preface
Short step without thousands of miles, not small streams into rivers and seas. Learning is like rowing upstream; not to advance is to drop back. I’m a hauler who drifts from platform to platform. An article with you in detail HTTP protocol (network protocol a) nonsense not to say, directly to everyone dry goods, I hope to help you, excellent people have been praised.
For a preview of this long article, take a mind map. I have a general idea.
An overview,
1. Hierarchical computer network architecture
Computer network architecture layering
2.TCP/IP communication flow
When the TCP/IP protocol family is used for network communication, the communication with the peer party is hierarchical and sequential. The sending end goes down from the application layer, and the receiving end goes up from the link layer. As follows:
TCP/IP traffic
- First, the sending client makes an HTTP request at the application layer (HTTP protocol) to view a Web page.
- In order to facilitate transmission, the transport layer (TCP) divides the data (HTTP request packets) received from the application layer, marks the serial number and port number of each packet and forwards it to the network layer.
- At the network layer (IP protocol), add the MAC address as the communication destination and forward the MAC address to the link layer. This way, the communication request to the network is ready.
- The server at the receiving end receives data at the link layer and sends the data to the upper layer in sequence, all the way to the application layer. HTTP requests sent by clients are received only when they are transmitted to the application layer.
As shown below:
The HTTP request
In the network architecture, there are many network protocols. This article mainly focuses on the HTTP protocol (HTTP/1.1 version).
HyperText Transfer Protocol (HTTP) is used to Transfer HyperText from WWW server to local browser. It can make browsers more efficient and reduce network traffic. It not only ensures that the computer transfers the hypertext document correctly and quickly, but also determines which parts of the document to transfer and which parts of the content to display first (e.g. text before graphics). HTTP is an application-layer communication protocol between a client browser or other program and a Web server. Hypertext information is stored in Web servers on the Internet. Clients need to transfer the hypertext information to be accessed through HTTP protocol. HTTP contains commands and transmission information. It can be used not only for Web access, but also for communication between other Internet/Intranet applications. In this way, hypermedia access of various application resources can be integrated. The web address we type into the address bar of our browser is called a Uniform Resource Locator (URL). Just as every home has a house address, every web page has an Internet address. When you type a URL into the browser’s address box or click on a hyperlink, the URL determines the address to visit. Browsers use hypertext Transfer Protocol (HTTP) to extract the code from a Web server site and translate it into a beautiful Web page.
Second, HTTP working process
HTTP request response model
HTTP communication mechanism In a complete HTTP communication process, the client and server will complete the following seven steps:
- Establishing a TCP Connection Before HTTP work begins, the client must first establish a connection with the server over the network. This connection is accomplished through TCP. This protocol and IP together build the Internet, which is known as the TCP/IP protocol family. So the Internet is also called the TCP/IP network. HTTP is an application layer protocol with a higher level than TCP. According to the rules, a connection with a higher layer protocol can be established only after a lower layer protocol is established. Therefore, a TCP connection must be established first.
- The client sends a request command to the server
Once a TCP connection is established, the client sends a request command to the server.
Such as:GET/sample/hello. JSP HTTP / 1.1
- After sending its request command, the client sends some additional information to the server in the form of a header. The client then sends a blank line to inform the server that it has finished sending the header.
- Server reply
After the client sends a request to the server, the server returns a response.
Such as:HTTP / 1.1 200 OK
The first part of the response is the protocol version number and response status code - Just as the client sends information about itself along with the request, the server sends data about itself and the requested document to the user along with the response;
- The server sends the data to the client. Once the server sends the header to the client, it sends a blank line indicating that the header is sent to this end, and then it sends the actual data requested by the user in the format described in the Content-Type response header;
- The server closes the TCP connection
Normally, once the server returns the request data to the client, it closes the TCP connection, and then if the client or server adds this line of code to its headerConnection:keep-alive
The TCP connection remains open after being sent, so the client can continue sending requests over the same connection. Keeping the connection saves the time required to establish a new connection for each request and saves network bandwidth.
3. HTTP protocol basis
1. Communicate by exchanging requests and responses
When the HTTP protocol is used, one end must serve as the client and the other as the server. The roles of the server and the customer side are defined in terms of a single communication line. According to the HTTP protocol, a request is made from the client, and the server responds to the request and returns. In other words, the communication must start with the client, and the server will not send a response until the request is received.
2.HTTP is a protocol that does not save state
HTTP is a stateless protocol. The protocol itself does not store the state of communication between requests and responses. That is, at the HTTP level, the protocol does not persist requests or responses that have been sent. The HTTP protocol is designed to be so simple in order to process a large number of transactions more quickly and ensure protocol scalability. But as the Web continues to evolve, many of our businesses need to preserve communication state. So we introduced Cookie technology. With cookies and HTTP communication, you can manage state.
3. Use cookies for state management
Cookie technology controls client status by writing Cookie information in request and response packets. The Cookie notifies the client to save the Cookie based on the set-cookie header field in the response packet sent from the server. When the client sends a request to the server next time, the client automatically adds the Cookie value to the request packet and sends the request packet. After discovering the Cookie sent by the client, the server will check which client sent the connection request, and then compare the records on the server to obtain the previous status information.
The flow of the Cookie
4. Request the URI to locate the resource
The HTTP protocol uses URIs to locate resources on the Internet. Because of the specific functionality of URIs, resources can be accessed anywhere on the Internet.
5. HTTP methods to inform the server of intent (HTTP/1.1)
HTTP method
6. Persistent connection
In the original version of the HTTP protocol, TCP connections were disconnected for each HTTP communication. For example, when using a browser to browse an HTML page containing multiple images, a request is sent to access the resources of the HTML page, and other resources contained in the HTML page are also requested. Therefore, each request causes fearless TCP connection establishment and disconnection, increasing the traffic overhead. To address the above TCP connection problem, HTTP/1.1 and parts of HTTP/1.0 came up with persistent connections. The TCP connection is maintained as long as neither end explicitly disconnects. To establish a TCP connection for multiple requests and responses. In HTTP/1.1, all connections are persistent by default.
