Lecture 3: HyperText Transfer Protocol(HTTP)

Dr. Victor ODUMUYIWA

[email protected]
Learning Objectives

At the end of this lecture, you should be able to:

• Demonstrate a good understanding of HTTP methods

• Explain how HTTP headers control the behaviour of Web-based

applications

• Choose either an application-based solution or a browser-based solution

that addresses the shortcomings of HTTP
HTTP Defined

• HTTP is a client-server communication protocol for distributed,

collaborative hypermedia information systems
• It is the foundation of data communication for the world wide web
• It functions as a request-response protocol in a client-server computing
model
• The client submits an HTTP request message to the server
• The server returns a response message to the client. A response
contains completion status information about the request and may
contain any content requested by the client in its message body.
Internet Protocol Suites (TCP/IP)
Internet Protocol suite
Application layer
BGP, DHCP, DNS, FTP, HTTP, IMAP, IRC,LDAP, MGCP, NNTP, NTP, POP, RIP, RPC,
RTP, SIP, MIME
SMTP, SNMP, SOCKS, SSH, Telnet, TLS/SSL, XMPP

Transport layer
TCP, UDP, DCCP, SCTP, RSVP, ECN

Internet layer
IP (IPv4 • IPv6), ICMP, ICMPv6, IGMP, Ipsec

Link layer
ARP/InARP, NDP, OSPF, Tunnels (L2TP), PPP, Media access
control (Ethernet • DSL •ISDN • FDDI)

4
Basic Features
• HTTP is connectionless
• Client establishes a connection and closes it after a request has been made
• Server processes the request and re-establish the connection to send response to
the client
• It is a stateless protocol
• Server and client are only aware of each other only when a connection is initiated
i.e. during a current request
• After that they forget about each other
• It is media independent
• Any type of data could be sent by HTTP as long as the client and the server can
handle the data type
• Both client and server must specify the content type using appropriate MIME-type.

5
Basic Architecture

• HTTP/1.0 uses a new connection

for each request/response
exchange where as

• HTTP/1.1 connection may be used

for one or more request/response
exchanges.
HTTP Parameters

• Version
• URI
• Date/time formats
• Character sets
• Content encoding
• Media types
• Language tags
Version

• HTTP uses a <major>.<minor> numbering scheme to indicate versions of

the protocol.

• The HTTP version of an application is the highest HTTP version for which the
application is at least conditionally compliant.

HTTP-Version = "HTTP" "/" 1*DIGIT "." 1*DIGIT

HTTP/1.0 or HTTP/1.1
Date/time formats

All HTTP date/time stamps MUST be represented in Greenwich Mean Time

(GMT), without exception. HTTP applications are allowed to use any of the
following three representations of date/time stamps

Sun, 06 Nov 1994 08:49:37 GMT ; RFC 822, updated by RFC 1123

Sunday, 06-Nov-94 08:49:37 GMT ; RFC 850, obsoleted by RFC 1036

Sun Nov 6 08:49:37 1994 ; ANSI C's asctime() format

Character set

• To specify the character sets that the client prefers.

• Multiple character sets can be listed separated by commas.

• If a value is not specified, the default is US-ASCII.

Example
US-ASCII
or
ISO-8859-1
Content Encoding

• A content encoding values indicate an encoding algorithm has been used to encode the
content before passing it over the network.
• Content encodings are primarily used to allow a document to be compressed or otherwise
usefully transformed without losing the identity
• HTTP/1.1 uses content-coding values in the Accept-Encoding and Content-Encoding header
fields

Example
Accept-encoding: gzip
or
Accept-encoding: compress
Media Types

• HTTP uses Internet Media Types in the Content-Type and Accept header fields in
order to provide open and extensible data typing and type negotiation.
• All the Media-type values are registered with the Internet Assigned Number
Authority (IANA).

media-type = type "/" subtype *( ";" parameter )

Accept: image/gif
Language tags

• HTTP uses language tags within the Accept-Language and Content-

Language fields.
• A language tag is composed of 1 or more parts: A primary language tag and a
possibly empty series of subtags:

primary-tag *( "-" subtag )

Sample tags

en, en-US, en-cockney, i-cherokee, x-pig-latin

HTTP Messages

• HTTP operates by exchanging messages across a reliable TCP/IP connection

• HTTP messages are exchanged between clients and servers

• HTTP messages are passed in a format similar to that used by Internet mail
and the Multipurpose Internet Mail Extensions (MIME)

<Request> | <Response> ; HTTP/1.1 messages

HTTP Message Format

HTTP request and HTTP response use a generic message format consisting
of the following four items:
• A Start-line
• Zero or more header fields followed by CRLF
• An empty line (i.e., a line with nothing preceding the CRLF) indicating the end of
the header fields
• Optional message-body
HTTP Message Format

HTTP request and HTTP response use a generic message format consisting
of the following four items:
• A Start-line
• Zero or more header fields followed by CRLF
• An empty line (i.e., a line with nothing preceding the CRLF) indicating the end of
the header fields
• Optional message-body
HTTP Message Start-Line

• It contains a Request-Line or a Status-Line

GET /index.htm HTTP/1.1 (This is Request-Line sent by the client)

HTTP/1.1 200 OK (This is Status-Line sent by the server)

HTTP Headers

• HTTP headers carry information about behaviour and application state

between the browser and the server

• The headers sent by the browser notify the web server of the browser’s
capabilities.

