The Hyper-Text Transfer Protocol (HTTP)



Similar documents
HTTP Protocol. Bartosz Walter

Network Technologies

Internet Technologies Internet Protocols and Services

HTTP Caching & Cache-Busting for Content Publishers

Protocolo HTTP. Web and HTTP. HTTP overview. HTTP overview

reference: HTTP: The Definitive Guide by David Gourley and Brian Totty (O Reilly, 2002)

HTTP. Internet Engineering. Fall Bahador Bakhshi CE & IT Department, Amirkabir University of Technology

CS640: Introduction to Computer Networks. Applications FTP: The File Transfer Protocol

Demystifying cache. Kristian Lyngstøl Product Specialist Varnish Software AS

By Bardia, Patit, and Rozheh

Internet Technologies. World Wide Web (WWW) Proxy Server Network Address Translator (NAT)

Hypertext for Hyper Techs

CONTENT of this CHAPTER

1. When will an IP process drop a datagram? 2. When will an IP process fragment a datagram? 3. When will a TCP process drop a segment?

The Web: some jargon. User agent for Web is called a browser: Web page: Most Web pages consist of: Server for Web is called Web server:

The Web History (I) The Web History (II)

Outline Definition of Webserver HTTP Static is no fun Software SSL. Webserver. in a nutshell. Sebastian Hollizeck. June, the 4 th 2013

No. Time Source Destination Protocol Info HTTP GET /ethereal-labs/http-ethereal-file1.html HTTP/1.

Lecture 8a: WWW Proxy Servers and Cookies

Chapter 27 Hypertext Transfer Protocol

Varnish Tips & Tricks, 2015 edition

GET /FB/index.html HTTP/1.1 Host: lmi32.cnam.fr

Architecture of So-ware Systems HTTP Protocol. Mar8n Rehák

Project #2. CSE 123b Communications Software. HTTP Messages. HTTP Basics. HTTP Request. HTTP Request. Spring Four parts

Lecture 8a: WWW Proxy Servers and Cookies

World Wide Web. Before WWW

URLs and HTTP. ICW Lecture 10 Tom Chothia

Web Application Security

Table of Contents. Open-Xchange Authentication & Session Handling. 1.Introduction...3

Security-Assessment.com White Paper Leveraging XSRF with Apache Web Server Compatibility with older browser feature and Java Applet

Lektion 2: Web als Graph / Web als System

The HTTP protocol (HyperText Transfer Protocol) Short history of HTTP. The HTTP 1.0 protocol. 07/07/2011(dec'09)

Tunneling QuickTime RTSP and RTP over HTTP. Relationship to RTSP/RTP

CIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 20

Application Layer: HTTP and the Web. Srinidhi Varadarajan

CloudOYE CDN USER MANUAL

THE PROXY SERVER 1 1 PURPOSE 3 2 USAGE EXAMPLES 4 3 STARTING THE PROXY SERVER 5 4 READING THE LOG 6

Content'Delivery'Infrastructure' HTTP'Overview' A'Web'Page' Computer Networks. Lecture'9:'HTTP'

Layer 7 Load Balancing and Content Customization

1 Introduction: Network Applications

HTTP Response Splitting

Deployment Guide. Caching (Static & Dynamic) Deployment Guide. A Step-by-Step Technical Guide

GravityLab Multimedia Inc. Windows Media Authentication Administration Guide

Internet Technologies 4-http. F. Ricci 2010/2011

Evolution of the WWW. Communication in the WWW. WWW, HTML, URL and HTTP. HTTP Abstract Message Format. The Client/Server model is used:

Security Testing is performed to reveal security flaws in the system in order to protect data and maintain functionality.

Computer Networks. Lecture 7: Application layer: FTP and HTTP. Marcin Bieńkowski. Institute of Computer Science University of Wrocław

Information Extraction Art of Testing Network Peripheral Devices

Playing with Web Application Firewalls

O Reilly Ebooks Your bookshelf on your devices!

CTIS 256 Web Technologies II. Week # 1 Serkan GENÇ

APACHE WEB SERVER. Andri Mirzal, PhD N

Research of Web Real-Time Communication Based on Web Socket

ATS Test Documentation

DATA COMMUNICATOIN NETWORKING

People Data and the Web Forms and CGI CGI. Facilitating interactive web applications

Introduction to Computer Security

Cache All The Things

Implementing Reverse Proxy Using Squid. Prepared By Visolve Squid Team

CS615 - Aspects of System Administration

CDN Operation Manual

Computer Networking LAB 2 HTTP

TCP/IP Networking An Example

Cookies Overview and HTTP Proxies

ivoyeur: permission to parse

Web applications. Web security: web basics. HTTP requests. URLs. GET request. Myrto Arapinis School of Informatics University of Edinburgh

