代写代考 RFC 1945 and 2616 and 7540 Types of HTTP messages

RFC 1945 and 2616 and 7540 Types of HTTP messages
1. request message 2. responsemessage

Copyright By PowCoder代写 加微信 powcoder

Structure of an HTTP request message
header lines
GET /somedir/index.html HTTP/1.1\r\n Host: www-net.cs.umass.edu\r\n User-Agent: Firefox/3.6.10\r\n
Accept: text/html,application/xhtml+xml\r\n Accept-Language: fr;q=0.9, en;q=0.8\r\n Accept-Encoding: gzip,deflate\r\n Accept-Charset: ISO-8859-1,utf-8;q=0.7\r\n Keep-Alive: 115\r\n
Quality factor
General Format
Connection: keep-alive\r\n \r\n
Entity body
Used by the POST method, to send what the user entered into
the form fields
Application 2-3

Structure of an HTTP request message
header lines
GET /somedir/index.html HTTP/1.1\r\n Host: www-net.cs.umass.edu\r\n User-Agent: Firefox/3.6.10\r\n
Accept: text/html,application/xhtml+xml\r\n Accept-Language: fr;q=0.9, en;q=0.8\r\n Accept-Encoding: gzip,deflate\r\n Accept-Charset: ISO-8859-1,utf-8;q=0.7\r\n Keep-Alive: 115\r\n
Quality factor
General Format
Connection: keep-alive\r\n \r\n
Entity body
Used by the POST method, to send what the user entered into
the form fields
Application 2-4

HTTP request message
request line
carriage return character line-feed character
 ASCII (human-readable format)
RFC 1945 and 2616 and 7540
(e.g. GET, POST, HEAD commands)
GET /somedir/index.html HTTP/1.1\r\n Host: www-net.cs.umass.edu\r\n User-Agent: Firefox/3.6.10\r\n
Accept: text/html,application/xhtml+xml\r\n Accept-Language: fr;q=0.9, en;q=0.8\r\n Accept-Encoding: gzip,deflate\r\n Accept-Charset: ISO-8859-1,utf-8;q=0.7\r\n DNT:1\r\n
Required by web proxy cache
carriage return, line feed at start
of line indicates end of header lines
Keep-Alive: 115\r\n Connection: keep-alive\r\n \r\n
Do Not Track me please! 1.92 minutes
header lines
Persistent HTTP
Application 2-5

Method types
 GET– request web page
 GET, POST, HEAD  PUT
 POST – asks server to accept the entity enclosed in the request for a web page
 uploads file in entity body to path specified in URL field
 asks server to leave requested object out of response
 deletes file specified in the URL field
Application 2-6

Uploading form input
html file containing a form
1. POST method:
 web page often includes form input
Active server pages POST /test/demo_form.asp HTTP/1.1
 input is uploaded to server in entity body
space Entity body
Host: www.somesite.com name1=value1&name2=value2
Application 2-7

Uploading form input
html file containing a form
1. POST method:
 web page often includes form input
Active server pages POST /test/demo_form.asp HTTP/1.1
 input is uploaded to server in entity body
2. URL method:
visible in URL, sent in clear text
space Entity body
Host: www.somesite.com name1=value1&name2=value2
 uses GET method
 input is uploaded in URL field of request line
(approx. limit = 3000 characters):
www.somesite.com/test/demo_form.asp?name1=value1&name2=value2 Application 2-8

Uploading form input
Program written in Cold fusion mark-up language
 http://www.massey.ac.nz/massey/search.cfm?q=napoleon+h.+reyes&action=show_results&searchtype=all
As captured by Wireshark:
2: Application Layer 9

HTTP response message
browser may try to resume an interrupted download
status line
About the requested object
(protocol, status code, status phrase)
HTTP/1.1 200 OK\r\n
Date: Sun, 26 Sep 2010 20:09:20 GMT\r\n
Server: Apache/2.0.52 (CentOS)\r\n Last-Modified: Tue, 30 Oct 2007 17:00:02 GMT\r\n ETag: “17dc6-a5c-bf716880″\r\n
Accept-Ranges: bytes\r\n
Content-Length: 2652\r\n
Keep-Alive: timeout=10, max=100\r\n Connection: Keep-Alive\r\n
Content-Type: text/html; charset=ISO-8859-1\r\n \r\n
data data data data data …
Header lines
Entity Body: data, e.g., requested HTML file
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html http://tools.ietf.org/id/draft-thomson-hybi-http-timeout-01.html#rfc.section.2
Application 2-10

