Adrian's CyberSecurity && IT blog

HTTP Proctol - what is it?

Photo by Caspar Camille Rubin on Unsplash

HTTP Proctol - what is it?

Adrian's photo
Adrian
·

4 min read

What is the HTTP protocol?

HTTP (Hypertext Transfer Protocol) is the rules of information exchange and program cooperation. Servers and clients communicate. The client sends requests and the server responds. An example of an HTTP client is a web browser. Clients may interpret the obtained responses differently. For example, a web browser can display a website that has been sent by the server.

The browser does quite a few things in the background ... Did you know that the browser makes over 300 HTTP requests to display amazon.com?

Communication between the server and client is based on many other protocols. This set of protocols is called the ISO / OSI model. This model contains layers. Each layer, based on the previous ones, provides additional functionalities. HTTP is at the top layer of the model, the application layer.

What is a resource?

We know that the customer is sending requests. Each request is associated with a resource. The resource can be an image, HTML page, text file, video file, gif. The HTTP protocol itself does not define what exactly a resource is. It only defines the way in which the resource can be accessed. Each resource has its own unique identifier. This identifier is the URI (Uniform Resource Identifier).

The HTTP protocol precisely defines the communication format between clients and servers. This communication is based on the requests and responses already mentioned. HTTP defines the format of these messages.

HTTP is a stateless protocol. This means that each query can be interpreted in isolation from the others.

Elements of the HTTP protocol

The URL looks like this:

scheme: [// [user [: password] @] host [: port]] [/ path] [? query] [# fragment]

**scheme:**
In practice, this part of the address is used to specify the protocol, most often you will see http or https.
**user: password**
user: password are used for authentication.
**host**
In the case of HTTP, it comes down to the Internet domain name or IP address.
**port**
The port is the number. This number is used by the server. The server is listening for traffic on a given port.
**path**
This part of the URL is the path that specifies the resource.
**query**
Contains additional data identifying a given resource. This part is separated from the path by the '?' sign (question mark).
**fragment**
The last part of the url. In practice, it is used to define the fragment of an HTML page that should be shown to the user.

According to the HTTP specification, the letters are case insensitive in the scheme and host parts. The rest of the elements are case sensitive

HTTP methods

  • GET - Each website visit starts with a GET query. The browser sends a GET request to open the website.
  • POST - We use when sending form content, adding a new resource, adding data to an existing resource.
  • HEAD - This query is similar to a GET query. It differs in one important detail. For this query, the server's response must not contain the body of the message.
  • OPTIONS - OPTIONS requests are used to retrieve information about the communication capabilities for a given resource.
  • DELETE - As the name suggests, these types of queries are used to delete resources.
  • PUT - PUT requests are used to update a given resource.
  • PATCH - The PATCH method applies partial modifications to a resource.
  • CONNECT - These types of requests are used to create a connection between the client and the target server
  • TRACE - This type of request is used for testing. In response to this request, the server should send the query it received.

HTTP headers

Headers are attached by clients to outgoing queries and by servers to outgoing responses. They are in the form header-name: header-value. According to the specification, the capitals are not case sensitive.

Cookies

You already know that HTTP is stateless. The HTTP server cannot combine queries from the same client into one package. Cookies come to the rescue. Cookies are specific headers that are handled by clients.

In response, the server may send a header that will create a cookie. This cookie is bound to a domain (the host and path part of the URL). An exemplary header for setting a cookie may look like this:

HTTP response status codes

As MDN says HTTP response status codes indicate whether a specific HTTP request has been successfully completed. Responses are grouped in five classes:

Informational responses (100–199)

This group of statuses are informational statuses. Inform clients that a request has been received and is being processed.

Successful responses (200–299)

Statuses in this group inform that the query has been correctly processed.

Redirection messages (300–399)

Statuses starting with 3 inform clients that additional action must be taken to complete query processing.

Client error responses (400–499)

Server error responses (500–599)

The server informs clients of a server-side error that prevents the query from being processed.

Now you know what the HTTP protocol is for and how it is built. I hope you learned something from my today's post, if so, let me know! It will be nice if you write what you think about my thoughts and the way of writing. To the next!

httpprotocolsWeb DevelopmentSecurityknowledge