Web Servers and Hypertext Transfer Protocol
additional functionality found in HTTP version 1.1
Much of the additional functionality found in HTTP version 1.1 is to support caching.
MIME
Multimedia Internet Mail Extensions (MIME) was developed for e-mail to indicate the type of content being sent as an attachment. Rather than invent something new, the HTTP developers use MIME to indicate content type in HTTP. Since MIME is no longer specific to e-mail, its name is no longer appropriate, so we call it "MIME" now
Partial GETs. It indicates the portion of the file it wants with a Range: header, such as:
Range: bytes=1-1024 The server responds with only that portion of the file and uses a 206 (Partial Content) status code
These http methods allow for the copying/moving of files, setting/changing file properties, and the locking/unlocking of files for editing and modification
COPY MOVE MKCOL PROPPATCH PROPFIND LOCK UNLOCK
400 series
Client Error
Content Negotiation
Clients and browsers can negotiate for other aspects of content type. For example, a client can express its preference for JPG images instead of GIF images by using the Accept header Accept: image/jpg,image/png,image/gif
Content Coding
Clients and browsers can negotiate how the content is encoded. Currently, this means whether it's compressed and the compression method used. The Accept-Encoding: header is used by the client to tell the server what compression it's capable of dealing with Accept-Encoding: compress, gzip
start-up Apache
During start-up Apache will load various modules that determine how it will operate. Many apache web server derivatives
GET / HTTP/1.1 Host: www.alcpress.com User-agent: Mozilla/5.0... meaning
GET request header. the client seeks the content "/" (root). the server will return the "home page" for the Web site. The client indicates that it understands HTTP version 1.1. The Web site is specified in the second line of the request
Conditional GETs
GET requests can be made conditional based on the modification date and time of a server's file. Web browsers have caches that store recently accessed content. Browsers can save time and bandwidth by not asking servers for content that's already in its cache.
Viewing HTTP Information
Web Browsers do not normally display HTTP request and response headers. Developer tools in Google Chrome can be used to capture and display HTTP request and response headers
HTTP Caching
Web browsers and servers may communicate directly or they may have HTTP caches between them.
caching issues.
Web server administrators and Web content developers have control over how their sites deal with caching issues. One issue is how long certain content is allowed to be cached . It may be OK for a company logo to be cached for days or weeks because it is not expected to change often . It's probably not OK to allow, for example, stock prices to be cached for more than a few seconds
HTTP(Web) Clients
clients can be a variety of things: 1. graphical Web browser 2. Nongraphical browsers that can only render text 3. Text Only Browsers: Elinks and Lynx for Linux/Unix 4. Programs that automatically interact with a HTTP server without human intervention 5. Application programs that a user interacts with but has no idea that a Web server is supplying data behind the scenes
Caches are used so
content can be retrieved from a closer source, thus improving response time and reducing traffic on the Internet.
What would you do to determine if the WEBDAV COPY http extension method is enabled on a web server?
WEBDAV adds extensions to HTTP which can be used to read and write to documents on a web server from a web client. These http methods allow for the copying/moving of files, setting/changing file properties, and the locking/unlocking of files for editing and modification
200 series
Successful
GET first request line
specifies the content the client seeks
100 series
Informational
500 series
Server Error
DELETE Methods
A DELETE request allows a client to erase a file on the server. This is an obvious security risk. Apache doesn't normally support the DELETE method
PUT Methods
A PUT request allows a client to send a file to a server. The URL indicates the name of the file being sent. PUT requests should be handled carefully; they can be a significant security risk
TRACE Methods
A TRACE request allows a client to ask a server to loop back the request. The server will send the client's request back to the client. This is used for troubleshooting. Apache normally supports the TRACE method but some administrators consider it too risky and turn it off in Apache
Partial GETs
A client can request that only a portion of a file be sent
Status Codes
An HTTP server returns three-digit status codes to a client to indicate status . 200 series codes indicate success and are most common . 400 series codes indicate failures; some, like 404 (File Not Found), are not uncommon
OPTIONS Methods
An OPTIONS request allows a client to see which methods are supported by the server. An administrator may consider this an unnecessary security risk. You can turn off the OPTIONS method in Apache globally or selectively (by directory, by file, etc.)
Apache configuration
Apache has a main configuration file that dictates how the web server starts and operates
The Apache Web Server
Apache is a modular web server
.
