http protocol - http message

http message

1. The information used for HTTP protocol interaction is called HTTP message, the request message sent by the requester is called the request message, and the response message returned by the server is called the response message. HTTP messages generally consist of message headers, blank lines, and message bodies. Generally, there is no need to have a message body. The header of the request message and response message is generally composed of the request line (containing the method used for the request, the request URI and the HTTP version), the status line (containing the status code indicating the response result, the reason phrase and the http version.) The header field (Including various headers representing various conditions and attributes of requests and responses. Generally, there are 4 types of headers: general headers, request headers, response headers, and entity headers).

2. The message is the basic unit of http, which is composed of 8-bit byte stream. It is transmitted through http communication. The entity body is transmitted as the payload data of the request or response, and its content is composed of the entity header and the entity body. The HTTP message body is used to transmit the entity body of the request or response. Usually the message body is equal to the entity body, but the content of the entity body changes when the encoding operation is performed in the transmission. will be different from the body of the message. HTTP content encoding, including gzip (GNU zip), compress (standard compression on unix systems), deflate (zlib), identity (no encoding). In the process of HTTP communication, the requested resource is too large. By dividing the data into multiple blocks, the browser can gradually display the page, which is called block transfer encoding. When using a multi-part object collection in an http message, you need to add content-type to the header field. If there is a network interruption during the download process, when http obtains a partial range request, the header field Range is used to specify the byte range of the resource.

3. The content negotiation mechanism means that the client and the server negotiate the content of the resource in response, and then provide the most suitable resource to the client. The content negotiation will use the language, character set, and encoding method of the response resource as the benchmark for judgment. Contains some header fields in the request message, including benchmarks such as (Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Language). There are three types of content negotiation mechanisms: server-driven negotiation, client-driven negotiation, and transparent negotiation.

Status code of the returned result

The responsibility of the status code is to describe the returned request result when the client sends a request to the server. With the help of the status code, the user can know whether the request is being processed normally on the server side or an error has occurred. Category: 1XX (informational status code, received request is being processed); 2XX (success status code, request processing completed); 3XX (redirect status code, additional action required to complete the request); 4XX (client error status code , the server cannot process the request); 5XX (server error status code, the server has an error processing the request).

1. 200 means OK, 204 (NO Content) means that the request is processed successfully, but the response body has no content; 206 Range request, the response message contains the content-Range specified range entity content.

2. The 3XX response result indicates that the browser needs to perform some special processing to correctly process the request. 301 indicates a permanent redirect, this status code indicates that the requested resource has been assigned a new URI, and the URI where the resource is now located should be used in the future. 302 Temporary redirection, indicating that the requested resource is assigned a new URI. This request uses the new URI of the resource, but the previous URI is still used for saving bookmarks. 303 indicates that another URI exists for the requested resource, and the GET request method is used to obtain the resource.

3. 4XX indicates that the response result indicates that the client is the cause of the error. 400 (indicates that there is a syntax error in the request message, and the content of the request needs to be changed); 401 (this status code indicates that the sent request needs to pass HTTP authentication.); 403 (this status code indicates that the access to the requested resource is rejected by the server side) , maybe there is no permission, or there is a problem with the permission); 404 (the resource cannot be found on the server)

4. There is a problem with the 5XX server itself, 500 (indicating that an error occurred on the server side when executing the request,) 503 (indicating that the server is overloaded or is being shut down for maintenance); 504 (gateway timeout)

web server

1. If a server hosts multiple domain names, the IP address of the domain name resolved through DNS is the same, so the host name or domain name URI must be completely specified in the Host header when sending an http request.

Second, the communication data forwarding procedures: gateways, agents, tunnels. A proxy is a forwarding application that acts as a middleman between the server and the client. Receive the request sent by the client and forward it to the server. At the same time, it also receives the response returned by the server and forwards it to the client. The proxy does not change the URI and sends it directly to the server holding the resource ahead. The via header field is appended when forwarding to mark the passing host information. Reasons for using a proxy server (using caching technology to reduce network bandwidth traffic, internal access control for specific websites, and obtaining access logs as the main purpose.), proxy benchmark classification: whether to cache, whether to modify packets. When the proxy forwards the response, the caching proxy will save a copy of the resource on the proxy server in advance. When the proxy receives the same request again, it can respond with the previous cached resource; the proxy that does not process the message is called a transparent proxy, and vice versa Called a non-transparent proxy. The working mechanism of the gateway is similar to that of the proxy, but the gateway can let the server provide non-http services. Use the gateway to provide communication security, and encrypt the communication line between the client and the gateway to improve security. For example, the gateway can be connected to the database, on the web shopping website, credit card settlement, the gateway can be linked with the credit card settlement system. The tunnel can establish a communication line with other servers, and then use encrypted means such as SSL to communicate. The tunnel itself will not parse the http request, and the request will be forwarded to the subsequent server as it is. The tunnel ends when the communicating parties are disconnected.

