmitted data, it is not displayed in the URL. Take domety as an example. If the POST method is used, the format is as follows:

POST /search HTTP/1.1  Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, 
application/msword, application/x-silverlight, application/x-shockwave-flash, */*  Referer: <a href="http://www.google.cn/">http://www.google.cn/</a>  Accept-Language: zh-cn  Accept-Encoding: gzip, deflate  User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; TheWorld)  Host: <a href="http://www.google.cn">www.google.cn</a>  Connection: Keep-Alive  Cookie: PREF=ID=80a06da87be9ae3c:U=f7167333e2c3b714:NW=1:TM=1261551909:LM=1261551917:S=ybYcq2wpfefs4V9g; 
NID=31=ojj8d-IygaEtSxLgaJmqSjVhCspkviJrB6omjamNrSm8lZhKy_yMfO2M4QMRKcH1g0iQv9u-2hfBW7bUFwVh7pGaRUb0RnHcJU37y-
FxlRugatx63JLv7CWMD6UB_O_r  hl=zh-CN&source=hp&q=domety  

As you can see, the POST request line does not contain data strings. The data is stored in the "request content" section, and the data is separated by the "&" symbol. Most of the POST methods are used in the form of a page. Because POST can also complete the GET function, most people use the POST method when designing forms. This is actually a misunderstanding. The GET method also has its own characteristics and advantages. We should choose whether to use GET or POST based on different situations.

 

3). HEAD

The HEAD is like GET, but the server only returns the response header after receiving the HEAD request, instead of sending the response content. When we only need to view the status of a page, it is very efficient to use the HEAD, because the page content is saved during transmission.

 

2. Request Header

The request header consists of a pair of keywords and values. Each line is a pair. The keywords and values are separated by a colon. The request header notifies the server of client request information. Typical request headers include:

User-Agent: browser type of the request.

Accept: List of content types that can be recognized by the client.

Host: the requested Host name, which allows multiple domain names to share one IP address, that is, the virtual Host.

 

3. Empty rows

The last request header is followed by an empty line that sends a carriage return and line feed, notifying the server that there are no request headers below.

 

4. Request data

The request data is not used in the GET method, but in the POST method. The POST method is applicable when the customer needs to fill out the form. The most frequently used request headers related to request data are Content-Type and Content-Length.

 

HTTP packets

HTTP response is composed of three parts: Status line, message header, and response body.

As shown below, the HTTP Response format is very similar to the request format:

<Status-line>

<Headers>

<Blank line>

[<Response-body>]

As you can see, the only real difference in response is that the request information is replaced by the status information in the first line. Status line describes the requested resources by providing a status code.

 

 

The status line format is as follows:

HTTP-Version Status-Code Reason-Phrase CRLF

HTTP-Version indicates the HTTP protocol Version of the server, Status-Code indicates the response Status Code sent back by the server, and Reason-Phrase indicates the text description of the Status Code. The status code consists of three digits. the first digit defines the response category and has five possible values.

• 1xx: indicates that the request has been received and continues to be processed.
• 2xx: Success-indicates that the request has been successfully received, understood, and accepted.
• 3xx: Redirection-further operations are required to complete the request.
• 4xx: client error-the request has a syntax error or the request cannot be implemented.
• 5xx: Server Error -- the server fails to fulfill the valid request.

Descriptions of common status codes and statuses are as follows.

• 200 OK: the client request is successful.
• 400 Bad Request: the client Request has a syntax error and cannot be understood by the server.
• 401 Unauthorized: the request is Unauthorized. This status code must be used with the WWW-Authenticate header domain.
• 403 Forbidden: the server receives the request but rejects the service.
• 404 Not Found: the requested resource does Not exist. For example, an incorrect URL is entered.
• 500 Internal Server Error: An Unexpected Error occurs on the Server.
• 503 Server Unavailable: the Server cannot process client requests at present and may return to normal after a period of time. For example, HTTP/1.1 200 OK (CRLF ).

 

 

The following is an example of an HTTP response packet.

HTTP/1.1 200 OKDate: Sat, 31 Dec 2005 23:59:59 GMTContent-Type: text/html;charset=ISO-8859-1Content-Length: 122＜html＞＜head＞＜title＞Wrox Homepage＜/title＞＜/head＞＜body＞＜!-- body goes here --＞＜/body＞＜/html＞

 

Differences between HTTP request GET and POST

 

1. When a GET request is submitted, the request data is appended to the URL (that is, the data is placed in the HTTP header <request-line>? Splits the URL and transmits data. Multiple parameters are connected with &. For example, login. action? Name = hyddd & password = idontknow & verify = % E4 % BD % A0 % E5 % A5 % BD. If the data is an English letter/number, it is sent as is. If it is a space, it is converted to +. If it is a Chinese character/other character, it is directly encrypted with BASE64, and the result is as follows: % E4 % BD % A0 % E5 % A5 % BD, where XX in % XX represents the ASCII represented in hexadecimal notation.

POST submission: place the submitted data in the HTTP package body <request-body>. In the preceding example, the red font indicates the actual data transmission.

Therefore, the data submitted by GET will be displayed in the address bar, while the address bar will not change when the POST is submitted.

 

2. Data Transfer size:

First, it is declared that the HTTP protocol does not limit the size of transmitted data, and the HTTP protocol specification does not limit the URL length. In actual development, the following restrictions exist:

GET: the URL length of a specific browser or server is limited. For example, the URL Length of IE is limited to 2083 bytes (2 K + 35 ). For other browsers, such as Netscape and FireFox, there is no length limit theoretically. The limit depends on the support of the operating system.

Therefore, when a GET request is submitted, data transmission is limited by the URL length.

POST: theoretically, data is not limited because the value is not transmitted through a URL. However, the actual size of the data submitted by post is limited on each WEB server. Apache and IIS6 have their own configurations.

 

3. Security:

POST is more secure than GET. Note: The security mentioned here is not the same as the "Security" mentioned in GET. The above "Security" only means not to modify data, but here Security means the meaning of true Security. For example, if you submit data through GET, the user name and password will appear in the URL in plain text, because (1) the login page may be cached by the browser, (2) if others view the browser's historical records, they will be able to get your account and password,