.
3 Things that can be negotiated in an HTTP conversation between client and server
Content type, language of document, how the content is encoded.
Web servers send the MIME content type in their responses:
Content-Type: text/html
Cookies how it works
Cookies are a simple mechanism. 1. Servers send cookies to browsers 2. Browsers store the cookies 3. When a browser sends requests to a server, it includes the cookies that only that server (and no other server) sent it in the past
The basic HTTP methods:
GET HEAD POST PUT OPTIONS DELETE TRACE CONNECT
GET request header
GET / HTTP/1.1 Host: www.alcpress.com User-agent: Mozilla/5.0...
Negotiation client and server document
HTTP allows the client and server to negotiate for numerous things, such as the language of a document. For example, if a server has documents in English, Spanish, French, and German, the client can indicate its preference for a language. This is done with the Accept-Language: header followed by the abbreviations for languages that you prefer (in order of preference): Accept-Language: de, en-us
TCP
HTTP communication typically takes place over the TCP protocol, and TCP takes place over the IP protocol. The HTTP specification says that it can use any protocol, as long as it's reliable . With TCP, persistent connections are a more efficient way of using Internet bandwidth and improving response time. To use persistent connections, you must be using HTTP version 1.1
HTTP Headers
HTTP headers can have many lines (we call these lines "headers") of text that specify the specifics of actions to be taken by the client or server. Many of these headers allow the client and server to negotiate with each other
HTTP protocol
HTTP is a request/response protocol . Clients send HTTP requests and servers reply with HTTP responses
HTTP Methods
HTTP methods are actions that a client asks the server to perform. If you're a programmer, you can think of methods as similar to what your program has to do to read from a file, write to a file, etc. HTTP methods are simpler than conventional programming; there are fewer steps
HTTP Versions
HTTP versions are expressed as "major.minor", such as 1.1 . The long standing version of HTTP, introduced in 1999, is 1.1 . The current version -HTTP/2 introduced in 2015, web browser vendors adopted support for this in 2016
GET response header
HTTP/1.1 200 OK etc. Note the blank line between the last line of the header and the [data]. Blank line identifies end of header and start of data (the requested resource). IMPORTANT to remember when writing web programs
HTTP
Hypertext Transfer Protocol (HTTP) is the communication protocol used on the world wide web (WWW)
Conditional GETs. The condition is expressed in additional header lines, such as:
If-Modified-Since: Sun, 16 Jul 2006 07:40:36 GMT This tells the server not to send the requested content if it has not changed since Sunday, July 16... The server responds with status code 304 (Not Modified) if the file has not been changed since that date and time
Provide an example of the first line of an HTTP Post Request
POST /profile.jsp HTTP/1.1 (request method, path to source on web server , protocol version)
300 series
Redirection
Cookies in the HTTP header
Set-Cookie: is used by a server to send a cookie to the client Cookie: is used by a client to send a cookie to the server
Cookies
The HTTP protocol is stateless; this means that when the server sends content to a client, it has no memory of this later. This makes many types of Web applications difficult, such as shopping carts in e-commerce applications, where the contents of the cart must be known as the user moves from page to page . The cure for this is cookies; cookies add state to HTTP as the information that can be stored in cookies can be accessed across pages
POST Method
The POST method is used by the client to: Post a message to a Web-based bulletin board, newsgroup, etc. Provide information from a filled-out form to a Web application. Adding or modifying database records
GET Method
The majority of all HTTP requests are for the GET method. When the GET method is used in a request, we call it a "GET request". GET requests fetch content from Web sites that display on the browser screen.
cleint and server communications in HTTP
There is no client-to-client or server-to-server communications in HTTP
Entity headers
are included when content is being sent
Request headers
are those that are only found in HTTP requests
Response headers
are those that are only found in HTTP responses
General headers
are those that can be found in any request or response Entity headers are included when content is being sent
HEAD Method
it's asking the server to send the HTTP header for the content requested but not the content. This is used for troubleshooting or when you seek information about the file. The server returns a header that should be identical to the equivalent GET request
Options
query web server to see what methods it supports
Head
request headers are sent back to client no data sent - for troubleshooting
Trace
troubleshooting. The original request that is sent is reflected back to the client - verifies that the target (web server or proxy server) Received the request
HTTP allows ..
web clients to communicate with web servers