Introduction to HTTP/HTTPS
The HTTP protocol is the abbreviation of Hyper Text Transfer Protocol (Hypertext Transfer Protocol), which is a transfer protocol for transferring hypertext from a World Wide Web (WWW: World Wide Web) server to a local browser.
HTTP is a communication protocol based on TCP/IP to transfer data (HTML files, image files, query results, etc.).
The HTTPS protocol is the abbreviation of HyperText Transfer Protocol Secure (Hypertext Transfer Protocol Secure), which is a transmission protocol for secure communication through a computer network.
HTTPS communicates via HTTP, but uses SSL/TLS to encrypt data packets. The main purpose of HTTPS development is to provide identity authentication to website servers and protect the privacy and integrity of exchanged data.
HTTP URLs start with http:// and use port 80 by default , while HTTPS URLs start with https:// and use port 443 by default .
How HTTP works
The HTTP protocol works on a client-server architecture.
As an HTTP client, the browser sends all requests to the HTTP server, namely the WEB server, through the URL.
Web servers include: Apache server, IIS server (Internet Information Services), etc.
The web server sends response information to the client according to the received request.
The default HTTP port number is 80, but you can also change it to 8080 or other ports.
Three points to note about HTTP:
-
HTTP is connectionless: The meaning of connectionless is to limit each connection to only process one request. After the server processes the client's request and receives the client's response, it disconnects. This method can save transmission time.
-
HTTP is media-independent: this means that any type of data can be sent over HTTP as long as the client and server know how to handle the content of the data, and both the client and the server specify the content-type using the appropriate MIME-type.
-
HTTP is stateless: The HTTP protocol is a stateless protocol. Stateless means that the protocol has no memory for transaction processing. The lack of state means that if subsequent processing requires previous information, it must be retransmitted, which may result in The amount of data increases and, on the other hand, the server responds faster when it does not need previous information.
The following diagram shows the HTTP protocol communication flow:
HTTPS role
The primary role of HTTPS is to create a secure channel over an insecure network and provide reasonable protection against eavesdropping and man-in-the-middle attacks when properly encrypted packages are used and the server certificate can be verified and trusted.
The trust of HTTPS is based on the certificate authority (CA) pre-installed in the operating system.
Therefore, an HTTPS connection to a website can only be trusted under these circumstances:
- The browser correctly implements HTTPS and a correct and trusted certificate authority is installed in the operating system;
- Certificate Authorities only trust legitimate websites;
- The website being visited presents a valid certificate, i.e. it is issued by a certificate authority trusted by the operating system (most browsers will warn about invalid certificates);
- The certificate correctly authenticates the visited website (for example, when visiting https://www.runoob.com , you receive a certificate issued to www.runoob.com instead of other domain names);
- The encryption layer (SSL/TLS) of this protocol can effectively provide authentication and high-strength encryption.
Browsers such as Google Chrome, Internet Explorer, and Firefox warn you when a website contains a mixture of encrypted and unencrypted content.
HTTP links show as insecure:
HTTPS links appear secure:
HTTP message structure
HTTP is based on the client/server (C/S) architecture model, which exchanges information through a reliable link and is a stateless request/response protocol.
An HTTP "client" is an application (web browser or any other client) that connects to a server for the purpose of sending one or more HTTP requests to the server.
An HTTP "server" is also an application program (usually a Web service, such as Apache Web server or IIS server, etc.), by receiving client requests and sending HTTP response data to the client.
HTTP uses Uniform Resource Identifiers (Uniform Resource Identifiers, URI) to transfer data and establish connections.
Once the connection is established, data messages are sent in a format similar to that used by Internet mail [RFC5322] and Multipurpose Internet Mail Extensions (MIME) [RFC2045].
client request message
The request message that the client sends an HTTP request to the server includes the following format: request line (request line), request header (header), blank line and request data. The following figure shows the general format of the request message .
server response message
The HTTP response also consists of four parts, namely: status line, message header, blank line, and response body.
example
The following example is a typical example of using GET to transfer data:
Client request:
GET /hello.txt HTTP/1.1 User-Agent: curl/7.16.3 libcurl/7.16.3 OpenSSL/0.9.7l zlib/1.2.3 Host: www.example.com Accept-Language: en, mi
Server response:
HTTP/1.1 200 OK Date: Mon, 27 Jul 2009 12:28:53 GMT Server: Apache Last-Modified: Wed, 22 Jul 2009 19:15:56 GMT ETag: "34aa387-d-1568eb00" Accept-Ranges: bytes Content-Length: 51 Vary: Accept-Encoding Content-Type: text/plain
Output result:
Hello World! My payload includes a trailing CRLF.