In-depth understanding of HTTP protocol (II)-protocol details

Source: Internet
Author: User
Tags html header md5 digest
1. Comparison between HTTP/1.0 and HTTP/1.1 RFC1945 defines HTTP/1.0 and RFC2616 defines HTTP/1.1. 1.1 Connection establishment HTTP/1.0 & nbsp; each request requires a new TCP connection, and the connection cannot be reused. HTTP/1.1 & nbsp; new requests can be sent over the TCP connection established in the previous request. the connection can be 1. Comparison of HTTP/1.0 and HTTP/1.1

RFC 1945 defines HTTP/1.0 and RFC 2616 defines HTTP/1.1.

1.1 Connection establishment

HTTP/1.0? Each request requires a new TCP connection, and the connection cannot be reused. HTTP/1.1? New requests can be sent over the TCP connection established in the previous request, and the connection can be reused. The advantage is to reduce overhead for repeated TCP three-way handshakes and improve efficiency.

Note: In the same TCP connection, new requests can be sent only after the previous request receives a response.

1.2? Host domain

HTTP1.1 has a Host domain in the Request header, while HTTP1.0 does not.

Eg:

???? GET? /Pub/WWW/TheProject.html? HTTP/1.1
???? Host :? Www.w3.org

It is possible that the IP address has been specified when a TCP connection is established in HTTP1.0, and there is only one host on this IP address.

1.3 date timestamp

(Receiving direction)

Both HTTP1.0 and HTTP1.1 must be able to parse the following three types of date/time stamp:

Sun ,? 06? Nov? 1994? 08:49:37? GMT ?;? RFC? 822 ,? Updated? By? RFC? 1123
Sunday ,? 06-Nov-94? 08:49:37? GMT ?;? RFC? 850 ,? Obsoleted? By? RFC? 1036
Sun? Nov? 6? 08:49:37? 1994 ???????;? ANSI? C's? Asctime ()? Format

(Sending direction)

HTTP1.0 requires that the date/time stamp in the third asctime format cannot be generated;

HTTP1.1 requires that only date/time stamp in RFC 1123 (first type) format be generated.

Status response code 1.4

Response Code 100 (Continue )? The use of status code allows the client to test the server with the request header before sending the request body. check whether the server wants to receive the request body and decide whether to send the request body.

The client contains

Wrong CT :? 100-continue

After the Server sees it, if it returns 100 (Continue )? This status code continues sending the request body. This is only available in HTTP1.1.

In addition, 1.1, 101, 203, and other response codes are added to HTTP/205.

1.5 request method

OPTIONS, PUT, DELETE, TRACE, and CONNECT Request methods are added to HTTP1.1.

Method ???????? ="OPTIONS"??????????????? ; Section 9.2:

| "GET "??????????????????? ; Section 9.3:

| "HEAD "?????????????????? ; Section 9.4:

| "POST "?????????????????? ; Section 9.5:

|"PUT"??????????????????? ; Section 9.6:

|"DELETE"???????????????? ; Section 9.7:

|"TRACE"????????????????? ; Section 9.8:

|"CONNECT"??????????????? ; Section 9.9:

| Extension-method

Extension-method = token

 

2. HTTP request message 2.1 request message format

The request message format is as follows:

Request Line

Common Information header | request header | entity header

CRLF (carriage return)

Entity content

Where "request line" is: request line? =? Method? [Space]? Request URI [space]? Version number? [Carriage return and line feed]

Request Line instance:

Eg1:

GET? /Index.html? HTTP/1.1

Eg2:

POST? Http: // 192.168.2.217: 8080/index. jsp HTTP/1.1

HTTP request message instance:

