Shulou(Shulou.com)06/03 Report--

There are three points to note for HTTP:

A. HTTP is connectionless: limits the processing of only one request per connection. After the server processes the customer's request and receives the customer's reply, it disconnects. Transmission time can be saved in this way.

B. HTTP is media independent: any type of data can be sent over HTTP as long as the client and server know how to handle the data content. The client and server specify the appropriate MIME-type content type to be used.

C.HTTP is stateless: the protocol has no memory for transactions. HTTP server WEB server WWW:World Wide Web server Web server: Apache server, IIS server (Internet Information Services), Nginx server and so on.

URL, whose full name is UniformResourceLocator and uniform Resource Locator in Chinese, is the address used to identify a resource on the Internet. Take the following URL as an example to introduce the components of a common URL:

Http://www.example.com:8080/hello/world?boardID=5&ID=24618&page=1#name A complete URL includes the following parts: 1. Protocol part: the protocol part of the URL is "http:", which means that the web page uses the HTTP protocol. A variety of protocols can be used in Internet, such as HTTP,FTP and so on. In this case, the HTTP protocol is used. The "/ /" after "HTTP" is the delimiter 2. Domain name part: the domain name part of the URL is "www.example.com". In a URL, you can also use the IP address as the domain name and use 3. Port section: the port is followed by the domain name, and the ":" is used as the separator between the domain name and the port. Port is not a necessary part of a URL. If the port part is omitted, the default port will be used. Http defaults to 80 and https defaults to 4434. Virtual directory part: from the first "/" after the domain name to the last "/", it is the virtual directory part. Virtual directories are also not a necessary part of a URL. The virtual directory in this example is "/ hello/" 5. File name section: start from the last "/" after the domain name to "?" So far, it is the file name part, if there is no "?", it starts from the last "/" after the domain name to the "#", it is the file part, if there is no "?" And "#", then it is the file name part from the beginning to the end of the last "/" after the domain name. The file name in this example is "world". The file name section is also not a required part of a URL. If this part is omitted, the default file name 6. 0 is used. Anchor part: from "#" to the end, it is the anchor part. The anchor part in this example is "name". The anchor part is not a necessary part of a URL 7. Parameter section: from "?" The part between the beginning and the "#" is the parameter part, also known as the search part and the query part. The parameter section in this example is "boardID=5&ID=24618&page=1". Parameters can have multiple parameters, with "&" as the delimiter between parameters.

The request message that the client sends an HTTP request to the server includes the following format:

The request line (request line), the request header (header), the blank line and the request data are composed of four parts.

The following figure shows the general format of the request message.

The HTTP response also consists of four parts: the status line, the message header, the blank line, and the response body.

Instance-using GET to pass data

Client request:

GET / hello.txt HTTP/1.1

User-Agent: curl/7.16.3 libcurl/7.16.3 OpenSSL/0.9.7l zlib/1.2.3

Host: www.example.com

Accept-Language: en, mi

Server response:

HTTP/1.1 200 OK

Date: Mon, 27 Jul 2009 12:28:53 GMT

Server: Apache

Last-Modified: Wed, 22 Jul 2009 19:15:56 GMT

ETag: "34aa387-d-1568eb00"

Accept-Ranges: bytes

Content-Length: 51

Vary: Accept-Encoding

Content-Type: text/plain

Output result:

Hello World! My payload includes a trailing CRLF.

HTTP request method

GET requests the specified page information and returns the entity body.

HEAD is similar to a get request, except that there is no specific content in the returned response, which is used to get the header.

POST submits data to the specified resource for processing requests (such as submitting a form or uploading a file). The data is contained in the request body. POST requests may result in the creation of new resources and / or modification of existing resources.

The data that PUT sends from the client to the server replaces the contents of the specified document.

DELETE requests the server to delete the specified page.

The CONNECT HTTP/1.1 protocol is reserved for proxy servers that can change connections to pipelines.

OPTIONS allows clients to view the performance of the server.

TRACE echoes requests received by the server, mainly for testing or diagnosis.

HTTP response header information

Which request methods (such as GET, POST, etc.) are supported by the Allow server.

