COSC 4351: 1.3 HTTP
An HTTP request and HTTP response are both composed of four parts:
1. Status line 2. Zero or more header fields 3. Empty line 4. Optional message body
What is Step 1 in an HTTPS transaction?
Browser requests an HTTPS connection to a web page.
User-Agent
Identifies the browser making the request. Browsers often identify themselves using a unique string of characters. The User-Agent field may be used by a web sever to respond back with different resources depending on which browser made the request. EX: A desktop page may be sent back to a desktop Chrome browser, but a mobile web page may be sent back to an iPhone browser.
Content-type
Media type of the response's message body. - Common media types: text/css, image/jpeg, application/pdf, video/quicktime
HEAD
Request a response identical to GET but without the response body.
PUT
Request the web sever accept the message body enclosed in the request as a modification of an existing resource
301
Status Phrase: Moved Permanently Meaning: The resource should always be requested at a different URL
What is Step 3 in an HTTPS transaction?
The browser and web server initiate an "SSL handshake"
What is Step 4 in an HTTPS transaction?
The browser and web sever transmit encrypted information.
Host
The domain name for the requested path. - Some websites are hosted at the same IP address, so the host field helps the web sever determine which website's resource is being requested.
What happens before HTTP communication beings?
The web browser extracts the domain name from the URL being accessed and preforms a DNS lookup.
What is Step 2 in an HTTPS transaction?
Web server sends digital certificate to the browser.
Do browsers use ETags to aid in caching web resources?
Yes
Does caching web content, do browsers reduce the amount of network traffic required to display previously visited web pages?
Yes
In step 4 of HTTPS transaction, can encrypted information only be decrypted by the browser and web server?
Yes
When the resource changes, should the Tag associated with the resource change too?
Yes
Would the browser warn the user if the digital certificate is not from a trusted certificate authority?
Yes
browser cache
an area on the computer's disk where web content can be stored by the web browser for quick retrieval later.
What must the URL start with in Step 1 in HTTPS transaction?
https://
What does the browser and web server use the SSL handshake for?
to generate session keys used to encrypt and decrypt information
browser redirect
when the web sever returns a 201 or 302 status code with a Location header indicating the URL the browser should load next.
Where can the HTTP header field If-None-Match be found? A. HTTP request B. HTTP response
A. HTTP request The browser sends the If-None-Match header field with the ETag to the web server in the HTTP request.
Last-Modified
Datetime the requested resource was last modified on the web sever. - For resources that are dynamically created by the web sever, the last modified date time is often not provided
Date
Datetime the response was generated by the web sever. - Datatime values in HTTP headers are represented in GMT, which is equal to UTC
network sniffer
is software that monitors network traffic and allows users to inspect HTTP requests and responses.
Linkrot
is the general name for once valid links that now return 404 status codes
Content-length
number of bytes in the response's message body. - The web server uses the content length to determine how much data to expect from the web sever
GET
request a representation of the specified resource
HTTP functions as a ___ - ___ protocol between _______ and ____.
request-response web browsers web severs
DNS lookup
sends the domain name to the local DNS and receives the IP address of the web sever hosting the domain name.
Where does the web sever send back the requested resource in?
the message body of the response
How many total HTTP requests does a browser send for a web page that does not use any other web resources? A. 1 B. 2 C. 3
A. 1 Only one HTTP request is made for the HTML file.
In HTTP requests and responses, what number is this step: Web browser does a DNS lookup of the domain name and makes a TCP connection. - TCP connection
1
In HTTP requests and responses, what number is this step: HTTP request is made asking for resource at http://w3c.org/test.html. - HTTP request test.html
2
In HTTP requests and responses, what number is this step: Web server locates test.html file and sends the contents of test.html to the browser - HTTP response <html>
3
When a user types or clicks on a short URL, the URL shortening service responds with a ______ status code and a Location header with the web page's full URL.
301
In HTTP requests and responses, what number is this step: Browser parses HTML and makes second request for http://w3c.org/field.jpg. - HTTP request field.jpg
4
In HTTP requests and responses, what number is this step: Web server locates field.jpg and sends the image to the browser. The browser then displays the field.jpg image. -HTTP response [image]
5
In HTTP requests and responses, what number is this step: No more resources to request, so TCP connection is closed.