7. Pipelines
Persistent connections make it possible for most requests to be piped. Previously, after sending a request, you had to wait and receive the response before sending the next request. With the advent of pipelining, the next request can be sent without waiting. This allows you to send multiple requests in parallel at the same time without having to wait for one response after another. For example, when requesting an HTML page with multiple images, using persistent connections can end the request faster than connecting one by one. Pipework is faster than persistent connections. The more requests there are, the more significant the time difference becomes.
4. HTTP packet structure
1. The HTTP message
The information used for HTTP interaction is called HTTP packets. HTTP packets sent by the requester (client) are called request packets. The responder side (server side) is called the response message. The HTTP message itself is a string text composed of multiple lines of data (using CR+LF as a newline character).
2.HTTP packet structure
HTTP packets are roughly divided into the header and the body. The two are separated by the initial blank line (CR+LF). Usually, there is not necessarily a message body. As follows:
HTTP packet Structure
2.1 Request Packet Structure
Request message structure
The header of the request packet consists of the following data:
- Request line – contains the method used for the request, request URI, and HTTP version.
- Header field – Contains various headers that represent the various conditions and attributes of the request. (Common headers, request headers, entity headers, and headers not defined in the RFC such as cookies, etc.)
The following is an example of a request message:
Sample Request message
2.2 Response Packet Structure
The header of the response packet consists of the following data:
- Status line – contains the status code, reason phrase, and HTTP version indicating the result of the response.
- Header field – Contains various headers that represent the various conditions and attributes of the request. (Common headers, response headers, entity headers, and headers not defined in the RFC such as cookies, etc.)
The following is an example of a response message:
Response Packet Example
5. Request and status lines in the HTTP packet header
1. The request
For example, here is an HTTP request:
支那
HTM HTTP/1.1 Host: sample.comCopy the code
Where, the following line is the request line,
支那
GET/index. HTTP / 1.1 HTMCopy the code
- The GET at the beginning indicates the type of server requested, called a method;
- Subsequent string
/index.htm
Specifies the resource object to be accessed, also known as the request URI. - The last of the
HTTP / 1.1
Is the HTTP version number, which is used to prompt clients to use the HTTP protocol function.
This is a request to access a /index.htm page resource on an HTTP server.
2. The status line
For example, here is an HTTP response message:
支那
HTTP/1.1 200 OK Date: Mon, 10 Jul 2017 15:50:06 GMT Content-Length: 256 Content-Type: text/ HTML < HTML >...Copy the code
Where the bottom row is the status row,
支那
HTTP / 1.1 200 OKCopy the code
- At the beginning of
HTTP / 1.1
Indicates the HTTP version of the server. - Next to the
200 OK
A status code and reason phrase that represents the processing result of the request.
Vi. The first part of the HTTP header field (focus analysis)
1. Overview of header fields
Let’s review the position of the header field in the packet. An HTTP packet contains the header and the packet body, and the header contains the request line (or status line) and the header field. Among many fields in packets, the HTTP header field contains the most abundant information. The header field exists in both the request and response packets and contains information related to HTTP packets. The header field is used to provide the client and server with information such as packet size, language, and authentication information.
2. Header field structure
- HTTP header fields consist of header field names and field values separated by colons (:).
- In addition, field values can have multiple values for a single HTTP header field.
- When two or more HTTP header fields with the same header field name appear in the header, this situation is not clear in the specification. The priority of processing may be different according to the internal processing logic of the browser, and the results may be inconsistent.
Header field name | The colon | The field values |
---|---|---|
Content-Type | : | text/html |
Keep-Alive | : | timeout=30, max=120 |
3. Header field type
The header field is divided into the following four types based on actual usage:
type | describe |
---|---|
Generic header field | Header used by both request and response packets |
Request header field | Header used to send request packets from the client to the server. This section provides additional information about the request, client information, and priority of the response |
Response header field | Header used to return response packets from the server to the client. Additional content added to the response also requires the client to attach additional content information. |
Entity head field | The header used for the entity portion of request and response messages. Added information related to the entity such as when the resource content was updated. |
4. Generic header fields (HTTP/1.1)
Header field name | instructions |
---|---|
Cache-Control | Controls the behavior of caching |
Connection | Select head, connection management |
Date | Date and time when the packet was created |
Pragma | Packet instructions |
Trailer | View the header of the packet end |
Transfer-Encoding | Specifies the transmission code of the packet body |
Upgrade | Upgrade to another protocol |
Via | Proxy server information |
Warning | Error notification |
4.1 Cache-Control
You can manipulate how the Cache works by specifying an instruction for the header field cache-control.
4.1.1 List of available commands
The available directives are classified by request and response as follows: Cache request directives
instruction | parameter | instructions |
---|---|---|
no-cache | There is no | Force revalidation to the server |
no-store | There is no | No content of the request or response is cached |
Max-age = [seconds] | necessary | The maximum Age value of the response |
Max – stale (= [s]) | Can be omitted | Receive an expired response |
Min-fresh = [seconds] | necessary | The expected response within the specified time is still valid |
no-transform | There is no | Agents cannot change media types |
only-if-cached | There is no | Fetch resources from the cache |
cache-extension | – | New Instruction Token (token) |
Cache response instruction
instruction | parameter | instructions |
---|---|---|
public | There is no | Caching of responses can be provided to any party |
private | Can be omitted | Returns a response only to a specific user |
no-cache | Can be omitted | The cache must be validated before being cached |
no-store | There is no | No content of the request or response is cached |
no-transform | There is no | Agents cannot change media types |
must-revalidate | There is no | Cacheable but must be validated with the source server |
proxy-revalidate | There is no | The intermediate cache server is required to validate the cached response |
Max-age = [seconds] | necessary | The maximum Age value of the response |
S-maxage = [seconds] | necessary | The maximum Age value for the public cache server response |
cache-extension | – | New Instruction Token (token) |
4.1.2 indicates whether to cache instructions
Public directive cache-control: public When the public directive is specified, it explicitly indicates that other users can use the Cache.
