1.3 HTTP/HTTPS
HTTP (Hypertext Transfer Protocol):
HTTP is an application layer protocol used for transmitting hypermedia documents, such as HTML files, over the internet. It follows a client-server model, where clients (e.g., web browsers) send requests to servers (e.g., web servers) to retrieve or manipulate resources.
HTTP operates over TCP/IP (Transmission Control Protocol/Internet Protocol), typically using port 80 for unencrypted communication and port 443 for encrypted communication (HTTPS).
It is stateless, meaning each request from a client is independent and not related to previous requests. However, mechanisms like cookies and session management can be used to maintain state across multiple requests.
HTTP/1.1, the widely used version of the HTTP protocol, introduced features like persistent connections, pipelining, and chunked transfer encoding to enhance performance and efficiency. It standardized the Host header for distinguishing between virtual hosts on a server, supported range requests for fetching specific segments of resources, and implemented cache control mechanisms for optimizing resource delivery.
HTTP Request
An HTTP request is composed of several components:
Request Line: Includes the HTTP method (e.g., GET, POST), the requested URI (Uniform Resource Identifier), and the HTTP version (e.g., HTTP/1.1).
Request Headers: Additional metadata sent along with the request, such as user-agent (identifying the client software), accept (supported content types), content-type (type of data in the request body), and cookies.
Request Body: Optional data sent with the request, typically used in POST, PUT, or PATCH requests to transmit form data, JSON, XML, or binary payloads.
Example HTTP request:
HTTP Response
An HTTP response consists of the following components:
Status Line: Contains the HTTP version, a status code indicating the outcome of the request (e.g., 200 OK, 404 Not Found), and a status message.
Response Headers: Additional metadata about the response, such as content type, content length, caching directives, and cookies.
Response Body: The actual content sent back to the client, such as HTML, JSON, XML, or binary data.
Example HTTP response:
Status codes
200
OK
The request has succeeded.
201
Created
The request has been fulfilled and a new resource has been created.
204
No Content
The server successfully processed the request, but there is no content to return.
301
Moved Permanently
The requested resource has been permanently moved to a new location.
302
Found
The requested resource has been temporarily moved to a different location.
400
Bad Request
The server cannot process the request due to client error (e.g., malformed request syntax).
401
Unauthorized
The request requires authentication, but the client has not provided valid credentials.
403
Forbidden
The server understood the request, but refuses to authorize it.
404
Not Found
The requested resource could not be found on the server.
405
Method Not Allowed
The request method is not supported for the requested resource.
500
Internal Server Error
The server encountered an unexpected condition that prevented it from fulfilling the request.
502
Bad Gateway
The server received an invalid response from an upstream server.
503
Service Unavailable
The server is currently unable to handle the request due to temporary overload or maintenance.
504
Gateway Timeout
The server did not receive a timely response from an upstream server while acting as a gateway or proxy.
HTTPS (Hypertext Transfer Protocol Secure)
HTTPS is an extension of HTTP that adds encryption and secure communication protocols (SSL/TLS) to ensure the confidentiality, integrity, and authenticity of data exchanged between the client and server.
It encrypts the data transmitted over the network, preventing eavesdropping and man-in-the-middle attacks.
HTTPS uses SSL/TLS certificates to establish a secure connection between the client and server, providing authentication and encryption of data in transit.
URLs using HTTPS start with "https://" instead of "http://", and browsers display a padlock icon to indicate a secure connection.
HTTPS typically operates over port 443, and secure connections are established through a process called SSL/TLS handshake, where the client and server exchange cryptographic keys to encrypt data transmission.
HTTP is a protocol used for communication between clients and servers, where clients send requests to servers, and servers respond with appropriate responses. HTTPS adds security to HTTP by encrypting data transmission using SSL/TLS encryption protocols, but all them aren't immune by threats, with encryption we can prevent man in the middle attack, but not most common like as SQLi, XSS and many others.
Last updated