HTTP response message
browser may try to resume an interrupted download
status line
About the requested object
(protocol, status code, status phrase)
HTTP/1.1 200 OK\r\n
Date: Sun, 26 Sep 2010 20:09:20 GMT\r\n
Server: Apache/2.0.52 (CentOS)\r\n Last-Modified: Tue, 30 Oct 2007 17:00:02 GMT\r\n ETag: “17dc6-a5c-bf716880″\r\n
Accept-Ranges: bytes\r\n
Content-Length: 2652\r\n
Keep-Alive: timeout=10, max=100\r\n Connection: Keep-Alive\r\n
Content-Type: text/html; charset=ISO-8859-1\r\n \r\n
data data data data data …
Header lines
Entity Body: data, e.g., requested HTML file
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html http://tools.ietf.org/id/draft-thomson-hybi-http-timeout-01.html#rfc.section.2
Application 2-11

The Content-Range response header indicates where in the full resource this partial message belongs.
Server’s response
The Content-Length header now indicates the size of the requested range (and not the full size of the image).
HTTP/1.1 206 Partial Content Content-Range: bytes 0-1023/146515 Content-Length: 1024
(binary content)
Single part ranges
Partial requests are useful for large media or downloading files with pause and resume functions
Client’s request message
GET /z4d4kWk.jpg HTTP/1.1 Host: i.imgur.com
Range: bytes=0-1023
https://developer.mozilla.org/en-US/docs/Web/HTTP/Range_requests
2: Application Layer 12

HTTP response status codes
 status code appears in 1st line in server->client response message.
 Categories of status codes:
1xx informational response – the request was received,
continuing process
2xx successful – the request was successfully received, understood, and accepted
3xx redirection – further action needs to be taken in order to complete the request
4xx client error – the request contains bad syntax or cannot be fulfilled
5xx server error – the server failed to fulfil an apparently valid request
Application 2-13

HTTP response status codes
 status code appears in 1st line in server->client response message.
 some sample codes: 200 OK
 request succeeded, requested object included in this msg 301 Moved Permanently
 requested object moved, new location is specified in header of message (Location:)
400 Bad Request
 request msg is not understood by server 404 Not Found
 requested document not found on this server 505 HTTP Version Not Supported
Application 2-14

Open browser (leave it for a while to let the browser’s initialisation procedure to complete).
Click Start button to start capturing packets.
Using a Packet Sniffer to test HTTP
Run wireshark. From the menu, select capture/interfaces, then pick an active NIC (tick check box).
You should ignore any HTTP GET and response for favicon.ico. If you see a reference to this file, it is your browser automatically asking the server if it (the server) has a small icon file that should be displayed next to the displayed URL in your browser

• Now go back to your browser, then type in the URL field a destination server: gaia.cs.umass.edu
• Switch to wireshark, to stop capturing packets.
• Filter the results of captured packets by typing http.
• Find a specific packet from the results by pressing Ctrl+F, and specifying a search criteria.
Packet Sniffer

• Examine the packet details.
Packet Sniffer
You should ignore any HTTP GET and response for favicon.ico. If you see a reference to this file, it is your browser automatically asking the server if it (the server) has a small icon file that should be displayed next to the displayed URL in your browser

many Web sites use cookies
While the core of HTTP itself is stateless, HTTP cookies allow the use
of stateful sessions.
2: Application Layer 18

User-server state: cookies four components:
1) cookie header line of HTTP response message
2) cookie header line in HTTP request message
3) cookie file kept on user’s host, managed by user’s browser
4) back-end database at Web site
Application 2-19

User-server state: cookies example:
 Susan always access Internet from PC, using her favourite web browser
 She has visited ebay in the past.
 Now visiting a specific e-commerce
site for the first time (e.g. Amazon)
cookie file
 when initial HTTP requests arrives at web server, it creates:
 unique ID
 entry in backend database for ID
Application 2-20

Cookies: keeping “state” (cont.)
usual http request msg usual http response
cookie file
Set-cookie: 1678
Amazon server creates ID 1678 for user
create entry
amazon 1678
usual http request msg
cookie- specific action
cookie: 1678
usual http response msg
backend database
Application 2-21

Cookies: keeping “state” (cont.)
one week later:
usual http response msg usual http request msg
backend database
usual http request msg usual http response
cookie file
Set-cookie: 1678
Amazon server creates ID 1678 for user
create entry
amazon 1678
ebay 8734 amazon 1678
cookie: 1678
cookie- specific action
usual http request msg
cookie- specific action
cookie: 1678
usual http response msg
Application 2-22