Third, save the cache of resources. A cache refers to a copy of a resource stored on the proxy server or client's local disk. Using the cache can reduce the access to the origin server, save the communication traffic and communication time. The validity period of the cache, confirm the validity of the resource to the source server, and if it is invalid, the cache server obtains the new resource from the source server. The client's cache is stored in a temporary network file, and if it fails, it is also retrieved from the server.

HTTP message header

1. In the request, the http message header consists of method, URI, HTTP version, and header fields; in the response, the http message header consists of three parts: HTTP version, status code, and HTTP header fields.

2. The http header field consists of the header field name and field value. Separated by ":". HTTP header fields are divided into four types according to their actual uses: general header fields (the messages used by both the request message and the response message), request header fields, which are used when the client sends the request message to the server. Field; response header field, the field used when sending a response message from the server to the client; entity header field (the header used for the entity part of the request and response message, supplemented with resource content update time and entity-related information)

3. Common header fields: 1. Operate the cache mechanism by specifying the instruction of Cache-Control , and the instruction parameter can be used for multiple instructions and connected. The available directives are differentiated by request and response. Request instruction (no-Cache parameter is none, force re-authentication to the origin server to prevent returning expired resources from the cache; no-store does not cache any content of the request or response; max-age=[seconds] The maximum value of the required response, max -stale=[seconds] can ignore receiving expired responses; min-fiesh=[seconds] expect the response to be valid within the specified time; only-if-cache get resources from the cache) response directives (public can provide responses to any party Cache, private only returns responses to specific users; no-cache confirms its validity before caching; no-store does not cache requests or response instructions; max-age=[seconds] The maximum age value of the response s-maxage=[seconds] The maximum value of the response from the public cache server) 2. Two functions of the Connection header field: control the header field that is no longer forwarded to the proxy (the parameter is the header field name). Manage persistent connections (the default is keep-alive, if the server wants to explicitly disconnect the connection value is close) 3. date The time and date when the http message was created. 4. Trailer will record the header fields after explaining the body of the message in advance. This header field can be used in the block transfer encoding of the http1.1 version. 5. Transfer-Encoding specifies the encoding method used when transmitting the main body of the message; 6. via tracks the request and response message transmission path between the client and the server. 7. warning informs the user of some cache-related warnings.

4. Request header field: The field used in the request message sent from the client to the server. 1. Accept notifies the server of the media types that the user agent can handle and the relative priority of the media types (text files text/html, text/css, text/plain, application/xml...; image files image/jpeg, image/ gif,image/png...;video files video/mpeg,video/quicktime...); To set the priority for the displayed media type, use q=(0-1) to indicate the weight, use ";" separated. 2. Accept-charset informs the server of the character set supported by the user agent and the priority of the character set. 3. Accept-Encoding informs the server of the content encoding supported by the user agent and the priority order of the content encoding. 4. Accept-Language informs the server of the set of natural languages ​​that the user agent can handle and its priority. 5. Authorzation is used to inform the server of the authentication information (certificate value) of the user agent. 6. The Expect client informs the server that it expects a certain behavior. If the server cannot achieve it, it will return an error of 417. 8. The form user agent informs the server of the user's email address. 9. Host is required. Tell the server the host name and port number where the requested resource is located, applicable to multiple domain names of one server. The hostname must be specified when the domain name is sent to the server that resolves to the ip address sent. 10. If-xxx is called a conditional request. After the server receives a conditional request, it will execute the request only when the condition is judged to be true. 11.Max-Forwards specifies the maximum number of servers that can pass through. When the value is 0, the server will no longer forward and return the response directly. 12. Range For requests that only need to obtain some resources, including the header field range can inform the server of the specified range of resources. 13. referer , the header field referer tells the server the URI of the original resource requested. 14. The TE informs the server of the transfer encoding format and relative priority that the client can process the response. 14. The user-agent will pass the browser and user agent information that created the request to the server.

