Is an object-oriented protocol belonging to the application layer , Because of its simplicity 、 Fast way , Suitable for distributed hypermedia information system . It's on 1990 in , After several years of use and development , Get continuous improvement and
Expand . Currently in WWW Is used in HTTP/1.0 The sixth edition of ,HTTP/1.1 The standardization work of is in progress , and HTTP-NG(Next
Generation of HTTP) A proposal for .
HTTP The main features of the agreement can be summarized as follows :
1. Support customers / Server mode .
2. Simple and fast : When a client requests a service from the server , Just send the request method and path . The common request methods are GET、HEAD、POST. Each method specifies a different type of client server contact . because HTTP Simple protocol , bring HTTP The program size of the server is small , So communication is fast .
3. flexible :HTTP Allow transfer of any type of data object . The type being transmitted is by Content-Type To mark .
4. There is no connection : Connectionless means that you are limited to one request per connection . The server completes the client's request , And received the customer's response , disconnect . This way you can save transmission time .
5. No state :HTTP A protocol is a stateless protocol . Stateless is a protocol that has no memory for transactions . The lack of state means that the previous information is required for subsequent processing , It must be retransmitted , This can lead to an increase in the amount of data transferred per connection . On the other hand , The server responds quickly when it does not need the previous information .

One 、HTTP The agreement explains in detail URL piece

http( Hypertext transfer protocol ) It's based on request and response patterns 、 Stateless 、 Application layer protocol , Chang Ji Yu TCP Mode of connection ,HTTP1.1 A mechanism of continuous connection is given in the version , Most of Web Development , It's all built on HTTP Above the agreement Web application .

HTTP URL (URL It's a special type URI, Contains enough information to find a resource ) The format is as follows :
http To pass HTTP Protocol to locate network resources ;host To express legitimate Internet Host domain name or IP Address ;port Specify a port number , If it is empty, the default port is used
80;abs_path Specifies the URI; If URL There is no such thing as abs_path, So when it's a request URI when , Must be “/” Given in the form of , Usually this job
The browser automatically completes .
1、 Input
The browser automatically converts to :

Two 、HTTP Request for detailed explanation of the agreement

http The request consists of three parts , Namely : Request line 、 The message header 、 Request body

1、 The request line begins with a method symbol , Separate... By spaces , Followed by the request URI And the version of the agreement , The format is as follows :Method Request-URI HTTP-Version CRLF  
among Method Express request method ;Request-URI Is a uniform resource identifier ;HTTP-Version To express a request for HTTP Protocol version ;CRLF It means carriage return and line feed ( Except for the ending CRLF Outside , No separate... Is allowed CR or LF character ).

Request method ( All methods are capitalized ) There are many kinds of , The explanation of each method is as follows :
GET     The request for Request-URI Identified resources
POST    stay Request-URI New data is appended to the identified resource
HEAD    Request to get by Request-URI The response header of the identified resource
PUT     Request the server to store a resource , And use Request-URI As its logo
DELETE  Request server delete Request-URI Identified resources
TRACE   The request server sends back the received request information , Mainly used for testing or diagnosis
CONNECT Keep it for future use
OPTIONS Request query server performance , Or Query options and requirements related to resources
Application, for example, :
GET Method : In the browser's address bar to enter the way to visit the web page , The browser uses GET Method to get resources from the server ,eg:GET /form.html HTTP/1.1 (CRLF)

POST Method requires the requested server to accept the data attached to the request , Often used to submit forms .
eg:POST /reg.jsp HTTP/ (CRLF)
Accept:image/gif,image/x-xbit,... (CRLF)
... (CRLF)
Content-Length:22 (CRLF)
Connection:Keep-Alive (CRLF)
Cache-Control:no-cache (CRLF)
(CRLF)         // The CRLF Indicates that the message header has ended , Before that, it's the news header
user=jeffrey&pwd=1234  // Here is the submitted data

HEAD Methods and GET The method is almost the same , about HEAD The response part of the request comes from
say , its HTTP The information contained in the header is related to the passing of GET The information requested is the same . Use this method , You don't have to transfer the entire resource content , You can get Request-URI Marked
Information about resources . This method is often used to test the validity of hyperlinks , Can I visit , And whether it has been updated recently .
2、 After the request header
3、 Request body ( A little )

3、 ... and 、HTTP Response to the detailed explanation of the agreement

After receiving and interpreting the request message , The server returns a HTTP The response message .

