Web and HTTP

List steps to set up a TCP server in Python

- Create a socket AF_INET, SOCK_STREAM - Bind socket to a IP and Port# - Set socket to listen and set a queue size (min size 1) - Go into a indefinite loop - Each time a client connects, we accept() the connection and start a new socket to communicate with the client. - Receive message from client on the connection socket. - Send a response back on the new connection socket. - Close the socket.

List steps to set up TCP Client in Python

- Create a socket AF_INET, SOCK_STREAM - Connect on the socket to host and port# - Host spawns a new socket and connects to the client socket. - Client sends message into the client socket that is now connected to the host. E.g. client_sock.send("hello world".encode()) - Client sets up to receive host messages. E.g. client_sock.recv(2048)

What does HTTP status code 200 OK , mean?

200 OK: Request succeeded and the information is returned in the response.

What happens when the HTTP response returns a 301 HTTP status code?

301 Moved Permanently: Requested object has been permanently moved; the new URL is specified in Location: header of the response message. The client software will automatically retrieve the new URL.

What does HTTP status code 400 Bad Request, mean?

400 Bad Request: This is a generic error code indicating that the request could not be understood by the server.

What does HTTP status code 404 Not Found, mean?

404 Not Found: The requested document does not exist on this server.

What is the software component that interfaces between the application layer and transport layer?

A TCP Socket

What are the main parts of an HTTP request message

A single request line containing METHOD, URL and HTTP Version fields followed by multiple header lines containing a line for Host, User-agent, language etc.

What are the main parts of an HTTP response message

A single status line six header lines entity body

What is the main idea behind having a web cache?

A web cache is a separate server side component that stores web content retrieved from the internet. Clients (browsers) are configured to go to web cache for all HTTP requests. If the web cache has data to satisfy the request, it is returned right away (without having to get it from the intended destination). If it doesn't, then it will first retrieve the requested data from the website requested by the client and cache it and return the requested data to the client as well. This can speed up the round trip from client to server. NOTE:

What is the benefit of having a web cache?

A web cache reduces an organization's traffic on the outbound link that connects its network to the rest of the internet. Because the HTTP data is cached on the web cache server (proxy server), the client's request is satisfied from the web cache server itself (which is part of the organization's network) without having to get it from the source server (out on the internet) again and again. This helps with a faster response time as the number of links to be traversed to get at the data, are far fewer.

What does the following line in HTTP request message do? Accept-language: fr

Accept-language: header indicates that the user prefers to receive a French version of the object, if such an object exists on the server; otherwise, the server should send its default version.

HTTP is which layer protocol?

Application layer.

Why do you not need socket.bind() call on the client side program?

Because the client always initiates the connection. The packet that is sent from client to server, will have the port that belongs to client socket along with the IP address of the client. This is all the server needs to communicate back to the client.

Why is HTTP also called a stateless protocol?

Because there is no state maintained inherently by the protocol. So, whatever is sent by server to client in a preceding or previous transmission is not something the HTTP protocol has any provision to recall or remember.

Consider a request and response session between HTTP client and server. The requested HTML document, contains 5 images. What would be the main difference in getting this document and associated images under HTTP v1 and v1.1?

Both HTTP v1 and v1.1 will send the HTTP request message through the client socket. The message is received by the transport layer on the server and written the socket of the webserver process. The webserver will then retrieve the HTML document and write it out to its socket from which the transport layer picks it up and transmits to the client (again, on the client the message is written to the client's socket and the web browser process on the client will pick up from there). Since the HTML document contains images that are separate objects, under HTTP v1, a new HTTP connection will be initiated for EACH object and will go through the TCP handshake with the server. There is overhead to create and set up each new connection. The same process outlined above will repeat for each object that is fetched. In HTTP 1.1, the connection used to retrieve the first document is kept open for more requests; so subsequent requests to get the five images will reuse the same connection thereby avoiding the additional overhead. Furthermore, the request that are sent on the same connection to the server, do not have to wait for completion before the next one can be sent. HTTPS v1.1 supports request pipelining, which allows requests to be sent one after another without having to wait for a response. Once all objects are retrieved, the connection stays open till a preconfigured idle timeout is reached and then the connection is terminated.

What does the following line in HTTP request message do? Connection: Close

By including the Connection: close header line, the browser is telling the server that it doesn't want to bother with persistent connections; it wants the server to close the connection after sending the requested object.

