[Computer network] HTTP interview test site

Test point 1: Computer network layering, application layer http is the layer closest to Java programmers

Test point 1: Computer network layering. The http of the application layer is the layer closest to Java programmers.
We knew when we learned computer network. We layered the computer network into 5 layers. Generally we use TCP/IP now. Such a layered structure.
Although the official is the 7-layer structure proposed by ISO, it is only a theoretical basis. In fact, most people use the layered structure of TCP/IP.
First of all, we have to know, why do we have to divide the computer network into layers? ? ?
Because if two computers can communicate with each other, it is very difficult to operate in practice... Our purpose of layering is to simplify difficult problems, and if we layer, we can only pay attention to us when we use it. Need to pay attention to the level, regardless of other levels.
If we need to change the design, we only need to replace the changed layer without involving other layers. This is a concept with low coupling in our programming.

Interview language organization: The HTTP protocol is at the top layer, that is, the application layer. This is the level closest to Java programmers.
From the computer network level, Java programmers must learn HTTP, HTTPS, DNS, SSL/TLS, and symmetry. Encryption and asymmetric encryption
Then the TCP/UDP three-way handshake at the transport layer, followed by four waved hands, and
then the network layer IP protocol, ARP protocol, IP address and Mac address again,
then the data link layer and the physical layer, basically nothing use.

Cheat 1: The HTTP protocol is at the top layer, which is the application layer. This is the level closest to our programmers.
Cheat 2: http + ssl/tls= https

Test point 2: Computer network communication process (browser/client + server)

Test point 2: Computer network communication process (browser/client + server).
We know that HTTP is in the application layer. Obviously, in the process of Web communication, we not only need HTTP protocol, but also involve other Agreement.
Application layer: DNS: Responsible for resolving the domain name. When
we visit a web page, we often visit www.zhongfucheng.site through the domain name, and computer communication only recognizes our host address (192.168.xxx.xxx). Therefore, when When we enter the domain name, we need DNS to resolve the domain name into a host for access.
Application layer: HTTP: Generate request message data
When we operate on a Web page, HTTP message data will be generated, requesting the corresponding server to respond.

TCP protocol: Split HTTP data to ensure data transportation. The
TCP protocol uses a three-way handshake to ensure the accurate transportation of data. When transporting data, the identifier is sent to the server, the server also returns the identifier to the client, and the client receives After the message is received, the identifier is returned to the server again. This ensures that the data transportation is reliable.
Network layer: IP protocol: transmit data packets, find the communication destination address ( Cheat: IP address is a network address, it will change, Mac address is a hardware address, it will not change, ARP protocol can reflect the IP address as Mac address ).
The IP protocol sends our generated data packets to the other party. The IP address indicates the address of the node, but the IP address may be changed. We can use the ARP protocol to reflect the IP address into the MAC address. The MAC address will not change, it is the fixed address of the network card.
Before we find the communication destination, we need to continuously transfer. This process is called "route transfer". We don't know how many times the route has been transferred. Therefore, it is impossible to fully understand the transmission status on the Internet.
Data link layer: omitted;
Physical layer: omitted.

Test point 3: The browser/client needs to inform the server of the intent of the request (GET|POST)

Test point 3: The browser/client needs to inform the server of the intent of the request (GET|POST)
If we have developed a Web program, we know that the commonly used submission methods are POST and GET methods, and we also know that GET is used to obtain data. POST is used to submit data.
In fact, other methods are supported in the HTTP protocol, such as Input, Delete, OPTIONS and many such methods. And because of the common use, so we may only know the GET and POST methods.
The purpose of HTTP methods is to tell the server what operation the client wants to perform. When HTTP is the OPTIONS method, the server will return which HTTP method it supports.
Of course, RESTful is now prevailing, which is to make full use of these methods of the HTTP protocol.

Test point 4: HTTP is a stateless protocol, that is, a protocol that does not save user status

Test point 4: HTTP is a stateless protocol, that is, a protocol that does not save the user state.
HTTP is stateless, that is, it does not save the communication state. It does not know who the other party it communicated with before. The purpose of this design is to simplify HTTP and handle a large number of transactions quickly!

Question: In web back-end development, it is often necessary to know who is visiting. Since the http protocol cannot save user status, how to implement the most basic cookie technology for saving user status?
Answer: Use Cookie technology. If the server wants to remember who the client is, it will issue a cookie to the client. The client saves the cookie in the hard disk. When the server visits the server next time, the browser will automatically bring the client's cookie over. In this way, the server can know who this guy is.
ps: The session is stored in the server memory, so it is volatile. The session is stored and transmitted through Cookie or URL redirection.