HTTP The response is also made up of three parts , Namely : Status line 、 The message header 、 Response Content
1、 The format of the status line is as follows :
HTTP-Version Status-Code Reason-Phrase CRLF
among ,HTTP-Version Presentation server HTTP Version of protocol ;Status-Code Represents the response status code sent back by the server ;Reason-Phrase A text description that represents the status code .
The status code consists of three digits , The first number defines the category of response , And there are five possible values :
1xx: instructions -- Indicates that the request has been received , To continue processing
2xx: success -- Indicates that the request was received successfully 、 understand 、 Accept
3xx: Redirect -- Further action must be taken to complete the request
4xx: Client error -- The request has a syntax error or the request cannot be implemented
5xx: Server-side error -- The server could not fulfill the legitimate request
Common status code 、 State description 、 explain :
200 OK      // Client request successful
400 Bad Request  // Client request has syntax error , Not understood by the server
401 Unauthorized // Request not authorized , The status code must be equal to WWW-Authenticate Header fields are used together  
403 Forbidden  // The server receives the request , But refused to provide service
404 Not Found  // The requested resource does not exist ,eg: I typed the wrong one URL
500 Internal Server Error // An unexpected error occurred on the server
503 Server Unavailable  // The server is currently unable to process the client's request , It may return to normal after some time
eg:HTTP/1.1 200 OK (CRLF)

2、 The response header follows

3、 The response body is the content of the resource returned by the server

Four 、HTTP The news header of the detailed explanation of the agreement

HTTP Messages consist of client to server requests and server to client responses . Both the request message and the response message are from the start line ( For request messages , The start line is the request line , For response messages , The start line is the status line ), The message header ( Optional ), Blank line ( Only CRLF The line of ), Message body ( Optional ) form .

HTTP The message header includes the normal header 、 Ask the head of the newspaper 、 Respond to the headlines 、 Physical header .
Each header field is made up of a name +“:”+ Space + value form , The name of the message header field is case independent .

1、 Ordinary headlines
In the normal header , There are a few header fields for all request and response messages , But not for the transmitted entity , Messages for transport only .
Cache-Control   Used to specify cache instructions , Caching instructions are one-way ( The cache instructions that appear in the response may not appear in the request ), And it's independent ( The caching instruction of one message does not affect the caching mechanism of another message processing ),HTTP1.0 A similar header field used is Pragma.
The cache instructions on request include :no-cache( Used to indicate that a request or response message cannot be cached )、no-store、max-age、max-stale、min-fresh、only-if-cached;
The cache instructions in response include :public、private、no-cache、no-store、no-transform、must-revalidate、proxy-revalidate、max-age、s-maxage.
eg: To indicate IE browser ( client ) Don't cache pages , Server side JSP The program can be written as follows :response.sehHeader("Cache-Control","no-cache");
//response.setHeader("Pragma","no-cache"); The function is equivalent to the above code , Usually both // share
This code will set the normal header field in the sent response message :Cache-Control:no-cache

Date The normal header field represents the date and time when the message was generated

Connection The normal header field allows the option to send the specified connection . For example, specify that the connection is continuous , Or designate “close” Options , Notification server , After the response is complete , Close the connection