GET? /Hello.htm? HTTP/1.1
Accept :? */*
Accept-Language :? Zh-cn
Accept-Encoding :? Gzip ,? Deflate
If-Modified-Since :? Wed ,? 17? Oct? 2007? 02:15:55? GMT
If-None-Match :? W/"158-1192587355000"
User-Agent :? Mozilla/4.0? (Compatible ;? MSIE? 6.0 ;? Windows? NT? 5.1 ;? SV1)
Host :? 192.168.20.2: 8080
Connection :? Keep-Alive2.2 request method

HTTP request methods include the following:

Q ?????? GET

Q ?????? POST

Q ?????? HEAD

Q ?????? PUT

Q ?????? DELETE

Q ?????? OPTIONS

Q ?????? TRACE

Q ?????? CONNECT

 

3. HTTP response message 3.1 response message format

The format of the HTTP response message is as follows:

Status line

Common Information header | response header | entity header

CRLF

Entity content

Where: status line? =? Version number? [Space]? Status Code? [Space]? Why? [Carriage return and line feed]

Example of status line:

Eg1:

HTTP/1.0? 200? OK

Eg2:

HTTP/1.1? 400? Bad? Request

An example of an HTTP response message is as follows:

HTTP/1.1? 200? OK
ETag :? W/"158-1192590101000"
Last-Modified :? Wed ,? 17? Oct? 2007? 03:01:41? GMT
Content-Type :? Text/html
Content-Length :? 158
Date :? Wed ,? 17? Oct? 2007? 03:01:59? GMT
Server :? Apache-Coyote/1.13.2? Http status response code

3.2.1? 1 **: request received, continue processing

100 -- the customer must continue to send the request

101 -- the client requests the server to convert the HTTP protocol version according to the request

3.2.2? 2 **: The operation is successfully received, analyzed, and accepted.

200 -- Transaction successful

201 -- prompt to know the URL of the new file

202 -- accept and process, but not complete

203 -- the returned information is uncertain or incomplete

204 -- the request is received, but the returned information is null.

205 -- when the server completes the request, the user agent must reset the file that has been browsed.

206 -- the server has completed some users' GET requests

3.2.3? 3 **: The request must be further processed.

300 -- the requested resources can be obtained in multiple places

301 -- delete request data

302 -- request data found at other addresses

303 -- we recommend that you access other URLs or access methods.

304 -- the client has executed GET, but the file has not changed

305 -- the requested resource must be obtained from the address specified by the server

306 -- code used in HTTP of the previous version, which is not used in the current version

307 -- declaring temporary deletion of requested resources

3.2.4? 4 **: The request contains an error syntax or cannot be completed

400 -- Incorrect request, such as syntax error

401 -- unauthorized

HTTP 401.1 -? Unauthorized: logon failed

HTTP 401.2 -? Unauthorized: logon fails due to server configuration problems

HTTP 401.3-ACL? Resource access prohibited

HTTP 401.4 -? Unauthorized: The authorization is denied by the filter.

HTTP 401.5 -? Unauthorized: ISAPI? Or? CGI? Authorization failed

402 -- retain valid ChargeTo header response

403 -- access prohibited

HTTP 403.1? Prohibit access: prohibit executable access

HTTP 403.2 -? Prohibit access: prohibit read access

HTTP 403.3 -? Access prohibited: write access prohibited

HTTP 403.4 -? Access prohibited: required? SSL

HTTP 403.5 -? Access prohibited: required? SLB 128

HTTP 403.6 -? Access prohibited: IP address? The address is rejected.

HTTP 403.7 -? Access prohibited: customer certificate required

HTTP 403.8 -? Access prohibited: site access prohibited

HTTP 403.9 -? Access prohibited: too many connected users

HTTP 403.10 -? Access prohibited: invalid configuration

HTTP 403.11 -? Access prohibited: password change

HTTP 403.12 -? Access prohibited: the er rejects access.

HTTP 403.13 -? Access prohibited: The customer certificate has been revoked

HTTP 403.15 -? Access prohibited: The customer has too many access permits.

HTTP 403.16 -? Access prohibited: the client certificate is untrusted or invalid.

