http Network Agreement

Others 2019-08-01 08:04:15 views: null

Transfer: https://blog.csdn.net/gueter/article/details/1524447

introduction

HTTP is a protocol belonging to the object-oriented application layer, due to its simple, fast way for distributed hypermedia information system. It is proposed in 1990, after several years of use and development, has been continuously improved and expanded. Currently used in the WWW is the sixth version of the HTTP / 1.0, the standardization work underway in HTTP / 1.1, and HTTP-NG (Next Generation of HTTP ) recommendations have been proposed.
The main features of the HTTP protocol can be summarized as follows:
1. Support the client / server model.
2. simple and fast: a customer service request to the server, instead of sending the request method and path. Request method commonly used GET, HEAD, POST. Each method provides a different type of client contacts the server. Due to the simple HTTP protocol, HTTP server makes the program a small scale, so the communication is very fast.
3. Flexible: HTTP allows the transmission of any type of data object. It is the type of transmission being marked by Content-Type.
4. No connection: Meaning No limitation is attached only one request per connection. After the server processes client requests and receives the customer's response, i.e., disconnected. In this way it can save transmission time.
5. stateless: HTTP protocol is stateless protocol. No state is no protocol for transaction processing and memory. If the lack of state means that the subsequent processing required in front of the information, it must be retransmitted, which may result in the amount of data transmitted for each connection is increased. On the other hand, when it does not require previous information in response to a faster server.

 

A, HTTP protocol detailed the URL of the article

    http (hypertext transfer protocol) is based on a request response mode, stateless, application layer protocols, often based on the TCP connection, the HTTP1.1 release mechanism is given continuously connected, most Web development, Web applications are built on top of the HTTP protocol.

HTTP URL (URL is a special type of URI, contains enough information for finding a resource) in the following format:
HTTP: // Host [ ":" Port] [abs_path ]
HTTP: expressed through the HTTP protocol to locate network resources;

host: defining a legal Internet host domain name or IP address;

port: Specifies a port number, then the default is empty port 80;

abs_path: Specifies the URI of the requested resource;

If the URL is not given abs_path, then when it as a request URI, must be given to "/" form, usually the job browser automatically help us to complete.

1, input: www.guet.edu.cn   automatically converted to : http: //www.guet.edu.cn/

2、http:192.168.0.116:8080/index.jsp 

 

Two, HTTP protocol detailed articles of the request

    http request consists of three parts, namely: a request line, header message, request body

1, the method begins with a request line symbol, separated by spaces, URI, and the protocol followed by the requested version, the following format: Method Request-URI HTTP-Version   CRLF
wherein represents Method request method; Request-URI is a Uniform Resource Identifier ; HTTP-version represents the HTTP protocol version request; CRLF represents carriage return and linefeed (CRLF as the end of the addition, does not allow a separate character CR or LF).

Request method (all methods all uppercase) There are various methods of interpretation of each follows:
the GET request to obtain the resource identified by the Request-URI
POST data after adding a new resource identified by the Request-URI
HEAD request acquired by the Request-URI response message reported resource identified by the first
PUT request the server to store a resource, and its identity with request-URI as a
dELETE request server delete the resource the request-URI identified
TRACE request server returns a request received information, mainly for testing or diagnostic
CONNECT reserved for future use
oPTIONS request to query the server's performance, or other relevant resource needs and options
application example:
gET method: when you access the page enter the URL address bar of your browser, the browser uses gET method to get resources to the server, eg: GET /form.html HTTP / 1.1 ( CRLF)

POST method requires the server to accept the requested data back attached to the request, to submit the form used.
EG: the POST /reg.jsp the HTTP / (CRLF)
the Accept: Image / GIF, Image / X-Xbit, ... (CRLF)
...
the HOST: www.guet.edu.cn (CRLF)
the Content-the Length: 22 is (CRLF)
Connection: the Keep-Alive (CRLF)
Cache-Control: NO-Cache (CRLF)
(CRLF) // the CRLF represents the message header over, before the message header
user = jeffrey & pwd = 1234 // visit the following data submitted

HEAD method and the GET method is almost the same for the response part HEAD request, its HTTP header information contained in the GET request and information obtained is the same. With this method, without transferring the resource content, resource information can be obtained is identified by the Request-URI. The method used to test the effectiveness of a hyperlink, you can access, and whether a recent update.
2, after said request header
3, request body (omitted) 

 

Three, HTTP protocol detailed response to the article

    After receiving and interpreting a request message, the server returns a HTTP response message.