International Journal of Engineering & Technology IJET-IJENS Vol:14 No:06 44

Communication Security for Applications

Data Communication I

Vodia PBX RESTful API (v2.0)

Automated Vulnerability Scan Results

HOST EUROPE CLOUD STORAGE REST API DEVELOPER REFERENCE

Internet infrastructure

Blue Coat Security First Steps. Solution for HTTP Object Caching

Session Initiation Protocol (SIP) Chapter 5

Title page. Alcatel-Lucent 5620 SERVICE AWARE MANAGER 13.0 R7

An Insight into Cookie Security

Application layer Web 2.0

SIP Messages. 180 Ringing The UA receiving the INVITE is trying to alert the user. This response MAY be used to initiate local ringback.

Domain Name System (DNS)

Web. Services. Web Technologies. Today. Web. Technologies. Internet WWW. Protocols TCP/IP HTTP. Apache. Next Time. Lecture # Apache.

B6: GET /started/with/ HTTP Analysis

Sticky Session Setup and Troubleshooting

Cyber Security Workshop Ethical Web Hacking

Module 45 (More Web Hacking)

T14 SECURITY TESTING: ARE YOU A DEER IN THE HEADLIGHTS? Ryan English SPI Dynamics Inc BIO PRESENTATION. Thursday, May 18, :30PM

Remote System Monitor for Linux [RSML]: A Perspective

Introduction to ServerIron ADX Application Switching and Load Balancing. Module 6: Content Switching (CSW) Revision 0310

What is Distributed Annotation System?

Performance Evaluation of the Apache Traffic Server and Varnish Reverse Proxies. Shahab Bakhtiyari. UNIVERSITY OF OSLO Department of Informatics

Application Example: WWW. Communication in the WWW. WWW, HTML, URL and HTTP. Loading of Web Pages. The Client/Server model is used in the WWW

Transcription:

The Hyper-Text Transfer Protocol (HTTP) Antonio Carzaniga Faculty of Informatics University of Lugano October 4, 2011 2005 2007 Antonio Carzaniga 1 HTTP message formats Outline HTTP methods Status codes Headers Web caching 2005 2007 Antonio Carzaniga 2

Anatomy of a Request GET /carzaniga/index.html HTTP/1.1 request line Host: www.inf.usi.ch Connection: close zero or more User-agent: Mozilla/4.0 header lines Accept-Language: it empty line object body (possibly empty) 2005 2007 Antonio Carzaniga 3 Request line Anatomy of a Request (2) space space GET /carzaniga/index.html HTTP/1.1 method Header line space URL Host: www.inf.usi.ch version name value Line terminator: CRLF ( carriage return and line feed ) two bytes: numeric values 13 and 10 2005 2007 Antonio Carzaniga 4

GET retrieve the object identified by the URL Methods OPTIONS requests the available communication options for the given object HEAD like GET, but without the body useful for testing the validity of links POST allows one to submit data to the server e.g., a mail message in a web mail system, a form in an e-commerce site... the given URL is the object that handles the posting PUT requests that the enclosed object be stored under the given URL DELETE deletes the given object TRACE see RFC 2616, Section 9.8 CONNECT see RFC 2616, Section 9.8 2005 2007 Antonio Carzaniga 5 Anatomy of a Response HTTP/1.1 405 Method Not Allowed Date: Fri, 18 Mar 2005 01:18:04 GMT Server: Apache/2.0.46 (Red Hat) Allow: GET,HEAD,POST,OPTIONS,TRACE Content-Length: 329 Connection: close Content-Type: text/html <html><head> <title>405 Method Not Allowed</title> </head><body>... status line zero or more header lines empty line object body (possibly empty) 2005 2007 Antonio Carzaniga 6

Anatomy of a Response Status line HTTP/1.1 405 Method Not Allowed version status code brief description The status code is a 3-digit value (e.g., 200 or 401) The rest has exactly the same structure as a request 2005 2007 Antonio Carzaniga 7 Status Codes 1xx informational (see Section 10.1 of RFC 2616) 2xx successful operation (see Section 10.2 of RFC 2616) 3xx redirection. E.g., indicates that the object has moved, either temporarily or permanently 4xx client error. E.g., malformed request (400), object not found (404), method not allowed (405), unauthorized (401). 5xx server error. E.g., internal server error (500), service overloaded (503) 2005 2007 Antonio Carzaniga 8

