HTTP protocol Detailed

HTTP protocol

1. Overview:

The HTTP protocol (Hypertext Transfer Protocol) is a transfer protocol used to transfer hypertext from a WWW server to a local browser. It can make the browser more efficient and reduce the network transmission. It not only ensures that the computer transmits hypertext documents correctly and quickly, but also determines which part of the document is being transmitted, and which content is displayed first (such as text before graphics), and so on.

HTTP is an application-layer protocol that consists of requests and responses and is a standard client server model. HTTP is a stateless protocol, and there is no correspondence between this request and the last request of the same client.

2. Location of HTTP in the TCP/IP protocol stack:

The HTTP protocol is usually hosted on top of the TCP protocol, sometimes hosted on the TLS or SSL protocol layer, which is what we often call HTTPS. As shown in the following:

The port number for the default HTTP 80,HTTPS is 443.

3. HTTP Request Response Model:

The HTTP protocol is always a client-initiated request, and the server echoes the response. See:

This limits the use of the HTTP protocol, which cannot be implemented when the client does not initiate a request, the server pushes the message to the client.

4. Work Flow:

An HTTP operation is called a transaction, and its working process can be divided into four steps:

1) First the client and the server need to establish a connection. As soon as you click on a hyperlink, the HTTP work begins.

2) After the connection is established, the client sends a request to the server in the form of a Uniform Resource Identifier (URL), protocol version number, followed by MIME information including the request modifier, client information, and possible content.

3) When the server receives the request, it gives the corresponding response information in the form of a status line, including the protocol version number of the information, a successful or incorrect code, followed by MIME information including server information, entity information, and possible content.

4) The information returned by the client receiving server is displayed on the user's display by the browser, and then the client disconnects from the server.

If an error occurs in one of the steps above, the information that generates the error is returned to the client, with the display output. For the user, these processes are done by HTTP itself, the user just click with the mouse, waiting for information to display it.

5. Http Message Format:

Start_line <CRLF>

Message_header<crlf>

<CRLF>

Message_body<crlf>

where <CRLF> represents carriage return for line break.

The first line start_line indicates whether the message is a request message or a response message. That is, identify a remote procedure to execute (Request message), or identify the "state" (response message) of the request.

The next few columns describe the options and parameters for qualifying requests and responses.

There is one or more message_header<crlf>, which ends with a blank line. Many of the header types are defined in HTTP, some are request messages, some are response messages, and some are data that is carried in the body of the message.

Message_body<crlf> is the requested content. This is generally an empty item in the request message.

6. HTTP Request message:

The first line describes the three things: the action that should be completed, the Web page on which the action should be completed, and the HTTP version used.

All HTTP request operations:

HEAD: Gets the status information for the specified Web page. Used to test the legality of a hypertext link, or to see if a particular page has been modified since the last time the browser was acquired.

Ask the server for a response that is consistent with the GET request, except that the response body will not be returned. This method allows you to obtain meta information contained in the response message header without having to transmit the entire response content.

Get: Gets the specified Web page that is called when the browser wants to retrieve and display a Web page.

Make a request to a specific resource. Note: The Get method should not be used to produce "side effects" of an operation, one of which is that get may be accessed by web spiders and other casual.

POST: Submit the information to the server.

Submits data to the specified resource for processing requests (such as submitting a form or uploading a file). The data is included in the request body. A POST request may result in the creation of new resources and/or modification of existing resources.

Options: Request performance of the query server or query for resource-related options and requirements

Returns the HTTP request methods that the server supports for a specific resource. You can also test the functionality of your server with a request to send a "*" to the Web server.

PUT: Stores the document under the specified URL. That is, upload the latest content to the specified resource location.

Delete: Deletes the specified resource.

TRACE: Echo Request message.

CONNECT: Used by the agent. The http/1.1 protocol is reserved for proxy servers that can change connections to pipelines.