HTTP response is composed of three parts, namely: a status line, the message header, the response body
1, the status line in the following format:
HTTP-Version the Status-Code Reason-Phrase CRLF
wherein, HTTP-Version indicates a version of the server HTTP protocol; Status -Code represents the server sends back the response status code; Reason-Phrase represent text description of the status code.
Status code has three numbers, the first number in response to the defined categories, and there are five possible values:
1xx: indication information - indicates a request has been received, processing continues
2xx: Success - indicates that the request has been successfully received, understand, accept
3xx: redirection - to fulfill the request must go a step further
4xx: client error - the request has a syntax error or a request can not be achieved
5xx: server-side error - the server failed to achieve a legitimate request
common status codes , state description, description:
200 the OK // client request was successful
400 Bad request // client requests a syntax error, can not be understood by the server
401 unauthorized // request is not authorized, the status code must WWW-Authenticate header field used with 
403 Forbidden // server receives the request, but refused to provide service
404 not Found // requested resource does not exist, eg: enter the wrong the URL of
500 Internal server error // server goes unexpected errors
503 server unavailable // server currently can not handle the client's request, may return to normal after a period of time
eg:HTTP/1.1 200 OK (CRLF)

2, in response to said header

3, the response body is returned by the server resource content 

 

Detailed Four, HTTP protocol message headers papers

    HTTP request message from the client to the server and the server to the client in response to the composition. Request and response messages are a start line (request message, the request line is the starting line, a response message, a status line is the starting line), the message header (optional), a blank line (CRLF line only), the message body (optional) components.

HTTP message header includes common header, a request header, response header, the header entity.
Each header field is a name + ":" + space + value composition, the name of a message header fields are case insensitive.

1, general header
in an ordinary header, header field for a small number of all request and response messages, but not for the entity to be transmitted only for message transmission.
EG:
the Cache-Control command is used to specify a cache, the instruction cache is unidirectional (buffer command response will not necessarily appear in the request), and a separate instruction cache (not affect a message to another message handling caching mechanism), similar to the header field HTTP1.0 use of Pragma.
Cache instruction request includes: no-cache (for indicating a request or response message can not cache), no-store, max- age, max-stale, min-fresh, only-if-cached;
cache instruction response comprises : public, Private, cache-NO, NO-Store, the Transform-NO, the MUST-revalidate, Proxy-revalidate, maxage, S-maxage.
EG: to indicate the IE browser (client) do not cache pages, server-side JSP program can be written as follows: response.sehHeader ( "the Cache-Control", "Cache-NO");
//response.setHeader("Pragma","no-cache "); action corresponding to the above code, usually both / / combination of
this code will be provided in the common header field in the response message sent: Cache-Control: no-cache


Date common header field indicates the date and time of message generation

Connection ordinary header field allows the sending options specified connection. For example, a continuous connection is specified, or designated "close" option, notification server, when the response is completed, close the connection

