Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

HTTP

1,900 views

Published on

Published in: Technology

HTTP

  1. 1. HTTP/HTTPS Amit Kumar Singh Image: Danilo Rizzuti / FreeDigitalPhotos.net
  2. 2. HTTP <ul><li>HyperText Transfer Protocol </li></ul><ul><li>Invented by Tim Berners-Lee </li></ul><ul><li>An Application Layer Protocol </li></ul><ul><li>For Distributed, Collaborative and Hypermedia information systems </li></ul><ul><li>Client Server model. </li></ul><ul><li>Reliable protocol </li></ul><ul><ul><li>Works on Top of TCP protocol </li></ul></ul><ul><ul><ul><li>Default Port 80 </li></ul></ul></ul><ul><li>Is Stateless </li></ul>
  3. 3. Request/Response Model <ul><li>The Client sends Request to the server for a Resource </li></ul><ul><ul><li>Resource located by its URL </li></ul></ul><ul><ul><li><scheme>://<host>:<port>/<resource path> </li></ul></ul><ul><ul><li>Eg: http://www.google.com/ </li></ul></ul><ul><li>Server sends Response back to the client along with Acknowledgment code </li></ul><ul><li>Request and Response messages are in plain text </li></ul>
  4. 4. HTTP Request <ul><li>Comprised of Request Line, HTTP header, HTTP Body(optional) </li></ul><ul><ul><ul><li>Eg: </li></ul></ul></ul><ul><ul><ul><ul><li>GET /Index.html HTTP/1.1 </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Connection: Keep-Alive </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Accept: */* </li></ul></ul></ul></ul><ul><ul><ul><ul><li>User-Agent: Sample Application </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Host: www.google.com </li></ul></ul></ul></ul><ul><li>Request Line: </li></ul><ul><ul><li><HTTP Method> <resource path> <HTTP Version> </li></ul></ul><ul><li>GET /path/to/file/index.html HTTP/1.1 </li></ul>
  5. 5. HTTP Request : HTTP Methods <ul><li>GET </li></ul><ul><li>HEAD </li></ul><ul><li>POST </li></ul><ul><li>PUT </li></ul><ul><li>DELETE </li></ul><ul><li>TRACE </li></ul><ul><li>CONNECT </li></ul><ul><li>OPTIONS </li></ul><ul><li>PATCH </li></ul>
  6. 6. HTTP Request : Headers <ul><li>Accept: text/html,text/plain,image/jpeg; charset=ISO-8859-1 </li></ul><ul><li>Accept-Language: en </li></ul><ul><li>Accept-Encoding: gzip, deflate </li></ul><ul><li>Connection: Keep-Alive </li></ul><ul><li>Referer: http://www.w3.org/index.html </li></ul><ul><li>Host: www.google.com </li></ul><ul><li>Cookie: id=105; Skin=new </li></ul><ul><li>User-Agent: Mozilla/4.0(Compatible; MSIE 6.0; Windows NT 5.0) </li></ul>
  7. 7. HTTP Response <ul><li>Consists of Status Line, Headers, and Body(optional) </li></ul><ul><li>HTTP/1.1 200 OK </li></ul><ul><li>Server: Microsoft-IIS/5.0 </li></ul><ul><li>Content-Location: http://www.microsoft.com/default.htm </li></ul><ul><li>Date: Tue, 25 Jun 2009 19:33:18 GMT </li></ul><ul><li>Content-Type: text/html </li></ul><ul><li>Accept-Ranges: bytes </li></ul><ul><li>Last-Modified: Mon, 24 Jun 2002 20:27:23 GMT </li></ul><ul><li>Content-Length: 26812 </li></ul><ul><li><html> </li></ul><ul><li>---- </li></ul><ul><li><html> </li></ul>
  8. 8. HTTP Response: Status Codes <ul><li>3 digit integer </li></ul><ul><li>1xx </li></ul><ul><ul><li>informational message </li></ul></ul><ul><li>2xx </li></ul><ul><ul><li>success of some kind </li></ul></ul><ul><li>3xx </li></ul><ul><ul><li>redirects the client to another URL </li></ul></ul><ul><li>4xx </li></ul><ul><ul><li>error on the client's part </li></ul></ul><ul><ul><ul><li>404 </li></ul></ul></ul><ul><li>5xx </li></ul><ul><ul><li>error on the server's part </li></ul></ul>
  9. 9. HTTP Response : Headers <ul><li>Cache-Control: no-cache </li></ul><ul><li>Content-Length: 2748 </li></ul><ul><li>Content-Type: image/gif </li></ul><ul><li>Date: Wed, 4 Oct 2004 12:00:00 GMT </li></ul><ul><li>Expires: -1 </li></ul><ul><li>WWW-Authenticate: Basic realm=&quot;Secure Area” </li></ul>
  10. 10. HTTP Cookie <ul><li>Text Stored in the client </li></ul><ul><li>Used for authentication, user preferences, state management </li></ul><ul><li>Set-Cookie: ID=732423sdfs73242; expires=Fri, 31-Dec-2010 23:59:59 GMT; path=/; domain=.example.net </li></ul><ul><li>All valid cookies are sent back to the server with subsequent requests </li></ul>
  11. 11. Caching <ul><li>Sits between the Client and the Server. </li></ul><ul><li>Saves copy of response </li></ul><ul><li>Further requests can fetch response from cache </li></ul><ul><li>Cache-Control: </li></ul><ul><ul><li>no-cache /private/ public/ max-age </li></ul></ul><ul><li>Expires: Fri, 30 Oct 1998 14:19:41 GMT </li></ul>
  12. 12. HTTPS <ul><li>HTTP is insecure! </li></ul><ul><ul><li>Subject to man-in-the-middle and eavesdropping attacks </li></ul></ul><ul><li>HTTP over TLS or SSL </li></ul><ul><li>Uses port 443 by default </li></ul><ul><li>Based on Public key cryptography </li></ul>
  13. 13. TLS Handshake <ul><li>Client asks for a connection to the HTTPS server </li></ul><ul><ul><li>specifying the highest TLS protocol version it supports, the a list of Cipher Suites (Cipher and Hash function). </li></ul></ul><ul><li>Server responds and selects TLS protocol version and Cipher Suite which the client also supports </li></ul><ul><li>Server sends a Certificate to the client for its authentication </li></ul><ul><ul><li>Certificate contains server name, trusted CA, and server's Public Key </li></ul></ul>
  14. 14. <ul><li>Client verifies the Certificate and authenticates the Server </li></ul><ul><li>If authenticated the client creates a random session key using the Encryption algorithm and encrypts it with the server's public key </li></ul><ul><li>The key is sent to the server, the server decrypts the session key using the server's private key. </li></ul><ul><li>The client encrypts the message using the session key and sends it to the server </li></ul><ul><li>The server decrypts the message using the same session key. </li></ul>
  15. 15. References <ul><li>http://www.faqs.org/rfcs/rfc2616.html </li></ul><ul><li>www.en.wikipedia.org </li></ul><ul><li>https://www.httpwatch.com/httpgallery </li></ul><ul><li>http://condor.depaul.edu/~dmumaugh/readings/handouts/SE435/HTTP/http.pdf </li></ul><ul><li>http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html </li></ul>

×