NationMaster - Encyclopedia: HyperText Transfer Protocol

The five-layer TCP/IP model
5. Application layer
DHCP · DNS · FTP · Gopher · HTTP · IMAP4 · IRC · NNTP · XMPP · POP3 · SIP · SMTP · SNMP · SSH · TELNET · RPC · RTCP · RTSP · TLS · SDP · SOAP · GTP · STUN · NTP · (more) The TCP/IP model or Internet reference model, sometimes called the DoD model (DoD, Department of Defense), ARPANET reference model, is a layered abstract description for communications and computer network protocol design. ... The application layer is the seventh level of the seven-layer OSI model. ... (DHCP) is a set of rules used by a communications device such as a computer, router or network adapter to allow the device to request and obtain an IP address from a server which has a list of addresses available for assignment. ... It has been suggested that this article be split into multiple articles. ... This article is about the File Transfer Protocol standardised by the IETF. For other file transfer protocols, see File transfer protocol (disambiguation). ... Gopher is a distributed document search and retrieval network protocol designed for the Internet. ... The Internet Message Access Protocol (commonly known as IMAP or IMAP4, and previously called Internet Mail Access Protocol, Interactive Mail Access Protocol (RFC 1064), and Interim Mail Access Protocol[1]) is an application layer Internet protocol operating on port 143 that allows a local client to access e-mail on... IRC redirects here. ... The Network News Transfer Protocol or NNTP is an Internet application protocol used primarily for reading and posting Usenet articles, as well as transferring news among news servers. ... Jabber redirects here. ... In computing, local e-mail clients use the Post Office Protocol version 3 (POP3), an application-layer Internet standard protocol, to retrieve e-mail from a remote server over a TCP/IP connection. ... The Session Initiation Protocol (SIP) is an application-layer control (signaling) protocol for creating, modifying, and terminating sessions with one or more participants. ... Simple Mail Transfer Protocol (SMTP) is the de facto standard for e-mail transmissions across the Internet. ... The simple network management protocol (SNMP) forms part of the internet protocol suite as defined by the Internet Engineering Task Force (IETF). ... Secure Shell or SSH is a network protocol that allows data to be exchanged over a secure channel between two computers. ... For the packet switched network, see Telenet. ... Remote procedure call (RPC) is a protocol that allows a computer program running on one computer to cause a subroutine on another computer to be executed without the programmer explicitly coding the details for this interaction. ... RTP Control Protocol (RTCP) is a sister protocol of the Real-time Transport Protocol (RTP). ... The Real Time Streaming Protocol (RTSP), developed by the IETF and created in 1998 as RFC 2326, is a protocol for use in streaming media systems which allows a client to remotely control a streaming media server, issuing VCR-like commands such as play and pause, and allowing time-based... Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide secure communications on the Internet for such things as web browsing, e-mail, Internet faxing, instant messaging and other data transfers. ... Session Description Protocol (SDP), is a format for describing streaming media initialization parameters. ... A collection of decorative soaps used for human hygiene purposes. ... GPRS Tunneling Protocol (or GTP) is an IP based protocol used within GSM and UMTS networks. ... STUN (Simple Traversal of UDP over NATs) is a network protocol which helps many types of software and hardware receive UDP data properly through home broadband routers that use network address translation (NAT). ... The Network Time Protocol (NTP) is a protocol for synchronizing the clocks of computer systems over packet-switched, variable-latency data networks. ...
4. Transport layer
TCP · UDP · DCCP · SCTP · RTP · RSVP · IGMP · PPTP · (more)
3. Network/Internet layer
IP (IPv4 · IPv6) · OSPF · IS-IS · BGP · IPsec · ARP · RARP · RIP · ICMP · ICMPv6 · (more)
2. Data link layer
802.11 · 802.16 · Wi-Fi · WiMAX · ATM · DTM · Token ring · Ethernet · FDDI · Frame Relay · GPRS · EVDO · HSPA · HDLC · PPP · L2TP · ISDN · (more)
1. Physical layer
Ethernet physical layer · Modems · PLC · SONET/SDH · G.709 · OFDM · Optical fiber · Coaxial cable · Twisted pair · (more)
This box: view • talk • edit