2, request header
request header to allow the client to the server with the requested information additional information about itself and the client.
Common request header
the Accept
the Accept request header field is used to specify what type of information the client accepted. eg: Accept: image / gif, indicates that the client wishes to receive resources GIF image format; Accept: text / html, indicates that the client wishes to accept html text.
The Charset-the Accept
the Accept the Charset request-header field is used to specify the character sets accepted by the client. eg: Accept-Charset:. iso -8859-1, gb2312 If this field is not set in the request message, the default character set can be any acceptable.
-Encoding the Accept
the Accept-Encoding request header field is similar to Accept, but it is acceptable for specifying content encoding. eg: Accept-Encoding:. gzip.deflate If the request is not set this field to the message server assumes that the client for encoding various contents are acceptable.
Language-the Accept
the Accept-Language request header field similar to Accept, but it is used to specify a natural language. eg: Accept-Language:. zh -cn If the request is not set in the message header field, the server assumes that the client can accept a variety of languages.
The Authorization
the Authorization request header field is mainly used to prove the client has permission to view a resource. When a browser to access a page, if the server receives a response code of 401 (unauthorized), may send a request Authorization request header field contains, it requires the server to be verified.
Host (transmission request, the header field is required)
Host request header field is mainly used to specify the requested resource Internet host and port number, which is usually extracted from the HTTP URL, eg:
we enter in the browser: http://www.guet.edu.cn/index .html
request message sent by the browser, will contain Host request header field, as follows:
Host: www.guet.edu.cn
used herein default port number 80, if a port number is specified, then becomes: Host: www.guet.edu.cn : specify the port number
User-Agent
we landed Internet forums, you often will see some welcome message, which lists the name and version of your operating system, the name of the browser you are using and versions, which often makes a lot of people feel very magical, in fact, is to get the server application from the User-Agent header field to the request information. User-Agent request header field allows the client to its operating system, browser, and other attribute tells the server. However, the header field is not required, if you write a browser ourselves, do not use User-Agent request header field, then the server will not know our message.
Examples request header:
the GET /form.html the HTTP / 1.1 (CRLF)
the Accept: Image / GIF, Image / X-xbitmap, Image / JPEG, file application / X-Shockwave-Flash, file application / vnd.ms-Excel, file application / VND Powerpoint-.ms, the Application / msword, * / * (CRLF)
the Accept-Language: zh-CN (CRLF)
Accept-Encoding:gzip,deflate (CRLF)
If-Modified-Since:Wed,05 Jan 2007 11:21:25 GMT (CRLF)
If-None-Match:W/"80b1a4c018f3c41:8317" (CRLF)
User-Agent:Mozilla/4.0(compatible;MSIE6.0;Windows NT 5.0) (CRLF)
Host:www.guet.edu.cn (CRLF)
Connection:Keep-Alive (CRLF)
(CRLF)

3, response header
response headers can not allow the server to pass on the additional information in response to a status line, and information and information about the server to a resource identified by the Request-URI to access the next step.
Common response header
the Location
the Location response header field receiver for redirecting to a new location. Location response header field used to replace the domain name in time.
Server
Server response header field contains server software to process the information request. Header field is the User-Agent request corresponds. The following is
an example Server response header field:
Server: the Apache-Coyote / 1.1
the WWW-the Authenticate
the WWW-the Authenticate response header field must be included in 401 (unauthorized) response message, the client receives the 401 response message time, and Authorization header field when sending the request the server to be verified, the server response header contains the header fields.
eg: WWW-Authenticate: Basic realm = "! Basic Auth Test" // server can be seen on the requested resource uses basic authentication mechanism.


4, the entity header of
the request and a response message may be transmitted entity. An entity by the entity header field, and entity body composition, but does not mean that the entity header fields and entities to send the text to be together, you can send only entity header field. Entity headers defined on the entity body: meta-information resources (eg whether the entity body) and request identified.
Common entity header of
the Content-Encoding
the Content-Encoding entity header field is used as a media type modifiers, and a value indicating the coding has been applied to the entity body of the additional content, thus to obtain the referenced Content-Type header field media type, the corresponding decoding mechanism must be used. Content-Encoding compression method for recording such a document, EG: Content-Encoding: gzip
Content-Language
Content-Language entity header field describes the natural language resources used. This field is not set is considered an entity content will be available to all languages read
by. EG: the Content-Language: DA
the Content-the Length
the Content-entity the Length header field for indicating the length of the entity body of the decimal number is stored in bytes to represent.
The Type-the Content
the Content-term the Type header field indicates the entity to a recipient entity body of the media type. EG:
the Content-the Type: text / HTML; charset = the ISO-8859-1
the Content-the Type: text / HTML; charset = GB2312
Last-Modified
Last-Modified entity header field for the last modified date and time indication of resources.
Expires
Expires entity header field gives the date and time response expired. In order for a proxy server or browser updates the cache after a period of time (when accessing the page was visited again, loaded directly from the cache, faster response times and reduce server load) of the page, we can use Expires entity header fields specified page time expired. EG: the Expires: Thu, 15 Sep 2006 16:23:12 GMT
HTTP1.1 the client and the cache must be other illegal date format (including zero) considered to have expired. eg: In order for the browser not to cache pages, we can also use Expires entity header fields, set to 0, jsp program as follows: response.setDateHeader ( "Expires", " 0");

 

Fifth, use telnet to observe the communication process http protocol

    Experimental Objective and Principle:
    using MS telnet facility, by manual input mode http request information, request to the server, the server receives, interprets, and after receiving the request, returns a response that will be displayed on the telnet window, whereby deepen the understanding of the communication process from the http protocol sensibility.

