031.3 HTTP Basics Flashcards
Defines how a client asks the server for a specific resource and is the set of rules that define how the client application should format
request messages that will be sent to the server.
HypterText Transfer Protocol (HTTP)
the client creates a request message identifying the
resource it needs and forwards that message to the server via the network.
HTTP Request
server evaluates where to extract the requested resource and sends a response message back to
the client. The reply message contains details about the requested resource, followed by the
resource itself
HTTP Response
Follows HTTP rules to interpret the request and format reply messages.
Server (serves requests - duh)
The part of the message that defines the resource details and other context information
Header
The part following the header that contains the content of the corresponding resource is called the
Both request messages and response messages can have these but in most cases only the response message has one.
payload
of the message.
The first stage of an HTTP data exchange between the client and the server is initiated by this entity when it writes a request message to the server.
client
encrypted version of HTTP
The protocol: HyperText Transfer Protocol Secure (https)
s an address that points to a resource on the
Internet. This resource is usually a file that can be copied from a remote server, but
URLs can also indicate dynamically generated content and data streams.
A Uniform Resource Locator (URL)
Before contacting the server, the client needs to convert learning.lpi.org to its corresponding
IP address. The client uses another Internet service to request the IP address of a host name from one or more of these - that are automatically defined by the Internet Service Provider, ISP
The Domain Name System (DNS)
The client tries to connect to the HTTP or HTTPS port with server’s
IP address
Identified by numbers and intertwine and identify distinct communication channels within a client/server connection.
Transmission Control Protocol (TCP)
Port 80
HTTP
Port 443
HTTPS
For audio and video protocols used by web applications to implement audio and video calls and is a lower level protocol that is more efficient than HTTP for transferring data streams in both directions.
WebSockets
The encrypted connection is established between client and server even before
any HTTP message is exchanged, using
TLS
Transport Layer Security
Interpreted by the server as the location or path for the resource being requested
/en/
english
defines what operation the client wants to perform on the server
HTTP method
This method informs the server that the client requests the resource
GET
Most recent version of HTTP protocol wherby messages are encoded in a binary structure whereas message encoded in HTTP/1 are sent in plain text
HTTP/2
May appear redundant because the server’s host has obviously been identified by the client in order to establish the connection and its reasonable to assume that the server knows its identity
Host header field.
it is important to inform the host of the expected host name in the request header because it is common practice to use the same HTTP server to host more than one website
Virtual Host
Header field contains details about the client program making the request and this field can be used by the server to adapt the response to the needs of a specific client but is more often used to produce statistics about the clients using the server
User-Agent
Of more immediate value because it informs the server about the format for the requested resource and this resource can specify / as the format
Accept field
Field that indicates the size in bytes of the payload
Content-Length
Field that indicates the format of the payload
Content-Type
One of the most commonly used in traditional HTML forms that use the POST method and each field inserted in the request’s payload is separated by the code indicated by the boundary keyword
multipart/form-data
Method should only be used when appropriate as it uses a slightly larger amount of data than an equivalent request made with the GET method
POST method
method sends the parameters
directly in the request’s message header, the total data exchange has a lower latency, because an
additional connection stage to transmit the message body will not be necessary
GET method
The request was received, continuing to process
1xx(Informational)
The request was successfully received, understood and accepted
2xx(Successful)
Further action needs to be taken in order to complete the request
3xx(Redirection)
The request contains bad syntax or cannot be fulfilled.
4xx (Client Error)
The server failed to fulfill an apparently valid request.
5xx (Server Error)
indicates that the request could be answered without any problems.
200 (OK)
The target resource has been assigned a new permanent URL, provided by the Location
header field in the response
301 Moved Permanently
The target resource resides temporarily under a different URL.
302 Found
The request has not been applied because it lacks valid authentication credentials for the target
resource.
401 Unauthorized
The Forbidden reponse indicates that, although the request is valid, the server is configured to
not provide it.
403 Forbidden
The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.
404 Not Found
The server encountered an unexpected condition that prevented it from fulfilling the request.
500 Internal Server Error
The server, while acting as a gateway or proxy, received an invalid response from an inbound
server it accessed while attempting to fulfill the request.
502 Bad Gateway
that is, the path indicated in the request message corresponds to a file on the server’s local file system
static content
that is, the HTTP server forwards the request to another program—probably a script‒to build the
response from different sources, such as databases and other files.
dynamic content
it is important to adopt some content caching strategy to avoid the redundant
transfer of previously downloaded content.
caching
used by more than a single client. For example, a large content provider might
use caches on geographically distributed servers, so that clients get the data from their nearest
server. Once a client has made a request and its response was stored in a shared cache, other
clients making that same request in that same area will received the cached response
shared cache
created by the client itself for its exclusive use. It is the type of caching the web
browser does for images, CSS files, JavaScript, or the HTML document itself, so they don’t need to
be downloaded again if requested in the near future.
the client consults the response header and verifies whether the content in the local cache still corresponds to the current remote content - if it does the client waives the trasfer of the response payload and uses the local version
private cache
A request using the this method, for
example, implies a response associated exclusively with that particular request, so
its response content should not be reused.
POST method
only responses to requests
made using the GET method are cached.
By default
Only these status codes are suitable for cacheing
200 (OK)
206 (Partial Content)
301 (Moved Permanently)
404 (Not Found)
The most traditional method that allows the server to associate different requests to a single client and are an id tag that is given to the client by the server and that is provided in the HTTP header.
allow the server to preserve info about a specific client - even if the person running the client does not identify himself/herself explicitly
it is possible to implement sessions where logins, shopping carts, preferences, etc., are preserved in between different requests made to the same server that provided them.
used to track user browsing, so it is important to ask for consent before sending them
cookies
The server sets the cookie in the response header using the
Set-Cookie field
The field value of the Set-Cookie field is a pair chosen to represent some attribute associated with a specific client
name=value
What HTTP method does the following request message use?
POST /cgi-bin/receive.cgi HTTP/1.1
Host: learning.lpi.org
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:87.0) Gecko/20100101 Firefox/87.0
Accept: /
Content-Length: 27
Content-Type: application/x-www-form-urlencoded
The Post method
When an HTTP server hosts many websites, how is it able to identify which one a request is
for?
The Host field in the request header provides the targeted website
What parameter is provided by the query string of the URL https://www.google.com/
search?q=LPI?
The parameter named q with a value of LPI.
Why is the following HTTP request not suitable for caching?
POST /cgi-bin/receive.cgi HTTP/1.1
Host: learning.lpi.org
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:87.0) Gecko/20100101 Firefox/87.0
Accept: /
Content-Length: 27
Content-Type: application/x-www-form-urlencodencoded
Because requests made with the POST method imply a write operation on the server, they should not be cached
How could you use the web browser to monitor the requests and responses made by an HTML
page?
All popular browsers offer development tools that, among other things, can show all network transactions that have been carried out by the current page
HTTP servers that provide static content usually map the requested path to a file in the server’s filesystem. What happens when the path in the request points to a directory?
It depends on how the server is configured. By default, most HTTP servers look for a file named index.html (or another predefined name) in that same directory and send it as the response. If the file isn’t there, the server issues a 404 Not Found response.
The contents of files sent over HTTPS are protected by encryption, so they cannot be read by computers between the client and the server. Despite this, can these computers in the middle identify which resource the client has requested from the server?
No, because the request and response HTTP headers themselves are also encrypted by TLS.