Hypertext Transfer Protocol (HTTP) is a communications protocol used to transfer or convey information on intranets and the World Wide Web. Its original purpose was to provide a way to publish and retrieve hypertext pages. Development of HTTP was coordinated by the W3C (World Wide Web Consortium) and the IETF (Internet Engineering Task Force), culminating in the publication of a series of RFCs, most notably RFC 2616 (June 1999), which defines HTTP/1.1, the version of HTTP in common use. In computing and telecommunications, the transport layer is the second highest layer in the four and five layer TCP/IP reference models, where it responds to service requests from the application layer and issues service requests to the Internet layer. ... The Transmission Control Protocol (TCP) is one of the core protocols of the Internet protocol suite. ... User Datagram Protocol (UDP) is one of the core protocols of the Internet protocol suite. ... The Datagram Congestion Control Protocol (DCCP) is a message-oriented transport layer protocol that is currently under development in the IETF. Applications that might make use of DCCP include those with timingconstraints on the delivery of data such that reliable in-order delivery, when combined with congestion control, is likely... In the field of computer networking, the IETF Signaling Transport (SIGTRAN) working group defined the Stream Control Transmission Protocol (SCTP) as a transport layer protocol in 2002. ... The Real-time Transport Protocol (or RTP) defines a standardized packet format for delivering audio and video over the Internet. ... The Resource ReSerVation Protocol (RSVP), described in RFC 2205, is a transport layer protocol designed to reserve resources across a network for an integrated services Internet. ... The Internet Group Management Protocol (IGMP) is a communications protocol used to manage the membership of Internet Protocol multicast groups. ... The Point-to-Point Tunneling Protocol (PPTP) is a method for implementing virtual private networks. ... The network layer is third layer out of seven in OSI model and it is the third layer out of five in TCP/IP model. ... The Internet Protocol (IP) is a data-oriented protocol used for communicating data across a packet-switched internetwork. ... Internet Protocol version 4 is the fourth iteration of the Internet Protocol (IP) and it is the first version of the protocol to be widely deployed. ... Internet Protocol version 6 (IPv6) is a network layer protocol for packet-switched internetworks. ... The Open Shortest Path First (OSPF) protocol is a hierarchical interior gateway protocol (IGP) for routing in Internet Protocol, using a link-state in the individual areas that make up the hierarchy. ... Is Is is Yeah Yeah Yeahs third EP, to be released on July 24, 2007. ... The Border Gateway Protocol (BGP) is the core routing protocol of the Internet. ... IPsec (IP security) is a suite of protocols for securing Internet Protocol (IP) communications by authenticating and/or encrypting each IP packet in a data stream. ... In computer networking, the Address Resolution Protocol (ARP) is the standard method for finding a hosts hardware address when only its network layer address is known. ... Reverse Address Resolution Protocol (RARP) is a network layer protocol used to obtain an IP address for a given hardware address (such as an Ethernet address). ... This article is chiefly about the Routing Information Protocol (RIP) for the Internet Protocol, but also discusses some other routing information protocols. ... The Internet Control Message Protocol (ICMP) is one of the core protocols of the Internet protocol suite. ... The ICMP for IPv6 (Internet Control Message Protocol Version 6) is an integral part of the IPv6 architecture and must be completely supported by all IPv6 implementations. ... This article does not cite any references or sources. ... IEEE 802. ... The IEEE 802. ... Official Wi-Fi logo Wi-Fi (pronounced wye-fye, IPA: ), also unofficially known as Wireless Fidelity, is a wireless technology brand owned by the Wi-Fi Alliance intended to improve the interoperability of wireless local area network products based on the IEEE 802. ... Official WiMax logo WiMAX, the Worldwide Interoperability for Microwave Access, is a telecommunications technology aimed at providing wireless data over long distances in a variety of ways, from point-to-point links to full mobile cellular type access. ... Asynchronous Transfer Mode (ATM) is a cell relay, packet switching network and data link layer protocol which encodes data traffic into small (53 bytes; 48 bytes of data and 5 bytes of header information) fixed-sized cells. ... Dynamic synchronous Transfer Mode , or DTM for short, is a network protocol. ... Token-Ring local area network (LAN) technology was developed and promoted by IBM in the early 1980s and standardised as IEEE 802. ... Ethernet is a large, diverse family of frame-based computer networking technologies that operate at many speeds for local area networks (LANs). ... In computer networking, fiber-distributed data interface (FDDI) is a standard for data transmission in a local area network that can extend in range up to 200 km (124 miles). ... In the context of computer networking, frame relay consists of an efficient data transmission technique used to send digital information quickly and cheaply in a relay of frames to one or many destinations from one or many end-points. ... General Packet Radio Service (GPRS) is a Mobile Data Service available to users of Global System for Mobile Communications (GSM) and IS-136 mobile phones. ... Evolution-Data Optimized or Evolution-Data only, abbreviated as EV-DO or EVDO and often EV, is one telecommunications standard for the wireless transmission of data through radio signals, typically for broadband Internet access. ... High-Speed Packet Access (HSPA) is a collection of mobile telephony protocols that extend and improve the performance of existing UMTS protocols. ... High-Level Data Link Control (HDLC) is a bit-oriented synchronous data link layer protocol developed by the International Organization for Standardization (ISO). ... In computing, the Point-to-Point Protocol, or PPP, is commonly used to establish a direct connection between two nodes. ... In computer networking, the Layer 2 Tunneling Protocol (L2TP) is a tunneling protocol used to support virtual private networks (VPNs). ... ISDN redirects here. ... This article does not cite any references or sources. ... IEEE photograph of a diagram with the original terms for describing Ethernet drawn by Robert M. Metcalfe around 1976. ... For other uses, see Modem (disambiguation). ... For other uses, see Power band. ... It has been suggested that this article be split into articles entitled Synchronous optical networking, SONET and Synchronous digital hierarchy. ... There are very few or no other articles that link to this one. ... Orthogonal Frequency-Division Multiplexing (OFDM) â€” essentially identical to Coded OFDM (COFDM) â€” is a digital multi-carrier modulation scheme, which uses a large number of closely-spaced orthogonal sub-carriers. ... Optical fibers An optical fiber (or fibre) is a glass or plastic fiber designed to guide light along its length. ... Coaxial Cable For the weapon, see coaxial weapon. ... 25 Pair Color Code Chart 10BASE-T UTP Cable Twisted pair cabling is a common form of wiring in which two conductors are wound around each other for the purposes of cancelling out electromagnetic interference known as crosstalk. ... This article concerns communication between pairs of electronic devices. ... An intranet is a private computer network that uses Internet protocols, network connectivity, and possibly the public telecommunication system to securely share part of an organizations information or operations with its employees. ... WWWs historical logo designed by Robert Cailliau The World Wide Web (commonly shortened to the Web) is a system of interlinked, hypertext documents accessed via the Internet. ... In computing, hypertext is a user interface paradigm for displaying documents which, according to an early definition (Nelson 1970), branch or perform on request. ... It has been suggested that W3C Markup Validation Service be merged into this article or section. ... The Internet Engineering Task Force (IETF) develops and promotes Internet standards, cooperating closely with the W3C and ISO/IEC standard bodies; and dealing in particular with standards of the TCP/IP and Internet protocol suite. ... In internetworking and computer network engineering, Request for Comments (RFC) documents are a series of memoranda encompassing new research, innovations, and methodologies applicable to Internet technologies. ... 1999 is a common year starting on Friday Anno Domini (or the Current Era), and was designated the International Year of Older Persons by the United Nations. ...