Private directive cache-control: private When a private directive is specified, the response is to object only a specific user, as opposed to the behavior of the public directive. The cache server provides resource caching for this particular user, and the proxy server does not return requests from other users to the cache.
No-cache command cache-control: no-cache
- The no-cache directive is used to prevent an expired resource from being returned from the cache.
- If the request sent by the client contains the no-cache command, the client will not receive the cached response. The cache server in the “middle” must then forward the client request to the source server.
- If the response returned from the server contains the no-cache directive, the cache server cannot cache the resource. The source server will no longer validate the resource proposed in the cache server request and will not cache the response resource.
Cache-Control: No-cache =Location In the response returned by the server, if the no-cache field name is specified in the cache-control header field, the client cannot use the cache after receiving the response packet corresponding to the header field with the specified parameter value. In other words, a header field with no parameter value can be cached. This parameter can only be specified in the response instruction.
No-store directive cache-control: no-store When the no-store directive is used, it implies that the request (and corresponding response) or response contains confidential information. Therefore, the directive states that the cache cannot store any part of the request or response locally. Note: the no-cache instruction represents the instruction that does not cache expired instructions. The cache will process resources after the expiration date confirmation to the source server. The no-store directive is really not cached.
4.1.3 Instructions specifying cache duration and authentication
S-maxage command cache-control: s-maxage=604800 (unit: SEC)
- The s-maxage directive performs the same functions as the Max-age directive, except that the S-maxage directive only works with a common cache server (typically a proxy) that can be used by multiple users. That is, this directive has no effect on a server that repeatedly returns a response to the same user.
- In addition, when the S-maxage directive is used, the processing of the Expires header field and the Max-age directive is directly ignored.
Max-age command cache-control: max-age=604800 (unit: second)
- When a client sends a request that contains a max-age directive, the client receives the cached resource if the cache time value is determined to be smaller than the specified time. In addition, when you specify a value of 0 for max-age, the cache server usually needs to forward requests to the source server.
- When the server returns a response containing a max-age directive, the cache server does not confirm the validity of the resource. The max-age value represents the maximum length of time the resource has been cached.
- When the HTTP/1.1 cache server encounters a simultaneous Expires header field, the max-age directive is processed first and the Expires header field is ignored. The opposite is true for HTTP/1.0 cache servers.
The Min-fresh directive cache-Control: Min-fresh =60 (unit: second) The min-fresh directive requires the Cache server to return cached resources that have not been cached for at least the specified time.
Max-stale command cache-control: max-stale=3600 (unit: second)
- Using max-stale indicates that cached resources are received even if they expire.
- If the instruction does not specify a parameter value, the client will receive the response no matter how long elapsed. If a specified parameter value is specified, the stale file is still received by the client as long as it remains in the specified max-stale period.
The only-if-cached directive cache-control: only-if-cached indicates that the client will only ask for the target resource to be returned if it is cached locally by the Cache server. In other words, the directive requires that the cache server not reload the response and not revalidate the resource.
With the must-revalidate directive, the proxy revalidates to the source server whether the Cache of the response that is being returned is currently valid. In addition, using the must-revalidate directive ignores the requested max-stale directive.
The proxy-revalidate directive cache-control: proxy-revalidate the proxy-revalidate directive requires all Cache servers to verify the validity of the Cache again before receiving a response from a client.
The no-transform directive cache-control: no-transform Uses the no-transform directive to specify that the Cache cannot change the media type of the entity body, either in the request or in the response. Doing so prevents caching or proxy compression of images and similar operations.
4.1.4 cache-control extension
Cache-control: private, community=”UCI” Cache-extension: cache-control: private, community=”UCI” Cache-extension: cache-control: private, community=”UCI” The community directive is the extended directive, and if the cache server does not understand the new directive, it simply ignores it.
4.2 the Connection
The Connection header field does two things:
Control header field that will not be forwarded Connection: Upgrade When the client sends a request and the server returns a response, use the Connection header field to control the header field that will not be forwarded to the agent, that is, delete the header field and then forward it (that is, the hop-by-hop header).
Managing persistent connections Connection: close HTTP/1.1 uses persistent connections by default. When the server wants to explicitly disconnect, specify the value of the Connection header field as close. Connection: keep-alive The default Connection of HTTP versions prior to HTTP/1.1 is non-persistent. To do this, if you want to maintain a persistent Connection over older versions of HTTP, you need to specify the value of the Connection header field as keep-alive.
4.3 the Date
Indicates the date and time when the HTTP packet is created. Date: Mon, 10 Jul 2017 15:50:06 GMT HTTP/1.1 uses the Date and time format specified in RFC1123.
4.4 Pragma
Pragma header fields are historical legacy fields prior to HTTP/1.1 and are defined only as backward compatibility with HTTP/1.0. Pragma: no-cache
- This header field is a generic header field, but is used only in requests sent by clients, requiring all intermediate servers not to return cached resources.
- If all intermediate servers can use HTTP/1.1 as a benchmark, use it directly
Cache-Control: no-cache
Specifies the best way to handle the cache. However, it is not practical to know the HTTP protocol version used by all intermediate servers, so the request will contain both the following header fields:
支那
Cache-Control: no-cache
Pragma: no-cache
Copy the code
4.5 Trailer
Trailer will specify in advance which header fields are recorded after the packet body. Can be applied in HTTP/1.1 version of the block transfer encoding.
4.6 Transfer – Encoding
Transfer-Encoding: chunked
- Specifies the encoding mode used to transmit the packet body.
- HTTP/1.1 transport encoding is only valid for block transport encoding.
4.7 Upgrade
Upgrade: TSL/1.0 is used to test whether HTTP and other protocols can communicate with a higher version, and its parameter value can be used to specify a completely different communication protocol.
4.8 Via
Squid (Via: a1.sample.com 1.1/2.7)
- To trace the transmission path of request and response packets between the client and server.
