Understanding the Web through HTTP

Understanding the Web through HTTP

• 1.
  Understanding the Webthrough HTTP Olivia Brundage
• 2.
  Agenda • Overall Flowof Data • How HTTP Requests Work • Introduction to HTTPS
• 3.
  Meet Datum! He’s justa baby now, but let’s see how he grows into a big data through the OSI (Open System Interconnection) model.
• 4.
  Physical Layer Datum’s hometown. He communicates with everyone through a physical medium (like wires). His language is bits (0’s and 1’s).
• 5.
  Trailer Data Link Layer Totalk to neighbors, Datum’s bits gets encapsulated as a frame so that the receiver know the start and end of the message. This layer provides node- to-node data transfer.Header DATA 1010 101001000100111 Bit pattern that specifies the start of the frame Bit pattern that specifies the end of the frame Frame
• 6.
  Network Layer In orderto reach the outside world, Datum has to be transformed into a packet. Routers are responsible directing data to the correct machine. This is where you’ll find IP addresses. IP
• 7.
  Transport Layer To reachhis destination, Datum must be transported via a segment or datagram. Segments are sent through the Transmission Control Protocol (TCP), which is for a connection- oriented transmission. Datagrams are sent through the User Datagram Protocol (UDP), which is for a connectionless transmission (e.g., streaming). IP
• 8.
  Session Layer Upon arrivingat his destination, Datum must create an open session to the client, so that they can continue their business. Once here, Datum evolves into his final form: Data. IP
• 9.
  Presentation Layer Datum isnow on the full screen! This layer takes all your backend code, CSS files, etc and delivers them to the final layer. IP
• 10.
  Application Layer This layeris the end-user product and contains high-level APIs like resource sharing and remote file access. This is also the layer you develop in! IP
• 11.
  What’s with thisabstraction? • Gives us a framework on how data transforms throughout the network. • But it’s a little too specific; real networks are a lot muddier than this.
• 12.
  OSI vs TCP/IP TCP/IPcombines some layers of the OSI, making it more succinct to the messier way of real life.
• 13.
  Where does HTTPfit into this?
• 14.
  First, let’s goover what HTTP is • HTTP stands for hyper-text transfer protocol. • This protocol is in plain-text and is stateless. • This protocol resides in the application layer.
• 15.
  Let’s break downthese requests!
• 16.
  Make the Request! Youtype the URL (Uniform Resource Locator) in the browser: http://www.google.com
• 17.
  Hey, wait! What’san URL? http://www.domain.com:1234/path/to/resource?a=b&x=y protocol host port resource path query
• 18.
  Now, time toget the IP address! After you type the address, another application layer protocol is used to get the IP address:
 the Domain Name System (DNS) What’s the IP to Google’s server? Google’s IP is 65.246.5.22 Domain Name Server Web Browser
• 19.
  HTTP makes theRequest Racket
• 20.
  Generic Structure ofHTTP Requests message = <start-line>
 *(<message-header>)
 CRLF # Carriage Return Line Feed (i.e., new line)
 [<message-body>] • Start line contains the initial request • Message headers give more details about the request you’re making (i.e., the host, how to maintain the connection, how to handle cookies, etc). NB: GET requests do not contain a message body, but POST requests can.
• 21.
  tl/dr: A simple requestlooks likes: VERB RESOURCE-URL PROTOCOL
 MESSAGE-HEADERS GET / HTTP/1.1
 HOST: www.google.com
 CONNECTION: keep-alive
• 22.
  HTTP Main Verbs •GET: fetches a resource determined by the URL • The server sends the resource in the message body if the status code is 200 • POST: creates a new resource where the requests specifies the data needed for the resource • Params are carried in the body of the request instead of the header; making this a more ‘secure’ type of request • PUT: updates a resource • DELETE: deletes a resource NB: PUT and DELETE can be considered a specialized versions of POST
• 23.