Client Request Example:

get/product.jsp http/1.1

accept:image/gif.image/jpeg,*/*

Accept-language:zh-cn

Connection:keep-alive

Host:localhost

user-agent:mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5)

Accept-encoding:gzip,deflate

Username=wsz&productid=1

(1) Request method URL Protocol/version

The first line of the request is "request Method URL Protocol/version": Get/product.jsp http/1.1

(2) Request header (Requestheader)

The request header contains many useful information about the client environment and the request body. For example, the request header can declare the language used by the browser, the length of the request body, and so on.

accept:image/gif.image/jpeg.*/*---------The acceptable MIME type of the browser; (MIME specifies a symbolic method for representing a wide variety of data types.) ）

ACCEPT-LANGUAGE:ZH-CN----------The type of language the browser wishes to use when the server is able to provide more than one language version;

Connection:keep-alive----------Indicates whether a persistent connection is required. A value of "keep-alive", or if you see the request using HTTP1.1 (persistent connection by default), it can take advantage of the persistent connection, which significantly reduces the time it takes to download when the page contains multiple elements.

Host:localhost---------------the host and port in the initial URL;

user-agent:mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5)-------browser type, which is useful if the content returned by the servlet is related to the browser type;

Accept-encoding:gzip,deflate.----------how the browser can decode data encoding

(3) Request body

A blank line between the request header and the request body indicates that the request header has ended, followed by the request body. The request body can contain query string information submitted by the customer:

Username=wsz&productid=1

In the HTTP request for the example above, the body of the request has only one line of content. In real-world applications, the HTTP request body can contain more content.

7. HTTP Response message:

Also starting with start_line<crlf>, this line shows the HTTP version used, a 3-bit code indicating whether the request was successful, and the reason for the response using a text string.

For example: 200OK in the image above indicates a successful client request

http/1.1 202 accepted indicates that the server satisfies the request.

http/1.1 404 Not Found indicates that the Web page was not found and could not satisfy the request.

http/1.1 Bad request could not be understood by the server due to a syntax error in client requests.

http/1.1 Internal Server error Server An unexpected error occurred that prevented the client from completing the request.

-1XX: Indicates that the request has been received and continues processing.

-2xx: Success indicates that the request has been successfully received, understood, accepted.

-3xx: Redirect to complete the request must be further done.

-4xx: A client error request has a syntax error or the request cannot be implemented.

-5xx: Server-side error server failed to implement legitimate request.

"For details, see annex"

One or more message_header<crlf>, passing additional messages returned to the customer.

Service-Side response:

http/1.1 OK

Date:mon, 12:28:53 GMT

Server:apache

Content-length:51

Content-type:text/plain

Date: The current GMT time.

Server: Servers name.

Content-length: Indicates the content length. This data is only required if the browser is using a persistent HTTP connection. To take advantage of the persistent connection, you can write the output document to Bytearrayoutputstram, look at its size when done, and put that value in the Content-length header, and finally through the Bytearraystream.writeto ( Response.getoutputstream () Send content;

Content-type: Indicates what MIME type the following document belongs to. The default is Text/plain, but you typically need to explicitly specify text/html.

"Field contents, see Attachment"

Ps:url the Uniform Resource Identifier, which is a string representing the resource, and the resource does not have to be fetched or accessible.

Can be a URL only if it is deliberately used to locate resources

Attachment:

Get and POST request details

Get mode: Is the information of the resource specified by the request URI as an entity, and if the request URI is only a data generation process, the final return in the response entity is the resource to which the result of the processing is directed, rather than the description of the processing process.

Post mode: Used to make a request to the destination server that it accepts the entity attached to the request and treats it as an additional new subkey for the resource specified by the request URI in the request queue, and post is designed to implement the following functions in a uniform way:

1: Interpretation of existing resources;

2: Send information to bulletin boards, newsgroups, mailing lists, or similar discussion groups;

3: Submit data block;

4: Extend the database with additional operations.