- When a message passes through a proxy or gateway, information about the server is appended to the header field Via before it is forwarded.
- The first field Via is not only used to trace the forwarding of the message, but also to avoid the occurrence of the request loop.
4.9 Warning
This header field usually warns the user of some cache-related problems. The format of the Warning header field is as follows: Warning: [Warning code][Warning host: port number]” [Warning content]”([date and time]) The last date and time can be omitted. HTTP/1.1 defines seven types of warnings. The corresponding warning codes are recommended for reference only. In addition, the warning codes are extensible and new warning codes may be added in the future.
The warning code | Warning content | instructions |
---|---|---|
110 | Stale Response is stale | The agent returns an expired resource |
111 | Revalidation failed | The agent failed to revalidate the resource (server cannot be reached, etc.) |
112 | Disconnection operation | The agent was deliberately disconnected from the Internet |
113 | Heuristic expiration | The trial period of the response exceeds 24 hours (if the effective cache is set to be longer than 24 hours) |
199 | Miscellaneous Warning | Arbitrary warning content |
214 | Transformation applied | When the agent performs some processing such as content encoding or media type |
299 | Miscellaneous Persistent Warning | Arbitrary warning content |
5. Request header Field (HTTP/1.1)
Header field name | instructions |
---|---|
Accept | The type of media that the user agent can handle |
Accept-Charset | Preferred character set |
Accept-Encoding | Priority content encoding |
Accept-Language | Preferred language (natural language) |
Authorization | Web Authentication Information |
Expect | Expect specific behavior from the server |
From | Email address of the user |
Host | Request the server where the resource resides |
If-Match | Compare Entity Tag (ETag) |
If-Modified-Since | Compares the update times of resources |
If-None-Match | Compare entity tags (as opposed to if-macth) |
If-Range | Send scope requests for entity Byte when the resource is not updated |
If-Unmodified-Since | Compare resource update times (as opposed to if-modified-since) |
Max-Forwards | Maximum transmission hop by hop |
Proxy-Authorization | The proxy server requires authentication information of the client |
Range | Byte range request for the entity |
Referer | The original acquirer of the URI in the request |
TE | Priority of transmission encoding |
User-Agent | HTTP client program information |
5.1 the Accept
Accept: text/html, application/xhtml+xml, application/xml; Q = 0.5
- The Accept header field informs the server of the media types that the user agent can handle and the relative priority of the media types. You can specify multiple media types at once using the type/subtype form.
- If you want to give priority to the media type displayed
Q = [number]
To indicate the weight value, use a semicolon (;). Delimit. The weight value ranges from 0 to 1 (accurate to three decimal places), and 1 is the maximum value. If no weight value is specified, the default value is 1.
5.2 the Accept – Charset
Accept-Charset: iso-8859-5, unicode-1-1; Q =0.8 Accept-charset header field can be used to inform the server of the character set supported by the user agent and the relative priority of the character set. In addition, multiple character sets can be specified at once. Also use q=[number] to indicate relative priority.
5.3 the Accept – Encoding
The header field is used to inform the server of the content Encoding supported by the user agent and the priority of the content Encoding, and can specify more than one content Encoding at a time. Also use q=[number] to indicate relative priority. You can also use the asterisk (*) as a wildcard to specify any encoding format.
5.4 the Accept – Language
Accept-Lanuage: zh-cn,zh; Q = 0.7, en = us, en; Q =0.3 tells the server which natural language sets (Chinese or English, etc.) the user agent can handle, and the relative priority of the natural language sets. Multiple natural language sets can be specified at one time. Also use q=[number] to indicate relative priority.
5.5 Authorization
Authorization: Basic ldfKDHKfkDdasSAEdasd== Indicates the authentication information (certificate value) of the user agent to the server. Typically, the user agent that wants to authenticate with the server adds the first field, Authorization, to the request after receiving the return 401 status code response. The shared cache will handle operations slightly differently when it receives a request containing an Authorization header field.
5.6 Expect
Expect: 100-continue tells the server that the client expects a particular behavior.
5.7 the From
From: [email protected] Tells the server to use the email address of the user agent.
5.8 the Host
Host: www.jianshu.com
- Tells the server the Internet host and port number of the requested resource.
- The Host header field is the only HTTP/1.1 header field that must be included in the request.
- If the server does not have a host name, send a null value
Host:
。
5.9 the If – Match
A request header field in the form of if-xxx is called a conditional request. When the server receives a conditional request, it will execute the request only if it determines that the specified condition is true.
If-Match: "123456"
- The first field, if-match, is one of the strings that tells the server the entity tag (ETag) value used to Match the resource. The server cannot use weak ETag values.
- The server compares the field value of if-match with the ETag value of the resource. The request is executed only when the two values are consistent. Otherwise, the status code is returned
412 Precondition Failed
The response. - You can also specify if-match field values using an asterisk (*). In this case, the server will ignore the ETag value and process the request as long as the resource exists.
5.10 the If – Modified – Since
If-Modified-Since: Mon, 10 Jul 2017 15:50:06 GMT
- The first field, if-modified-since, is one of the provisos used to verify the validity of local resources owned by the agent or client.
- It tells the server that it wants to process the request If the if-Modified-since field value is earlier than the resource update time. If none of the requested resources has been updated after the date or time specified for the if-Modified-since field value, the status code is returned
304 Not Modified
The response.
5.11 the If – None – Match
If-none-match: if-none-match at the beginning of “123456” is one of the conditions. This is the opposite of the header if-match field. When the entity tag (ETag) value used to specify the if-none-match field value is inconsistent with the ETag of the requested resource, it tells the server to process the request.
5.12 the If – Range
If-Range: "123456"
- The header field if-range is one of the conditionals. It tells the server that If the specified IF-range field value (ETag value or time) matches the ETag value or time of the requested resource, it will be treated as a Range request. Otherwise, all resources are returned.
