1.3 HTTP/HTTPS

HTTP (Hypertext Transfer Protocol):

• HTTP is an application layer protocol used for transmitting hypermedia documents, such as HTML files, over the internet. It follows a client-server model, where clients (e.g., web browsers) send requests to servers (e.g., web servers) to retrieve or manipulate resources.

• HTTP operates over TCP/IP (Transmission Control Protocol/Internet Protocol), typically using port 80 for unencrypted communication and port 443 for encrypted communication (HTTPS).

• It is stateless, meaning each request from a client is independent and not related to previous requests. However, mechanisms like cookies and session management can be used to maintain state across multiple requests.

• HTTP/1.1, the widely used version of the HTTP protocol, introduced features like persistent connections, pipelining, and chunked transfer encoding to enhance performance and efficiency. It standardized the Host header for distinguishing between virtual hosts on a server, supported range requests for fetching specific segments of resources, and implemented cache control mechanisms for optimizing resource delivery.

HTTP Request

• An HTTP request is composed of several components:

  • Request Line: Includes the HTTP method (e.g., GET, POST), the requested URI (Uniform Resource Identifier), and the HTTP version (e.g., HTTP/1.1).

  • Request Headers: Additional metadata sent along with the request, such as user-agent (identifying the client software), accept (supported content types), content-type (type of data in the request body), and cookies.

  • Request Body: Optional data sent with the request, typically used in POST, PUT, or PATCH requests to transmit form data, JSON, XML, or binary payloads.

• Example HTTP request:

  GET /index.html HTTP/1.1
  Host: example.com
  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8

HTTP Response

• An HTTP response consists of the following components:

  • Status Line: Contains the HTTP version, a status code indicating the outcome of the request (e.g., 200 OK, 404 Not Found), and a status message.

  • Response Headers: Additional metadata about the response, such as content type, content length, caching directives, and cookies.

  • Response Body: The actual content sent back to the client, such as HTML, JSON, XML, or binary data.

• Example HTTP response:

  phpCopy codeHTTP/1.1 200 OK
  Content-Type: text/html
  Content-Length: 1234
  
  <!DOCTYPE html>
  <html>
  <head>
  <title>Example</title>
  </head>
  <body>
  <h1>Hello, World!</h1>
  </body>
  </html>

Status codes

https://itnext.io/api-calls-and-http-status-codes-e0240f78f585?gi=d8fcf9ba557f

Status Code	Status Text	Meaning
200	OK	The request has succeeded.
201	Created	The request has been fulfilled and a new resource has been created.
204	No Content	The server successfully processed the request, but there is no content to return.
301	Moved Permanently	The requested resource has been permanently moved to a new location.
302	Found	The requested resource has been temporarily moved to a different location.
400	Bad Request	The server cannot process the request due to client error (e.g., malformed request syntax).
401	Unauthorized	The request requires authentication, but the client has not provided valid credentials.
403	Forbidden	The server understood the request, but refuses to authorize it.
404	Not Found	The requested resource could not be found on the server.
405	Method Not Allowed	The request method is not supported for the requested resource.
500	Internal Server Error	The server encountered an unexpected condition that prevented it from fulfilling the request.
502	Bad Gateway	The server received an invalid response from an upstream server.
503	Service Unavailable	The server is currently unable to handle the request due to temporary overload or maintenance.
504	Gateway Timeout	The server did not receive a timely response from an upstream server while acting as a gateway or proxy.

HTTPS (Hypertext Transfer Protocol Secure)

https://www.javatpoint.com/http-vs-https

• HTTPS is an extension of HTTP that adds encryption and secure communication protocols (SSL/TLS) to ensure the confidentiality, integrity, and authenticity of data exchanged between the client and server.

• It encrypts the data transmitted over the network, preventing eavesdropping and man-in-the-middle attacks.

• HTTPS uses SSL/TLS certificates to establish a secure connection between the client and server, providing authentication and encryption of data in transit.

• URLs using HTTPS start with "https://" instead of "http://", and browsers display a padlock icon to indicate a secure connection.

• HTTPS typically operates over port 443, and secure connections are established through a process called SSL/TLS handshake, where the client and server exchange cryptographic keys to encrypt data transmission.

HTTP is a protocol used for communication between clients and servers, where clients send requests to servers, and servers respond with appropriate responses. HTTPS adds security to HTTP by encrypting data transmission using SSL/TLS encryption protocols, but all them aren't immune by threats, with encryption we can prevent man in the middle attack, but not most common like as SQLi, XSS and many others.