As can be seen from the description above, get is a request to send data to the server, while post is a request to submit data to the server, the data to be submitted is in the entity behind the information header.

The Get and Post methods have the following differences:

(1) On the client side, the Get method submits the data through the URL, the data can be seen in the URL, the post method, the data is placed within the HTMLheader submission.

(2) The data submitted by the Get method can only have up to 1024 bytes, while post does not have this limit.

(3) Security issues. As mentioned in (1), when you use GET, the parameters are displayed on the address bar, and post does not. So, if the data is in Chinese and is non-sensitive, then use get; If the user enters data that is not a Chinese character and contains sensitive data, then it is better to use post.

(4) Safe and idempotent. The so-called security means that the operation is used to obtain information rather than modify information. Idempotent means that multiple requests to the same URL should return the same result. The complete definition is not as strict as it seems. In other words, get requests generally should not have side effects. Fundamentally, the goal is that when a user opens a link, she can be confident that the resource has not changed from its point of view. For example, the front page of news sites is constantly being updated. Although the second request returns a different batch of news, the operation is still considered safe and idempotent, as it always returns the current news. Vice versa. The POST request is not that easy. Post represents a request that might change resources on the server. Still take the news site as an example, the reader's comments on the article should be implemented through the POST request because the site is different after the annotation is submitted (for example, an annotation appears below the article).

Request Header

The most common request headers for HTTP are as follows:

Accept: The MIME type accepted by the browser, (MIME specifies a symbolic method for representing a wide variety of data types.) ）

Accept-charset: The acceptable character set of the browser;

Accept-encoding: The way the browser can decode data encoding, such as gzip. The servlet can return a GZIP-encoded HTML page to a browser that supports gzip. In many cases this can reduce the download time by 5 to 10 times times;

Accept-language: The type of language the browser wishes to use when the server is able to provide more than one language version;

Authorization: Authorization information, which usually appears in the response to the Www-authenticate header sent to the server;

Connection: Indicates whether a persistent connection is required. If the servlet sees the value here as "Keep-alive", Or see that the request is using HTTP1.1 (HTTP1.1 default for persistent connection), it can take advantage of the persistent connection, when the page contains multiple elements (such as applets, pictures), significantly reduce the time required to download. To do this, the servlet needs to send a content-length header in the answer, and the simplest implementation is to write the content to Bytearrayoutputstream first and then calculate its size before formally writing the content;

Content-length: Indicates the length of the request message body;

Cookie: This is one of the most important request header information;

From: The email address of the requesting sender, which is used by some special Web client, which is not used by the browser;

Host: The hosts and ports in the initial URL;

If-modified-since: Returns a 304 "notmodified" answer only if the requested content is modified after the specified date;

Pragma: Specifying a value of "No-cache" indicates that the server must return a refreshed document, even if it is a proxy server and has a local copy of the page;

Referer: Contains a URL from which the user accesses the currently requested page from the page represented by the URL.

User-agent: Browser type, this value is useful if the content returned by the servlet is related to the browser type;

UA-PIXELS,UA-COLOR,UA-OS,UA-CPU: A nonstandard request header sent by some versions of Internet Explorer to indicate screen size, color depth, operating system, and CPU type.

Response header

The most common response headers for HTTP are as follows:

