HTTP Protocol Overview
HTTP functions as a request–response protocol in the client–server computing model.A web browser, for example, may be the client and an application running on a computer hosting a website may be the server.The client submits an HTTP request message to the server.The server, which provides resources such as HTML files and other content, or performs other functions on behalf of the client, returns a response message to the client.
The response contains completion status information about the request and may also contain requested content in its message body.
HTTP proxy servers at private network boundaries can facilitate communication for clients without a globally routable address,
by relaying messages with external servers.
HTTP is an application layer protocol designed within the framework of the Internet protocol suite. Its definition presumes an underlying and reliable transport layer protocol,and Transmission Control Protocol (TCP) is commonly used. However, HTTP can be adapted to use unreliable protocols such as the User Datagram Protocol (UDP), for example in HTTPU and Simple Service Discovery Protocol (SSDP).
HTTP Session State : HTTP is a stateless protocol. A stateless protocol does not require the HTTP server to retain information or status about each user for the duration of multiple requests. However, some web applications implement states or server side sessions using for instance HTTP cookies or hidden variables within web forms. HTTP is called a stateless protocol because each command is executed independently, without any knowledge of the commands that came before it. This is the main reason that it is difficult to implement Web sites that react intelligently to user input.
This shortcoming of HTTP is being addressed in a number of new technologies, including ActiveX, Java, JavaScript and cookies.
HTTP Status Codes and Error Messages: Errors on the Internet can be quite frustrating — especially if you do not know the difference between a 404 error and a 502 error. These error messages, also called HTTP status codes are response codes given by Web servers and help identify the cause of the problem.
For example, “404 File Not Found” is a common HTTP status code. It means the Web server cannot find the file you requested.
This means the webpage or other document you tried to load in your Web browser has either been moved or deleted, or you entered the wrong URL or document name.Knowing the meaning of the HTTP status code can help you figure out what went wrong. On a 404 error, for example, you could look at the URL to see if a word looks misspelled,
then correct it and try it again. If that doesn’t work, backtrack by deleting information between each backslash,
until you come to a page on that site that isn’t a 404. From there you may be able to find the page you’re looking for.
Custom 404 Error Pages : Many websites create custom 404 error pages that will help users locate a valid page or document within the website.
HTTP authentication : HTTP provides multiple authentication schemes such as basic access authentication and digest access authentication which operate via a challenge-response mechanism whereby the server identifies and issues a challenge before serving the requested content.HTTP provides a general framework for access control and authentication, via an extensible set of challenge-response authentication schemes, which can be used by a server to challenge a client request and by a client to provide authentication information.
Request methods: An HTTP 1.1 request made using telnet. The request message, response header section, and response body are highlighted.
HTTP defines methods to indicate the desired action to be performed on the identified resource.
The HTTP/1.0 specification defined the methods :
GET, HEAD and POST
The HTTP/1.1 specification added five new methods:
OPTIONS, PUT, DELETE, TRACE and CONNECT.
By being specified in these documents, their semantics are well-known and can be depended on. Any client can use any method and the server can be configured to support any combination of methods. If a method is unknown to an intermediate, it will be treated as an unsafe and non-idempotent method. There is no limit to the number of methods that can be defined and this allows for future methods to be specified without breaking existing infrastructure.
Note : Method names are case sensitive.This is in contrast to HTTP header field names which are case-insensitive.
Small Overview of each methods :
GET : The GET method requests a representation of the specified resource. Requests using GET should only retrieve data and should have no other effect.
(This is also true of some other HTTP methods.)
HEAD : The HEAD method asks for a response identical to that of a GET request, but without the response body. This is useful for retrieving meta-information written in response headers, without having to transport the entire content.
POST : The POST method requests that the server accept the entity enclosed in the request as a new subordinate of the web resource identified by the URI.
PUT : The PUT method requests that the enclosed entity be stored under the supplied URI. If the URI refers to an already existing resource, it is modified;
if the URI does not point to an existing resource, then the server can create the resource with that URI.
DELETE : The DELETE method deletes the specified resource.
TRACE : The TRACE method echoes the received request so that a client can see what (if any) changes or additions have been made by intermediate servers.
OPTIONS : The OPTIONS method returns the HTTP methods that the server supports for the specified URL. This can be used to check the functionality of a web server by requesting ‘*’ instead of a specific resource.
CONNECT : The CONNECT method converts the request connection to a transparent TCP/IP tunnel, usually to facilitate SSL-encrypted communication (HTTPS) through an unencrypted HTTP proxy.
PATCH : The PATCH method applies partial modifications to a resource.
All general-purpose HTTP servers are required to implement at least the GET and HEAD methods, and all other methods are considered optional by the specification.
Response Message : The response message consists of the following:
A status line which includes the status code and reason message (e.g., HTTP/1.1 200 OK, which indicates that the client’s request succeeded.)
response header fields (e.g., Content-Type: text/html) an empty line
an optional message body,The status line and other header fields must all end with <CR><LF>.
The empty line must consist of only <CR><LF> and no other whitespace. This strict requirement for <CR><LF> is relaxed somewhat within message bodies for consistent use of other system line breaks such as <CR> or <LF> alone.
About HTTPS : A similar abbreviation, HTTPS means Hyper Text Transfer Protocol Secure. Basically, it is the secure version of HTTP. Communications between the browser and website are encrypted by Transport Layer Security (TLS), or its predecessor, Secure Sockets Layer (SSL).