    Experimental Procedure:

1. Open telnet
1.1 open telnet
run -> cmd -> telnet

1.2 Open telnet echoing
set localecho

2, the connection server sends a request and
2.1 Open  www.guet.edu.cn  80 // Note that the port number can not be omitted

    The HTTP /index.asp the HEAD / 1.0
    the Host: www.guet.edu.cn
    
   / * we can transform the request method, the content of the request Guilin home electronics, as the input message * /
    Open  www.guet.edu.cn  80 
   
    the GET /index.asp HTTP / 1.0 // request content resources
    Host: www.guet.edu.cn  

Open 2.2  www.sina.com.cn  80 // input directly at the command prompt Telnet  www.sina.com.cn  80
    the HEAD /index.asp the HTTP / 1.0
    the Host: www.sina.com.cn
 

3 results:

3.1 2.1 request response information is obtained:

HTTP/1.1 200 OK                                              //请求成功
Server: Microsoft-IIS/5.0                                    //web服务器
Date: Thu,08 Mar 200707:17:51 GMT
Connection: Keep-Alive                                 
Content-Length: 23330
Content-Type: text/html
Expries: Thu,08 Mar 2007 07:16:51 GMT
Set-Cookie: ASPSESSIONIDQAQBQQQB=BEJCDGKADEDJKLKKAJEOIMMH; path=/
Cache-control: private

// resource content omitted

3.2 2.2 request response information is obtained:

HTTP/1.0 404 Not Found       //请求失败
Date: Thu, 08 Mar 2007 07:50:50 GMT
Server: Apache/2.0.54 <Unix>
Last-Modified: Thu, 30 Nov 2006 11:35:41 GMT
ETag: "6277a-415-e7c76980"
Accept-Ranges: bytes
X-Powered-By: mod_xlayout_jh/0.0.1vhs.markII.remix
Vary: Accept-Encoding
Content-Type: text/html
X-Cache: MISS from zjm152-78.sina.com.cn
Via: 1.0 zjm152-78.sina.com.cn:80<squid/2.6.STABLES-20061207>
X-Cache: MISS from th-143.sina.com.cn
Connection: close

 

Note 4: 1, input error, the request will not be successful.
          2, header fields are not case sensitive.
          3, deeper understanding of the HTTP protocol, you can see RFC2616, in http://www.letf.org/rfc find the file on.
          4, developers must master daemon http protocol

Six, HTTP protocol related technologies complement

    1, base:
    high-level protocols include: file transfer protocol FTP, e-mail transfer protocol SMTP, DNS service DNS, Network News Transfer Protocol NNTP and HTTP protocol
intermediary of three ways: agent (Proxy), Gateway (Gateway) and channels ( tunnel), an agent to accept the request based on the absolute URI format, rewriting all or part of a message, the transmission has been formatted request to the server identified by the URI. A gateway is a receiving agent, as a number of other servers upper layer, and if necessary, the request can be translated to the underlying server protocol. A channel does not change the message as a relay point between two connections. When required by an intermediary communication: when the agency does not recognize either the message content (e.g., firewall, etc.), channels are often used.
     Proxy (Proxy): an intermediate program, it can act as a server, can also act as a client, a request to establish for other clients. The request is passed through the inside or to other servers via possible translations. Acting before sending a request message must be interpreted and, if possible rewrite it. Is often used as a proxy request through the firewall client-side portal, the agent can also serve as a helper application to the agent has not been completed by the user protocol processing.
Gateway (Gateway): one other intermediary server as server. The difference is that the proxy gateway receives requests as if it is the source server for the requested resource; the requesting client did not realize it at dealing with the gateway.
As is often the gateway server through a firewall gateway, the gateway can also be used as a protocol translator in order to access those resources stored in a non-HTTP systems.
    Channel (Tunnel): the relay connector as two intermediary program. Once activated, the channel will be deemed not to belong to the HTTP communication, though the channel may be initiated by an HTTP request. When the relay connection is closed at both ends, the channel disappears. When a portal (Portal) must exist or intermediary (Intermediary) can not explain the relay communication channels are frequently used.