Allow	Which request methods are supported by the server (such as GET, post, etc.).
Content-encoding	The encoding (Encode) method of the document. The content type specified by the Content-type header can be obtained only after decoding. Using gzip to compress documents can significantly reduce the download time of HTML documents. Java's gzipoutputstream can be easily gzip compressed, but only on Unix Netscape and IE 4, ie 5 on Windows. Therefore, the servlet should check whether the browser supports gzip by looking at the accept-encoding header (that is, Request.getheader ("accept-encoding")). Returns the gzip-compressed HTML page for a browser that supports gzip, returning a normal page for another browser.
Content-length	Represents the content length. This data is only required if the browser is using a persistent HTTP connection. If you want to take advantage of the persistent connection, you can write the output document to Bytearrayoutputstram, look at its size when done, then put that value into the Content-length header and finally pass the Bytearraystream.writeto ( Response.getoutputstream () Send content.
Content-type	Indicates what MIME type the following document belongs to. The servlet defaults to Text/plain, but it usually needs to be explicitly specified as text/html. Because Content-type is often set up, HttpServletResponse provides a dedicated method setContentType.
Date	The current GMT time. You can use Setdateheader to set this header to avoid the hassle of converting the time format.
Expires	When should I think that the document has expired so that it is no longer cached?
Last-modified	The last modification time of the document. The customer can provide a date through the If-modified-since request header, which is treated as a conditional get, and only documents that have been modified later than the specified time are returned, otherwise a 304 (not Modified) state is returned. Last-modified can also be set using the Setdateheader method.
Location	Indicates where the customer should go to extract the document. Location is usually not set directly, but by HttpServletResponse's Sendredirect method, which sets the status code to 302.
Refresh	Indicates how much time the browser should refresh the document, in seconds. In addition to refreshing the current document, you can also pass SetHeader ("Refresh", "5; Url=http://host/path ") lets the browser read the specified page. Note This functionality is usually done by setting the HTML page in the head area of the Note that the meaning of refresh is "refresh this page after n seconds or visit the specified page" instead of "refresh this page every n seconds or visit the specified page". Therefore, continuous refresh requires a refresh header to be sent each time, and sending a 204 status code prevents the browser from continuing to refresh, whether it is using the refresh header or the Note that the refresh header is not part of the HTTP 1.1 formal specification, but rather an extension, but both Netscape and IE support it.
Server	Server name. The servlet generally does not set this value, but is set by the Web server itself.
Set-cookie	Sets the cookie associated with the page. The servlet should not use Response.setheader ("Set-cookie", ...), but should use the dedicated method Addcookie provided by HttpServletResponse. See below for a discussion of cookie settings.
Www-authenticate	What type of authorization information should the customer provide in the authorization header? This header is required in an answer that contains a 401 (unauthorized) status line. For example, Response.setheader ("Www-authenticate", "BASIC realm=\" Executives\ ""). Note that the servlet generally does not handle this, but instead gives the Web server a special mechanism to control access to password-protected pages (for example,. htaccess).

Solid Head

Entity header The meta-information of sitting entity content describes the attributes of entity content, including entity information type, length, compression method, last modification time, data validity and so on.

Allow:get,post

Content-encoding: Document Encoding (Encode) method, for example: gzip, see "2.5 response header";

Content-language: The language type of the content, for example: ZH-CN;

Content-length: Indicates the content length, eg:80, can refer to "2.5 response head";

Content-location: Indicates where the customer should go to extract the document, for example: Http://www.dfdf.org/dfdf.html, refer to "2.5 response header";

A MD5 Digest of the CONTENT-MD5:MD5 entity used as a checksum. Both the sender and the receiver calculate the MD5 summary, and the recipient compares the value that it calculates with the value passed in this header. Eg1:content-md5:<base64 of MD5 digest>. eg2:dfdfdfdfdfdfdff==;

Content-range: Sent along with some entities, indicating the low and high byte offsets of the inserted bytes, indicating the total length of this entity. eg1:content-range:1001-2000/5000,eg2:bytes2543-4532/7898

Content-type: Indicates the MIME type of the entity being sent or received. eg:text/html;charset=gb2312 Main Type/sub-type;

Expires: No cache for 0 proofs;

The Last-modified:web server considers the last modification time of the object, such as the last modification time of the file, the last generation time of the dynamic page, and so on. For example: Last-modified:tue, 06May 02:42:43 GMT.

Expansion Head

In the HTTP message, you can also use some HTTP1.1 header fields that are not defined in the formal specification, which are collectively known as custom HTTP headers or extension headers, and they are often treated as a solid header.