2、 Ask the head of the newspaper
The request header allows the client to pass the additional requested information and the client's own information to the server .
Common request headers
Accept The request header field is used to specify what types of information the client accepts .eg:Accept:image/gif, Indicates that the client wants to accept GIF Image format resources ;Accept:text/html, Indicates that the client wants to accept html Text .
Accept-Charset The request header field is used to specify the character set accepted by the client .eg:Accept-Charset:iso-8859-1,gb2312. If the domain is not set in the request message , By default, any character set can accept .
Accept-Encoding The request header field is similar to Accept, But it is used to specify acceptable content encoding .eg:Accept-Encoding:gzip.deflate. If the domain server is not set in the request message, it assumes that the client can accept all kinds of content encoding .
Accept-Language The request header field is similar to Accept, But it's used to designate a natural language .eg:Accept-Language:zh-cn. If the header field is not set in the request message , The server assumes that the client can accept all languages .
Authorization The request header field is mainly used to prove that the client has the right to view a resource . When a browser visits a page , If the response code received from the server is 401( unauthorized ), Can send a containing Authorization Request for header domain , Ask the server to validate it .
Host( When sending a request , This header field is required )
Host The request header field is mainly used to specify the Internet Host and port number , It usually comes from HTTP URL Extracted from ,eg:
We type in the browser :
In the request message sent by the browser , Would contain Host Request Header Fields , as follows :
Use default port number here 80, If port number is specified , Has become a Specify port number
When we log on to the Forum , You will often see some welcome messages , It lists the name and version of your operating system , The name and version of the browser you are using , It's often amazing to a lot of people , actual
On , Server application is from User-Agent This information is obtained in the request header field .User-Agent Request header domain allows client to transfer its operating system 、 Browsers and other
Property tells the server . however , This header field is not required , If we write a browser ourselves , Don't use User-Agent Request Header Fields , Then the server will not know our information
了 .
Request header example :
GET /form.html HTTP/1.1 (CRLF)
Accept-Language:zh-cn (CRLF)
Accept-Encoding:gzip,deflate (CRLF)
If-Modified-Since:Wed,05 Jan 2007 11:21:25 GMT (CRLF)
If-None-Match:W/"80b1a4c018f3c41:8317" (CRLF)
User-Agent:Mozilla/4.0(compatible;MSIE6.0;Windows NT 5.0) (CRLF) (CRLF)
Connection:Keep-Alive (CRLF)

3、 Respond to the headlines
The response header allows the server to pass additional response information that cannot be placed in the status line , And information about the server and about Request-URI Information about the next access of the identified resource .
Common response headers
Location The response header field is used to redirect the receiver to a new location .Location Response header domain is often used when changing domain name .
Server The response header field contains the software information that the server uses to process the request . And User-Agent The request header field corresponds to . Here is
Server An example of a response header field :
WWW-Authenticate The response header field must be included in 401( Unauthorized ) In the response message , Client received 401 When responding to a message , And send the Authorization When the header domain requests the server to verify it , The server response header contains the header domain .
eg:WWW-Authenticate:Basic realm="Basic Auth Test!"  // It can be seen that the server adopts the basic verification mechanism for the request resources .

4、 Physical header
Both request and response messages can be delivered to an entity . An entity consists of an entity header field and an entity body , But it doesn't mean that entity header field and entity body should be sent together , You can send only entity header fields . The entity header defines about the entity body (eg: There is no entity text ) And the meta information of the resource identified by the request .
Common entity headers
Content-Encoding The entity header field is used as a modifier for the media type , Its value indicates the encoding of additional content that has been applied to the body of the entity , So to get Content-
Type The type of media quoted in the header field , The corresponding decoding mechanism must be adopted .Content-Encoding This is the compression method used to record documents ,eg:Content-
Content-Language The entity header domain describes the natural language used by the resource . If this field is not set, the entity content will be provided to all language readers
person .eg:Content-Language:da
Content-Length The entity header field is used to indicate the length of the entity body , Represented by a decimal number stored in bytes .
Content-Type The entity header field term indicates the media type of the entity body sent to the recipient .eg:
Last-Modified The entity header field is used to indicate the last modification date and time of the resource .
Expires The entity header field gives the date and time when the response expires . In order for the proxy server or browser to update the cache after a period of time ( When you visit the previous page again , Load directly from the cache ,
Reduce response time and server load ) The page of , We can use Expires The entity header field specifies when the page expires .eg:Expires:Thu,15 Sep
2006 16:23:12 GMT
HTTP1.1 The client and cache must have other illegal date formats ( Include 0) As if it had expired .eg: To keep browsers from caching pages , We can also use it Expires Entity header field , Set to 0,jsp The procedure is as follows :response.setDateHeader("Expires","0");

5、 ... and 、 utilize telnet Observe http Protocol communication process

Purpose and principle of the experiment :
    utilize MS Of telnet Tools , Enter... By hand http How to request information , Make a request to the server , Server receive 、 After explaining and accepting the request , Will return a response , The response will be in telnet It's on the window , So as to deepen the perception of http Understanding of the communication process of protocol .