- Let’s consider sending a request without using the header if-range field. If the resource on the server is updated, then the portion of the resource held by the client is also invalid. Of course, the scope request is invalid as a premise. At this point, the server will temporarily with the status code
412 Precondition Failed
Returned as a response, its purpose is to urge the client to send the request again. As a result, it takes twice as much effort as using the header field if-range.
5.13 If Unmodified — Since
If-unmodified-since: Mon, 10 Jul 2017 15:50:06 GMT If-unmodified-since: Mon, 10 Jul 2017 15:50:06 GMT If-unmodified-since: Mon, 10 Jul 2017 15:50:06 GMT If-unmodified-since: Mon, 10 Jul 2017 15:50:06 GMT It tells the server that the specified request resource can only process the request if no update has occurred after the date and time specified in the field value. If an update occurs after the specified date and time, the feed Failed is returned in response with the status code 412.
5.14 Max – recently
Max-forwards: 10 When the request for max-forwards is handled through the TRACE method or OPTIONS method, this field specifies the maximum number of servers for forward processing in decimal integer format. Before the server Forwards requests to the next server, the value of max-forwards is reassigned after being reduced by one. When the server receives a request for max-forwards with a value of 0, it does not forward the request but directly returns the response.
5.15 the Proxy Authorization
Proxy-Authorization: Basic dGlwOjkpNLAGfFY5
- When receiving an authentication challenge from the Proxy server, the client sends a proxy-authorization request containing the header field to inform the server of the information required for authentication.
- This behavior is similar to HTTP access authentication between client and server, except that the authentication behavior occurs between client and proxy.
5.16 the Range
Range: bytes=5001-10000
- For scope requests that fetch only part of the resource, including the header field Range tells the server the specified scope of the resource.
- A server that receives a request with the Range header field returns a status code of
206 Partial Content
The response. When the range request cannot be processed, the status code is returned200 OK
Response and full resources.
5.17 Referer
Referer: http://www.sample.com/index.html first field Referer will inform server requests the URI of the original resources.
5.18 TE
TE: gzip, deflate; Q = 0.5
- The header field TE tells the server which transport encoding and relative priority the client can process the response. It is similar to the accept-encoding function of the header field, but is used to transmit the Encoding.
- In addition to specifying the transfer code, the header field TE can also specify the way the block transfer code is accompanied by the Trailer field. When you apply the latter, you just assign the Trailers to the field value.
TE: trailers
5.19 the user-agent
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; The rv: 13.0) Gecko / 20100101
- The header field user-Agent communicates information to the server such as the browser that created the request and the name of the User Agent.
- When a web crawler initiates a request, it is possible to add the email address of the crawler author to the field. Also, if the request goes through a proxy, the proxy server name is likely to be added in the middle.
6. Response header Field (HTTP/1.1)
Header field name | instructions |
---|---|
Accept-Ranges | Whether to accept byte range requests |
Age | Calculate the elapsed time of resource creation |
ETag | Matching information of resources |
Location | Causes the client to redirect to the specified URI |
Proxy-Authenticate | The proxy server authenticates the client |
Retry-After | Request the timing of the request to be made again |
Server | HTTP server installation information |
vary | Proxy server cache management information |
WWW-Authenticate | Authentication information about the server to the client |
6.1 the Accept – Ranges
Accept-Ranges: bytes
- The accept-ranges header field is used to tell the client whether the server can handle a range request to specify a portion of the server’s resources.
- There are two types of field values that can be specified, bytes for range requests and None for range requests.
6.2 the Age
Age: 1200
- The header field Age tells the client how long ago the source server created the response. Field values are in seconds.
- If the server that creates the response is a cache server, the Age value indicates the time between the cached response initiating authentication again and the completion of authentication. The agent must add the header field Age when creating the response.
6.3 the ETag
ETag: "usagi-1234"
- The header field ETag tells the client the entity identity. It is a way to uniquely identify a resource as a string. The server assigns an ETag value to each resource.
- In addition, the ETag value needs to be updated when the resource is updated. When ETag values are generated, there is no uniform algorithmic rule, but only allocation by the server.
- ETag has strong ETag value and weak ETag value. A strong ETag value, which changes regardless of how little the entity changes; Weak ETag values are used only to indicate whether the resources are the same. The ETag value is changed only when the resource is fundamentally changed, resulting in a difference. At this point, we append W/ to the beginning of the field value:
ETag: W/"usagi-1234"
.
6.4 the Location
Location: http://www.sample.com/sample.html
- The header field Location is used to direct the response recipient to a resource at a different Location than the request URI.
- Basically, this field provides the URI for the Redirection in conjunction with the 3xx: Redirection response.
- Almost all browsers, upon receiving a response containing the header field Location, will force an attempt to access the prompted redirect resource.
6.5 the Proxy – Authenticate
Proxy-Authenticate: Basic realm="Usagidesign Auth"
- Proxy-authenticate sends authentication information required by the Proxy server to the client.
- It is similar to HTTP access authentication between client and server, except that the authentication takes place between client and proxy.
Retry – After 6.6
Retry-After: 180
- The header retry-after field tells the client how long it should take to send the request again. Mainly with the status code
503 Service Unavailable
Response, or 3XX Redirect response used together. - The field value can be specified as a specific date and time (Mon, 10 Jul 2017 15:50:06 GMT, etc.) or as the number of seconds after the response was created.
6.7 Server
Server: Apache/2.2.6 (Unix) PHP/5.2.5 Header Field Server tells the client about the HTTP Server application installed on the current Server. Not only is the software application name marked on the server, but it may also include the version number and options enabled at installation time.
6.8 than
Vary: Accept-Language
- The header field Vary controls the cache. The source server communicates commands to the proxy server about how to use the local cache.
- After the proxy server receives a response from the source server that contains the Vary specified item, if caching is required, only requests with the same Vary specified header field are returned to the cache. Even if a request is made for the same resource, because Vary specifies a different header field, the resource must be retrieved from the source server.
6.9 the WWW – Authenticate
Www-authenticate: Basic realm=”Usagidesign Auth” header www-authenticate is used for HTTP access authentication. It tells the client which authentication scheme (Basic or Digest) and challenge with parameter prompts is appropriate for accessing the resource specified by the request URI.
