HTTP protocol Detailed

HTTP protocol detailed

today 's Web program development technology is really a contention, ASP, PHP, Jsp,perl, AJAX and so on. Regardless of how web technologies evolve in the future, it is important to understand the basic protocols for communicating between web programs, because it allows us to understand the internal work of Web applications. This article will be a detailed example of the HTTP protocol to explain, more content, I hope you have patience to see. We also hope that we can help you with your development work or test work. Using the Fiddler tool to capture HTTP request and HTTP Response very easily, see my blog for the usage of fiddler tools

What is HTTP protocol

protocol refers to the rules or rules that must be complied with for communication between two computers in a computer communication network, Hypertext Transfer Protocol (HTTP) is a communication protocol that allows Hypertext Markup Language (HTML) documents to be routed from a Web server to a client's browser

We are currently using the http/1.1 version

Web server, browser, proxy server

when we open the browser, enter in the address bar URL, and then we'll see the page. What is the principle?

actually we enter URL, our browser sends a request to the Web server, the Web server receives the request, processes it, generates the corresponding response, sends it to the browser, and the browser parses the HTML in the response, so we see the page, The process is as shown

of our The Request may have passed through a proxy server and finally arrived at the Web server.

The process is as shown

Proxy Server is a transit point of network information, what is the function?

1. Improve access speed, most of the proxy server has the cache function.

2. Break the limit, that's FQ.

3. Hide identities.

URL detailed

The URL (Uniform Resource Locator) address is used to describe a resource on a network with the following basic format

schema://host[:p ort#]/path/.../[?query-string][#anchor]

Scheme specifies the protocol used by the lower layer (for example: HTTP, HTTPS, FTP)

The IP address or domain name of the host HTTP server

The default port for the port# HTTP server is 80, in which case the lower number can be omitted. If you use a different port, you must specify, for example, http://www.cnblogs.com:8080/

Path to access resource

Query-string data sent to the HTTP server

anchor-Anchor

An example of a URL

Http://www.mywebsite.com/sj/test/test.aspx?name=sviergn&x=true#stuff

Schema:http
Host:www.mywebsite.com
Path:/sj/test/test.aspx
Query String:name=sviergn&x=true
Anchor:stuff

The HTTP protocol is stateless

HTTP protocol is stateless, the same client's request and the last request is not the corresponding relationship, for the HTTP server, it does not know that the two requests from the same client. To solve this problem, the Web program introduces a cookie mechanism to maintain state.

opening a Web page requires a browser to send many times Request

1. When you enter the URL http://www.cnblogs.com in the browser, the browser sends a request to get the http://www.cnblogs.com HTML. The server sends the response back to the browser.

2. The browser parses the HTML in response and discovers that it references a lot of other files than slices, CSS files, and JS files.

3. The browser will automatically send the request again to get pictures, CSS files, or JS files.

4. After all the files have been downloaded successfully. The Web page is displayed.

Structure of the HTTP message

look first . The request message structure, the request message is divided into 3 parts, the first part is called Request line, the second part is called the request header, the third part is body. There is a blank line between the header and the body, as the structure

in the first row Method means a request, such as "POST", "GET", Path-to-resoure represents the requested resource, and Http/version-number represents the version number of the Http protocol.

When the "GET" method is used , the body is empty

For example, we open the Blog Garden home page request as follows

GET http://www.cnblogs.com/HTTP/1.1
Host:www.cnblogs.com

abstract things, incomprehensible, old feelings are imaginary, We can understand and remember what is seen as reality and what we actually see. Today we use Fiddler, actually look at the request and response.

below we open Fiddler capture a blog Park login request and then analyze its structure, in the Inspectors tab under the raw way can see the complete request message, such as

we'll see . The structure of the response message is basically the same as the structure of the request message. Also divided into three parts, the first part is called Response line, the second part is called response header, the third part is the body. There is also a blank line between the header and the body, as the structure

Http/version-number represents the version number of the HTTP protocol, Status-code and message, see the detailed explanation of the next section [ Status code ].

we use Fiddler capture a blog home of the response and then analyze its structure, in the Inspectors tab under the raw way can see the full response message, such as

The difference between the Get and post methods

The HTTP protocol defines a number of ways to interact with the server, the most basic of which are 4, get,post,put,delete, respectively. A URL address is used to describe a resource on a network, and the Get, POST, PUT, delete in HTTP corresponds to the search for this resource, change, increase, delete 4 operations. Our most common is get and post. Get is typically used to get/query resource information, and post is typically used to update resource information.

let's see . The difference between get and post

1. Get submitted data will be placed after the URL, to split the URL and transfer data, the parameters are connected with &, such as editposts.aspx?name=test1&id=123456. The Post method is to put the submitted data in the body of the HTTP packet.

2. The data size of the Get commit is limited (because the browser has a limit on the length of the URL), and there is no limit to the data submitted by the Post method.

3. The Get method needs to use Request.QueryString to get the value of the variable, while the Post method obtains the value of the variable by Request.Form.