How does conditional GET work?

Conditional GET works off of the response header received from a web server when the proxy server requests content from it. The header line Last-Modified: is used by the proxy server to set the If-modified-since: request header next time the proxy cache requests the same content from the web server. The value of the If-modified-since: header line is exactly equal to the value of the Last-Modified: header line that was sent by the server last time. This conditional GET is telling the server to send the object only if the object has been modified since the specified date.

What is the main difference between HTTP v1 and v1.1?

Connection persistence. In HTTP v1, every time you request an object over HTTP, there is a three way handshake to establish a TCP connection. Once the object is served, the connection is closed. HTTP v1.1 leaves the connection open between the client and the server. Idle time for an open connection is configurable at the server level.

Who sets the cookie? Where is it set? How is it set?

Cookie is a file containing some identifying data that is set by the server on the client. The server sends a set-cookie line in the response message headers to direct the client to set this cookie. Client in this case is a browser. The user of the browser may be prompted to accept cookies from the server. Once cookie is set, the client sends back this data each time it interacts with the server. The server in turn uses this data to track a user session (because inherently HTTP is stateless).

The METHOD field of the request line in a HTTP request message can contain which values?

GET, POST, HEAD, PUT and DELETE

How does a GET HTTP method submit data to the server?

HTML forms often use the GET method and include the inputted data (in the form fields) in the requested URL. For example, if a form uses the GET method, has two fields, and the inputs to the two fields are monkeys and bananas, then the URL will have the structure www.somesite.com/animalsearch?monkeys&bananas.

What are the key differences between HTTP 1.0, 1.1 and 2.0?

HTTP 1.0: A web page requested by the client browser (via a GET or POST HTTP request), there are one or more objects that make up the page. For each object on the requested web page , there is a new TCP connection opened between the client and the server. This is expensivwe! HTTP 1.1: This is an improvement on ver 1.0. It allows reuse of the same TCP connection for the entire request (also called persistent connection) and thereby avoids the overhead incurred of setting up multiple TCP connections to complete a single GET request. HTTP 2.0: While HTTP 1.1 implemented persistent connections, it did not completely alleviate the need for multiple TCP connections per request. Pages could load faster under 1.1 with multiple persistent TCP connections (most browsers defaulted to 6 connections) because of HOL blocking. Larger objects on the page would block loading of smaller objects simply because they were at the HOL (on the page); similarly, multiple TCP connections also helped with TCP congestion control measures at the transport layer since the bandwidth is allocated per TCP connection. HTTP 2.0 aims to solve the HOL (Head of line) problem through request and response message framing and interleaving. This helps with both page loading and congestion control.

How does HTTP 2.0 deal with the problem of HOL blocking?

HTTP 2.0 uses the concept of framing whereby the request and response messages are broken into equal sized frames. So, a response message that consists of lets say a web page with many objects, all objects are chunked into equal sized frames and a frame from each object is sent in a round robin fashion. In this way, a part of each object is sent as a frame and no one object irrespective of its large size can block a smaller object.

What is the HTTP status code returned if there is no change to the requested document as a result of a conditional GET?

HTTP/1.1 304 Not Modified

What is Round Trip Time (RTT)

Is the time a small packet of information takes to go from client to server and then back to client. NOTE: RTT includes packet propagation delays, pacaket queuing delays in intermediate routers and switches and packet processing delays.

What is the entity body section in the HTTP request message used for?

It contains useful data that is sent by the client. It is used by the server as an input to generate content that will be sent back.

What does this line do? Why do you need to do it? serverSocket.bind((' ', 12000))

It explicitly binds the socket to port 12000 on all interfaces on the server (the ' ' part means all interfaces or IP addresses on the server). The server need to declare the port number which belongs to the socket that the process is connected to. this information is needed by the clients to establish connection.

Is web cache a client or a server?

It is a client when it is downloading data from an external site on the internet. It is a server when it is delivering the cached data to a user's browser within its organization.

Do TCP or UDP offer any encryption?

No. Not at the transport layer. There is TLS enhancement that provides Application layer libraries that have socket API for encryption management.

Which HTTP method typically uses the entity body section?

POST e.g. the browser sends a HTTP request to the server and includes data that user entered into their browser - such as filling out an online form.

