This document discusses the Hypertext Transfer Protocol (HTTP) which defines how messages are formatted and transmitted on the World Wide Web. It establishes HTTP as the foundation of data communication, outlining the request/response format and various methods like GET and POST. The document also compares versions HTTP 1.0 and 1.1, covering persistent connections, pipelining, cookies, caching improvements, and other features. It provides details on HTTPS which uses HTTP over SSL to securely transmit encrypted data and authenticate web servers.
2. Topics
What is HTTP
Why HTTP
HTTP 1.0 vs. HTTP 1.1
Request/Response formats and header
HTTP methods
HTTP Status Codes
Session maintenance
What is HTTPS
SSL Handshake
3. • Foundation of data communication
for the World Wide Web
Defines how messages are
formatted and transmitted
What actions web servers and
browsers should take in response
to various commands
Ted Nelson
Vannevar Bush's-memex
Tim Berners-Lee- CERN
4. Why Http?
To transfer hypertext(linked) data over WWW
Request/response stateless protocol that can
be used widely.
5. HTTP?
Functions as a request-response protocol in
the client-server computing model.
Application layer protocol.
Stateless protocol.
TCP connection.
Uses URL addressing
Method request
Response codes
Uses Caching and conditional get
Session maintenance
6. HTTP versions 1.0 vs 1.1
Persistent Connections
Pipelining
State management(cookies)
Compression
Range requests
Caching
7. HTTP versions 1.0 vs 1.1
Persistent Connections : TCP connection to send and
receive multiple HTTP requests/responses as opposed to opening a
new connection for every single request/response pair
Pipelining
8. HTTP versions 1.0 vs 1.1
State management(cookies):
Netscape introduced cookies
Compression:
compression could save almost 40% of the bytes sent via HTTP
content-coding or as a transfer-coding
Accept-Encoding header
Range requests: A client may need only part of a resource range
requests allow a client to request portions of a resource
To complete a response transfer that was interrupted (either by the user or
by a network failure)
9. HTTP versions 1.0 vs 1.1
Caching: to store locally for faster access
Caching in HTTP/1.0
Check validity by conditional request ( If-Modified-Since)
Replying 304 (Not Modified) or 200 (OK)
No Cache control (incorrect caching and failure to cache)
Caching in HTTP/1.1
Opaque cache validator string- Entity tag(caching errors either because of
clock synchronization errors, or because of lack of resolution)
New conditional request-headers: If-None-Match, If-Unmodified-
Since and If-Match
Cache-Control header : public, private, no-store, no-cache
10. HTTP request and response
HTTP Response format
HTTP Request format
13. Method classified as:
Safe Methods: Do not modify resources-
retrieval only
Idempotent Method: Can be called many
times , same outcome
14. Get, Put and Post
Get: GET method means retrieve whatever
information is identified by the Request-URI.
Conditional Get : If-Modified-Since, If-Unmodified-Since, If-Match, If-None-
Match
Partial Get : Range header field.
**Response to GET request is cacheable
PUT: PUT method requests that the enclosed entity
be stored under the supplied Request-URI
If a new resource is created server responsed 201 (Created).
Responses to PUT method are not cacheable
15. POST: POST method requests that a web server accepts and
stores/processes the data enclosed in the body of the request
message.
Function of POST method is determined by the server and is
dependent on the Request-URI
** GET requests data from a specified resource POST submits data
to be processed to a specified resource
**PUT is like a file upload. A put to a URI affects exactly that URI. A
POST to a URI could have any effect at all.
16. HTTP Status Codes
• This class of status code indicates a
provisional response
17. Cookies
Sessions are used for maintaining user specific state
and authenticated user identities, among many
interactions
privacy and security implications
18. HTTPS
HTTP over SSL
port 443
HTTPS is authentication web server and to protect
the privacy and integrity of the exchanged data.
19. SSL/TSL
TCP & SSL: provides a reliable & secure
end-to-end service.
Uses Public private key to encrypt
Asymmetric then symmetric
Key exchange(Deffie-hellman), Cipher (AES),
Hash(MD5), Version, random number
Ensures confidentiality, Message intergrity
and key Authentication.
SSL originally developed by Netscape
Hinweis der Redaktion
The standards development of HTTP was coordinated by the Internet Engineering Task Force (IETF) and the World Wide Web Consortium (W3C),
European Organization for Nuclear
Hypertext is structured text that uses logical links (hyperlinks) between nodes containing text
coined by Ted Nelson in 1965 in the Xanadu Project
inspired by Vannevar Bush's vision (1930s) of the microfilm-based information retrieval and management "memex“
Berners-Lee first proposed the "WorldWideWeb" project in 1989 --- inventing the original HTTP along with HTML
Big picture
Functions as a request-response protocol in the client-server computing model.