4. The Get method submits the data, which brings security issues, such as a login page, when the data is submitted by get, the user name and password will appear on the URL, if the page can be cached or other people can access the machine, you can obtain the user's account and password from the history.

Status code

The first line in the Response message is called the status line, which consists of the HTTP protocol version number, the status code, and the status message.

The status code is used to tell HTTP client, whether the HTTP server produced the expected response.

The 5 class status codes are defined in the http/1.1, and the status codes are made up of three digits, and the first number defines the category of the response

1XX hint Message-Indicates that the request was successfully received and continues processing

2XX Success-Indicates that the request has been successfully received, understood, accepted

3XX Redirect-further processing is required to complete the request

4XX Client Error-Request syntax error or request not implemented

5XX server-side error-the server failed to implement a legitimate request

Take a look at some common status codes

OK

The most common is the successful response status Code 200, which indicates that the request was successfully completed and the requested resource was sent back to the client

such as, Open Blog Garden Home

302 Found

REDIRECT , new The URL will be returned in the location in response, and the browser will automatically send a new request using the new URL

For example, in Input in IE, http://www.google.com. The HTTP server returns 302, IE takes the new URL to the location header in response and sends a request again.

304 Not Modified

indicates that the last document has been cached. can also continue to use,

For example, open the blog home page , found a lot of response status code is 304

Tip: If you don't want to use the local cache, you can use Ctrl+f5 forcing the page to refresh

Error request client requests and syntax errors cannot be understood by the server

403 Forbidden server receives request, but refuses to provide service

404 Not Found

the request resource does not exist (the wrong URL)

such as in Enter an incorrect URL in IE, http://www.cnblogs.com/tesdf.aspx

An unexpected error occurred on the Internal server error server

503 Server Unavailable Server is currently unable to process client requests and may return to normal after some time

HTTP Request Header

Use Fiddler can easily view the reques header, click Inspectors tab->request tab-> headers as shown.

Header There are many, more difficult to remember, we also follow the Fiddler as the header classification, so clear and easy to remember.

Cache header Field

If-modified-since

function: When the last modification time of the browser-side cache page is sent to the server, the server compares this time with the last modification time of the actual file on the server. If the time is the same, then return 304, the client uses the local cache file directly. If the time is inconsistent, 200 and the new file contents are returned. After the client receives it, it discards the old files, caches the new files, and displays them in the browser.

For example: If-modified-since:thu, 09:07:57 GMT

Real example

If-none-match

role : If-none-match works with the ETag and works by adding etag information to the HTTP response. When the user requests the resource again, the If-none-match information (the value of the ETag) is added to the HTTP request. If the server verifies that the etag of the resource has not changed (the resource is not updated), it returns a 304 status that tells the client to use the local cache file.  Otherwise, the 200 state and the new resource and ETag are returned. Using such a mechanism will improve the performance of your website

example : if-none-match: "03f2b33c0bfcc1:0"

Real example

Pragma

function: prevents the page from being cached, in the In the http/1.1 version, it works exactly the same as Cache-control:no-cache.

Pargma has only one usage, for example: Pragma:no-cache

Note : In the http/1.0 version, only Pragema:no-cache is implemented, not implemented Cache-control

Cache-control

role : This is a very important rule. This is used to specify the caching mechanism that response-request follows. Each instruction has the following meanings

Cache-control:public can be cached by any cache ()

Cache-control:private content is cached only in the private cache

Cache-control:no-cache All content is not cached

There are other uses, I don't know what that means. Please refer to other information

Client Header Domain

Accept

role: The type of media that can be accepted by the browser side,

For example: Accept:text/html represents the type of server postback that the browser can accept as text/html, which is what we often call HTML documents,

if the server cannot return data of type text/html, the server should return a 406 error (non acceptable)

Wildcard * represents any type

For example Accept: */* on behalf of the browser can handle all types, (the general browser to the server is the issue of this)

Accept-encoding:

function: The Browser declares itself to receive the encoding method, usually specifies the compression method, whether compression is supported, what compression method is supported (gzip,deflate), (note: This is not a character encoding);

For example: Accept-encoding:gzip, deflate

Accept-language

function: the browser affirms the language it receives.

language and Character set differences: Chinese is a language, Chinese has a variety of character sets, such as BIG5,GB2312,GBK and so on;

For example: Accept-language:en-us

User-agent

role: Tell HTTP server, the name and version of the operating system and browser used by the client.

when we go online to the forum, often see some welcome information, which lists the name and version of your operating system, the name and version of the browser you are using, which often makes a lot of people feel amazing, in fact, the server application is from User-agent this request in the header domain obtains this information user-agent the request header domain allows the client to tell the server its operating system, browser, and other properties.

For example: user-agent:mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; trident/4.0; CIBA;. NET CLR 2.0.50727;. NET CLR 3.0.4506.2152;. NET CLR 3.5.30729;. net4.0c; infopath.2;. NET4.0E)

Accept-charset

role: The browser affirms its own received character set, this is the various character sets and character encodings described earlier in this article, such as gb2312,utf-8 (usually we say CharSet includes the corresponding character encoding scheme);

For example:

Cookie/login header Field

Cookies:

function: The most important header, send the value of the cookie to the HTTP server

Entity header Field

Content-length

role: Sent to The length of the HTTP server data.