Cookies (continued)
what cookies can bring:
cookies and privacy:
 authorisation
 cookies permit sites to learn a lot about you
 shopping carts
 you may supply name and e-mail to sites
 recommendations
 user session state (Web e-mail)
how to keep “state”:
 protocol endpoints: maintain state at sender/receiver over multiple transactions
 cookies: http messages carry state Wireshark filter: http.cookie http.set_cookie
Application 2-23

• HTTPS piggybacks HTTP entirely on top of TLS (Transport layer secure).
• entirety of the underlying HTTP protocol can be encrypted (i.e. requested URL, query parameters, headers, and cookies.
• HTTP over TLS is defined in RFC 2818
 Wireshark TLS  tcp.port == 443
 https://datatracker.ietf.org/doc/html/rfc2818
 Typically, TLS uses TCP as its transport protocol, with port number: 443
 https://wiki.wireshark.org/TLS
2: Application Layer 24

Web Cache/Proxy Server

Web caches (proxy server)
Goal: satisfy client request without involving origin server
 user sets browser: Web accesses via cache
Proxy server
origin server
 browser sends all HTTP requests to cache
 If the object is in cache: cache returns object
 else cache requests object from origin server, then returns object to client
origin server
Remember: HTTP request involves a TCP connection
https://en.wikipedia.org/wiki/Squid_(software)
Application 2-26

More about Web caching
 cache acts as both client and server
why Web caching?
 typically cache is installed by ISP (university, company, residential ISP)
1. reduce response time for client request
“Internet” router
15 Mbps access link to the internet
institutional network
Anywhere in the world
2. reduce traffic on an institution’s access link to internet.
100 Mbps LAN
institutional cache
public Internet
origin servers
3. Internet dense with caches: enables “poor” content providers to effectively deliver content (but so does P2P file sharing)
Application 2-27

Caching example
Case 1: no web cache
assumptions
origin servers
 average object size = 1 Mbits
public Internet
 ave. request rate from institution’s browsers to origin servers = 15 requests/sec
 ave. delay from internet router to any origin server and back to router = 2 sec
“Internet” router
Assumption: HTTP request messages are negligibly small and thus create no traffic in the networks or in the access link (from institutional router to
Internet router)
Application 2-28
institutional network
100 Mbps LAN
access link to internet

Caching example
Case 1: no web cache
assumptions
origin servers
 average object size = 1 Mbits
 ave. request rate from institution’s browsers to origin servers = 15 requests/sec
public Internet
 ave. delay from internet router to any origin server and back to router = 2 sec
“Internet” router
consequences
access link to internet
1. Traffic intensity on LAN = 0.15 =(La)/R
institutional network
100 Mbps LAN
where L = object size in bits;
a = rate of request; R = bandwidth
LAN delay = amounts to tens of msec. of delay (negligible)
Assumption: HTTP request messages are negligibly small, thus create no traffic in the networks or in access link (from institutional router to Internet router)

Caching example
Case 1: no web cache
assumptions
origin servers
 average object size = 1 Mbits
 ave. request rate from institution’s browsers to origin servers = 15 requests/sec
public Internet
 ave. delay from internet router to any origin server and back to router = 2 sec
“Internet” router
consequences
access link to internet
2. Traffic intensity on Access link=1 =(La)/R
institutional network
100 Mbps LAN
where L = object size in bits;
a = rate of request; R = bandwidth
Access link delay = amounts to minutes of delay, or more (unacceptable!) Assumption: HTTP request messages are negligibly small, thus create no traffic in the networks or in access link (from institutional router to Internet router)

Caching example
Case 1: no web cache
assumptions
origin servers
 average object size = 1 Mbits
 ave. request rate from institution’s browsers to origin servers = 15 requests/sec
public Internet
 ave. delay from internet router to any origin server and back to router = 2 sec
“Internet” router
consequences
access link to internet
 LAN delay = msec.
institutional network
100 Mbps LAN
 Access link delay = minutes
 Total delay = Internet delay + access delay + LAN delay
Total delay = 2 sec + minutes + milliseconds (unacceptable!)
Assumption: HTTP request messages are negligibly small and thus create no traffic in the networks or in the access link (from institutional router to
Internet router)
Application 2-31

Caching example (cont)
Case 2: no web cache,
possible solution
origin servers
 increase bandwidth of access link to, say, 100 Mbps
public Internet
consequence
 utilization on LAN = 15%
“Internet” router
 utilization on access link = 15%
access link to internet
 Total delay (or total response time) = Internet delay + access delay + LAN delay
institutional network
100 Mbps LAN
Total delay = 2 sec + msecs + msecs (ok, but requires a costly upgrade!)
Assumption: HTTP request messages are negligibly small and thus create no traffic in the networks or in the access link (from institutional router to
Internet router)
Application 2-32
access link upgrade