• The headers sent by the web server tell the browser how to treat the content.
HTTP Headers Types
There are four types of HTTP message headers:

• General-header: have general applicability for both request and response messages.

• Request-header: applicable only for request messages.

• Response-header: applicable only for response messages.

• Entity-header: defines meta-information about the entity-body or, if no body is present

field-name ":" [ field-value ]

Host: www.example.com
HTTP Message Body

• It is optional
• It carries the entity-body associated with the request or response
• If entity body is associated, Content-Type and Content-Length headers lines
specify the nature of the body associated.
HTTP Request

Request Start-Line Syntax

Method SP Request-URI SP HTTP-Version CRLF

• The request method indicates the method to be performed on the resource

identified by the given request-URI.

• Methods are case-sensitive and should always be indicated in uppercase.

HTTP Methods

The following methods are supported in HTTP/1.1 :

• GET: requests a representation of the specified resource.

• HEAD: asks for the response identical to the one that would correspond to a GET
request, but without the response body

• POST: submits data to be processed (e.g., from an HTML form) to the identified
resource

• PUT: uploads a representation of the specified resource

22
HTTP Methods Contd.

• DELETE: deletes the specified resource

• TRACE: echoes back the received request, so that a client can see what (if any)
changes or additions have been made by intermediate servers

• OPTIONS: returns the HTTP methods that the server supports for specified URL

• CONNECT: converts the request connection to a transparent TCP/IP tunnel, usually

to facilitate SSL-encrypted communication (HTTPS) through an unencrypted HTTP
proxy
HTTP Request Headers

• Accept-Charset • If-None-Match
• Accept-Encoding • If-Range
• Accept-Language • If-Unmodified-Since
• Authorization • Max-Forwards
• Expect • Proxy-Authorization
• From • Range
• Host • Referer
• If-Match • TE
• If-Modified-Since • User-Agent
Common HTTP Request (Browser) Headers

• Accept-Encoding: gzip, deflate

• Connection: Keep-Alive

• If-* headers

• Cache-Control or Pragma no-cache

HTTP Request Example

GET /index.htm HTTP/1.1 POST /cgi-bin/process.cgi HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE5.01; User-Agent: Mozilla/4.0 (compatible; MSIE5.01;
Windows NT) Windows NT)

Host: www.example.com Host: www.example.com

Content-Type: application/x-www-form-
Accept-Language: en-us
urlencoded
Accept-Encoding: gzip, deflate
Content-Length: length
Connection: Keep-Alive
Accept-Language: en-us
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
licenseID=string&content=string&/paramsXML=str
ing
HTTP Request Header
(http://localhost/400level2014-2015/forms/biodata.html)

Host: localhost

User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Referer: http://localhost/400level2014-2015/forms/biodata.html
HTTP Response

Status-Line Syntax

HTTP-Version SP Status-Code SP Reason-Phrase CRLF

HTTP Response Headers
• Accept-Ranges

• Age

• ETag

• Location

• Proxy-Authenticate

• Retry-After

• Server

• Vary

• WWW-Authenticate
Common HTTP Response (Server) Headers

• Connection: Keep-Alive/Close

• Encoding: gzip, deflate

• The various cache-control headers, especially max-age

• Content-Type:

• Date:

• Accept-Ranges: bytes
Status Codes

S.N. Code Description

1 1xx: This means request received and continuing process
Informational
2 2xx: Success This means the action was successfully received,
understood, and accepted.
3 3xx: Redirection This means further action must be taken in order to
complete the request.
4 4xx: Client Error This means the request contains bad syntax or cannot
be fulfilled
5 5xx: Server The server failed to fulfil an apparently valid request
Error
Common status codes

• 200 OK. This indicates success.

• 304 Not Modified. This shows that the resource in question has not changed
and the browser should load it from its cache instead. This is only used when
the browser performs a conditional GET request.
• 404 Not Found. This suggests that the resource requested cannot be found on
the server.
• 401 Authorization Required. This indicates that the resource is protected and
requires valid credentials before the server can grant access.
• 500 Internal Error. This signifies that the server had a problem processing
the request.
HTTP Response Example

HTTP/1.1 200 OK
Date: Mon, 27 Jul 2009 12:28:53 GMT
Server: Apache/2.2.14 (Win32)
Last-Modified: Wed, 22 Jul 2009 19:15:56 GMT
Content-Length: 88
Content-Type: text/html
Connection: Closed
<html>
<body>
<h1>Hello, World!</h1>
</body>
</html>
HTTP Response Header
(http://localhost/400level2014-2015/forms/biodata.html)

Accept-Ranges: bytes
Connection: Keep-Alive
Content-Length: 380
Content-Type: text/html
Date: Mon, 25 Jan 2016 00:34:23 GMT
Etag: "17c-50ea40e617c20"
Keep-Alive: timeout=5, max=100
Last-Modified: Mon, 09 Feb 2015 09:04:22 GMT
Server: Apache/2.4.7 (Win32) OpenSSL/1.0.1e PHP/5.5.9