Now popular browsers actually support several commonly used extension header fields such as Cookie,set-cookie,refresh and content-disposition.

refresh:1;url=http://www.dfdf.org//1 seconds to jump to the specified position;

Content-disposition: Header field, can refer to "2.5 response head";

The Content-type:web server tells the browser what type of object it responds to.

Eg1:content-type:application/xml;

Eg2:applicaiton/octet-stream;

Status Response code for HTTP

1**: Request received, continue processing

100--customer must continue to make a request

101--client requires server to convert HTTP protocol version on request

2**: Successful operation received, analysis, acceptance

200--Trading Success

201--prompt to know the URL of the new file

202--accepted and processed, but processing not completed

203--return information is indeterminate or incomplete

204--request received, but return information is empty

205--the server has completed the request, the user agent must reset the files that are currently viewed

206--server has completed a partial user's GET request

3**: Completion of this request must be further processed

300--requested resources can be obtained in multiple places

301--Delete request data

302--found the request data at a different address

303--advising customers to access other URLs or access methods

304--client has performed a get, but the file has not changed

The resource requested by 305--must be obtained from the address specified by the server

306--code used in previous versions of HTTP, no longer used in the current version

307--declaring the requested resource temporary deletion

4**: request contains an error syntax or cannot be completed

400--error requests, such as syntax errors

401--Not authorized

HTTP 401.1-Unauthorized: Logon failed

HTTP401.2-Unauthorized: Server configuration issue causes logon failure

Http401.3-acl Prohibit access to resources

HTTP401.4-Unauthorized: Authorization denied by filter

HTTP 401.5-Unauthorized: ISAPI or CGI authorization failed

402--reserved valid Chargeto header response

403--Prohibit access

HTTP 403.1 Forbidden: Disable executable access

HTTP403.2-Forbidden: Disable Read access

HTTP403.3-Forbidden: Prohibit write access

HTTP403.4-No access: SSL required

HTTP403.5-No access: SSL 128 required

HTTP403.6-No access: IP address denied

HTTP403.7-Forbidden: Require client certificate

HTTP403.8-Forbidden: Prohibit site access

HTTP403.9-No access: too many users connected

HTTP403.10-No access: Invalid configuration

HTTP403.11-No access: Password change

HTTP403.12-No access: Mapper denied access

HTTP403.13-No Access: Client certificate has been revoked

HTTP403.15-No access: Too many Client access licenses

HTTP403.16-Forbidden: Client certificate is untrusted or invalid

HTTP 403.17-Forbidden: Client certificate has expired or is not yet valid

404--no files, queries, or URLs found

405--the method defined by the user in the Request-line field does not allow

406--request resource is inaccessible based on accept drag sent by user

407--similar to 401, the user must first be authorized on the proxy server

408--client does not complete the request within the user-specified time of starvation

409--the current resource state, the request cannot be completed

This resource is no longer available on the 410--server and has no further reference address

411--server rejects user-defined Content-length property requests

412--one or more request header fields are incorrect in the current request

413--the requested resource is greater than the size allowed by the server

414--The requested resource URL is longer than the length allowed by the server

415--requesting a resource does not support requesting an item format

The 416--request contains a range request header field that does not have a range indication value within the current request resource scope, and the request does not contain a If-range request header field

The 417--server does not meet the expectations specified by the request Expect header field, and if it is a proxy server, the next level of server may not meet the request length.

5**: The server failed to perform a fully valid request

HTTP500-Internal Server error

HTTP500.100-Internal Server error-ASP error

http500-11 Server shutdown

HTTP500-12 Application Restart

HTTP500-13-Server Too busy

HTTP500-14-Invalid Application

HTTP500-15-Request Global.asa not allowed

ERROR501-Not implemented

HTTP 502-Gateway Error

HTTP protocol Detailed