The encoding (Encode) method of Content-Encoding documents. The content type specified by the Content-Type header can be obtained only after decoding. Using gzip to compress documents can significantly reduce the download time of HTML documents. Servlet should check whether the browser supports gzip by looking at the Accept-Encoding header (that is, request.getHeader ("Accept-Encoding"), returning gzip-compressed HTML pages for browsers that support gzip, and normal pages for other browsers.

Content-Length indicates the length of content

Content-Type indicates what MIME type the subsequent document belongs to.

Date's current GMT time (00:00 zone time)

When should Expires think that the document is out of date and stop caching it

The last change time of the Last-Modified document. The customer can provide a date through the If-Modified-Since request header, and the request will be treated as a conditional GET, and only documents whose change time is later than the specified time will be returned, otherwise a 304( Not Modified) status will be returned.

Location indicates where the customer should go to extract the document. Location is usually not set directly, but through the sendRedirect method of HttpServletResponse, which also sets the status code to 302.

Name of the Server server. Servlet generally does not set this value, but is set by the Web server itself.

Set-Cookie sets the Cookie associated with the page.

What type of authorization information should WWW-Authenticate customers provide in the Authorization header

The Host header domain specifies the Intenet host and port number that request the resource, and must indicate the location of the original server or gateway requesting the url

Referer is mainly used to let the server determine the source page, that is, which page the user is from.

It is used to count the source of users, whether they come from search pages, links from other websites, or visits from bookmarks, so that the site can be properly located.

Used for hotlink protection, that is, to determine whether the source address is within the domain name of the website when downloading, otherwise it cannot be downloaded or displayed.

For some malicious users, it is also possible to fake Referer to gain certain permissions, which should be taken into account when designing a website.

It can also be used for the security of e-commerce websites. Referer is used to determine whether the previous page is your own website when submitting important information such as credit cards. If not, it may be submitted with a form written by yourself, in order to skip the verification of javascript on your previous page.

But be careful not to use Rerferer for authentication or other very important checks, because Rerferer can be easily changed on the client side.

The content of the User-Agent header domain contains the information of the user who made the request.

Cache-Control specifies the caching mechanism that requests and responses follow.

Connection indicates how long links are handled when client and server communicate.

In http1.1, both client and server support long links by default. If client uses the http1.1 protocol but does not want to use long links, you need to specify the value of connection as close in header.

If the server does not want to support long links, you also need to make it clear in response that the value of connection is close. Whether the header of request or response contains a connection with a value of close, it indicates that the tcp link currently in use will be broken after the request has been processed on the same day. In the future, when client makes a new request, a new tcp link must be created.

Common HTTP status codes:

200-request succeeded

301-Resources (web pages, etc.) are permanently transferred to other URL

400-Bad Request / / client request has syntax error and cannot be understood by the server

401-Unauthorized / / request unauthorized, this status code must be used with the WWW-Authenticate header domain

403-the Forbidden / / server received the request but refused to provide service

404-the requested resource (web page, etc.) does not exist

Unexpected error occurred on 500-Internal Server Error / / server

503-the Server Unavailable / / server is currently unable to process client requests and may return to normal after a period of time.

The HTTP status code consists of three decimal digits. The first decimal number defines the type of the status code, and the last two digits have no classification function. There are 5 types of HTTP status codes:

1 message. The server receives the request and requires the requester to continue to perform the operation.

2 successful, the operation is received and processed successfully

3 redirect, further operation is required to complete the request

4 client error, the request contains syntax error or cannot complete the request

5error * Server error occurred while processing the request

More status codes http://www.runoob.com/http/http-status-codes.html

The data submitted by GET will be placed after URL. Split URL and transmit data, parameters are connected by & if the data is alphanumeric, send as is, if it is a space, convert to +, if it is Chinese / other characters, then directly encrypt the string with BASE64 POST method is to put the submitted data in the Body of the HTTP package. * the security of POST is higher than that of GET. For example, if the data is submitted through GET, the user name and password will appear in clear text on the URL, because the login page may be cached by the browser. Other people can check the browser's history so that others can get your account and password. In addition, submitting data using GET may also limit the size of data submitted by Cross-site request forgery***GET (because browsers have a limit on the length of URL), while the POST method does not.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.