Test point 5: Persistent connection (from short connection to long connection, from HTTP 1.0 to HTTP 1.1)

Test point 5: Persistent connection (from short connection to long connection, from HTTP 1.0 to HTTP 1.1)
HTTP1.0 is short connection : in HTTP1.0, every time HTTP communication will be disconnected. If there is little capacity for text transmission, there is no problem. But if we visit a webpage, that webpage has a lot of pictures. An image is considered as an HTTP request. Then in the middle of the way, TCP connections are continuously established, pictures are obtained, and TCP connections are disconnected.
HTTP1.1 introduces long connections : this is a waste of resources, so in the HTTP1.1 version, it is a persistent connection. One HTTP connection can handle multiple requests. It is possible to send persistent connections in a "pipelined" way: in an HTTP connection, you can continue to send a second request without waiting for the server to respond to the request.

Test point 6: Two ways to improve transmission efficiency (compression and block)

Test point 6: Two ways to improve transmission efficiency (compression and block)

Before explaining, we must first know what an entity body is. An
entity body is the data transmitted in HTTP as data.

Generally, the entity body can be equivalent to the message body, which is a part of HTTP.
If we do not use any means, the data entity body returned by the server is returned as it is. We can use two ways to improve transmission efficiency
(1) Compression: use compression technology to reduce the size of the entity body, and then parse the data on the client side
(2) Block: use block transfer coding to transfer the entity body in blocks, When the browser resolves to the entity body, it can be displayed.

Test point 7: Resume uploading at a breakpoint (function: resume uploading at a breakpoint; realization: scope request)

Test point 7:
Resume downloading with breakpoint (Function: Resume downloading with breakpoint; Implementation: Range request) If we are interrupted in the process of downloading something, we need to download it again before, but now we can continue downloading during the interruption. We can use to get range data, this is called range request!
Scope request definition: Only part of the resource will be downloaded . That is, half of my picture is downloaded, and we only need to download the other half to form a complete picture. Then, when requesting, the part that is not downloaded can be requested.
summary:

Test point 8: Brief description of commonly used status codes

Test site 8: A brief description of commonly used status codes (more important, frequent exams, interviews should be able to say the following common ones)
2XX Generally, the request is successful
200 Normal processing
204 Successful processing, but the server does not return new data, the display page is not updated
206 A range request is made to the server and only a part of the data is returned.
3XX generally indicates that
the resource requested by redirection 301 has been allocated a new URI and the URL address has changed. [Permanent redirection]
302 The requested resource is temporarily assigned a new URI, and the URL address has not changed. [Forwarding]
303 Same function as 302, but it is clear that the client should use GET to obtain resources. [Forwarding]
304 An attached request is sent , But does not meet the conditions [Return unexpired cached data]
307 is the same as 302, but will not turn the POST request into GET [Forward]
4XX Client error
400 Request message syntax error
401 Need to authenticate identity
403 No access [In practice (contact practice), Nginx often has this]
404 server does not have this resource [In practice (contact practice), two situations: 1. The resource does not exist; 2. The path is wrong]
5XX server error
500 Internal resource error the [practice (with practice), back-end programmers wrong, debug it yourself]
503 server is busy
interviewing language organization:
the first sentence: 2XX request was successful, 3XX redirection, 4XX client error, 5XX server error
first Second sentence: memorize the commonly used ones above, pay attention to the ones that can be expanded, as far as the practice is concerned, all memorize them directly, too low

Test point 9: virtual hosting

Test point 9: virtual host (Nginx can implement this technology), the application between the server and the client The
first thing to say is that an HTTP server can have multiple sites, that is, multiple virtual hosts can be configured under HTTP. When users access different hosts, they actually access the same HTTP server.

Test point 10: There are also some applications for communication data forwarding in the client and server

Test point 10: There are also some application programs used for communication data forwarding in the client and server. The
proxy (the proxy on the client side is the forward proxy, and the proxy on the server side is the reverse proxy)
can be used to cache data. After receiving the data, the client can directly use the proxy to obtain the data. It
can be used to control website access and obtain access log records. The
gateway
can provide non-HTTP request operations and access databases. A
tunnel can
establish a secure communication path. SSL can be used. And other encryption means to communicate.
Interview language organization (mainly agents):
1. Agent definition: In the agent model, the agent class and the actual class implement the same interface. It is a real agent, regardless of whether it is a forward proxy or a reverse proxy.
2. Forward proxy and reverse proxy: The proxy on the client side is the forward proxy, and the proxy on the server side is the reverse proxy.

Test point 11: HTTP request message, request header (more important)

Test point 11: HTTP request message, request header (more important)
HTTP request message: In the request, the HTTP message consists of methods, URI, HTTP version, HTTP header fields and other parts.

