The HTTP and Web

Web and HTTP
2018/2019Gouasmia Zakaria
Master Computer Science
- Information Security -
Gouasmia.zakaria1@gmail.com

What is HTML ?
• HTML: hypertext markup language
–Definitions of tags that are added to Web
documents to control their appearance

Website is
• a group of World Wide Web pages usually
containing hyperlinks to each other and made
available online by an individual, company,
educational institution, government, or
organization

The TCP/IP protocol layers
Application
Transport
Internet
Data link
Physical
Get useful work done – retrieve Web pages, copy files,
send and receive email, etc.
Make client-server connections and optionally control
transmission speed, check for errors, etc.
Route packets between networks
Route data packets within the local area network
Specify what medium connects two nodes, how
binary ones and zeros are differentiated, etc,
The application program is king – it gets work done using the lower level
layers for communication between the client and server.

What is URL ?
Is the address of a resource (such as a document or
website) on the Internet that consists of a
communications protocol followed by the name or
address of a computer on the network and that often
includes additional locating information (such as
directory and file names)

URL (Uniform Resource Locator)

WHAT IS A protocol ?
• In diplomatic circles, a protocol is the set of rules
governing a conversation between people
• We have seen that the client and server carry on
a machine-to-machine conversation
• A network protocol is the set of rules governing a
conversation between a client and a server
• There are many protocols, HTTP is just one

• I would like to open a
connection
• GET <file location>
• Display response
• Close connection
• OK
• Send page or error message
• OK
Client Server
HTTP is the set of rules governing the format and content of the
conversation between a Web client and server
An HTTP conversation

HTTP is an application layer protocol
• The Web client and the Web server are application programs
• Application layer programs do useful work like retrieving Web pages,
sending and receiving email or transferring files
• Lower layers take care of the communication details
• The client and server send messages and data without knowing
anything about the communication network

The application layer is boss – the top layer
• Your boss says: Send this package to Miami -- I don't care if you use Federal
Express, UPS, or any other means. Also, let me know when it arrives or if it
cannot be delivered for some reason.
• The application program says: Send this request to the server -- I don't care
how you do it or whether it goes over phone lines, radio, or anything else
about the details. Just send the message, and let me know when it arrives or if
it cannot be delivered for some reason.
Layer Function
Application Do useful work like Web browsing, email,
and file transfer
Lower layers Handle communication between the client
and server
There are five TCP/IP layers, the application layer and four lower layers.

Many application layer protocols are used on
the Internet, HTTP is only one
Protocol Application
HTTP: Hypertext Transfer Retrieve and view Web pages
FTP: File Transfer
Copy files from client to server
or from server to client
SMTP: Simple Mail
Transport
Send email
POP: Post Office Read email

The Hypertext Transfer Protocol (HTTP) is an
application protocol for distributed, collaborative,
hypermedia information systems. HTTP is the
foundation of data communication for the World
Wide Web.

HTTP IS
• is connectionless protocol
• Can deliver any sort of data
• Is stateless

1. HTTP follows a classical "client-server" model
2. HTTP is a TCP/IP based communication protocol
3. The standard port for HTTP connections is port 80
4. The version of HTTP in common use is HTTP/1.1
HTTP/2 was published in May 2015

HTTP is used to transmit resources. A resource is
some of information that can be identified by a URL
(it's the R in URL). The most common kind of
resource is a file, but a resource may also be a
dynamically-generated query result, the output of a
CGI script, a document that is available in several
languages, or something else...

PPT OUR COURSE 2-23
HTTP connections
non-persistent HTTP
• at most one object sent
over TCP connection
– connection then
closed
• downloading multiple
objects required
multiple connections
persistent HTTP
• multiple objects can
be sent over single
TCP connection
between client, server

PPT OUR COURSE 2-24
Non-persistent HTTP
suppose user enters URL:
1a. HTTP client initiates TCP
connection to HTTP server
(process) at
www.someSchool.edu on port
80
2. HTTP client sends HTTP
request message (containing
URL) into TCP connection
socket. Message indicates
that client wants object
someDepartment/home.inde
x
1b. HTTP server at host
www.someSchool.edu
waiting for TCP connection
at port 80. “accepts”
connection, notifying client
3. HTTP server receives
request message, forms
response message
containing requested object,
and sends message into its
sockettime
(contains text,
references to 10
jpeg images)
www.someSchool.edu/someDepartment/home.index