  Lesser-known Verbs • HEAD:Requests only the server headers. Primarily used for checking if the resource has changed via timestamps. • TRACE: Retrieves the hops that a request takes to round trip the serve. Used for network diagnostic purposes. • OPTIONS: Retrieves the server capabilities. For the client-side, it can be used to modify the request based on what the server can support.
• 24.
  HTTP Packet getsready for Transportation! HTTP Request HTTP Packet TCP Packet The TCP information maintains the session.
 Now to the IP layer! TCP
• 25.
  TCP now handsit over to the Internet Protocol • Local/Sender Address: Your PC’s IP • Receiver Address: Google’s Server IP • Post Service Nodes: Routers
• 26.
  HTTP Request IP IP further encapsulatesthe data TCP TCP IP Packet Now we head over to the last layer!
• 27.
  Trailer HTTP Request Header The Network InterfaceLayer makes the Ethernet frame. IP TCP IP Packet Ethernet Frame We can finally send this HTTP request out!
• 28.
  The HTTP requestis out!
• 29.
  So let’s recap.
• 30.
  But there’s stillmore to HTTP!!
• 31.
  Some important notesabout the response: • The server will send the status code along with the message payload. • The status code tells the client how to interpret the server response.
• 33.
  1xx: Informational Messages •This is just a provisional code and provides informational messages like: • Keep this connection alive (i.e., still sending information) • Tell the client to continue sending it’s message • Ignore the next response • This class was introduces in HTTP/1.1. Version 1.0 ignores this message.
• 34.
  2xx: Successful Your requestmade it!
• 35.
  Request was completelysuccessful.
• 36.
  Message successful, butthere was no message body
• 37.
  3xx: Redirection Your requestneeds to directed elsewhere.
• 38.
  Resource has movedto a new URL.
• 39.
  Resource has notbeen modified since last request.
• 40.
  4xx: Client Error Whenthe server thinks the client made a bad request.
• 41.
  Request can’t befulfilled due to bad syntax.
• 42.
  Specifically used whenauthentication has failed.
• 43.
  Request was valid,but the server won’t respond.
• 44.
  Resource can’t befound. Try again later?
• 45.
  Method isn’t supported(like using a GET on a form that requires a POST method)
• 46.
  5xx: Server Error Serverfailed creating the request
• 47.
  The infamous, genericserver error.
• 48.
  The server doesn’trecognize the request method or can’t fulfill it.
• 49.
  The server wasacting as a proxy and received something bad from the upstream server.
• 50.
  The server wasacting as a proxy and did not receive a timely response from the upstream server.
• 51.
  Want more statuscodes? Here’s your source: https://httpstatusdogs.com/
• 52.
  Overall HTTP Interaction
• 53.
  So where doesHTTPS come into play? That is: HTTP over TLS, HTTP over SSL, and HTTP Secure
• 54.
  What HTTPS Is •HTTPS provides authentication to the website and protection of the privacy and integrity of the exchanged data • Security is brought to you by the Secure Sockets Layer (SSL) or the improved Transport Layer Security (TLS). • Encryption is brought to you by Public Key Encryption and Symmetric Key Encryption. • This security component happens between HTTP request and TCP (before they connect).
• 55.
  HTTPS Happens Beforethe Connection is Made
• 56.
  How HTTPS Works •Client/Server Hellos • Authenticate Client and Server with Cryptography • Generate session keys • Further interactions will be based on the encrypted session keys
• 57.
  Questions?
• 58.
  Resources • “What isthe role of the OSI layers when making a request to a website?” 
 https://www.quora.com/What-is-the-role-of-OSI-layers-when-we-open- a-webpage • “HTTP: The Protocol Every Web Developer Must Know - Part 1"
 https://code.tutsplus.com/tutorials/http-the-protocol-every-web- developer-must-know-part-1--net-31177 • “HTTP: The Protocol Every Web Developer Must Know - Part 2"
 https://code.tutsplus.com/tutorials/http-the-protocol-every-web- developer-must-know-part-2--net-31155 • "Understanding HTTP Basics"
 http://learn.onemonth.com/understanding-http-basics