HTTP 403.17 -? Access prohibited: The customer certificate has expired or has not yet taken effect

404 -- no file, query, or URl found

405 -- the method defined in the Request-Line field is not allowed.

406 -- the requested resource is inaccessible due to the user's Accept drag.

407 -- similar to 401, the user must first be authorized on the proxy server

408 -- the client did not complete the request within the specified time

409 -- the request cannot be completed due to the current resource status

410 -- this resource is no longer available on the server and there is no further reference address

411 -- the server rejects the user-defined Content-Length attribute request

412 -- one or more Request Header fields are incorrect in the current request

413 -- the requested resource is larger than the size allowed by the server

414 -- the requested resource URL is longer than the length allowed by the server

415 -- the requested resource does not support the format of the requested Project

416 -- the request contains the Range request header field. there is no range indication value in the current request resource Range, and the request does not contain the If-Range request header field.

417 -- the server does not meet the expectation specified in the header field of the requests. if it is a proxy server, it may be that the next-level server cannot meet the request length.

3.2.5? 5 **: The server failed to execute a fully valid request.

HTTP 500 -? Internal Server Error

HTTP 500.100 -? Internal Server Error? -ASP? Error

HTTP 500-11? Server shutdown

HTTP 500-12? Application restart

HTTP 500-13 -? The server is too busy

HTTP 500-14 -? Invalid application

HTTP 500-15 -? Request not allowed? Global. asa

Error 501 -? Not implemented

HTTP 502 -? Gateway error

4. use telnet for http testing

In Windows, you can use the command window to perform a simple http Test.

Enter cmd to enter the command window, type the following command on the command line, and press enter:

Telnet? Www.baidu.com? 80

Press Ctrl +] in the window and press enter to display the returned result.

Then start sending the request message, for example, sending the following request message to request the homepage message of baidu. the HTTP protocol is HTTP/1.1:

GET? /Index.html? HTTP/1.1

Note: After copying the preceding message to the command window, you need to press two carriage return lines to get the response message. The first carriage return line feed is after the command, and is required by the HTTP protocol. The second is to confirm the input and send the request.

The 200 OK message is returned, as shown in:

We can see that when HTTP/1.1 is used, the connection is not closed after the request ends. If HTTP1.0 is used, type:

GET? /Index.html? HTTP/1.0

At this point, we can see that the request is closed immediately after the end.

You can also try to include the header field information when using GET or POST. for example, enter the following information:

GET? /Index.html? HTTP/1.1
Connection :? Close
Host :? Www. baidu. com5. common request methods

Common request methods are GET and POST.

L ?????????GET method: Obtains information about the resource specified by the request URI in the form of an entity. if the request URI is only a data generation process, in the end, the response object will return the resource to which the result of the processing process points, rather than the description of the processing process.

L ?????????POST method: Used to send a request to the target server, requiring it to accept the entity attached to the request, and treat it as an additional sub-item of the resource specified by the request URI in the request queue, post is designed to implement the following functions in a uniform way:

1: Explanation of existing resources;

2: send messages to bulletin boards, newsgroups, email lists, or similar discussion groups;

3: submit data blocks;

4: How can I expand the database through additional operations ?.

As described above, Get is a request to request data from the server, while Post is a request to submit data to the server, the data to be submitted is located in the entity behind the information header.

The GET and POST methods have the following differences:

(1 )??? On the client side, the Get method submits data through the URL, and the data can be seen in the URL. in the POST mode, the data is placed in the html header for submission.

(2 )?? Data submitted in GET mode can contain a maximum of 1024 bytes, whereas POST mode does not.

(3 )??? Security issues. As mentioned in (1), use? Get? The parameters are displayed in the address bar? Post? No. Therefore, if the data is Chinese and non-sensitive? Get; if the data you enter is not a Chinese character and contains sensitive data, do you still use it? Post is better.