For example: content-length:38

Content-type

Role:

For example: content-type:application/x-www-form-urlencoded

Miscellaneous header Field

Referer:

function: provides a Request context information for the server, tell the server which link I took from, such as from my home page linked to a friend, his server can be from the HTTP Referer to count how many users per day to click on the link on my home page to visit his website.

Example : REFERER:HTTP://TRANSLATE.GOOGLE.CN/?HL=ZH-CN&TAB=WT

Transport header Field

Connection

For example: connection:keep-alive when a Web page opens, the TCP connection between the client and the server for transmitting HTTP data does not close, and if the client accesses the Web page on the server again, it will continue to use the established connection

For example: Connection:close represents the completion of a request, the TCP connection between the client and the server for transmitting HTTP data is turned off, and the TCP connection needs to be re-established when the client sends the request again.

Host (the header field is required when the request is sent)

role : The request header domain is used primarily to specify the Internet host and port number of the requested resource, which is typically extracted from the HTTP URL

For example : We entered in the browser: http://www.guet.edu.cn/index.html

in the request message sent by the browser, it will contain The host Request header field is as follows:

host:http://www.guet.edu.cn

The default port number 80 is used here , and if a port number is specified, it becomes: Host: Specify port number

HTTP Response Header

same Use Fiddler View Response Header, click Inspectors tab->response tab-> headers as shown

We also classify the header according to Fiddler, so that it is clearer and easier to remember.

Cache header Field

Date

role : The exact time and date of the message generation

For example: Date:sat, 11:35:14 GMT

Expires

role : The browser will use the local cache for the specified expiration period

For example : Expires:tue, 2022 11:35:14 GMT

Vary

Role:

Example : vary:accept-encoding

Cookie/login header Field

P3p

role : Used to set cookies across domains, which resolves the issue of cross-domain access to cookies for IFRAME

example : P3p:cp=cura ADMa DEVa Psao psdo our BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR

Set-cookie

function: A very important header for sending cookies to the client browser, and each write cookie generates a Set-cookie.

For example : set-cookie:sc=4c31523a; path=/; Domain=.acookie.taobao.com

Entity header Field

ETag

function : Used in conjunction with If-none-match. (See examples of If-none-match in the section)

For example : ETag: "03f2b33c0bfcc1:0"

Last-modified:

function: used to indicate the last modification date and time of the resource. (see Examples of if-modified-since in the section)

example : last-modified:wed, Dec 09:09:10 GMT

Content-type

function: The Web server tells the browser the type and character set of the object it responds to.

For example :

content-type:text/html; Charset=utf-8

content-type:text/html;charset=gb2312

Content-type:image/jpeg

Content-length

Indicates the length of the entity body, expressed as a decimal number stored in bytes. In the process of data downlink,content-length the way to pre-cache all the data in the server, and then all the data peremptorily to the client.

Example : content-length:19847

Content-encoding

The Web server indicates what compression method (Gzip,deflate) It uses to compress the objects in the response.

For example: Content-encoding:gzip

Content-language

function: The Web server tells the browser to respond to the language of the object

For example: Content-language:da

Miscellaneous header Field

Server:

role: Specify Software information for HTTP server

Example : server:microsoft-iis/7.5

X-aspnet-version:

role: If the site is used Asp. NET developed, this header is used to represent the version of ASP.

Example : x-aspnet-version:4.0.30319

X-powered-by:

Role: Indicates what technology the site is developed with

For example: X-powered-by:asp.net

Transport header Field

Connection

For example: connection:keep-alive when a Web page opens, the TCP connection between the client and the server for transmitting HTTP data does not close, and if the client accesses the Web page on the server again, it will continue to use the established connection

For example: Connection:close represents the completion of a request, the TCP connection between the client and the server for transmitting HTTP data is turned off, and the TCP connection needs to be re-established when the client sends the request again.

Location Header Field

Location

function: used to redirect a new location that contains the new URL address

For example, see 304 status instances

The HTTP protocol is a stateless and connection:keep-alive difference

Stateless means that the protocol has no memory capacity for transactions, and the server does not know what the client state is. On the other hand, there is no connection between opening a Web page on a server and the pages you have previously opened on this server

HTTP is a stateless, connection-oriented protocol, stateless does not mean that HTTP cannot maintain TCP connections, and it cannot represent HTTP using UDP protocol (no connection)

from http/1.1, the default is to open the keep-alive, to maintain the connection characteristics, in short, when a Web page opens, the client and server for the transmission of HTTP data between the TCP connection is not closed, if the client again access to the Web page on this server, will continue to use this established connection

Keep-alive does not permanently keep the connection, it has a hold time and can be set in different server software (such as Apache) this time

HTTP protocol Detailed