http protocol
HTTP is a protocol belonging to the object-oriented application layer due to its simple, fast way for distributed hypermedia information system.
http/0.9, http/1.0, http/1.1, http/2.0
(1) http protocol: stateless stateless
The server can not keep track of visitors Source
(2) a method to solve the stateless http protocol
cookie store client session server storage
(3) http affairs: the course of a visit
Request: request response: response
cookie classification
(1) fat cookie: record details of user access, it is easy to leak user privacy, not recommended
(2) thin cookie: only identify the user identity, and more detailed information on user browsing is stored in the server, user information, such as items in the shopping cart. session mechanism can achieve this function, it can record the user access behavior at the site, the session is associated with a user's cookie. session is stored in a small data memory, the recording operation of the user. When a user with a cookie to access the server looks for the corresponding session information, so that browsing information before the user.
cookie and session is an important means to track user access behavior, which make up the stateless http defect.
HTTP request packet
HTTP response message
http protocol status code classification
status (status codes):
1xx: 100-101 message alert
2xx: 200-206 success
3xx: 300-305 Redirection
4xx: 400-415 error class information, client error
5xx: 500-505 error class information, server-side error
200: success, request data in response entity-body portion of the packet; the OK 301: the URL points to the resource request has been deleted; but the response packet by the header Location indicates the new location of the resource present position; Moved permanently permanent redirect 302: provisional response message indicating the new location of the resource location Moved Temporarily temporary redirect 304: the client sends a request to the conditional expression, but resources on the server change has not occurred, the client is notified in response to this response status code; Modified not 401: need to enter the account number and password authentication in order to access resources; Unauthorized 403: requests are prohibited; forbidden 404: the server can not find the resources requested by the client; not found 500: internal server error; internal server error 502: proxy from back-end server receives a pseudo response, as not connect to the gateway; of Bad gateway 503: service not available, the server maintains a temporary overload or server to process the request 504: gateway timeout
HTTP header field
1> Information HTTP header field contains the most abundant. Header fields are both present in the request and response packets, and covers HTTP packets related content information. Using the header field is to provide a packet body size of a customer terminal and the server, the language, and authentication information content used 2> header field configuration HTTP header field by field names and field values header portion constituted by a colon ":" the partition 3> field value corresponding to a single HTTP header field may have multiple values 4> packet header appearing in the header field of two or more of the same header field names in the specification is not clear, according to the internal processing logic browser different priority order may be different, the results may not be uniform
Header Categories:
General header: the request packet and response packet will use both the header portion of the request header: sending a request header is used when the packet from the client to the server. Complements the requested additional content, client information, request content-related information such as priority response headers: header returned to the client using the response packet from the server side. Complements the additional content of the response, the client will be required to attach additional content information entity headers: request packets and response packets entities partially used for the header. Supplementary information related to the entity's resources content update time extension header
Spoken neck:
Date: creation time packets Connection: connection status, such as Keep-Alive, Close Via: displaying the intermediate node packet passes (proxies, gateways) the Cache-Control: control buffer, such as a cache long MIME-Version: sending end using MIME version Warning: error notification
Request headers:
Accept: the server notifies their pharmaceutically media type Accept-Charset: Client acceptable character sets Accept-Encoding: Client pharmaceutically encoding format, such as the gzip the Accept-Language: Client accepted languages
Client-IP: a request client IP Host: server name and port number of requests Referer: jump to a URL URI currently before the User-agent: agent client, browser version
Conditional Expression request header:
Expect: allows a client to request a list of the required server behavior If-Modified-Since: Since the specified time, whether the requested resource has been modified occurred If-Unmodified-Since: contrast to the above If-None-Match: local cache ETag tag stored in the document do not match the Etag server documentation if-match: in contrast to the above
Security request headers:
Authorization: sending authentication information to the server, such as account number and password Cookie: The client sends a cookie to the server
Agent request headers:
Proxy-Authorization: Authentication to the proxy server
Response headers:
Informational:
Age: from initial creation began long response duration Server: Server software name and version
When a resource using a variety of representations: negotiation header