Request line [Describe the client's request method, requested resource name, and HTTP protocol version number used]
header field [Describe which host the client requests, and some environmental information of the client, etc.]
A blank line
Example of header field:
Accept: text/html,image/* [The browser tells the server which data types it supports]
Accept-Charset: ISO-8859-1 [The browser tells the server which character set it supports]
Accept-Encoding: gzip,compress [Browse The browser tells the server that it supports the compression format]
Accept-Language: en-us,zh-cn [The browser tells the server that its language environment]
Host: www.it315.org:80 [The browser tells the server that it wants Which host to visit]
If-Modified-Since: Tue, 11 Jul 2000 18:23:51 GMT [The browser tells the server how long to cache data]
Referer: http://www.it315.org/index.jsp [Browse The browser tells the server that the client came from that page—anti-hotlinking]
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) [The browser tells the server what the core of the browser is]
Cookie [Browse The device tells the server what the cookie brought is]
Connection: close/Keep-Alive [The browser tells the server whether to disconnect or keep the link after the request]
Date: Tue, 11 Jul 2000 18:23:51 GMT [The browser tells the server the time of the request]

Test point 12: HTTP response message, response header (more important)

Test point 12: HTTP response message, response header (more important)
HTTP response message: In the response, the HTTP message consists of three parts: HTTP version, status code (number and reason phrase), and HTTP header field.

A status line [used to describe the result of the server processing the request. ] The
header field [used to describe the basic information of the server and the description of the data. Through the description of these data, the server can inform the client how to process the data it sends back after a while]
An empty line
entity content [the server sends back to the client Data]
Status line:
Format: HTTP version number Status code reason description
Status line: HTTP/1.1 200 OK The
status code is used to indicate the processing result of the request by the server. It is a three-digit decimal number. Response status codes are divided into 5 categories.

Examples of header fields:
Location: http://www.it315.org/index.jsp [The server tells the browser which page to jump to]
Server: apache tomcat [The server tells the browser, the server’s What is the model number]
Content-Encoding: gzip [The server tells the browser the data compression format]
Content-Length: 80 [The server tells the browser the length of the returned data]
Content-Language: zh-cn [The server tells the browser, the language of the server Environment]
Content-Type: text/html; charset=GB2312 [The server tells the browser the type of data returned]
Last-Modified: Tue, 11 Jul 2000 18:23:51 GMT [The server tells the browser the last update time of the resource]
Refresh: 1;url=http://www.it315.org [The server tells the browser to refresh regularly ]
Content-Disposition: attachment; filename=aaa.zip [The server tells the browser to open the data as download]
Transfer-Encoding: chunked [The server tells the browser to send the data back in chunks]
Set-Cookie:SS=Q0=5Lb_nQ; path=/search[The server tells the browser to save cookies]
Expires: -1[The server tells the browser not to set the cache]
Cache-Control: no-cache [The server tells the browser not to set the cache]
Pragma: no-cache [The server tells Do not set the cache in the browser]
Connection: close/Keep-Alive [The server tells the browser how to connect]
Date: Tue, 11 Jul 2000 18:23:51 GMT [The server tells the browser to send back data time]

Test point 13: HTTP + SSL/TLS == HTTPS, symmetric encryption, asymmetric encryption

Test point 13: HTTP + SSL/TLS == HTTPS, symmetric encryption, asymmetric encryption
HTTP insecure
HTTP is insufficient in terms of security, the specific changes to the existing three points:
(1) The communication uses plain text [the content has not been encrypted]
(2) If the identity of the communicating party is not verified, both the client and the server
can communicate at will. (3) The integrity of the message cannot be proved [After others are monitored, it can be tampered with]
We generally use the packet capture tool to get it easily when we are online. It is the information requested by the HTTP, which is unavoidable for TCP/IP in network communication.
Assuming that we encrypt the HTTP message, it is only the encryption of the content. If someone else has obtained the HTTP content, even if they cannot crack the HTTP content, they can still be tampered with.
HTTP + SSL/TLS == HTTPS
It is best to use SSL to establish a secure communication line, and then HTTP communication can be carried out on this line.
In fact, HTTPS is HTTP covered with SSL...
HTTPS uses a mixture of shared keys (symmetric encryption) and asymmetric encryption for encryption. Since asymmetric encryption requires too many resources, it is impossible to communicate with asymmetric encryption all the time. Therefore, HTTP uses asymmetric encryption when establishing a communication line. After the connection is established, the shared key (symmetric encryption) is then used for encryption and decryption.
For authentication, HTTPS is based on a third-party certification authority to obtain authentication. The recognized certificate, therefore, can verify whether the server is legitimate.
On the client side, you need to purchase the certification certificate yourself, which is very difficult to implement [Certificate requires money].
Therefore, even if most websites use form authentication, this is the most widely used client authentication.

Interview language organization:
1. HTTP + SSL/TLS == HTTPS
2. Process: HTTPS uses a shared key (symmetric encryption) and asymmetric encryption for encryption. Since asymmetric encryption requires too many resources, it is impossible to communicate with asymmetric encryption all the time. Therefore, HTTP uses asymmetric encryption when establishing a communication line. After the connection is established, the shared key (symmetric encryption) is then used for encryption and decryption.