7. Entity header fields (HTTP/1.1)
Header field name | instructions |
---|---|
Allow | HTTP methods supported by the resource |
Content-Encoding | The encoding method applicable to the entity body |
Content-Language | The natural language of entity subjects |
Content-Length | Size of entity body in bytes |
Content-Location | Replace the URI of the corresponding resource |
Content-MD5 | The packet digest of the entity body |
Content-Range | The location range of the entity body |
Content-Type | The media type of the entity body |
Expires | The date and time when the entity body expires |
Last-Modified | The last modified date and time of the resource |
7.1 Allow
Allow: GET, HEAD
- The header field Allow is used to inform the client that all HTTP methods of the resource specified by request-URI can be supported.
- When the server receives an unsupported HTTP method, it sends a status code
405 Method Not Allowed
Return as a response. At the same time, all supported HTTP methods are written to the header field Allow and returned.
7.2 the Content – Encoding
Content-Encoding: gzip
- The header field content-Encoding tells the client which Content Encoding method the server chooses for the body of the entity. Content encoding refers to compression without loss of entity information.
- These four content encoding methods are mainly used (GZIP, COMPRESS, Deflate, identity).
7.3 the Content – Language
Content-language: zh-CN The header field content-language tells the client the natural Language (Chinese or English) used by the entity body.
7.4 the Content – Length
Content-length: 15000 The header field content-Length specifies the size of the body of the entity in bytes. You can no longer use the content-Length header field when transferring Content encoding to entity bodies.
7.5 the Content – the Location
The Content – the Location: http://www.sample.com/index.html Content first field – the Location corresponding to the URI of the message body is given. Unlike the header field Location, content-location indicates the URI of the resource returned by the packet body.
7.6 the Content – the MD5
The Content – MD5: OGFkZDUwNGVhNGY3N2MxMDIwZmQ4NTBmY2IyTY = = first field Content – MD5 is a string of value generated by the MD5 algorithm, the purpose is to check the message subject in the process of transmission is intact, and confirm the transfer.
7.7 the Content – Range
Content-range: bytes 5001-10000/10000 The header field used in the response to a Range request tells the client which part of the entity returned as a response complies with the Range request. Field values, in bytes, represent the current sent portion and the entire entity size.
7.8 the content-type
Content-Type: text/html; Charset =UTF-8 Content-type specifies the media Type of the object in the entity body. As with the header field Accept, the field value is assigned as type/subtype. The charset parameter is assigned using a character set such as ISO-8859-1 or EUC-JP.
7.9 Expires
Expires: Mon, 10 Jul 2017 15:50:06 GMT
- The header field Expires tells the client when the resource Expires.
- The cache server responds to a request with a cache after receiving a response containing the header field Expires. A copy of the response is stored until the Expires field value is specified. When the specified time passes, the cache server turns to the source server to request the resource when the request is sent.
- When the source server does not want the cache server to cache the resource, it is best to write the same time value in the Expires field as in the header field Date.
7.10 Last-Modified
Last-modified: Mon, 10 Jul 2017 15:50:06 GMT The last-modified header field specifies the time when the resource was Last Modified. In general, this value is the request-URI that specifies when the resource is modified. However, for dynamic data processing like CGI scripts, this value can become the time when the data was finally modified.
8. The header field of Cookie service
Header field name | instructions | The first type |
---|---|---|
Set-Cookie | Cookie information used to start state management | Response header field |
Cookie | Cookie information received by the server | Request header field |
8.1 the Set – cookies
Set-Cookie: status=enable; expires=Mon, 10 Jul 2017 15:50:06 GMT; path=/;
The table below lists the field values for set-cookie.
attribute | instructions |
---|---|
NAME=VALUE | The name and value assigned to the Cookie (required) |
expires=DATE | Cookie validity period (defaults to before browser closure if not explicitly specified) |
path=PATH | Use the file directory on the server as the appropriate object for cookies (default to the file directory where the document resides if not specified) |
Domain = domain name | The domain name used as the Cookie object (default if not specified to the domain name of the server that created the Cookie) |
Secure | Cookies are sent only for SECURE HTTPS communication |
HttpOnly | Restrict cookies so that they cannot be accessed by JavaScript scripts |
8.1.1 expires attribute
- The Expires attribute of a Cookie specifies the expiration date that the browser can send the Cookie.
- When the Expires attribute is omitted, it is only valid for the duration of the browser Session. This is usually limited to until the browser application is closed.
- In addition, once a Cookie is sent from the server side to the client, there is no way to explicitly delete the Cookie on the server side. However, the substantial deletion of client cookies can be achieved by overwriting expired cookies.
8.1.2 path attribute
The path attribute of the Cookie can be used to restrict the file directory to which the Cookie can be sent.
8.1.3 domain properties
- The domain name specified by the domain attribute of the Cookie can be matched with the end. For example, if example.com is specified, cookies can be sent by either www.example.com or www2.example.com in addition to example.com.
- Therefore, it is safer not to specify the domain attribute, except to send cookies to multiple specifically specified domains.
8.1.4 secure properties
The secure property of cookies is used to restrict Web pages from sending cookies only when they are connected using HTTPS security.
8.1.5 HttpOnly attribute
- The HttpOnly attribute of cookies is an extension of cookies and makes them unavailable to JavaScript scripts. Its main purpose is to prevent Cookie information theft by cross-site scripting (XSS).
- Cookies can also be read, usually from within the Web page, with the above Settings. JavaScript document.cookie cannot read the content of the cookie with the HttpOnly attribute attached. Therefore, there is no way to hijack cookies with JavaScript in XSS.
8.2 the Cookie
Cookie: status=enable The header field Cookie tells the server that when the client wants HTTP state management support, it will include the Cookie received from the server in the request. When multiple cookies are received, they can also be sent in the form of multiple cookies.