Headers Object characterization e.g., Content-Type, Content-Length, Content-Encoding Content negotiation e.g., Accept-Charset, Accept-Encoding Object properties useful for cache management e.g., Expires, Last-Modified, ETag Explicit cache control e.g., Cache-Control Method-specific responses e.g., Allow as a response to OPTIONS Authorization/identification e.g., Authorization 2005 2007 Antonio Carzaniga 9 Web Caching Same idea as caching in a memory hierarchy high latency, low bandwidth low latency, high bandwidth proxy/cache 2005 2007 Antonio Carzaniga 10

Example Cost=C h Cost=C l Cost=C h proxy/cache Without proxy/cache: total cost=3c h With proxy/cache: total cost=c h + 3C l 2005 2007 Antonio Carzaniga 11 A client request goes to a proxy (cache) server The proxy may Web Caching (2) 1. forward the request to the origin server, thereby acting as a client 2. get the response from the origin server 3. possibly store (cache) the object 4. forward the response back to the client The proxy may 1. respond immediately to the client, possibly using a cached object 2005 2007 Antonio Carzaniga 12

Web Caching (3) Benefits of the proxy/cache architecture performance: reduced latency performance: reduced network traffic security: privacy, the server sees the proxy as a client security: protection from intrusions, in combination with a firewall Problems latency (just like any other caching system) complexity 2005 2007 Antonio Carzaniga 13 HTTP and Caching The proxy/cache architecture is central to several features of HTTP in fact, it affects its overall design HTTP is defined as a request/response protocol, where requests and responses are explicitly passed through a request chain client proxy proxy origin 2005 2007 Antonio Carzaniga 14

HTTP and Caching (2) HTTP is defined as a request/response protocol, where requests and responses are explicitly passed through a request chain client proxy proxy origin HTTP defines how protocol versions are handled on the request chain how each method must be handled w.r.t. the request chain e.g., responses to OPTIONS requests are not cacheable; 302 responses are only cacheable if indicated by a Cache-Control or Expires header field specific authentication mechanisms for proxies a lot of headers to control caching along the request chain 2005 2007 Antonio Carzaniga 15 HTTP and Caching (3) Cached pages may become stale A HEAD request could be used to see if an object has been updated, in which case the cache can be invalidated but how does a proxy decide that it is okay to respond to a client with a cached object? Servers specify explicit expiration times using either the Expires header, or the max-age directive of the Cache-Control header A client or proxy can use a conditional GET by including a If-Modified-Since header 2005 2007 Antonio Carzaniga 16

Cache-Control in Requests GET /carzaniga/index.html HTTP/1.1 Host: www.inf.usi.ch Cache-Control: no-cache Please, do not use cached objects! proxies must go to the origin server GET /carzaniga/index.html HTTP/1.1 Host: www.inf.usi.ch Cache-Control: max-age=20 Please, give me a cached object only if it is less than 20 seconds old 2005 2007 Antonio Carzaniga 17 HTTP/1.1 200 Ok Cache-Control: no-cache... Please, do not cache this objects! Cache-Control in Replies HTTP/1.1 200 Ok Cache-Control: maxage=100; must-revalidate... You may use this object up to 100 seconds from now. After that, you must revalidate the object. without the must-revalidate directive, a client may use a stale object 2005 2007 Antonio Carzaniga 18

Sessions in HTTP HTTP is a stateless protocol so how do you implement a shopping cart? HTTP provides the means for higher-level applications to maintain stateful sessions (see RFC 2109) Set-Cookie header sent within an HTTP response, from the server to the client tells the client to store the given cookie as a session identifier for that site Cookie header sent within an HTTP request, from the client to the server tells the server that the request belongs to the given session 2005 2007 Antonio Carzaniga 19 Example web browser hispeed.ch blah.com: 687876 END GET GET /led-zeppelin /end-session /cream HTTP/1.1 Host: Host: GET blah.com / HTTP/1.1 Cookie: Cookie: Host: 687876 687876 blah.com......... HTTP/1.1200 200OK OK. Set-Cookie:.. 687876 END. <html><head>...... </head><body> <a <html><head>. href="cream">buy</a> href="abba">buy</a>... </head><body> <a <a Thank href="led-zeppelin">buy</a> href="beatles">buy</a> href="ac-dc">buy</a> you! <a... href="deep-purple">buy</a>... web server blah.com Session 687876 Led Zeppelin Cream 2005 2007 Antonio Carzaniga 20

Cookies and User Privacy A session identifies the actions of a user Web sites may use cookies to compile and collect user profiles and obviously they do exactly that! In our example, we can infer that user n. 687876... likes rock-blues music from the sixties and seventies lives in Switzerland... If user n. 687876 buys something on line with a credit card, then he or she would also be immediately indentified 2005 2007 Antonio Carzaniga 21

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information