Hypertext Transfer Protocol
Download as PPTX, PDF•3 likes•1,157 views
This document discusses the Hypertext Transfer Protocol (HTTP) which defines how messages are formatted and transmitted on the World Wide Web. It establishes HTTP as the foundation of data communication, outlining the request/response format and various methods like GET and POST. The document also compares versions HTTP 1.0 and 1.1, covering persistent connections, pipelining, cookies, caching improvements, and other features. It provides details on HTTPS which uses HTTP over SSL to securely transmit encrypted data and authenticate web servers.
Hypertext Transfer Protocol
- 1. Hypertext Transfer Protocol Internet Engineering Task Force (IETF) and the World Wide Web Consortium (W3C)
- 2. Topics What is HTTP Why HTTP HTTP 1.0 vs. HTTP 1.1 Request/Response formats and header HTTP methods HTTP Status Codes Session maintenance What is HTTPS SSL Handshake
- 3. • Foundation of data communication for the World Wide Web Defines how messages are formatted and transmitted What actions web servers and browsers should take in response to various commands Ted Nelson Vannevar Bush's-memex Tim Berners-Lee- CERN
- 4. Why Http? To transfer hypertext(linked) data over WWW Request/response stateless protocol that can be used widely.
- 5. HTTP? Functions as a request-response protocol in the client-server computing model. Application layer protocol. Stateless protocol. TCP connection. Uses URL addressing Method request Response codes Uses Caching and conditional get Session maintenance
- 6. HTTP versions 1.0 vs 1.1 Persistent Connections Pipelining State management(cookies) Compression Range requests Caching
- 7. HTTP versions 1.0 vs 1.1 Persistent Connections : TCP connection to send and receive multiple HTTP requests/responses as opposed to opening a new connection for every single request/response pair Pipelining
- 8. HTTP versions 1.0 vs 1.1 State management(cookies): Netscape introduced cookies Compression: compression could save almost 40% of the bytes sent via HTTP content-coding or as a transfer-coding Accept-Encoding header Range requests: A client may need only part of a resource range requests allow a client to request portions of a resource To complete a response transfer that was interrupted (either by the user or by a network failure)
- 9. HTTP versions 1.0 vs 1.1 Caching: to store locally for faster access Caching in HTTP/1.0 Check validity by conditional request ( If-Modified-Since) Replying 304 (Not Modified) or 200 (OK) No Cache control (incorrect caching and failure to cache) Caching in HTTP/1.1 Opaque cache validator string- Entity tag(caching errors either because of clock synchronization errors, or because of lack of resolution) New conditional request-headers: If-None-Match, If-Unmodified- Since and If-Match Cache-Control header : public, private, no-store, no-cache
- 10. HTTP request and response HTTP Response format HTTP Request format
- 12. HTTP Methods Methods are commands to server for request or command
- 13. Method classified as: Safe Methods: Do not modify resources- retrieval only Idempotent Method: Can be called many times , same outcome
- 14. Get, Put and Post Get: GET method means retrieve whatever information is identified by the Request-URI. Conditional Get : If-Modified-Since, If-Unmodified-Since, If-Match, If-None- Match Partial Get : Range header field. **Response to GET request is cacheable PUT: PUT method requests that the enclosed entity be stored under the supplied Request-URI If a new resource is created server responsed 201 (Created). Responses to PUT method are not cacheable
- 15. POST: POST method requests that a web server accepts and stores/processes the data enclosed in the body of the request message. Function of POST method is determined by the server and is dependent on the Request-URI ** GET requests data from a specified resource POST submits data to be processed to a specified resource **PUT is like a file upload. A put to a URI affects exactly that URI. A POST to a URI could have any effect at all.
- 16. HTTP Status Codes • This class of status code indicates a provisional response
- 17. Cookies Sessions are used for maintaining user specific state and authenticated user identities, among many interactions privacy and security implications
- 18. HTTPS HTTP over SSL port 443 HTTPS is authentication web server and to protect the privacy and integrity of the exchanged data.