9. Other header fields
HTTP header fields are self-extensible. Therefore, in the application of Web server and browser, there will be various non-standard header fields. The following are the most commonly used header fields.
9.1 X – Frame – the Options
X-frame-options: DENY header X-frame-options belongs to the HTTP response header and is used to control the display of website content in the Frame tag of other Web sites. Its main purpose is to prevent clickjacking attacks. The x-frame-options header field has the following two fields that can be specified:
- DENY: refused to
- SAMEORIGIN: Allows the browsing of pages within a same-origin domain name only. (For example, if you specify the sample.com/sample.html page as SAMEORIGIN, then frames for all pages on sample.com are allowed to load that page, but not for pages on example.com and other domains.)
9.2 X – XSS – Protection
X-xss-protection: 1 header field X-xss-protection belongs to the HTTP response header. It is a countermeasure against cross-site scripting attacks (XSS) and is used to enable or disable the browser’s XSS Protection mechanism. Header field x-xss-protection can be specified as follows:
- 0: Sets XSS filtering to invalid state
- 1: XSS filtering is set to a valid state
9.3 DNT
DNT: 1 header field DNT belongs to the header of HTTP requests. DNT is short for Do Not Track, which means to refuse to collect personal information and is a method to refuse to be tracked by accurate advertisements. DNT of the header field can be specified as follows:
- 0: Consent to be tracked
- 1: Refuse to be tracked
Because the DNT function of the header field is valid, the Web server needs to support DNT accordingly.
9.4 P3P
P3P: CP=”CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND header P3P belongs to the HTTP response header, By using P3P (The Platform for Privacy Preferences) technology, personal Privacy on Web sites can be changed into a form that can only be understood by programs, so as to achieve The purpose of protecting user Privacy. To set up P3P, follow the following steps:
- Step 1: Create P3P privacy
- Step 2: After creating the P3P privacy contrast file, save the file named /w3c/ p3P.xml
- Step 3: Create Compact Policies from P3P Privacy and export them to the HTTP response
Vii. HTTP Response status code (key Analysis)
1. Status code Overview
- The HTTP status code is responsible for representing the return result of the CLIENT’S HTTP request, marking the normal processing of the server, and notifying the error.
- The HTTP status code is as follows
200 OK
, consisting of three digits and a reason phrase. The first digit of the number specifies the response category, and the last two digits are unclassified. - Many of the response status codes returned are incorrect, but the user may not be aware of this. For example, if an error occurs within the Web application, the status code still returns
200 OK
.
2. Status code category
category | The reason the phrase | |
---|---|---|
1xx | Informational(Informational status code) | The received request is being processed |
2xx | Success(Success Status code) | The request is successfully processed |
3xx | Redirection(Redirection status code) | Additional action is required to complete the request |
4xx | Client Error(Client Error status code) | The server cannot process the request |
5xx | Server Error | The server failed to process the request |
We can change the status code defined in RFC2616 or create the status code on the server, as long as the category definition of the status code is followed.
3. Parse common status codes
There are dozens of HTTP status codes. Here are 14 of the most commonly used.
3.1 200 OK
Indicates that the request from the client is processed on the server.
3.2 204 No Content
- The request received on behalf of the server was successfully processed, but the body of the entity is not contained in the response message returned. Also, it is not allowed to return the body of any entity.
- Typically used when only messages need to be sent from the client to the server, and the server does not need to send new message content to the client.
3.3 206 Partial Content
Indicates that the client made a scope request and the server successfully executed that part of the GET request. The response message contains the entity Content specified by the content-range header field.
3.4 301 version Permanently
Permanent redirect. Indicates that the requested resource has been assigned a new URI. In the future, use the URI to which the resource now refers. That is, if the URI corresponding to the resource is already bookmarked, it should be saved again as indicated in the Location header field.
3.5 302 Found
- Temporary redirection. Indicates that the requested resource has been assigned a new URI and the user is expected to access it using the new URI.
- and
301 Moved Permanently
Status codes are similar, but302 Found
Status codes indicate that the resource is not permanently moved, but only temporarily. In other words, the URI of a resource that has been moved may change in the future.
3.6 303 See Other
- Indicates that because another URI exists for the requested resource, the GET method should be used to GET the requested resource.
303 See Othe
R and302 Found
Status codes have the same function, but303 See Other
The status code explicitly states that the client should use the GET method to obtain the resource302 Found
Status codes are different.
3.7 304 Not Modified
- Represents a condition in which the server allows the request to access a resource when the client sends a conditional request, but the condition is not met.
304 Not Modified
When the status code is returned, it does not contain any body of the response.304 Not Modified
Although classified as 3xx, it has nothing to do with redirection.
3.8 307 Temporary Redirect
Temporary redirect. The status code has the same meaning as 302 Found.
3.9 400 Bad Request
- Syntax errors exist in the request packet. When an error occurs, you need to modify the content of the request and send the request again.
- In addition, the browser will look like
200 OK
Treat the status code the same.
3.10 401 Unauthorized
- The request to be sent requires the AUTHENTICATION information that passes the HTTP authentication (BASIC authentication or DIGEST authentication).
- In addition, if the request has been made once before, the user authentication fails.
- Return to contain
401 Unauthorized
The response must contain a WWW-authenticate first challenge user information applicable to the requested resource.
3.11 403 Forbidden
Indicates that access to the requested resource was denied by the server. The server does not need to provide a detailed reason for the rejection. You can also describe the reason in the entity body of the response packet.
3.12 404 Not Found
Indicates that the requested resource cannot be found on the server. In addition, it can be used when the server rejects the request without giving a reason.
3.13 500 Internal Server Error
Indicates that an error occurred on the server side while executing the request. It could be a Web application bug or some temporary glitch.
3.14 503 Service Unavailable
Indicates that the server is temporarily overloaded or is down for maintenance and is unable to process requests at this time. If you know in advance how long it will take to resolve the above situation, it is best to write the retry-after header field and return it to the client.