What is even the point of conditional GET?

Since HTTP content from various external sites is cached on the web cache server and returned to any client browser that is configured to go to the web cache server, we need to consider the possibility that the cached content might no longer be current. Therefore the cache needs to be refreshed or else we would be sending stale content to the client browsers. Conditional GET uses timestamps in request and response message header data to track and manage the cache.

What does the Date: header line in the HTTP response message indicate

The Date: header line indicates the time and date when the HTTP response was created and sent by the server. Note that this is not the time when the object was created or last modified; it is the time when the server retrieves the object from its file system, inserts the object into the response message, and sends the response message.

What comes after the request line and header line in a Request message?

The Entity Body section.

What does the Last-Modified: header line in the HTTP response message indicate

The Last-Modified: header line indicates the time and date when the object was created or last modified.

What does the following line in HTTP request message do? Connection: Close

The User-agent: header line specifies the user agent, that is, the browser type that is making the request to the server. Here the user agent is Mozilla/5.0, a Firefox browser.

What part of the HTTP response message contains the requested document?

The entity body. The entity body is the meat of the message—it contains the requested object itself (represented by data data data data data ...).

Which component of HTTP/2 protocol breaks down the HTTP message into frames?

The framing sub layer. It also binary encodes the frames for better efficiency and performance.

Who implements web-cache or proxy server?

The idea of a web cache is to aggregate all client traffic that comes from a network managed by an organization that has their own network of clients. For e.g. client devices in LBL have IP addresses issued by LBL's network. These client devices then can access the internet (HTTP traffic) through a web cache managed by their organization. This is because the client browsers are set up with the web cache's address as the first stop shop for web/HTTP data.

What do the header lines of the HTTP response message convey?

The server uses the Connection: close header line to tell the client that it is going to close the TCP connection after sending the message. The Date: header line indicates the time and date when the HTTP response was created and sent by the server. Note that this is not the time when the object was created or last modified; it is the time when the server retrieves the object from its file system, inserts the object into the response message, and sends the response message. The Server: header line indicates that the message was generated by an Apache Web server; it is analogous to the User-agent: header line in the HTTP request message. The Last-Modified: header line indicates the time and date when the object was created or last modified. The Content-Length: header line indicates the number of bytes in the object being sent. The Content-Type: header line indicates that the object in the entity body is HTML text. (The object type is officially indicated by the Content-Type: header and not by the file extension.)

What does the status line of HTTP response message contain?

The status line has three fields: the protocol version field, a status code, and a corresponding status message. In this example, the status line indicates that the server is using HTTP/1.1 and that everything is OK (that is, the server has found, and is sending, the requested object).

What is a common implementation to deal with the stateless nature of HTTP protocol? Say you go to a website and have to log in; but HTTP is stateless, so how does the website (server) on subsequent interaction with the site know that you have logged in previously?

Through cookies. Cookies, defined in [RFC 6265], allow sites to keep track of users. cookie technology has four components: (1) a cookie header line in the HTTP response message; (2) a cookie header line in the HTTP request message; (3) a cookie file kept on the user's end system and managed by the user's browser; and (4) a back-end database at the Web site that keys off of data in the cookies file on user's browser.

What does TLS stand for and what does it do?

Transport Layer Security. It is an enhancement to TCP implemented in the application layer. Both the client and the server use the TLS libraries to create a socket which sits separate from the regular TCP socket. The sender process writes data to its TLS socket; the TLS socket encrypts it and writes it to the regular TCP socket which then sends it to the transport layer. On the receiving end, the data is received by the TCP socket on that end, which in turn writes it to the TLS socket for the receiving process where it is decrypted. In other words, the transport layer does not know or care whether the data it is transmitting is encrypted or not.

To send a TCP message on the connection socket, do you need to specify destination host and port? Why? Why not?

We do a connection_socket.send() to send a message. It does not need destination host and port information because the socket is already connected to the destination exclusively. See accept() call.

What is another name for a web cache server?

Web cache server is also called proxy-server

What is a conditional GET?

an HTTP mechanism that allows a cache to verify that its objects are up to date.

What does CRLF stand for?

carriage-return/line-feed carriage-return goes to beginning of the line line feed advances the line by one. Together they are denoted by \n in popular programming languages. This is how a new line is started in any