The experimental steps :

1、 open telnet
1.1 open telnet
function -->cmd-->telnet

1.2 open telnet Echo function
set localecho

2、 Connect to the server and send the request
2.1 open 80  // Note that the port number cannot be omitted

HEAD /index.asp HTTP/1.0
   /* We can change the request method , Request Guilin e-home page content , The input message is as follows */
    open 80 
    GET /index.asp HTTP/1.0  // The content of the request resource

2.2 open 80  // Enter... Directly under the command prompt symbol telnet 80
    HEAD /index.asp HTTP/1.0

3 experimental result :

3.1 Request information 2.1 The response is :

HTTP/1.1 200 OK                                              // The request is successful
Server: Microsoft-IIS/5.0                                    //web The server
Date: Thu,08 Mar 200707:17:51 GMT
Connection: Keep-Alive                                 
Content-Length: 23330
Content-Type: text/html
Expries: Thu,08 Mar 2007 07:16:51 GMT
Cache-control: private

// The content of resources is omitted

3.2 Request information 2.2 The response is :

HTTP/1.0 404 Not Found       // request was aborted
Date: Thu, 08 Mar 2007 07:50:50 GMT
Server: Apache/2.0.54 <Unix>
Last-Modified: Thu, 30 Nov 2006 11:35:41 GMT
ETag: "6277a-415-e7c76980"
Accept-Ranges: bytes
X-Powered-By: mod_xlayout_jh/0.0.1vhs.markII.remix
Vary: Accept-Encoding
Content-Type: text/html
X-Cache: MISS from
Via: 1.0<squid/2.6.STABLES-20061207>
X-Cache: MISS from
Connection: close

Lost connection to the host

Press any key to continue ...

4 . matters needing attention :1、 An input error occurred , The request will not succeed .
          2、 Header fields are case insensitive .
          3、 Learn more about HTTP agreement , You can see RFC2616, stay Find the file on .
          4、 Developing background program must master http agreement

6、 ... and 、HTTP Protocol related technology supplement

1、 Basics :
    High level agreements are : File transfer protocol FTP、 E-mail transfer protocol SMTP、 Domain name system services DNS、 Network News Transfer Protocol NNTP and HTTP Agreements, etc
There are three types of intermediaries : agent (Proxy)、 gateway (Gateway) And channel (Tunnel), An agent based on URI Accept requests in absolute format , Rewrite all or part of the message , adopt
URI Send the formatted request to the server . The gateway is a receiving agent , As the upper layer of some other servers , And if necessary , The request can be translated to the underlying server protocol . One
A channel acts as a relay between two connections that do not change the message . When communication needs to go through an intermediary ( for example : Firewall, etc ) Or when the intermediary does not recognize the content of the message , Channels are often used .
agent (Proxy): An intermediate procedure , It can act as a server , It can also act as a client , Create requests for other clients . Requests are delivered internally or via a possible translation to other

Server . An agent sends a request message before , It has to be explained and if possible rewritten . Agents often act as portals on the client side through firewalls , The agent can also be used as a help application through the protocol
Manage requests that are not completed by user agents .
gateway (Gateway): A server as an intermediary for other servers . Different from agency is , The gateway accepts the request as if it were the source server for the requested resource ; The requesting client is not aware that it is dealing with the gateway .
Gateways are often used as server-side portals through firewalls , The gateway can also act as a protocol translator to access those stored in non HTTP Resources in the system .
passageway (Tunnel): It's an intermediary program for two connection relays . Once the activation , The passage is not considered to belong to HTTP Communications , Even though the channel may be HTTP Request initialized . When relayed
When both ends of the connection are closed , The passage disappears . Be a portal (Portal) Must exist or mediate (Intermediary) Can't explain the relay's communication when the channel is often used .

2、 The advantages of protocol analysis —HTTP Analyzer detects network attacks
Analyze and process high level protocols in a modular way , It will be the direction of intrusion detection in the future .
HTTP And the common port of its proxy 80、3128 and 8080 stay network Partly with port The label specifies

3、HTTP agreement Content Lenth Limitation vulnerabilities lead to denial of service attacks
Use POST When the method is used , You can set ContentLenth To define the length of data to be transmitted , for example ContentLenth:999999999, Before the transmission is complete , Inside
I will not release , Attackers can take advantage of this flaw , In succession WEB The server sends junk data until WEB The server ran out of memory . This kind of attack method basically does not leave traces .

