a web address (or URL- Uniform
Resource Locator) is typed into a web
browser, the web browser establishes a
connection to the web service running
on the server using HTTP.
and URIs (uniform resource
identifiers) are the names most people
associate with web addresses.
The URL http://www.cisco.com/index.html refers to a
specific resource—a web page named index.html on
a server identified as cisco.com.
Web browsers are the client applications computers
use to connect to the World Wide Web and access
resources stored on a web server.
As with most server processes, the web server runs as
a background service and makes different types of
access the content, web clients make
connections to the server and request the
server replies with the resources and,
upon receipt, the browser interprets the data
and presents it to the user.
can interpret and present many
data types, such as plain text or HTML, the
language in which web pages are constructed.
types of data, however, might require
another service or program, typically referred
to as a plug-in or add-on.
help the browser determine what type
of file it is receiving, the server specifies what
kind of data the file contains.
consider the URL http://www.cisco.com/webserver.htm.
First, the browser interprets the three parts of the
■ http: The protocol or scheme
■ www.cisco.com: The server name
■ web-server.htm: The specific filename requested
The browser then checks with a name server to
convert http://www.cisco.com into a numeric
address, which it uses to connect to the server.
the HTTP requirements, the browser
sends a GET request to the server and asks for
the file web-server.htm.
server in turn sends the HTML code for
this web page to the browser.
browser deciphers the HTML code
and formats the page for the browser
one of the protocols in the TCP/IP
suite, was originally developed to
publish and retrieve HTML pages and is now
used for distributed, collaborative
used across the world wide web for
data transfer and is one of the most used
specifies a request/response protocol.
When a client, typically a web browser, sends
a request message to a server, the HTTP
protocol defines the message types the client
uses to request the web page and the
message types the server uses to respond.
is a client request for data.
web browser sends the GET message to
request pages from a web server.
When the server receives the GET request, it
responds with a status line, such as HTTP/1.1
200 OK, and a message of its own, the body
of which can be the requested file, an error
message, or some other information.
three common message types
and PUT are used to send messages
that upload data to the web server.
For example, when the user enters data into
a form embedded in a web page, POST
includes the data in the message sent to the
uploads resources or content to the web
Looks up phone book
for the number
Could have been also
POST/phonebook.cgi.HTTP/1.0 achieved by Get
But in that case number
would have been in the
Accept Language: en-us
Content Length: 14
Which would have been
stored in the log
it is remarkably flexible, HTTP is
not a secure protocol.
POST messages upload information to
the server in plain text that can be
intercepted and read.
server responses, typically HTML
pages, are unencrypted.
secure communication across the Internet,
the Secure HTTP (HTTPS) protocol is used for
accessing and posting web server information.
HTTPS can use authentication and
encryption to secure data as it travels
between the client and server.
specifies additional rules for passing
data between the application layer and the
Accessing Resources over the Web
between the client and
Defines the address
(Uniform Resource Locator)
Hypertext Transport Protocol
Meta data support
◦ Transaction is initiated by a client sending a request
◦ Server generates a response
◦ Each HTTP request includes a URI (Uniform Resource
◦ The server does not maintain any information about the
◦ Metadata about information can be exchanged in the
HTTP Request Format
GET /index.html HTTP/1.0
resource via URI
& meta data
User-Agent: Mozilla/5.0 (en) (WINNT; U)
HTTP Response Format
HTTP/1.0 200 OK
Server: Apache/1.3.12 (Unix)
Content Type: text/html
Carriage Return/Line Feed
Result Code and Phrase
1xx: Informational – Not Done Yet
2xx: Success – You win
3xx:Redirection-You lose but try again
4xx:Client Error – You lose, your fault
5xx:Server Error – You lose, my bad
Internal Server Error
Improvements in HTTP/1.1
◦ Keeps the connection open after the server
◦ Connection can be closed by either client or server
◦ Allows a client to send several requests without
waiting for a response
◦ Server responds in the same order
◦ Allows sender to break a message into arbitrary
◦ Useful for dynamically created response messages
HTTP is stateless protocol
Cookies manage state maintenance by shifting the
burden to client
• Cookies are transmitted in clear text (security issue)
Usual HTTP Request
Usual HTTP Response,
including header line Setcookie: <cookie>
Usual HTTP Request,
including header line
Usual HTTP Response
• Users browser information remembers
credentials and includes them in headers
for subsequent requests
• Browser typically deletes stored
authentication credentials once browser is
• HTTP allows various authentication