Web: HTTP & HTTPS

Hypertext Transfer Protocol (HTTP)

Hypertext Transfer Protocol (HTTP) has a extraordinary growth of the web in the ease with which it allows access to the information because of its fastest growth on the client and server application.Now that we have an understanding of Web content and applications, it is time to look at the protocol that is used to transport all this information between Web servers and clients. It is HTTP (HyperText Transfer Protocol), as specified in RFC 2616. HTTP is a simple request-response protocol that normally runs over TCP. HTTP specifies what the messages that a clients may send to the servers and what specific responses that they get back in return when communicating with the client and the server. The request and response headers are given in ASCII, just like in SMTP. HTTP contents are presumed to be given in a MIME-like format, also like in SMTP. SMTP this is a simple model was responsible for the early success of the Web implementation because of it made the best development and deployment straightforward. In this section, we will look at the more important properties of HTTP as it is used nowadays. However, before getting into the details we will note that the way.

HTTP (Hypertext Transfer Protocol) is the most popular application protocol used in the Internet (or The WEB). HTTP is presumed to have an asymmetric request - response client - server protocol. A HTTP client can easily send a request message to an HTTP server and fluently communicate between them.The server returns a response message in turn.. In other words, HTTP is a pull protocol, the client pulls information from the server, here the client access the authorized data and pulls its from the server (the server doesn't pushes the information to the client instead the client pulls the information from the server).

Fig: TCP/IP Network

Web server listen at port number 80.Hypertext transfer protocol (HTTP) can be implemented in two programs: one aclient programandthe other server program. Both, the client and server programs are executing on different system ends, they communicate to each other by exchanging the http messages in the network. Http is just used to define the structure of the message that is being used to transfer in the network and the behavior of the client and server on exchanging the messages. HTTP is a stateless protocol. Furthermore, the current request that is being used does not recognize the requests that has been carried out. As an underlying transport protocol HTTP uses TCP protocol.

A Web page which is also called as a document comprises many objects. Those objects are a simple file such as a HTML file (Hypertext Markup Language), an image in any format (JPEG, PNG, GIF), an audio or a video files etc. These addresses can be easily addressable by using a single URL which represents the whole web page. Most of the Web pages comprises a base HTML file and other several referenced objects which makes the logical sense. For example, if any Web page which comprises a HTML text and fifty JPEG images, and an audio file then the Web page has fifty-two objects: the base HTML file plus the fifty images plus an audio equals fifty-two objects. Each URL in a web page comprises the two components: the hostname of the server that houses the object present in the webpage and the object's pathname of the same page. For example, the URL

www.xyzSchool.edu/abcDepartment/image.png has

www.sameSchool.edu for a host name and

/xyzDepartment/image.png for a path name.

Whenever we try to access a Web resources by entering an URL in our browser using HTTP it helps to access webpage, e.g. http://www.xyztestor.com/index.html. The Web browser is used to converts the user entered URL (in the browse) into a requesting message and transfers (sends) it to the HTTP server. The Hypertext transfer protocol (HTTP) server interprets the received request message, and returns us an appropriate response message, the message is either the resource that you have requested or error message to represent the it. It is demonstrated as follows:

Single HTTP Request and Response allowed for each TCP Connection www.xyzSchool.edu/xyzDepartment/home.index

HTTP/1.1 persistent connection

As size of web pages increased, HTTP 1.0 was no more efficient. With HTTP 1.1, it was possible to send additional requests and get additional responses in a single TCP connection. In a HTTP/1.1 persistent connection, the server leaves the TCP connection open after sending a response to the client or the server. The Subsequent requests and responses that can be observes between the same client can be sent on the same connection by proper pipe-lining of the connection.

HTTP Request Message

HTTP request message consists of:

Request Line: request - method - name request - URI HTTP – version

Request Headers: request - header - name: request - header - value 1, request - header - value 2 ...

Request Message Body

Hypertext Transfer Protocol (HTTP) Request Methods

a set of request methods is defined by Hypertext Transfer Protocol (HTTP) protocol defines. A client in any network can use one of the following request methods to send a requesting message to a Hypertext Transfer Protocol (HTTP) server.

GET:This GET can be used to get a web resources form the server.

HEAD: The HEAD request is used to obtain the header file of the request obtained by the GET request. Since the header file comprises the latest modified date of the data from this we easily check the local cache copy.

POST:This POST request can be used to post the data to the web servers.

PUT:The PUT request is used to asks the server to store the data.

DELETE:The DELETE request is used in the server to delete the data.

TRACE: The TRACE request asks the server to return a diagnostic trace of the actions it takes within the server.

OPTIONS:The OPTION request asks the server to return all the list of request methods that it supports.

CONNECT:The CONNECT request is used to tell a proxy to make a connection to another host or to its contents without parse or without caching. This is often used to make SSL connection through the proxy.

Hypertext Transfer Protocol (HTTP) Response Message

Hypertext Transfer protocol (HTTP) Response message consists of different components:

Status Line:HTTP - version status - code reason - phrase

Response Header:

Some HTTP response status codes

200 OK:it represents the request succeeded, it represents the requested object in this message

301 Moved Permanently:it represents therequested object moved, the new location specified in this message (Location)

304 Not Modified:this error represents the response to the If-Modified-Since conditional GET request, and in response the server notifies that the resource requested has not been modified in the server status.

400 Bad Request:it represents the requested message was not understood by server of the client request

404 Not Found:it represents the requested documents not found on this server as per the request generated by the client

408 Request Timeout

505 HTTP Version Not Supported.

HTTPS

Secure naming is a good start, but there is much more to Web security. The next step is secure connections. We will now look at how secure connections can be achieved. Nothing involving security is simple and this is not either. When the Web is used widely into public view, it was presumed to just possess the objective to be used for just distributing static pages only. However, some companies presented their ideas of using it for financial transactions, such as purchasing merchandise by credit card, online banking, electronic stock trading or any other online financial activities. These applications created a demand for secure connections. This software and its protocol are now widely used, for example, by Firefox, Safari, and Internet Explorer, so it is worth examining in some detail. SSL builds a secure connection between two sockets, including

1. Parameter negotiation between client and server.

2. Authentication of the server by the client.

3. Secret communication.

4. Data integrity protection.

We have seen these items before, so there is no need to elaborate on them. The positioning of SSL in the usual protocol stack. When HTTP is used over SSL, it is called HTTPS (Secure HTTP), even though it is the standard HTTP protocol. Sometimes it is available at a new port (443) instead of port 80.
It uses TCP at Transport layer and listens at port number 443. Technically, is not a protocol in itself; but rather, it is the result of simply layering the Hypertext Transfer Protocol (HTTP) on top of the SSL (Secure Socket Layer) or TLS (Transport Layer Security) protocol, thus adding the security capabilities of SSL/TLS to standard HTTP communications. Need to request the SSL certificate from the Certificate Authority to deploy HTTPS. Encryption/Decryption Mechanism is used between client and server for transferring data.

Like from GoDaddy, VeriSign etc.

.

HTTP vs HTTPS

References:

1. A.S. Tanenbaum, “Computer Networks”, 3rd Edition, Prentice Hall India, 1997.
2. W. Stallings, “Data and Computer Communication”, Macmillan Press, 1989.
3. Kurose Ross, “Computer Networking: A top-down approach”, 2nd Edition, Pearson Education
4. Larry L. Peterson, Bruce S. Davie, “Computer Networks: A Systems Approach”, 3rd Edition, Morgan Kaufmann Publishers