HTTP protocol analysis

Source: Internet
Author: User
Tags http authentication asymmetric encryption
Subsequent requests and responses can be sent through this connection. The entire web page (in the preceding example, a page containing a basic htmll file and 10 images) can be sent through a single persistent TCP connection: even multiple web pages stored on the same server can be sent through a single persistent TCP connection. Generally, the HTTP server shuts down a connection after a specific period of time, which can be configured during this period. Persistent connections are divided into two versions: Without pipelining and with pipelining. If it is a version without a pipeline, the customer sends a new request only after receiving the response from the previous request. In this case, each object referenced by the web page (10 images in the previous example) experiences a RTT delay, which is used to request and receive the object. Compared with the latency of two RTTs for non-persistent connections, persistent connections without pipelines have been improved, but persistent connections with pipelines can further reduce the response latency. Another disadvantage without the assembly line version is that the server sends an object and waits for the next request, but the new request cannot arrive immediately. During this time, the server resources are idle.

The default HTTP/1.1 mode uses persistent connections with pipelines. In this case, each time an HTTP client encounters a reference, it immediately sends a request. Therefore, an HTTP client can send a request next to each referenced object. After receiving these requests, the server can send each object one by one. If all requests and responses are sent next to each other, all referenced objects will experience only one RTT delay (instead of the same as the version without pipelines, each referenced object has a RTT delay ). In addition, requests such as server null in persistent connections with pipelines are less time-consuming. Compared with non-persistent connections, persistent connections (whether with or without a pipeline) reduce the response latency of one RTT, and slow startup latency is also relatively small. The reason is that since each object uses the same TCP connection, after the server sends the first object, it does not have to send subsequent objects at the initial slow rate. On the contrary, the server can start sending the next object at the rate at which the first object is sent.

3.Cache Mechanism

The purpose of caching in HTTP/1.1 is to reduce the number of sending requests in many cases, and in many cases it is not necessary to send a complete response. The former reduces the number of network loops, and HTTP uses an expiration mechanism for this purpose. The latter reduces the bandwidth of network applications. Http uses the "validation" mechanism for this purpose.

HTTP defines three caching mechanisms:

LFreshnessAllows a response to be used without re-checking it on the origin server, and can be controlled by both the server and the client. for example, the expires Response Header gives a date when the document becomes stale, and the cache-control: Max-age directive tells the cache how many seconds the response is fresh.

LValidationCan be used to check whether a cached response is still good after it becomes stale. For example, if the response has a last-modified header, a cache can makeConditional request Using the IF-modified-since header to see if it has changed.

LInvalidationIs usually a side effect of another request that passes through the cache. for example, if URL associated with a cached response subsequently gets a post, put or delete request, the cached response will be invalidated.

For more information about Web Cache, see caching tutorial for web authors and webmasters (English version)

4.Response authorization Incentive Mechanism

These mechanisms can be used by the server to stimulate client requests and authorize the client.

For more information, see RFC 2617: HTTP Authentication: basic and digest access.

5.HTTP-based applications

1. HTTP Proxy

Principle

Category

  1. Transparent proxy
  2. Non-transparent proxy
  3. Reverse Proxy

2 multi-thread download

    1. Download tool to enable multiple HTTP request threads
    2. Each HTTP request only requests part of the resource file: Content-range: bytes 20000-40000/47000
    3. Merge the files downloaded by each thread

3. Principle of HTTPS transmission protocol

Two basic encryption and decryption algorithm types

Symmetric encryption: there is only one key. encryption and decryption are the same password, and the encryption and decryption speed is fast. Typical symmetric encryption algorithms include des and AES.

Asymmetric encryption: Keys appear in pairs (the private key cannot be obtained based on the public key, or the public key cannot be obtained based on the private key). Different keys are used for encryption and decryption (private keys are required for public key encryption, private key encryption requires Public Key decryption). Relatively symmetric encryption is slow. typical asymmetric encryption algorithms include RSA and DSA.

HTTPS communication process

Advantages

    1. Only the client and server can obtain the key generated by the client.
    2. Only the client and server can obtain the encrypted data in plaintext.
    3. Communication between the client and the server is secure.

 

4. Commonly Used request methods for Web Application Development

Head

(Head Method) requires that the response is the same as the response of the corresponding GET request, but there is no response body ). This is used to obtain metadata information (meta-infomation) in the Response Header (Response Header), which is very helpful because it does not need to transmit all the content.

Trace

(The trace method tells the server) to return the received request. The client can (through this method) Check the content added or changed by the Intermediate server during the request process.

Options

Return the HTTP methods supported by the server (on a specified URL. By requesting "*" instead of the specified resource, this method can be used to check the functions of the network server.

Connect

Converts a request connection to a transparent TCP/IP channel, which is usually used to simplify SSL-encrypted communication (https) through an unencrypted HTTP proxy ).

5. User-server interaction

    1. Identity Authentication
    2. Cookie
    3. Conditional get

6. Write http-compliant programs based on socket programming

 

 

Postscript:

This article only gives a rough introduction to the HTTP protocol. Many details are missing. Please read RFC 2616 if you are interested.

Learn about the HTTP protocol:

1. O 'Reilly-HTTP pocket reference: This is a short book about the HTTP protocol. It can be used as an entry guide.

2. O 'Reilly-HTTP the definitive guide: this is a typical book, because it contains a lot of content and can be used as the first choice for HTTP protocol learning.

3. Sams-HTTP developers Handbook: This is a little simpler than http the definitive guide. However, from my perspective, this book is better than http the definitive guide, because it is very short and introduces the essence of HTTP. I think this book should be the first choice for web programmers.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.