Accept-Ranges: range type server can accept the request of other header to see a list of servers: Vary
Security Response headers:
Set-Cookie: set a cookie to the client WWW-Authenticate: challenge from the server to the client list
Entity headers:
Allow: methods listed in this resource request entity can use Location: tell the customer the real end entity located where Content-Encoding: encoding performed by the agent Content-Language: understand when the most appropriate body language Content-Length: body length Content-location: true location entity Content-type: type of the object body, such as text
Cache Related:
ETag: label extended entity Expires: Expires entity Last-Modified: Last modified time
Cookie
HTTP is a stateless protocol . Protocol itself not a communication state between requests and responses stored. That this level in the HTTP, a protocol for sending requests or responses had nothing lasting treatment. This is to handle a large number of transactions quickly, to ensure that the protocol scalability, and the HTTP protocol specifically designed to be so simple. But as the Web continues to develop, many businesses need to communicate status to be saved. Cookie then introduced technology. Cookie state management using techniques Cookie Cookie information by writing the request and the response message to control the client state. Cookie will be called the header field information according to a Set-Cookie in the response message sent from the server notifies the client to save Cookie. When the next time the client sends a request to the server go down, clients automatically added Cookie value in the request message sent. When the server discovery Cookie is sent by the client, we will check whether it is sent to the client from which a connection request, the server then recorded on the comparison, a state before the information finally obtained
Set-Cookie header field
Set-cookie header field example:
Set-Cookie: status=enable; expires=Fri, 24 Nov 2017 20:30:02 GMT; path=/;
meaning:
NAME = VALUE Cookie given name and its value, this is the essential item expires = DATE Cookie valid, if not explicitly specified, it defaults to the front until the browser is closed path = PATH to the file directory on the server as the application of Cookie objects, if do not specify the default document file directory where domain = domain Name as applicable Cookie object, if not specified, the default is to create a Cookie domain name server secure Cookie will be sent only when the HTTPS secure communication to limit the HttpOnly Cookie can not be JavaScript scripting
curl tool
curl file transfer tool is based URL syntax to work in the command line mode, it supports FTP, FTPS, HTTP, HTTPS, GOPHER, TELNET, DICT, FILE and LDAP and other protocols. curl supports HTTPS authentication, and HTTP-POST, PUT and other methods, FTP uploading, kerberos authentication, HTTP upload, proxies, cookies, user name / password authentication, file download HTTP, HTTP file upload, http proxy pipeline (proxy tunneling), also supports IPv6, socks5 proxy server, proxy server via http to upload files to FTP servers, very powerful
curl [options] [URL...]
-A / - user-agent <string > user agent to a server provided -e / - referer <URL> Source URL --cacert <file> CA certificate (SSL) -k / - in the insecure SSL certificate allows to ignore connecting --compressed is asked to return a compressed format -H / - header <line> defined transmission header information to the server from -i display page content including the packet header information -I / - head displays only the header information response packet -D / - dump-header <file > url the header information stored in the specified file --basic use HTTP basic authentication -u / - user <user [: password]> and the user password server -L if there 3xx response codes, re-transmission request to the new location -O URL using the default file name to save the file to the local -o <file> network file saved in the specified file, set the transmission rate rate---limit <rate> - 0 / - http1.0 numbers 0, 1.0 using the HTTP -v / - verbose more detail -C option file using HTTP functionality -c / - cookie-jar <file name> cookie stored in the url in the specified file proxy <proxyhost [: port]> - -x / specify the proxy server address -X / - request <command> method of transmitting a request to the server specified -U / - proxy-user <user : password> password and user proxy -T option to specify the local file uploaded to the FTP server --data / -d specify transfer data using the POST method -b name = data set-cookie value is obtained from the server response back to the server
: Example of a file access information under the 192.168.34.100 host / var / www / html / directory
[[email protected]]#curl 192.168.34.100 welcome to shanghai
Example Two: set the user agent to the server usage -A
[[email protected]]#curl -A 'IE20' http://192.168.34.100 welcome to shanghai
Example Three: URL source, use the -e option to jump through baidu website
[[email protected]]#curl -A 'IE20' -e 'www.baidu.com' http://192.168.34.100 welcome to shanghai
Tracking, you can see A host is by baidu imitate
Example Four: -i options: Show page content, including message header information
[[email protected]]#curl -i http://192.168.34.100 HTTP/1.1 200 OK Date: Fri, 29 Nov 2019 04:00:51 GMT Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16 Last-Modified: Thu, 28 Nov 2019 13:43:21 GMT ETag: "14-598684bf4e1c0" Accept-Ranges: bytes Content-Length: 20 Content-Type: text/html; charset=UTF-8 welcome to shanghai
Example five: the url in cookie stored in the specified file -c option usage:
[Root @ centos7html] #curl -c /data/cookie.txt http://192.168.34.101/setcookie.php will cookie.php on a Web page stored in the data directory
elinks tools:
elinks [OPTION]... [URL]...