HTTP is a request/response protocol between a client and a server. The client making an HTTP request - such as a web browser, spider, or other end-user tool - is referred to as the user agent. The responding server - which stores or creates resources such as HTML files and images - is called the origin server. In between the user agent and origin server may be several intermediaries, such as proxies, gateways, and tunnels. HTTP is not constrained to using TCP/IP and its supporting layers, although this is its most popular application on the Internet. Indeed HTTP can be "implemented on top of any other protocol on the Internet, or on other networks. HTTP only presumes a reliable transport; any protocol that provides such guarantees can be used." An example of a Web browser (Mozilla Firefox) A web browser is a software application that enables a user to display and interact with text, images, videos, music and other information typically located on a Web page at a website on the World Wide Web or a local area network. ... A web crawler (also known as a Web spider or Web robot) is a program or automated script which browses the World Wide Web in a methodical, automated manner. ... A user agent is the client application used with a particular network protocol; the phrase is most commonly used in reference to those which access the World Wide Web. ... The inside/front of a Dell PowerEdge web server The term Web server can mean one of two things: A computer program that is responsible for accepting HTTP requests from clients, which are known as Web browsers, and serving them HTTP responses along with optional data contents, which usually are... HTML, short for Hypertext Markup Language, is the predominant markup language for web pages. ... In computer networks, a proxy server is a server (a computer system or an application program) which services the requests of its clients by forwarding requests to other servers. ... It has been suggested that this article or section be merged into Gateway (telecommunications). ... A tunneling protocol is a network protocol which encapsulates one protocol or session inside another. ... The Internet protocol suite is the set of communications protocols that implement the protocol stack on which the Internet and most commercial networks run. ...