5. Response header field: the field used by the server to return the response message to the client. 1. Accept-Ranges is used to inform the client whether the server can process range requests, so as to specify a range request from the server. Field value: bytes indicates that the range request can be processed, and none indicates that it cannot be processed. 2. Age tells the client how long ago the origin server created the response. The unit value of the field is seconds. 3. ETag informs the client of entity identification, which is a way to uniquely identify resources in the form of strings, and the server will assign an ETag value to each resource. When a resource is cached, it is assigned a unique identifier. 4. Loaction This header field directs the receiver of the response to a resource that is different from the location of the request URI. Basically, this field will match the 3xx: Redirection response to provide the redirected URI. 5. The proxy-Authenticate sends the authentication information required by the proxy server to the client. 6. Retry-After tells the client how long after the request should be sent again, with the status code 503 response or used together with 3xx, the field value can be the specific time or the number of seconds. 7. sever informs the client of the HTTP server application information installed on the current server, not only the software application name, but also the version number and optional options when the installation is enabled. 8. varyThe cache can be controlled, and the origin server will communicate to the proxy server instructions about how to use the local cache. After the proxy server receives it, if it is cached again, it will only return the cache to the request with the header field specified by vary in the request. Even if a request is sent to the same resource, the header field specified by vary must be re-fetched from the source server. . 9. www-Authenticate is used for HTTP access authentication. Informs the client of the authentication scheme and the challenge with parameter hints for accessing the request URI.

6. Entity header fields. Contains headers used by the entity part of request and response messages. 1. Allow is used to notify the client of all HTTP methods of the resource specified by the Request-URI that the client can support, (GET POST, etc.), when the server receives an unsupported HTTP method, it will return with the status code 405, and will also send all The supported HTTP methods are written to the Allow field and returned. 2. Content-Encoding informs the client server of the content encoding method selected for the main body of the entity. Content encoding refers to compression without losing entity information. There are four main types: gzip, compress, deflate, and identity. 3. Content-Language informs the client of the natural language used by the entity body. 4. The size of the main body of the content-Length entity. 5. The body of the content-Location message returns the URI corresponding to the resource. 6. content-MD5 A string of values ​​generated by the MD5 algorithm, the purpose is to check whether the message body remains intact during transmission and to confirm the arrival of the transmission. 7. The content-Range tells the client which part of the entity returned as a response conforms to the range request, in bytes. 8. The media type of the object in the content-Type entity body. 9. Expires will tell the client the date when the resource expires. After the cache server receives a response containing Expries, it will respond to the request with a cache, and a copy of the response is kept until the expires date. After the time is exceeded, it will request resources from the server. When the origin server does not want to cache, write the same field value as the header field Date in the header field. 10. Last-ModifiedThe last modification time of the resource.

7. The header field for the cookie service, 1. When the Set-Cookie server starts to manage the client state, it will inform various information in advance. The attribute NAME=VAULE gives the cookie the name and its value. expires = DATE The validity period of the cookie, if not specified, the default browser closes before. path = PATH Restricts the file directory to which the specified cookie is sent. domain = domain name. Do it to match the end. secure, restricts the web page to send cookies only when connected to HTTPS securely. HttpOnly is an extension function of cookies, so that js scripts cannot get cookies. The main purpose is to prevent the acquisition of cookie information by cross-site scripting attacks (xss, Cross-sitescripting). 2. cookie :status = enable   informs the server that when the client wants to obtain HTTP status management support, it will include the cookie obtained from the server in the request, and when multiple cookies are received, it will also be sent in the form of multiple cookies.

8. Other header fields. 1. X-Frame-Options belongs to the HTTP response header, which controls the display of website content in the Frame tag of other web sites. The main content is to prevent clickjacking (clickjacking) attacks. Field value: DENY Deny; SAMEORIGIN Only pages under the same origin domain name match permission. 2. X-XSS-Protection is a response header, which is a countermeasure against cross-site scripting attacks (xss), and is suitable for controlling the switch of the browser's xss protection mechanism. Field value: 0 sets XSS filtering to invalid state, 1 sets XSS filtering to valid state. 3. DNT is a request header. Do not Tack refuses the collection of personal information, which means that it refuses to be tracked by precise advertisements. 0 agrees to be tracked, 1 refuses to be tracked. 4. P3P belongs to the HTTP response header. Through the use of p3p (online privacy preference platform) technology, the personal privacy of web sites can be turned into a form that can only be understood by the program, which has achieved the purpose of protecting privacy.

Guess you like