PPT OUR COURSE 2-25
Non-persistent HTTP (cont.)
5. HTTP client receives response
message containing html file,
displays html. Parsing html file,
finds 10 referenced jpeg objects
6. Steps 1-5 repeated for each
of 10 jpeg objects
4. HTTP server closes TCP
connection.
time

PPT OUR COURSE 2-26
Non-persistent HTTP: response time
RTT (definition): time for a small
packet to travel from client to
server and back
HTTP response time:
• one RTT to initiate TCP
connection
• one RTT for HTTP request and
first few bytes of HTTP
response to return
• file transmission time
• non-persistent HTTP response
time =
2RTT+ file transmission
time
time to
transmit
file
initiate TCP
connection
RTT
request
file
RTT
file
received
time time

PPT OUR COURSE 2-27
Persistent HTTP
non-persistent HTTP
issues:
• requires 2 RTTs per object
• OS overhead for each TCP
connection
• browsers often open
parallel TCP connections to
fetch referenced objects
persistent HTTP:
 server leaves connection
open after sending
response
 subsequent HTTP
messages between same
client/server sent over
open connection
 client sends requests as
soon as it encounters a
referenced object
 as little as one RTT for all
the referenced objects

HTTP session consists of three phases:
1- The client establishes a TCP connection
2- The client sends its request and then waits for the answer.
3- The server processes the request and sends back its answer,
containing a status code and the appropriate data.
The connection is closed.

HTTP supports several different request commands, called
HTTP methods. Every HTTP request message has a method.
The method tells the server what action to perform.
Methods

Methods
Method Description
GET Retrieve information from the server.
HEAD
Same as GET, but transfers the status line
and header section only.
POST Send data to the server for processing.
PUT
Store the body of the request on the
server.
DELETE Remove a document from the server.
TRACE
Trace the message through proxy servers
to the server.
OPTION
Determine what methods can operate on
a server.
CONNECT
Converts the request connection to a
transparent TCP/IP tunnel.
PATCH Applies partial modifications to a resource

The message format consists of the following 3 items.
Start-line
Header Fields
Message Body

2-36
HTTP request message
• two types of HTTP messages: request, response
• HTTP request message:
– ASCII (human-readable format)
request line
(GET, POST,
HEAD commands)
header
lines
carriage return,
line feed at start
of line indicates
end of header lines
GET /index.html HTTP/1.1rn
Host: www-net.cs.umass.edurn
User-Agent: Firefox/3.6.10rn
Accept: text/html,application/xhtml+xmlrn
Accept-Language: en-us,en;q=0.5rn
Accept-Encoding: gzip,deflatern
Accept-Charset: ISO-8859-1,utf-8;q=0.7rn
Keep-Alive: 115rn
Connection: keep-alivern
rn
carriage return character
line-feed character
* Check out the online interactive exercises for more
examples: http://gaia.cs.umass.edu/kurose_ross/interactive/

2-37
HTTP request message: general format
request
line
header
lines
body
method sp sp cr lfversionURL
cr lfvalueheader field name
cr lfvalueheader field name
~~ ~~
cr lf
entity body~~ ~~

2-38
HTTP response message
status line
(protocol
status code
status phrase)
header
lines
data, e.g.,
requested
HTML file
HTTP/1.1 200 OKrn
Date: Sun, 26 Sep 2010 20:09:20 GMTrn
Server: Apache/2.0.52 (CentOS)rn
Last-Modified: Tue, 30 Oct 2007 17:00:02
GMTrn
ETag: "17dc6-a5c-bf716880"rn
Accept-Ranges: bytesrn
Content-Length: 2652rn
Keep-Alive: timeout=10, max=100rn
Connection: Keep-Alivern
Content-Type: text/html; charset=ISO-8859-
1rn
rn
data data data data data ...
* Check out the online interactive exercises for more
examples: http://gaia.cs.umass.edu/kurose_ross/interactive/

