Web Servers and Hypertext Transfer Protocol

additional functionality found in HTTP version 1.1

Much of the additional functionality found in HTTP version 1.1 is to support caching.

MIME

Multimedia Internet Mail Extensions (MIME) was developed for e-mail to indicate the type of content being sent as an attachment. Rather than invent something new, the HTTP developers use MIME to indicate content type in HTTP. Since MIME is no longer specific to e-mail, its name is no longer appropriate, so we call it "MIME" now

Partial GETs. It indicates the portion of the file it wants with a Range: header, such as:

Range: bytes=1-1024 The server responds with only that portion of the file and uses a 206 (Partial Content) status code

These http methods allow for the copying/moving of files, setting/changing file properties, and the locking/unlocking of files for editing and modification

COPY MOVE MKCOL PROPPATCH PROPFIND LOCK UNLOCK

400 series

Client Error

Content Negotiation

Clients and browsers can negotiate for other aspects of content type. For example, a client can express its preference for JPG images instead of GIF images by using the Accept header Accept: image/jpg,image/png,image/gif

Content Coding

Clients and browsers can negotiate how the content is encoded. Currently, this means whether it's compressed and the compression method used. The Accept-Encoding: header is used by the client to tell the server what compression it's capable of dealing with Accept-Encoding: compress, gzip

start-up Apache

During start-up Apache will load various modules that determine how it will operate. Many apache web server derivatives

GET / HTTP/1.1 Host: www.alcpress.com User-agent: Mozilla/5.0... meaning

GET request header. the client seeks the content "/" (root). the server will return the "home page" for the Web site. The client indicates that it understands HTTP version 1.1. The Web site is specified in the second line of the request

Conditional GETs

GET requests can be made conditional based on the modification date and time of a server's file. Web browsers have caches that store recently accessed content. Browsers can save time and bandwidth by not asking servers for content that's already in its cache.

Viewing HTTP Information

Web Browsers do not normally display HTTP request and response headers. Developer tools in Google Chrome can be used to capture and display HTTP request and response headers

HTTP Caching

Web browsers and servers may communicate directly or they may have HTTP caches between them.

caching issues.

Web server administrators and Web content developers have control over how their sites deal with caching issues. One issue is how long certain content is allowed to be cached . It may be OK for a company logo to be cached for days or weeks because it is not expected to change often . It's probably not OK to allow, for example, stock prices to be cached for more than a few seconds

HTTP(Web) Clients

clients can be a variety of things: 1. graphical Web browser 2. Nongraphical browsers that can only render text 3. Text Only Browsers: Elinks and Lynx for Linux/Unix 4. Programs that automatically interact with a HTTP server without human intervention 5. Application programs that a user interacts with but has no idea that a Web server is supplying data behind the scenes

Caches are used so

content can be retrieved from a closer source, thus improving response time and reducing traffic on the Internet.

What would you do to determine if the WEBDAV COPY http extension method is enabled on a web server?

WEBDAV adds extensions to HTTP which can be used to read and write to documents on a web server from a web client. These http methods allow for the copying/moving of files, setting/changing file properties, and the locking/unlocking of files for editing and modification

200 series

Successful

GET first request line

specifies the content the client seeks

100 series

Informational

500 series

Server Error

DELETE Methods

A DELETE request allows a client to erase a file on the server. This is an obvious security risk. Apache doesn't normally support the DELETE method

PUT Methods

A PUT request allows a client to send a file to a server. The URL indicates the name of the file being sent. PUT requests should be handled carefully; they can be a significant security risk

TRACE Methods

A TRACE request allows a client to ask a server to loop back the request. The server will send the client's request back to the client. This is used for troubleshooting. Apache normally supports the TRACE method but some administrators consider it too risky and turn it off in Apache

Partial GETs

A client can request that only a portion of a file be sent

Status Codes

An HTTP server returns three-digit status codes to a client to indicate status . 200 series codes indicate success and are most common . 400 series codes indicate failures; some, like 404 (File Not Found), are not uncommon

OPTIONS Methods

An OPTIONS request allows a client to see which methods are supported by the server. An administrator may consider this an unnecessary security risk. You can turn off the OPTIONS method in Apache globally or selectively (by directory, by file, etc.)

Apache configuration

Apache has a main configuration file that dictates how the web server starts and operates

The Apache Web Server

Apache is a modular web server

.