HTTP packet entities
1. Overview of HTTP packet entities
HTTP packet Structure
Take a closer look at the components in the example above. Next, let’s look at the concepts of messages and entities. If you think of HTTP packets as boxes in an Internet shipping system, then HTTP entities are the actual goods in the packets.
- Packet: a data unit exchanged and transmitted on the network, that is, a data block sent by a site at a time. A message contains complete data information to be sent, and its length is variable and unlimited.
- Entity: Payload data (supplementary items) is transmitted as a request or response and its content consists of an entity header and entity body. (The relevant content of the entity head has been described in the sixth paragraph above.)
We can see that the content in the dark red box on the right is the entity part of the packet, while the two parts in the blue box are the entity head and entity body respectively. The pink box on the left is the message body. Generally, the message body is equal to the entity body. Only when the encoding operation is carried out in transmission, the content of the entity body changes, causing it to be different from the packet body.
2. Content coding
- HTTP applications sometimes need to encode content before sending it. For example, the server might compress a large HTML document before sending it to a client over a slow connection, which helps reduce the time it takes to transfer the entity. The server can also scramble or encrypt the content to prevent unauthorized third parties from seeing the contents of the document.
- This type of encoding is applied to the content by the sender. When the content is content-encoded, the encoded data is placed in the entity body and sent to the recipient as usual.
Content encoding type:
encoding | describe |
---|---|
gzip | Indicates that the entity uses GNU ZIP encoding |
compress | Indicates that the entity uses a Unix file compression program |
deflate | Indicates that the entity is compressed in zlib format |
identity | Indicates that the entity is not encoded. This Encoding mode is used by default when there is no content-Encoding header field |
3. Transmission coding
Content encoding is a reversible transformation of the main body of the message, which is closely related to the details of the specific format of the content. Transport encodings are also reversible transformations on entity bodies, but they are used for architectural reasons, independent of the format of the content. Transport encoding is used to change the way data in messages is transmitted over the network.
Content encoding versus transport encoding
4. Block coding
Block coding divides a message into chunks of known size. Blocks are sent next to each other, so you don’t need to know the size of the entire message before sending it. Block coding is a transmission code and an attribute of a message.
If there is no persistent connection between the client and the server, the client does not need to know the length of the principal it is reading, but only needs to read until the server closes the principal connection. When using persistent connections, the server must know its size and send it in the Content-Length header before writing the body. If the server creates content on the fly, it may not know the length of the body until it is sent. Chunking coding provides a solution to this difficulty by allowing the server to send the body in chunks, stating the size of each chunk. Because the body is created dynamically, the server can buffer a portion of it, send its size and corresponding blocks, and then repeat the process before the body is finished sending. The server can signal the end of the body with a block of size 0 so that the connection can continue in preparation for the next response. Let’s look at an example of a block-coded message: \
Block coded packets
5. Multi-part media types
A multipart E-mail message in MIME contains multiple messages that are sent together as a single complex message. Each part is independent, with its own set of descriptions of its contents, and the different parts are connected by a delimited string. Accordingly, THE HTTP protocol also adopts the multi-part object set, and a packet body can contain multiple types of entities. The multi-part object collection contains the following objects:
- Multipart /form-data: used when uploading Web form files.
- Multipart/Byteranges: indicates the status code
206 Partial Content
Used when the response message contains multiple ranges of content.
6. Scope request
Let’s say you are downloading a very large file, and you are three quarters of the way down, when the Internet goes down and you have to start all over again. To solve this problem, you need a recoverable mechanism that can recover a download from a previous download break. To do this, you use a range request. With scope requests, AN HTTP client can resume downloading an entity by requesting a scope (or part of it) of the entity that failed to obtain it. This assumes, of course, that the object has not changed between the time the client last requested the entity and the time the scope request was made. Such as:
支那
HTML HTTP/1.1 Host: www.sample.com Range: bytes=20224- ···Copy the code
Example entity scope request
In the example above, the client is requesting after the first 20224 bytes of the document.
Web servers that collaborate with HTTP
In addition to clients and servers, there are applications that facilitate HTTP communication. The important ones are listed as follows: proxy, cache, gateway, tunnel, and Agent Agent.
1. The agent
The agent
HTTP proxy server is an important component of Web security, application integration and performance optimization. The proxy sits between the client and the server, receiving all HTTP requests from the client and forwarding them to the server (with possible modifications). To the user, these applications act as proxies to access the server on behalf of the user. For security reasons, proxies are typically used as trusted intermediate nodes that forward all Web traffic. The proxy can also filter requests and responses to secure or green Internet access.
2. The cache
First request from the browser: \
First request from the browser
The browser asks again: \
The browser requests again
The Web cache or proxy cache is a special HTTP proxy server that copies and stores commonly used documents that are transferred through the proxy. The next client that requests the same document can take advantage of the cached private copy. Clients can download documents much faster from a nearby cache than from a remote Web server.
3. The gateway
HTTP/FTP gateway
A gateway is a special type of server that acts as an intermediary entity for other servers. Usually used to convert HTTP traffic to other protocols. The gateway receives requests as if it were the source server for the resource. The client may not be aware that it is communicating with a gateway.
4. The tunnel
HTTP/SSL tunnel
\
A tunnel is an HTTP application that blindly forwards raw data between two connections once it is established. HTTP tunnels are usually used to forward non-HTTP data over one or more HTTP connections without snooping on the data. A common use of HTTP tunneling is to carry encrypted Secure Sockets Layer (SSL) traffic over HTTP connections so that SSL traffic can pass through a firewall that only allows Web traffic.
5. The Agent Agent
Automatic search engine “Web spider”
Agent An Agent is a client application program that initiates HTTP requests on behalf of users. All applications that publish Web requests are HTTP Agent proxies.
conclusion
Today’s sharing ends here, learning is a continuous thing, so I will continue to update the article, if this article is a little help to you is my greatest happiness, if you also love learning iOS, you might as well click the circle to join us, communicate with each other, learn from each other. I will also share some interview materials in the group from time to time. Finally, ask for a wave of attention and likes.
The original link