6 Last step
URL shortening
A technique to create shorter URLs that redirect to longer URLs.
digital certificate
A website wanting to use HTTPS must acquire these. They are issued by a trusted certificate authority
Which status code is sent when the web server wants to redirect the browser to a different URL? A. 200 B. 301 or 302 C. 403
B. 301 or 302 301 and 302 status codes are always accompanied by a Location header that indicates the new URL that the browser should access. Ex: "Location: http://w3c.org/new-location.html". 302 status codes are for URLs that may not redirect in the future.
Which status code is sent when the web server compares the cached ETag with the server's ETag for a requested web resource, and the two ETags are identical? A. 200 B. 304 C. 403
B. 304 When the ETags are equal, the web browser has an up-to-date cached copy of the web resource.
Which request method is used by the browser to get the same response headers that a GET would generate but without the message body? A. GET B. HEAD C. PUT
B. HEAD only requests the response headers
If a web browser sends 20 HTTP requests to a web server, how many HTTP responses will the web server send to the web browser? A. 0 B. 10 C. 20
C. 20 Every HTTP request results in a single HTTP response.
Which status code is sent when the web server is denied permission to the requested URL? A. 301 B. 304 C. 403
C. 403 404 frequently occurs when the URL corresponds to a directory that does not have directory listing permissions or a file that doesn't have read permissions
Which status code is sent when the requested URL does not point to an existing resource on the web server? A. 200 B. 301 C. 404
C. 404 404 can occur when the user mistypes a URL, a URL for a resource has changed, or a resource has been removed
How many total HTTP requests does a browser send for a web page that contains four web resources: an image, a video, a CSS style sheet, and a JavaScript file? A. 1 B. 4 C. 5
C. 5 One HTTP request is made for the HTML file, and one request is made for each resource.
Before a TCP connection is created, the web browser performs a/an A. HTTP request B. HTTP response C. DNS lookup
C. DNS lookup The browser performs DNS lookup so the browser can establish a TCP connection with the web sever
What HTTP header field is used to make a conditional request using a datetime? A. If-None-Match B. Last-Modified C. If-Modified-Since
C. If-Modified-Since The If-Modified-Since header field is used with the Last-Modified datetime to request that the web server send the requested resource if the resource has changed since the specified time. Ex: "If-Modified-Since: Wed, 01 Sep 2014 13:24:52 GMT" asks the web server to send the resource if the resource was modified after Sept 1, 2014 at 13:24:52 GMT.
Which request method is used by the browser to submit web form data to the web server? A. GET B. PUT C. POST
C. POST POST is the request method most often used to submit web form data to the web server.
Do web servers always generate ETags for all web resources?
ETags are not often produced for dynamic web content.
Does a 304 response generally contain a message body? Yes No
No 304 indicates the cached content is up to date, so resending the same content to the browser is unnecessary
POST
Request the web sever accept the message body enclosed in the request as a new resource
DELETE
Request the web sever delete the existing resource
Which part is the web sever able to identify the requested resource from the path?
Status line
403
Status phrase: Forbidden Meaning: The web server does not have permission to access the resource.
302
Status phrase: Found Meaning: The resource should temporarily be requested at a different URL
500
Status phrase: Internal Server Error Meaning: Something unexpected happened on the web server
404
Status phrase: Not Found Meaning: The resource could not be located.
304
Status phrase: Not Modified Meaning: The resource has not been modified since the last time the resource was requested
200
Status phrase: OK Meaning: Standard response for a successful request
Sever
identifies the web sever software that generated the response. - popular values for it: Apache, Microsoft-IIS, nginx
Request method
indicates the desired action to perform on a resource.
status code
is a 3 digit number that indicates the status of the requested resource
HTTP Request
is a message sent from the web browser to the web sever. Often the request asks the web sever to send back a web resource like an HTML file, image, CSS style sheet, JavaScript file, or a video.
HTTP Response
is a message sent from the web server back to the web browser in repose to an HTTP request. Often the response contains the requested web resource.
hypertext transfer protocol HTTP
is a networking protocol that runs over TCP/IP and governed communication between web browsers and web severs
Transmission Control Protocol/Internet Protocol (TCP/IP)
is a protocol suite that governs how packets of data are transferred over the internet from one machine to another.
HTTPS
is a protocol the encrypts HTTP traffic between a browser and web sever so a network sniffer cannot intercept sensitive information in the HTTP traffic like passwords, credit card numbers, financial transactions, etc.
Certificate authority
is a trusted entity that gives out digital certificates, which contains a public key needed to encrypt data between the browser and web sever
entity tage (ETag)
is an identifier for a specific version of a web resource. Ex: 34905a3e285dd11