Application layer protocol.
Stateless protocol.
TCP connection.
Uses URL addressing
Method request
Response codes
Uses Caching and conditional get
Session maintenance
new TCP connection for each request- to – 1 request for multiple request
(1.0)Keep-Alive header --- but -- design did not interoperate with intermediate proxies
clients, servers, and proxies assume that a connection will be kept open after the transmission of a request and its response.
resource-management reasons, the protocol permits it to send a Connection: close
Piplinning to increase speed
server --arbitrary piece info – client --sav info---and return next request ---origin server
cookies –contain ---credit card numbers, user names and passwords, or other personal information
Comppression :While HTTP/1.0 included some support for compression, it did not provide adequate mechanisms for negotiating the use of compression, end-to-end and hop-by-hop compression.
HTTP/1.1 adds the transfer -Encoding header(data sent in chucks)
HTTP/1.1 (unlike HTTP/1.0) carefully specifies the Accept-Encoding header
Chunked transfer encoding is a data transfer mechanism in version 1.1 of the Hypertext Transfer Protocol (HTTP) in which data is sent in a series of "chunks
Range requests:: need only part of a resource complete a response transfer
Expires header, with a time until which a cache could return the response without violating semantic transparency
Validity : 304 (Not Modified) status code, implying that the cache entry is valid, or it may send a normal 200 (OK) response to replace the cache entry.
Cache –control It did not allow either origin servers or clients to give full and explicit instructions to caches.
If-Modified-Since header -> uses absolute timestamps with one-second resolution -> lead to caching errors either because of clock synchronization errors, or because of lack of resolution ->Entity tag the origin server construct it (such as a fine-grained timestamp or an internal database pointer uniqueness requirement.
If-None-Match, which allows a client to present one or more entity tags from its cache entries for a resource(304 (Not Modified) response with an ETag header that indicates which cache entry is currently valid)
Cache-Control header allowing an extensible set of cache-control directives to be transmitted in both requests and responses
private (Single-user-agent caches are effectively allowed)and no-store - delete cache is anyallow servers and clients to prevent the storage of some or all of a
Response ----no-cache" is defined to mean exactly the same thing as "Cache-control: private", but with no exception for user-agent caches.
Request: Get URI ver ------- HOST------User agent-----Accept
Response: Ver 200 ok ----date---server---lastmodified----content length---content type ----CRLF body
Uniform Resource Identifier: identifies a resource either by location, or a name, or both
URIs identify and URLs locate
URL is one type of Uniform Resource Identifier (URI);
URL has two main components: Protocol identifier: For the URL http://example.com , the protocol identifier is http . Resource name: For the URLhttp://example.com ,
http://www.example.com/index.html, which indicates a protocol (http), a hostname (www.example.com), and a file name (index.html).
A URI can be further classified as a locator, a name, or both
Host header to – host multiple sites
CRLF: Carriag return line feed
a HTTP HEAD request is checking if a given url is serviceable, a given file exists, etc -- information about a document– last modified
Do not modify resources- retrieval only
Idempotent Method: Can be called many times , same outcome
Post: login to web page
Diffrnce b/w get and post
FACEBOOK account creation – post
Data upload – put
GET – request face book
100 Continue: initial part of the request has been received and has not yet been rejected by the server. The client SHOULD continue by sending the remainder
200 OK: request has succeeded. The information returned with the response is dependent on the method used in the request
201 Created: new resource being created.
202 Accepted:request has been accepted for processing, but the processing has not been completed
204 response MUST NOT include a message-body, and thus is always terminated by the first empty line after the header fields.
301 Moved Permanently – location header in response 302 Found- temp moved 304 Not Modified- response to conditional get
305 Use Proxy- Location field
400 Bad Request- malformed syntax 401 Unauthorized- response WWW-Authenticate header field , response Authorization header field 403 Forbidden , 404 Not Found, 405 Method Not Allowed , 407 Proxy Authentication Required , 408 Request Timeout
500- internel server error , 503- service unavailable , 505 – http version not supported
specific state and authenticated user
Name , Value , google , location , expire size
HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data.
HTTPS provides authentication of the website and associated web server with which one is communicating, which protects against man-in-the-middle attacks.
bidirectional encryption of communications between a client and server-- protects against eavesdropping and tampering
. SSL is especially suited for HTTP since it can provide some protection even if only one side of the communication is authenticated : by the client examining the server's certificate