Typically, an HTTP client initiates a request by establishing a Transmission Control Protocol (TCP) connection to a particular port on a host (port 80 by default; see List of TCP and UDP port numbers). An HTTP server listening on that port waits for the client to send a request message. The Transmission Control Protocol (TCP) is one of the core protocols of the Internet protocol suite. ... It has been suggested that this article or section be merged into Computer port (software). ... TCP and UDP are transport protocols used for communication between computers. ...

Upon receiving the request, the server sends back a status line, such as "HTTP/1.1 200 OK", and a message of its own, the body of which is perhaps the requested file, an error message, or some other information.

Resources to be accessed by HTTP are identified using Uniform Resource Identifiers (URIs) (or, more specifically, URLs) using the http: or https URI schemes. The term resource is a foundational term in World Wide Web architecture because it is the root of Uniform Resource Identifiers, also known as URIs and URLs. ... HTTP (for HyperText Transfer Protocol) is the primary method used to convey information on the World Wide Web. ... A Uniform Resource Identifier (URI), is a compact string of characters used to identify or name a resource. ... â€œURLâ€ redirects here. ... https is a URI scheme used to indicate a secure HTTP connection. ... A URI scheme is the top level of the URI (Uniform Resource Identifier) naming structure. ...

1 Request Message
2 Request Methods
- 2.1 Safe Methods
- 2.2 Idempotent Methods and Web Applications
3 HTTP Versions
4 Status Codes
5 Persistent Connections
6 HTTP session state
7 Secure HTTP
- 7.1 https URI Scheme
- 7.2 HTTP 1.1 Upgrade header
8 Sample
9 See also
10 References

Request Message

The request message consists of the following:

Request line, such as GET /images/logo.gif HTTP/1.1, which requests the file logo.gif from the /images directory
Headers, such as Accept-Language: en
An empty line
An optional message body

The request line and headers must all end with <CR><LF> (that is, a carriage return followed by a line feed). The empty line must consist of only <CR><LF> and no other whitespace. In the HTTP/1.1 protocol, all headers except Host are optional. Originally, carriage return was the term for the key, lever, or mechanism on a typewriter that would cause the cylinder on which the paper was held (the carriage) to return to the left side of the paper after a line of text had been typed, and would often move it... In computing, line feed (LF) is a control character indicating that one line should be fed out. ... For other uses, see white space. ...

Request Methods

HTTP defines eight methods (sometimes referred to as "verbs") indicating the desired action to be performed on the identified resource.

HEAD: Asks for the response identical to the one that would correspond to a GET request, but without the response body. This is useful for retrieving meta-information written in response headers, without having to transport the entire content.
GET: Requests a representation of the specified resource. By far the most common method used on the Web today. Should not be used for operations that cause side-effects (using it for actions in web applications is a common misuse). See 'safe methods' below.
POST: Submits data to be processed (e.g. from an HTML form) to the identified resource. The data is included in the body of the request. This may result in the creation of a new resource or the updates of existing resources or both.
PUT: Uploads a representation of the specified resource.
DELETE: Deletes the specified resource.
TRACE: Echoes back the received request, so that a client can see what intermediate servers are adding or changing in the request.
OPTIONS: Returns the HTTP methods that the server supports. This can be used to check the functionality of a web server.
CONNECT: Converts the request connection to a transparent TCP/IP tunnel, usually to facilitate SSL-encrypted communication (HTTPS) through an unencrypted HTTP proxy.^[1]

HTTP servers are supposed to implement at least the GET and HEAD methods and, whenever possible, also the OPTIONS method. In software engineering, a web application is an application delivered to users from a web server over a network such as the World Wide Web or an intranet. ... A form on a web page allows a user to enter data that is, typically, sent to a server for processing and to mimic the usage of paper forms. ... A tunneling protocol is a network protocol which encapsulates one protocol or session inside another. ... Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide secure communications on the Internet for such things as web browsing, e-mail, Internet faxing, instant messaging and other data transfers. ... In computer networks, a proxy server is a server (a computer system or an application program) which services the requests of its clients by forwarding requests to other servers. ...