2, protocol analysis of the advantages -HTTP analyzer detects network attacks
in a modular way to analyze and process high-level protocol, will be the future direction of intrusion detection.
HTTP proxy and the common port 80,3128 and 8080 in the network part of the port by a predetermined tag

. 3, HTTP protocol Content Lenth limits vulnerability to cause denial of service attack
using the POST method, the data may be provided to define the length ContentLenth to be transmitted, e.g. ContentLenth: 999999999, before the transfer is complete, the memory will not be released, an attacker could exploit this flaw, continuous transmission of junk data to the WEB server WEB server until memory is exhausted. This attack method is basically not leave marks.
http://www.cnpaf.net/Class/HTTP/0532918532667330.html

. 4, using a feature of HTTP protocol denial of service attacks some concepts of
the server is busy processing an attacker to forge a TCP connection request to ignore the customer's normal request flawless ( after all, the client's normal request rate is very small), this time from the normal customer's point of view, the server freezes, we call this situation: the server has been SYNFlood attack (SYN flood attack).
The Smurf, TearDrop and so is the use of ICMP packets to IP Flood and debris attacks. This paper to create a denial of service attack method "normal connection".
In the early 19 port has already been used to make Chargen attack that Chargen_Denial_of_Service, but! The method they use is generated between two Chargen server UDP connections, let the server handle too much information DOWN out, then kill a WEB server must have two conditions: 1. 2. HTTP service has Chargen service
Method: An attacker to forge source IP N Chargen station transmits a connection request (Connect), Chargen receives 72 bytes per second would return the connection character stream (in fact, according to actual network situation, this faster) to the server.

5, Http fingerprint recognition technology
   Http fingerprint recognition principle is generally the same: to record different servers Http protocol execution minor differences fingerprint identification .Http than TCP / IP stack fingerprinting many complex grounds that the custom Http Server profile, adding plug-ins or components for the changes Http response information becomes very easy, which makes identification difficult change; however, a custom TCP / IP stack behavior needs to be modified core layer, so it is easy to identify.
      for the server returns different Banner set of information is very simple, such as Apache's open source Http server, the user can modify the source code information Banner, and then restart Http service will take effect; for Http server is not open-source such as Microsoft the IIS or Netscape, you can modify the information stored Banner Dll document, related articles have discussed, not repeat them here, of course, such a modification of the effect is good. Another fuzzy Banner information is to use a plug-in .
Common test request:
. 1: the HEAD / Http / 1.0 Http request sent basic
2: DELETE / Http / 1.0 that sent the request is not allowed, such as Delete Request
3: GET / Http / 3.0 to send a protocol request Http illegal version
4 : GET / JUNK / 1.0 specification sends an incorrect protocol request Http
Http Httprint fingerprinting tools, which through the use of statistical theory, a combination of the fuzzy logic techniques can be very effective in determining the type of server Http it can be used. Http different signature collection and analysis generated by the server.

6, Other: In order to improve performance when users use a browser, modern browsers also support concurrent access methods, establish a web page when browsing multiple simultaneous connections to quickly get multiple icons on a web page, this can more quickly complete transfer the entire page.
HTTP1.1 provided in this way continuously connected, and the next generation of HTTP protocol: HTTP-NG adds about session control, support for rich content and other forms of consultation, to provide a
connection more efficient.

Guess you like

Origin www.cnblogs.com/xuedu/p/11256141.html
Recommended
Arc Browser for Windows 1.0 officially GA
A programmer born in the 1990s developed a video porting software and made over 7 million in less than a year. The ending was very punishing!
Ranking
1. Select Sort
Create a thread thread
3 press to play ball that reach 6
Programmation CUDA (4) : gestion de la mémoire
SpringBoot database connection pool Druid error
E Diudiu App redesign summary
4EVERLAND Hosting now supports SNS+IPFS
About HTTPS
[vue3+vite+ts+element-plu+sass] uses bug records in sass
Interpretation of HUAWEI CLOUD GaussDB (for Influx): Best Practice Data Modeling
Daily
More
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)

Code World

© 2018 codetd.com