Status Codes
1xx Informational
2xx Success
3xx Redirection
4xx Client Error
5xx Server Error

START LINES
All HTTP messages begin with a start line. The start line for a
request message says ‘what to do ’ . The start line for a
response message says what happened.
GET /hello.htm HTTP/1.1 (This is Request-Line sent by the client)
HTTP/1.1 200 OK (This is Status-Line sent by the server)

message-header = field-name ":" [ field-value ]
HTTP message headers are used to precisely describe the
resource being fetched or the behavior of the server or the
client. There are four types of HTTP message headers:
1- General headers have general applicability for both request and
response messages.
2-Request headers provide more information about the request.
3- Response headers provide more information about the request.
4-Entity headers define meta information about the entity-body or, if
no body is present, about the resource identified by the request.
Headers

Body
The message-body (if any) of an HTTP message is used to
carry the entity-body associated with the request or
response. The message-body differs from the entity-body
only when a transfer-coding has been applied, as indicated
by the Transfer-Encoding header field

"Tell me and I forget. Show me and I
remember. Involve me and I understand."
Chinese proverb

What is Telnet
•
Telnet is a user command and an underlying TCP/IP protocol
for accessing remote computers. Through Telnet, an
administrator or another user can access someone else's
computer remotely. On the Web, HTTP and FTP protocols
allow you to request specific files from remote computers,
but not to actually be logged on as a user of that computer.
With Telnet, you log on as a regular user with whatever
privileges you may have been granted to the specific
application and data on that computer.

Other Example
• rainmaker.wunderground.com :: weather via
telnet!
• nyancat.dakko.us :: art animation
• telehack.com :: talk to Eliza

Latest version is http 2
The world with http 1.1 and http 2

1- HTTPS URLs begin with "https://" and use port 443 by default,
whereas HTTP URLs begin with "http://" and use port 80 by
default.
2- HTTP is not encrypted and is vulnerable to man-in-the-middle
and eavesdropping attacks, which can let attackers gain access to
website accounts and sensitive information, and modify webpages
to inject malware or advertisements.
3- HTTPS is designed to withstand such attacks and is considered
secure against them (with the exception of older, deprecated
versions of SSL).

- Deploying HTTPS also allows the use of HTTP/2, that are new
generations of HTTP, designed to reduce page load times and
latency.
- Netscape Communications created HTTPS in 1994 for its Netscape
Navigator web browser.Originally, HTTPS was used with the SSL
protocol.
As of April 5th, 2016, 41.7% of the Internet's 141,160 most popular
websites have a secure implementation of HTTPS.

• Web browsers know how to trust HTTPS websites based on
certificate authorities that come pre-installed in their
software. Certificate authorities (such as Symantec(verisign),
Comodo, Go Daddy and Global Sign) are in this way being
trusted by web browser creators to provide valid certificates.

Everything in the HTTPS message is encrypted, including the
headers, and the request/response load. The attacker can only
know that a connection is taking place between the two parties
and their domain names and IP addresses.

For example, Google’s search engine now defaults to HTTPS
connections. This means that people can’t see what you’re
searching for on Google.com

Architectural Components of the Web
• In this overview chapter, we've focused on how two web
applications (web browsers and web servers) send messages
back and forth to implement basic transactions. There are
many other web applications that you interact with on the
Internet. In this section, we'll outline several other important
applications, including:

• Proxies : HTTP intermediaries that sit between clients and
servers
• Caches : HTTP storehouses that keep copies of popular web
pages close to clients.
• Gateways : Special web servers that connect to other
applications .
• Tunnels : Special proxies that blindly forward HTTP
communications
• Agents : Semi-intelligent web clients that make automated
HTTP requests

The End of the Beginning
• That's it for our quick introduction to HTTP. In this chapter, we
highlighted HTTP's role as a multimedia transport protocol.
We outlined how HTTP uses URIs to name multimedia
resources on remote servers, we sketched how HTTP request
and response messages are used to manipulate multimedia
resources on remote servers, and we finished by surveying a
few of the web applications that use HTTP.

The HTTP and Web

More Related Content

What's hot (20)

Similar to The HTTP and Web (20)

Recently uploaded (20)

The HTTP and Web