4、 utilize HTTP Some ideas of denial of service attack based on the characteristics of protocol
The server side is busy dealing with the attacker's forged TCP Connect request without paying attention to customer's normal request ( After all, the client's normal request ratio is very small ), At this point, from the perspective of normal customers , The server lost response , This is what we call : The server side is affected by SYNFlood attack (SYN Flood attack ).
and Smurf、TearDrop And so on is to use ICMP It's coming Flood and IP Debris attack . This article uses “ Normal connection ” To generate a denial of service attack .
19 Ports have been used in the early days Chargen attacked , namely Chargen_Denial_of_Service, however ! The way they do it is on two Chargen

Between servers UDP Connect , Let the server process too much information and DOWN fall , that , Kill one WEB The condition of the server must have 2 individual :1. Yes Chargen service 2. Yes HTTP
Method : The attacker forges the source IP to N platform Chargen Send a connection request (Connect),Chargen When a connection is received, it returns per second 72 Byte stream of characters ( In fact, according to the actual situation of the network , This is faster ) To server .

5、Http Fingerprint identification technology
Http The principle of fingerprint identification is basically the same : Record different server pairs Http Identify the tiny differences in protocol execution .Http Fingerprint recognition is better than TCP/IP Stack fingerprinting is complicated
many , The reason is customization Http The configuration file for the server 、 Add plug-ins or components to make changes Http It's very easy to change the response information , This makes identification difficult ; But customization TCP/IP The behavior of the stack
The core layer needs to be modified , So it's easy to identify .
To get the server to return a different Banner The setting of information is very simple , like Apache Such an open source Http The server , Users can modify it in the source code Banner Information , however

Back up Http The service works ; For those without open source code Http Servers like Microsoft's IIS Or is it Netscape, It can be stored in Banner The information of Dll The document is in repair
Change , Related articles have discussed , No more details here , Of course, the effect of such modification is good . Another kind of fuzziness Banner The way to get information is to use plug-ins .
Common test requests :
1:HEAD/Http/1.0 Send basic Http request
2:DELETE/Http/1.0 Send requests that are not allowed , such as Delete request
3:GET/Http/3.0 Send an illegal version of Http Protocol request
4:GET/JUNK/1.0 Send an incorrect specification Http Protocol request
Http Fingerprint identification tools Httprint, It's through the use of statistical principles , The logic technique of combinatorial fuzziness , It's very effective to determine Http The type of server . It can be used to collect and analyze different Http Server generated signatures .

6、 other : In order to improve the user's performance when using the browser , Modern browsers also support concurrent access , Creating multiple connections while browsing a web page , To quickly get multiple icons on a web page , This can more quickly complete the transmission of the entire web page .
HTTP1.1 This way of continuous connection is provided in , And the next generation HTTP agreement :HTTP-NG More about session control 、 Rich content, negotiation, etc , To provide
More efficient connectivity .

Thank you, Feng · Mr. Neumann . He made the first computer in the world , It's the only way for us to change our guns , from “ Scissors and paste ” Of “ Academic bandits ” Promoted to “ Mouse and clipboard ” Of “ Academic pirates ”.
Thank you for your reply . In the case that I don't understand what it is , They only asked me two questions —— Do you know what it's written ? know ; Have you read all the references ? I saw . Then let me pass the defense . They are such amiable teachers , They are such understanding teachers , They are so approachable and great teachers .

http protocol - More relevant articles

  1. 【 Reprint 】TCP /IP protocol

    First ,TCP/IP It's not an agreement , It's an umbrella term for a family of agreements . It includes IP agreement ,IMCP agreement ,TCP agreement , as well as http.ftp.pop3 Protocol, etc . TCP/IP Protocol layer When it comes to protocol layering , It's easy for us to associate IS ...

  2. TCP /IP protocol 【 turn 】

    from : ...

  3. HTTP protocol ( turn )

    from : Author :Jeffrey introduction HTTP It's an object-oriented one that belongs to the application layer ...