(4 )??? Secure and idempotent. The so-called security means that this operation is used to obtain information instead of modifying information. Idempotence means the same? URL? The same results should be returned for multiple requests. The complete definition is not as strict as it looks. In other words, GET? Requests generally do not have side effects. Basically, the goal is that when a user opens a link, she can be confident that the resource has not changed from her own perspective. For example, the front pages of news sites are constantly updated. Although the second request will return a different batch of news, this operation is still considered safe and idempotent because it always returns the current news. And vice versa. POST? The request is not that easy. POST? Indicates a request that may change the resources on the server. Taking news sites as an example, should readers use the annotations for articles? POST? Request implementation, because the site is already different after the annotation is submitted (for example, an annotation is displayed below the article ).

 

6. request header

The most common HTTP request headers are as follows:

L ?????????Accept: MIME types acceptable to the browser;

L ?????????Accept-Charset: Acceptable character set of the browser;

L ?????????Accept-Encoding: The data encoding method that the browser can perform decoding, such as gzip. Servlet can return gzip-encoded HTML pages to a browser that supports gzip. In many cases, this can reduce the download time by 5 to 10 times;

L ?????????Accept-Language: The type of language that the browser wants to use when the server can provide more than one language version;

L ?????????Authorization: Authorization information, usually in the response to the WWW-Authenticate header sent by the server;

L ?????????Connection: Indicates whether a persistent connection is required. If the Servlet sees that the value here is "Keep-Alive", or the request uses HTTP 1.1 (HTTP 1.1 performs a persistent connection by default), it can take advantage of the advantages of persistent connections, when a page contains multiple elements (such as an Applet or image), the download time is significantly reduced. To achieve this, the Servlet needs to send a Content-Length header in the response. The simplest method is to write the Content into ByteArrayOutputStream first, then, calculate the size of the content before writing it;

L ?????????Content-Length: The length of the request message body;

L ?????????Cookie: This is one of the most important request header information;

L ?????????From: The e-mail address of the request sender, which is used by some special Web client programs and not used by the browser;

L ?????????Host: Host and port in the initial URL;

L ?????????If-Modified-Since: It is returned only when the requested content is Modified after the specified date. Otherwise, the 304 "Not Modified" response is returned;

L ?????????Pragma: The "no-cache" value indicates that the server must return a refreshed document, even if it is a proxy server and has a local copy of the page;

L ?????????Referer: Contains a URL. you can access the current Requested page from the page represented by this URL.

L ?????????User-Agent: Browser type. this value is useful if the content returned by the Servlet is related to the browser type;

L ?????????UA-Pixels, UA-Color, UA-OS, UA-CPU: A non-standard request header sent by some versions of Internet Explorer, indicating the screen size, color depth, operating system, and CPU type.

 

7. response header

The most common HTTP response headers are as follows:

L ?????????Allow: Request methods supported by the server (such as GET and POST );

L ?????????Content-Encoding: The document encoding (Encode) method. The Content Type specified by the Content-Type header can be obtained only after decoding. Gzip compression can significantly reduce the download time of HTML documents. Java GZIPOutputStream can be easily compressed by gzip, but it is supported only by Netscape on Unix and IE 4 and IE 5 on Windows. Therefore, Servlet should view the Accept-Encoding header (request. getHeader ("Accept-Encoding") checks whether the browser supports gzip, returns the gzip-Compressed HTML page for a browser that supports gzip, and returns a common page for other browsers;

L ?????????Content-Length: Indicates the content length. This data is required only when the browser uses a persistent HTTP connection. If you want to take advantage of persistent connections, you can write the output document to ByteArrayOutputStram, view its size, put the value in the Content-Length header, and finally use byteArrayStream. writeTo (response. content sent by getOutputStream;

L ?????????Content-Type:? The MIME type of the subsequent documents. Servlet is text/plain by default, but it must be explicitly specified as text/html. Because Content-Type is often set, HttpServletResponse provides a dedicated method setContentTyep .? You can configure the correspondence between the extension and MIME type in the web. xml file;

L ?????????Date: The current GMT time. You can use setDateHeader to set this header to avoid the trouble of converting the time format;

L ?????????Expires: Specify when the document should be deemed to have expired and no longer cached.