-dump: non-interactive mode, the contents of the URL output to standard output -source: print source
Demo:
[root@centos7html]#elinks -dump 192.168.34.100 welcome to shanghai [root@centos7html]#elinks -source 192.168.34.100 welcome to shanghai
httpd comes with utilities
htpasswd: basic authentication-based file implementation, account password file generation tool used apachectl: httpd comes with the service control script, support start and STOP rotatelogs: log rolling tool access.log -> access.log, access.1. log -> access.log, acccess.1.log, access.2.log
httpd stress testing tool
ab, WebBench, http_load, Seige Jmeter open source Loadrunner business, we have the relevant certification tcpcopy: Netease, copy the production environment of real request, and save it
ab [OPTIONS] URL
from the httpd-tools package
-n: Total number of requests -c: Concurrent Simulation -k: in a persistent connection mode test
Ulimit -n # Number of files that can be opened to adjust
Example:
Introducing a log A log file in the host, is stored in / var / www under / html directory named m.txt
[[email protected]]#cp /var/log/messages /var/www/html/m.txt [[email protected]]#cd /var/www/html [root@centos7html]#ls index.html m.txt
Stress test carried out at the host B using ab command, execution request 2000, the number of parallel analog 100
[root@centos7html]#ab -c 100 -n 2000 http://192.168.34.100/m.txt 2000个请求数,模拟100个并行数 This is ApacheBench, Version 2.3 <$Revision: 1430300 $> Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ Licensed to The Apache Software Foundation, http://www.apache.org/ Benchmarking 192.168.34.100 (be patient) Completed 200 requests Completed 400 requests Completed 600 requests Completed 800 requests Completed 1000 requests Completed 1200 requests Completed 1400 requests Completed 1600 requests Completed 1800 requests Completed 2000 requests Finished 2000 requests Server Software: Apache/2.4.6 Server Hostname: 192.168.34.100 Server Port: 80 Document Path: /m.txt Document Length: 207 bytes Concurrency Level: 100 Time taken for tests: 0.943 seconds Complete requests: 2000 Failed requests: 0 Write errors: 0 Non-2xx responses: 2000 Total transferred: 834000 bytes HTML transferred: 414000 bytes Requests per second: 2120.15 [#/sec] (mean) 每秒访问多少个文件 Time per request: 47.167 [ms] (mean) Time per request: 0.472 [ms] (mean, across all concurrent requests) Transfer rate: 863.38 [Kbytes/sec] received Connection Times (ms) min mean[+/-sd] median max Connect: 0 2 3.4 1 23 Processing: 9 43 6.6 43 60 Waiting: 5 43 6.7 43 60 Total: 29 45 6.5 45 67 Percentage of the requests served within a certain time (ms) 50% 45 66% 48 75% 49 80% 51 90% 54 95% 57 98% 59 99% 61 100% 67 (longest request)
ulimit -n Example: adjust the file size, you can make more concurrent file ab
[root@centos7html]#ulimit -n 10240 [root@centos7html]#ulimit -a core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited scheduling priority (-e) 0 file size (blocks, -f) unlimited pending signals (-i) 5782 max locked memory (kbytes, -l) 64 max memory size (kbytes, -m) unlimited open files (-n) 10240 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 8192 cpu time (seconds, -t) unlimited max user processes (-u) 5782 virtual memory (kbytes, -v) unlimited file locks (-x) unlimited
At this time, access to the file size has been changed to 10240, you can access files larger parallel