.

3 Things that can be negotiated in an HTTP conversation between client and server

Content type, language of document, how the content is encoded.

Web servers send the MIME content type in their responses:

Content-Type: text/html

Cookies how it works

Cookies are a simple mechanism. 1. Servers send cookies to browsers 2. Browsers store the cookies 3. When a browser sends requests to a server, it includes the cookies that only that server (and no other server) sent it in the past

The basic HTTP methods:

GET HEAD POST PUT OPTIONS DELETE TRACE CONNECT

GET request header

GET / HTTP/1.1 Host: www.alcpress.com User-agent: Mozilla/5.0...

Negotiation client and server document

HTTP allows the client and server to negotiate for numerous things, such as the language of a document. For example, if a server has documents in English, Spanish, French, and German, the client can indicate its preference for a language. This is done with the Accept-Language: header followed by the abbreviations for languages that you prefer (in order of preference): Accept-Language: de, en-us

TCP

HTTP communication typically takes place over the TCP protocol, and TCP takes place over the IP protocol. The HTTP specification says that it can use any protocol, as long as it's reliable . With TCP, persistent connections are a more efficient way of using Internet bandwidth and improving response time. To use persistent connections, you must be using HTTP version 1.1

HTTP Headers

HTTP headers can have many lines (we call these lines "headers") of text that specify the specifics of actions to be taken by the client or server. Many of these headers allow the client and server to negotiate with each other

HTTP protocol

HTTP is a request/response protocol . Clients send HTTP requests and servers reply with HTTP responses

HTTP Methods

HTTP methods are actions that a client asks the server to perform. If you're a programmer, you can think of methods as similar to what your program has to do to read from a file, write to a file, etc. HTTP methods are simpler than conventional programming; there are fewer steps

HTTP Versions

HTTP versions are expressed as "major.minor", such as 1.1 . The long standing version of HTTP, introduced in 1999, is 1.1 . The current version -HTTP/2 introduced in 2015, web browser vendors adopted support for this in 2016

GET response header

HTTP/1.1 200 OK etc. Note the blank line between the last line of the header and the [data]. Blank line identifies end of header and start of data (the requested resource). IMPORTANT to remember when writing web programs

HTTP

Hypertext Transfer Protocol (HTTP) is the communication protocol used on the world wide web (WWW)

Conditional GETs. The condition is expressed in additional header lines, such as:

If-Modified-Since: Sun, 16 Jul 2006 07:40:36 GMT This tells the server not to send the requested content if it has not changed since Sunday, July 16... The server responds with status code 304 (Not Modified) if the file has not been changed since that date and time

Provide an example of the first line of an HTTP Post Request

POST /profile.jsp HTTP/1.1 (request method, path to source on web server , protocol version)

300 series

Redirection

Cookies in the HTTP header

Set-Cookie: is used by a server to send a cookie to the client Cookie: is used by a client to send a cookie to the server

Cookies

The HTTP protocol is stateless; this means that when the server sends content to a client, it has no memory of this later. This makes many types of Web applications difficult, such as shopping carts in e-commerce applications, where the contents of the cart must be known as the user moves from page to page . The cure for this is cookies; cookies add state to HTTP as the information that can be stored in cookies can be accessed across pages

POST Method

The POST method is used by the client to: Post a message to a Web-based bulletin board, newsgroup, etc. Provide information from a filled-out form to a Web application. Adding or modifying database records

GET Method

The majority of all HTTP requests are for the GET method. When the GET method is used in a request, we call it a "GET request". GET requests fetch content from Web sites that display on the browser screen.

cleint and server communications in HTTP

There is no client-to-client or server-to-server communications in HTTP

Entity headers

are included when content is being sent

Request headers

are those that are only found in HTTP requests

Response headers

are those that are only found in HTTP responses

General headers

are those that can be found in any request or response Entity headers are included when content is being sent

HEAD Method

it's asking the server to send the HTTP header for the content requested but not the content. This is used for troubleshooting or when you seek information about the file. The server returns a header that should be identical to the equivalent GET request

Options

query web server to see what methods it supports

Head

request headers are sent back to client no data sent - for troubleshooting

Trace

troubleshooting. The original request that is sent is reflected back to the client - verifies that the target (web server or proxy server) Received the request

HTTP allows ..

web clients to communicate with web servers