- 19. SSL/TSL TCP & SSL: provides a reliable & secure end-to-end service. Uses Public private key to encrypt Asymmetric then symmetric Key exchange(Deffie-hellman), Cipher (AES), Hash(MD5), Version, random number Ensures confidentiality, Message intergrity and key Authentication. SSL originally developed by Netscape
Editor's Notes
- #2: The standards development of HTTP was coordinated by the Internet Engineering Task Force (IETF) and the World Wide Web Consortium (W3C),
- #4: European Organization for Nuclear Hypertext is structured text that uses logical links (hyperlinks) between nodes containing text coined by Ted Nelson in 1965 in the Xanadu Project inspired by Vannevar Bush's vision (1930s) of the microfilm-based information retrieval and management "memex“ Berners-Lee first proposed the "WorldWideWeb" project in 1989 --- inventing the original HTTP along with HTML
- #6: Big picture Functions as a request-response protocol in the client-server computing model. Application layer protocol. Stateless protocol. TCP connection. Uses URL addressing Method request Response codes Uses Caching and conditional get Session maintenance
- #8: new TCP connection for each request- to – 1 request for multiple request (1.0)Keep-Alive header --- but -- design did not interoperate with intermediate proxies clients, servers, and proxies assume that a connection will be kept open after the transmission of a request and its response. resource-management reasons, the protocol permits it to send a Connection: close Piplinning to increase speed
- #9: server --arbitrary piece info – client --sav info---and return next request ---origin server cookies –contain ---credit card numbers, user names and passwords, or other personal information Comppression :While HTTP/1.0 included some support for compression, it did not provide adequate mechanisms for negotiating the use of compression, end-to-end and hop-by-hop compression. HTTP/1.1 adds the transfer -Encoding header(data sent in chucks) HTTP/1.1 (unlike HTTP/1.0) carefully specifies the Accept-Encoding header Chunked transfer encoding is a data transfer mechanism in version 1.1 of the Hypertext Transfer Protocol (HTTP) in which data is sent in a series of "chunks Range requests:: need only part of a resource complete a response transfer
- #10: Expires header, with a time until which a cache could return the response without violating semantic transparency Validity : 304 (Not Modified) status code, implying that the cache entry is valid, or it may send a normal 200 (OK) response to replace the cache entry. Cache –control It did not allow either origin servers or clients to give full and explicit instructions to caches. If-Modified-Since header -> uses absolute timestamps with one-second resolution -> lead to caching errors either because of clock synchronization errors, or because of lack of resolution ->Entity tag the origin server construct it (such as a fine-grained timestamp or an internal database pointer uniqueness requirement. If-None-Match, which allows a client to present one or more entity tags from its cache entries for a resource(304 (Not Modified) response with an ETag header that indicates which cache entry is currently valid) Cache-Control header allowing an extensible set of cache-control directives to be transmitted in both requests and responses private (Single-user-agent caches are effectively allowed)and no-store - delete cache is anyallow servers and clients to prevent the storage of some or all of a Response ----no-cache" is defined to mean exactly the same thing as "Cache-control: private", but with no exception for user-agent caches.
- #11: Request: Get URI ver ------- HOST------User agent-----Accept Response: Ver 200 ok ----date---server---lastmodified----content length---content type ----CRLF body Uniform Resource Identifier: identifies a resource either by location, or a name, or both URIs identify and URLs locate URL is one type of Uniform Resource Identifier (URI); URL has two main components: Protocol identifier: For the URL http://example.com , the protocol identifier is http . Resource name: For the URLhttp://example.com , http://www.example.com/index.html, which indicates a protocol (http), a hostname (www.example.com), and a file name (index.html). A URI can be further classified as a locator, a name, or both Host header to – host multiple sites CRLF: Carriag return line feed
- #13: a HTTP HEAD request is checking if a given url is serviceable, a given file exists, etc -- information about a document– last modified
- #14: Do not modify resources- retrieval only Idempotent Method: Can be called many times , same outcome Post: login to web page Diffrnce b/w get and post
- #15: FACEBOOK account creation – post Data upload – put GET – request face book
- #17: 100 Continue: initial part of the request has been received and has not yet been rejected by the server. The client SHOULD continue by sending the remainder 200 OK: request has succeeded. The information returned with the response is dependent on the method used in the request 201 Created: new resource being created. 202 Accepted:request has been accepted for processing, but the processing has not been completed 204 response MUST NOT include a message-body, and thus is always terminated by the first empty line after the header fields. 301 Moved Permanently – location header in response 302 Found- temp moved 304 Not Modified- response to conditional get 305 Use Proxy- Location field 400 Bad Request- malformed syntax 401 Unauthorized- response WWW-Authenticate header field , response Authorization header field 403 Forbidden , 404 Not Found, 405 Method Not Allowed , 407 Proxy Authentication Required , 408 Request Timeout 500- internel server error , 503- service unavailable , 505 – http version not supported
- #18: specific state and authenticated user Name , Value , google , location , expire size
- #19: HTTPS is authentication of the visited website and to protect the privacy and integrity of the exchanged data. HTTPS provides authentication of the website and associated web server with which one is communicating, which protects against man-in-the-middle attacks. bidirectional encryption of communications between a client and server-- protects against eavesdropping and tampering . SSL is especially suited for HTTP since it can provide some protection even if only one side of the communication is authenticated : by the client examining the server's certificate
- #20: Hash(MD5) message authentication code Key exchange- RSA DSA ,DEFI Cipher : RC4 AES HASH:md5 sh1 sh2