L ?????????Last-Modified: The last modification time of the document. You can use the If-Modified-Since request header to provide a date. this request is considered as a condition GET. only documents whose modification time is later than the specified time will be returned, otherwise, a 304 (Not Modified) status is returned. Last-Modified can also be set using the setDateHeader method;

L ?????????Location: Indicates where the customer should extract documents. Location is usually not set directly, but through the sendRedirect method of HttpServletResponse. this method also sets the status code to 302;

L ?????????Refresh: The time after which the browser should refresh the document, in seconds. In addition to refreshing the current document, you can also use setHeader ("Refresh", "5; URL = http: // host/path") to allow the browser to read the specified page. Note that this function is usually implemented by setting the HEAD area of the HTML page. This is because automatic refresh or redirection is important for HTML writers who cannot use CGI or Servlet. However, for Servlet, it is more convenient to directly set the Refresh header. Note that Refresh indicates "Refresh the page after N seconds or access the specified page", rather than "Refresh the page or access the specified page every N seconds ". Therefore, continuous refreshing requires that a Refresh header be sent each time, and sending the 204 status code can prevent the browser from refreshing continuously, whether it is using the Refresh header or . Note that the Refresh header is not part of the official HTTP 1.1 specification but an extension, but is supported by both Netscape and IE.

 

8. object header

The object header uses metadata of the object content to describe the attributes of the object content, including the object information type, length, compression method, last modification time, and data validity.

L ?????????Allow: GET, POST

L ?????????Content-Encoding: The document encoding (Encode) method, for example: gzip, see "2.5? Response header ";

L ?????????Content-Language: Language type of the content, for example, zh-cn;

L ?????????Content-Length: Indicates the content length. for example: 80, see "2.5 response header ";

L ?????????Content-Location: Indicates where the customer should extract documents, for example, http://www.dfdf.org/dfdf.html. for more information, see ";

L ?????????Content-MD5: MD5? An MD5 digest of an object used as a checksum. Both the sender and receiver calculate the MD5 digest, and the value calculated by the receiver is compared with the value passed in the header. Eg1: Content-MD5: . Eg2: dfdfdfdfdfdff =;

L ?????????Content-Range: It is sent along with some entities. it indicates the offset between the low and high bytes of the inserted bytes, and the total length of the object. Eg1: Content-Range: 1001-2000/5000, eg2: bytes 2543-4532/7898

L ?????????Content-Type: Indicates the MIME type of the sent or received object. Eg: text/html; charset = GB2312 ??????? Primary type/subtype;

L ?????????Expires: 0 indicates no cache;

L ?????????Last-Modified:WEB? The server determines the last modification time of the object, such as the last modification time of the file and the last generation time of the dynamic page. Example: Last-Modified: Tue, 06 May 2008 02:42:43 GMT.

 

9. extension header

In HTTP messages, you can also use header fields that are not defined in the official specification of HTTP1.1. These header fields are collectively referred to as custom HTTP headers or extended headers, they are usually treated as an object header.

Currently, popular browsers support Cookie, Set-Cookie, Refresh, Content-Disposition, and other common extension header fields.

L ?????????Refresh: 1; url = http://www.dfdf.org? // Jump to the specified position within 1 second;

L ?????????Content-Disposition: Header field. for details, refer to "2.5 response header ";

L ?????????Content-Type: WEB? The server informs the browser of the type of the response object.

Eg1: Content-Type: application/xml ?;

Eg2: applicaiton/octet-stream;

Content-Disposition: Attachment; filename=aaa.zip.

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.