Simple HTTP protocol
The roles of the server and the client are determined by a single communication route, and the HTTP protocol clearly distinguishes between the client and the server.
1. Request and response
HTTP is a stateless protocol
HTTPThe protocol itself does not store the state of communication between requests and responses.
The protocol itself does not retain information about all previous request or response messages. The HTTP protocol is designed to be so simple in order to process large volumes of transactions faster and ensure the protocol’s scalability.
However, with the continuous development of the Web, business processing becomes more difficult due to statelessness. Cookie technology was introduced to achieve the desired stateful functionality. This allows you to manage state.
3. Request the URI to locate the resource
The HTTP protocol uses URIs to locate resources on the Internet.
If a request is made to the server itself instead of accessing a specific resource, a * can be used instead of the request URI.
4. HTTP methods that inform the server of intent
4.1 GET: Obtains resources
The GET method is used to request access to a resource identified by a URI. The specified resource is parsed by the server and the response content is returned.
4.2 POST: Transmits the entity body
The POST method is used to transfer the body of the entity.
The GET method can also transfer the body of an entity, but the POST method is generally used. The GET method exposes the information in the address bar.
The function of POST is similar to GET, but the main purpose of POST is not to GET the body of the response.
4.3 PUT: Transfers files
The PUT method is used to transfer files. Requires that the contents of the file be included in the body of the request message and then saved to the location specified by the request URI.
It may be open for use when combined with Web application validation mechanisms, or in compliance with REST standards.
REpresentational State Transfer REST
4.4 HEAD: Obtains the packet header
The HEAD method is the same as the GET method, but does not return the packet body content. Used to verify the validity of the URI and the date and time of resource updates.
4.5 DELETE: Deletes a file
DELETEThe delete () method is used to delete a filePUTThe opposite approach.
The DELETE method deletes the specified resource based on the request URI.
It may be open for use when combined with Web application validation mechanisms, or in compliance with REST standards.
4.6 OPTIONS: Ask for supported methods
The OPTIONS method is used to query the supported methods for the resource specified by the request URI.
4.7 TRACE: Indicates a tracing path
The TRACE method is a way for the Web server to loop back the previous request traffic to the client.
At the time of sending the request, the forward field of max-forwards is filled with a value. After passing through each server, the value is reduced by one. When the value reaches zero, the transmission is stopped and the server receiving the request responds with status code 200 OK.
The client can TRACE how the request was modified or tampered with. Because a request may be routed through a proxy when it attempts to connect to the original target server, the TRACE method is used to confirm the sequence of actions that took place during the link.
The TRACE method is not commonly used and is prone to XST (cross-site Tracing) attacks, so it is rarely used.
4.8 CONNECT: The tunnel protocol must be used to CONNECT the agent
The CONNECT method requires that a tunnel be established when communicating with the proxy server to realize TCP communication using the tunnel protocol. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols are used to encrypt communication content and transmit it through network tunnels.
The format of the CONNECT method is as follows:
CONNECT Proxy server name: port number HTTP version
5. Use the command
When a request message is sent to a resource specified by the request URI, a command called a method is used.
The power of the method is to specify that the requested resource produces the desired behavior.
| methods | instructions |
|---|---|
| GET | Access to resources |
| POST | Transport entity body |
| PUT | Transfer files |
| HEAD | Get message header |
| DELETE | Delete the file |
| OPTION | Ask for supported methods |
| TRACE | Tracking path |
| CONNECT | The tunnel protocol connection agent is required |
| Establish relationships with resources | |
| Disconnection relation |
6. Persistent connections save traffic
The original VERSION of the HTTP protocol, which disconnects a TCP connection for each HTTP communication.
For example, when using a browser to view an HTML page with multiple images, a request to access the resources of the HTML page is also requested for other resources contained in the HTML page. Therefore, each request causes unnecessary TCP connection establishment and disconnection, increasing the traffic overhead.
6.1 Persistent Connection
To solve the TCP connection problem, HTTP keep-alive (or HTTP Connection reuse) is proposed.
The characteristic of a persistent connection is that the TCP connection remains as long as neither end explicitly disconnects
The benefits of persistent connections are that they reduce the overhead caused by the repeated establishment and disconnection of TCP connections and reduce the load on the server side.
In addition, the reduced overhead saves time, allowing HTTP requests and responses to end earlier, resulting in faster and more responsive Web page displays.
6.2 pipelines
Persistent connections make it possible to send most requests as pipelining.
With the advent of pipelining, the next request can be sent directly without waiting for a response.
This makes it possible to send multiple requests simultaneously in parallel without having to wait for one response after another.
Pipelining is faster than persistent connections. The more requests there are, the more significant the time difference becomes.
7. Use cookies for state management
HTTP is a stateless protocol that does not manage the status of previous requests and responses.
Advantages of stateless protocols:
-
Reduce CPU and memory resource consumption of the server.
-
It is because HTTP protocol itself is so simple that it is used in a variety of scenarios.
Cookie technology is introduced to solve similar contradictory problems while preserving stateless protocol.
Cookie technology controls client state by rewriting Cookie information in request and response messages.
The Cookie notifies the client to save the Cookie based on the set-cookie header field in the response packet sent from the server. When the client sends a request to the server next time, the client automatically adds the Cookie value to the request packet and sends the request packet.
After the server finds the Cookie sent by the client, it will check which client sends the connection request, and then compares the records on the server to obtain the previous status information.
