Introduction
- HTTP is the client-server network protocol that has been in use by the World-Wide Web since 1990.
Definition
- Http is a very important application layer (TCP/IP reference model) communication protocol for the transfer of information on the World Wide Web and intranet also.
- Its original purpose was to provide a way to publish and retrieve hypertext pages over the Internet i.e. HTTP defines how messages are formatted and transmitted, and what actions Web servers and browsers should take in response to various commands.
Features
- HTTP stands for “Hyper Text Transfer Protocol“.
- HTTPs stands for “Hyper Text Transfer Protocol secure“.
- This protocol works on Port Number 80, by default.
- HTTP is a text based protocol i.e. request and response is send and receive in the form of message/text format.
- HTTP is considered as a stateless protocol. This is because each transaction is independent of the previous transaction and the TCP connection between the client and the server is established for every page i.e. it does not remember anything about the previous request hence it makes the Web simple.
- HTTP is the underlying protocol used by the World Wide Web.
- HTTP is not constrained to using TCP/IP reference model and its supporting layers during its functioning, although this is its most popular application on the Internet. Indeed HTTP can be implemented on top of any other protocol on the Internet, or on other networks.
- HTTP uses TCP and not UDP, because of much data must be sent reliably with connection oriented technique for a webpage, and also TCP provides all the types of related transmission control during the process, presents the data in order, and provides error correction.
- HTTPS
- Although, http is powerful and flexible but is not suitable for use in a wide range of applications because it can be so easily monitored and replayed by attackers. Hence, the Secure Sockets Layer (SSL) was designed to encrypt any TCP/IP based network traffic and provide the following security capabilities:
- Prevents eavesdropping
- Prevents tampering or replaying of messages
- Uses certificates to authenticate servers and optionally clients
- Although, http is powerful and flexible but is not suitable for use in a wide range of applications because it can be so easily monitored and replayed by attackers. Hence, the Secure Sockets Layer (SSL) was designed to encrypt any TCP/IP based network traffic and provide the following security capabilities:
Thus, the HTTPS protocol is similar as HTTP but with included encrypted SSL security concept. When we use https/HTTPS session is created, there is some additional overhead is required i.e. the client and server need to create a shared secret key by using a public / private key handshake. But once the connection is setup it works exactly like HTTP and has the same capabilities like headers, cookies, caching, authentication, redirection etc.
Working Mechanism
- Whenever we surf the web and enters a URL in the web browser, our browser will be sending HTTP request messages using HTTP commands for HTML pages, images, scripts and styles sheets stored on the web server. Now, Web servers finally handle these requests, process it and then return as response messages that contain the requested resource/information.
- The commands from the client’s browser are embedded in a request message .The contents of the request message are now embedded in a response message. HTTP uses the services of TCP at port 80.
- HTTP is a request/response standard between a client and a server in a network where a client is the end-user and the server is the web site. The client making an HTTP request – using a web browser, or other end-user tool – is referred to as the user agent. The responding server – which stores or creates resources such as HTML files and images – is called the origin server. Thus, in between the user agent and origin server may be several intermediaries, such as proxies, gateways, and tunnels.
- Typically, an HTTP client initiates a request. It establishes a Transmission Control Protocol (TCP) connection to a particular port on a host (port 80 by default). Then, an HTTP server listening on that port waits for the client to send a request message. Upon receiving the request, the server sends back a status line, such as “HTTP/1.1 200 OK”(1.1=version, 200= request id, OK=status), and a message of its own, the body of which is perhaps the requested file, an error message, or some other information.
Structure
- Http consists of header and body part. Header includes different control information such as status codes, caches, cookies, methods, redirection, compression, encoding, authentication etc.
- Http starts work using request messages and completes work using response messages. These formats includes –
HTTP Request Message
The HTTP request message has a simple text based structure. The typical request message sent by a browser for a particular web page may include –
The first line of the message, known as the request line, contains:
-
- The HTTP method
- The relative URL of the resource or a full URL
- The version of HTTP that is being used. Most modern HTTP clients and servers will use HTTP version 1.1.
The rest of the message consists of a set of name/value pairs, known as headers. HTTP clients use header values to control how the request is processed by the server. For example, the Accept-Encoding header indicates that the browser can handle content compressed using the gzip or deflate algorithms.
HTTP Response Message
The web server’s response message has a similar structure, but is followed by the contents of the HTML page:
<!DOCTYPE html> <html>…
The first line, or status line, returns a status code from the server that indicates whether the request was successful. The value 200 is returned if the request was processed correctly and content is being returned to the client.
The next eight lines of text contain header values that describe the data and the way in which it is being returned to the client. For example, Content-Type has the value text/html because the page is in HTML format. The response headers are terminated with a double CRLF (carriage return, line feed) and are followed by the contents of the requested resource.
Images are not directly embedded into web pages. Instead, they are specified as separate resources using HTML <img> tags:
<img src=”images/logo.gif” width=”50″ height=”50″>Whenever the browser encounters an <img> tag, it checks to see if it has a valid copy of the image either loaded in memory or saved in its cache. If no suitable match is found, it sends out another HTTP request to retrieve it. This means that a web page
Methods
There are following common methods used in http operation –
The GET method
-
-
- The GET method is used to retrieve information from a specified URI/URL and is assumed to be a safe, repeatable operation by browsers, caches etc.
- One downside of GET requests is that they can only supply data in the form of parameters encoded in the URI/URL or as cookies in the cookie request header.
- GET cannot be used for uploading files or other operations that require large amounts of data to be sent to the server.
-
The POST method
-
-
- The POST method is used for operations that have side effects and cannot be safely repeated.
- The POST request message has a content body that is normally used to send parameters and data.
- Here, there is no upper limit on the amount of data that can be sent and POST must be used if files or other variable length data has to be sent to the server.
-
0 Comments