Caching example (cont)
Africa Asia
possible solution:
Middle East
origin servers
 install cache consequence
public Internet
 suppose hit rate (fraction of requests that are satisfied by a cache) is 0.4 (typically bet. 0.2 – 0.7)
“Internet” router
 40% requests will be satisfied almost immediately
access link to internet
 60% requests satisfied by origin server
institutional network
100 Mbps LAN
Total delay = 0.60(Internet delay + access delay) + 0.4(LAN delay)
institutional cache
Assumption: HTTP request messages are negligibly small and thus create no traffic in the networks or in the access link (from institutional router to Internet router)
Case 3: web cache installed

Caching example (cont)
possible solution:
Middle East
origin servers
 install cache consequence
 suppose hit rate (fraction of requests that are satisfied by a cache) is 0.4 (typically bet. 0.2 – 0.7)
public Internet
 40% requests will be satisfied almost immediately
“Internet” router
 60% requests satisfied by origin server
access link to internet
 utilization of access link reduced to 60%, resulting in negligible delays (say 10 msec)
institutional network
100 Mbps LAN
Total delay
institutional cache
= .6 (Internet delay + access delay) + .4(LAN delay) = .6*(2 secs.) + 10 millisec. + .4*(10 millisec)
= 1.21 secs
Assumption: HTTP request messages are negligibly small and thus create no traffic in the networks or in the access link (from institutional router to Internet router)
Case 3: web cache installed

How can a web cache tell whether its copy of a web resource is stale or not?
Conditional Get

Conditional GET
If-modified-since: header line is exactly equal to the value of the Last-Modified
 Goal: Origin server: will not send object if cache has an up-to-date cached version
Origin server
 cache: specify date of cached copy in HTTP request
HTTP request msg
object not
If-modified-since:
modified since
 Origin server: response contains no object if cached copy is up-to-date:
HTTP response
HTTP/1.0 304 Not Modified public
HTTP request msg
institutional network
HTTP/1.1 200 OK
after
HTTP response
institutional cache
Application 2-36
GET /kiwi.gif HTTP/1.1 If-modified-since:
HTTP/1.1 304 Not Modified
If-modified-since:
object modified

https://developer.mozilla.org/en-US/docs/Web/HTTP/Caching
10 seconds later
100 seconds later
The server will send back the requested resource only if it doesn’t have an Etag matching the given one.
HTTP/1.1 200 OK Cache-Control: max-age=100
Copy object in Cache
Syntax: If-None-Match: “
2: Application Layer 37
Copy of object in Cache is fresh
Reset age field

CLIENT-SIDE: Web browser’s cache
The web browser’s cache temporarily stores images, scripts, and other parts of websites while you are browsing. To clear your history (i.e. cookies, browsing history, cache, etc.) all at once, you can do the steps below:
Important after using Internet banking.
Can a web server instruct a web browser not to cache
Mozilla Firefox
web objects?
2: Application Layer 38

Cache-Control
On-line banking sites normally advise customers to clear their browser’s cache to ensure the safety of their private banking information.
Pragma:No-Cache
 For compatibility with HTTP/1.0 clients, if the client communicates with the server over a secure connection (https://) and the server returns a Pragma:no-cache header with the response, Internet Explorer does not cache the response (Other browsers may behave differently).
Cache-Control:No-Store
 This is the correct header the server needs to send to avoid caching.
2: Application Layer 39

Web browsing privately
2: Application Layer 40

 The HTTP/2 specification was published as RFC 7540 in May 2015
 The standardization effort came as an answer to SPDY, an HTTP-compatible protocol developed by Google and supported in Chrome, Opera, Firefox, Internet Explorer 11, Safari, and Amazon Silk browsers
 According to W3Techs,
HTTP/2 is used by
 12.5% of all the websites (Mar 2017);
 24.4% (Mar 2018)
 33.9% (Mar 2019)
 43.8% (Mar 2020)
 50.5% (Mar 2021)
 46.3% (May 2022)
 https://w3techs.com/technologies/details/ce-
 SPDY was withdrawn completely in 2016.
http2/all/all
 https://tools.ietf.org/html/rfc7540
 https://developer.mozilla.org/en- US/docs/Web/HTTP/Basics_of_HTTP/Evolu tion_of_HTTP
2: Application Layer 41

 Header compression: HTTP header size is drastically reduced
 Multiplexing and concurrency: Several requests can be sent in rapid succession on the same TCP connection, and responses can be received out of order – eliminating the need for multiple connections between the client and the server
 Stream dependencies: the client can indicate to the server which of the resources are more important than the others
 Server push: The server can send resources the client has not yet requested
https://http2.akamai.com/ • This specification is

程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com