  4. HTTP protocol

    Author :Jeffrey introduction HTTP Is an object-oriented protocol belonging to the application layer , Because of its simplicity . Fast way , Suitable for distributed hypermedia information system . It's on 1990 in , After several years of use and development , Get continuous improvement and Expand . ...

  5. Dynamic route selection 、RIP agreement &amp;&amp;OSPF protocol

    Dynamic route selection .RIP agreement &&OSPF protocol Concept When adjacent routers communicate with each other , To tell each other what network each router is currently connected to , Then there is dynamic routing . Routers must use routing protocol to communicate with each other , Such routing protocols ...

  6. ASP.NET Knowledge summary (3.HTTP protocol )

    introduction HTTP Is an object-oriented protocol belonging to the application layer , Because of its simplicity . Fast way , Suitable for distributed hypermedia information system . It's on 1990 in , After several years of use and development , To be continuously perfected and expanded . Currently in WWW Is used in HTTP/1. ...

  7. Interface test HTTP protocol

    introduction HTTP Is an object-oriented protocol belonging to the application layer , Because of its simplicity . Fast way , Suitable for distributed hypermedia information system . It's on 1990 in , After several years of use and development , To be continuously perfected and expanded . Currently in WWW Is used in HTTP/1. ...

  8. computer network (12)-----HTTP protocol

    HTTP protocol http request http The request consists of three parts , Namely : Request line . The message header . Request body (1) Request line The request line begins with a method symbol , Separate... By spaces , Followed by the request URI And the version of the agreement , The format is as follows :Metho ...

  9. OSPF protocol

    CCNP OSPF protocol 2010-02-24 20:30:22 label :CCNP  In the workplace  OSPF  leisure OSPF(Open Shortest Path Fitst,ospf) Open shortest path first protocol , yes ...

Random recommendation

  1. Entity Framework Basic knowledge is just a matter of fact

    Contents of this article : One .EF Medium edmx File search Two .EF The secret of agency model in the Internet 3、 ... and .EF Delay loading and instant loading in One .EF Medium edmx file 1.1 emdx The nature of the document : One XML file (1) By choosing to XML Mode on e ...

  2. git push How to get to two git Warehouse

    There are warehouses A(github),B(JAE Of git), This machine is C. Suppose a Warehouse as the final use warehouse , b For the release Repository . All branches are dev First step , Add remote warehouses git remote add orig ...

  3. PHP Fatal error: Call to undefined function mb_substr()

    Lamp framework PHP 5.3.29 # see php Is there a mbstring modular php -m | grep mbstring yum install php-mbstring -y find / -nam ...

  4. PHP slim restfull frame nginx To configure Download address is a good thing , Do it according to the official example <?php require 'vendor/autoload.php'; $app = n ...

  5. Actual encounter and solution : type “ASP.global_asax” Problems at the same time

    Will a ASP.NET When a project changes from precompile mode to dynamic compilation mode , Deleted bin All the extensions in the folder are .compiled The file and its name are marked with App_Web_ Opening file . The following error occurred in the interview : System.Web.H ...

  6. Make cool banner js plug-in unit ,revolution

    This is a very powerful content switching plug-in , It's based on jQuery, It's fully responsive , Support for mobile devices , Support mobile touch , Keyboard page : It has built-in slides . Video playback timer , It has all kinds of patterns : Customize , Automatic response , Full screen : It has a variety of animation effects .3d effect .. ...

  7. appserv Where to change the server name

    Change the server name , Need modification httpd.conf No 233 That's ok ServerName This file is located in AppServ\Apache2.2\conf\ Next .


    MOUNT MACBOOK DISK (OSX / HFS+) ON UBUNTU 12.04 LTS WITH READ/WRITE So you want to mount your HFS+ ( ...

  9. PHP 9 Big cache technology summary

    1. Full page static cache That is, to generate all the pages html Static page , The static page directly visited by the user when visiting , Instead of going php The process of server resolution . This way , stay CMS Common in the system , such as dedecms: A common implementation method ...

  10. Health Check - Every day 5 Minutes to play Docker Container technology (142)

    The powerful self-healing ability is Kubernetes An important feature of this kind of container choreography engine . The default implementation of self-healing is to automatically restart the failed container . besides , Users can also use Liveness and Readiness The detection mechanism is more precise ...