Safe Methods

Some methods (e.g. HEAD, GET, OPTIONS, and TRACE) are defined as safe, which means they are intended only for information retrieval and should not change the state of the server (in other words, they should not have side effects). Unsafe methods (such as POST, PUT and DELETE) should be displayed to the user in a special way, typically as buttons rather than links, thus making the user aware of possible obligations (such as a button that causes a financial transaction). In computer science, a function is said to produce a side effect if it modifies some state other than its return value. ...

Despite the required safety of GET requests, in practice they can cause changes on the server. For example, a Web server may use the retrieval through a simple hyperlink to initiate deletion of a domain database record, thus causing a change of the server's state as a side-effect of a GET request. This is discouraged, because it can cause problems for Web caching, search engines and other automated agents, which can make unintended changes on the server. Another case is that a GET request may cause the server to create a cache space. // A hyperlink (often referred to as simply link), is a reference or navigation element in a document to another section of the same document, another document, or a specified section of another document, that automatically brings the referred information to the user when the navigation element is selected by the... Web caching is the caching of web resources (HTML pages, images, etc. ... The success of the Google search engine was mainly due to its powerful PageRank algorithm and its simple, easy-to-use interface. ...

Idempotent Methods and Web Applications

Methods GET, HEAD, PUT and DELETE are defined to be idempotent, meaning that multiple identical requests should have the same effect as a single request. Methods OPTIONS and TRACE, being safe, are inherently idempotent. In mathematics, an idempotent element is an element which, intuitively, leaves something unchanged. ...

The RFC allows a user-agent, such as a browser to assume that any idempotent request can be retried without informing the user. This is done to improve the user experience when connecting to unresponsive or heavily-loaded web servers.

However, note that the idempotence is not assured by the protocol or web server. It is perfectly possible to write a web application in which (e.g.) a database insert or update is triggered by a GET request - this would be a very normal example of what the spec refers to as "a change in server state."

This misuse of GET can combine with the retry behavior above to produce erroneous transactions - and for this reason GET should be avoided for anything transactional - and used, as intended, for document retrieval only.

HTTP Versions

HTTP has evolved into multiple, mostly backwards-compatible protocol versions. RFC 2145 describes the use of HTTP version numbers. The client tells in the beginning of the request the version it uses, and the server uses the same or earlier version in the response.

0.9: Deprecated. Supports only one command, GET — which does not specify the HTTP version. Does not support headers. Since this version does not support POST, the client can't pass much information to the server.
HTTP/1.0 (May 1996): This is the first protocol revision to specify its version in communications and is still in wide use, especially by proxy servers.
HTTP/1.1 (June 1999)^[2]^[3]: Current version; persistent connections enabled by default and works well with proxies. Also supports request pipelining, allowing multiple requests to be sent at the same time, allowing the server to prepare for the workload and potentially transfer the requested resources more quickly to the client.
HTTP/1.2: The initial 1995 working drafts of the document PEP — an Extension Mechanism for HTTP (which proposed the Protocol Extension Protocol, abbreviated PEP) were prepared by the World Wide Web Consortium and submitted to the Internet Engineering Task Force. PEP was originally intended to become a distinguishing feature of HTTP/1.2.^[4] In later PEP working drafts, however, the reference to HTTP/1.2 was removed. The experimental RFC 2774, HTTP Extension Framework, largely subsumed PEP. It was published in February 2000.

Schema of non-pipelined vs. ... It has been suggested that W3C Markup Validation Service be merged into this article or section. ... The Internet Engineering Task Force (IETF) develops and promotes Internet standards, cooperating closely with the W3C and ISO/IEC standard bodies; and dealing in particular with standards of the TCP/IP and Internet protocol suite. ...

Status Codes

See also: List of HTTP status codes

In HTTP/1.0 and since, the first line of the HTTP response is called the status line and includes a numeric status code (such as "404") and a textual reason phrase (such as "Not Found"). The way the user agent handles the response primarily depends on the code and secondarily on the response headers. Custom status codes can be used since, if the user agent encounters a code it does not recognize, it can use the first digit of the code to determine the general class of the response.^[5] The following is a list of HTTP response status codes and standard associated phrases, intended to give a short textual description of the status. ... A 404 error is presented to the user. ... A user agent is the client application used with a particular network protocol; the phrase is most commonly used in reference to those which access the World Wide Web. ...

Also, the standard reason phrases are only recommendations and can be replaced with "local equivalents" at the web developer's discretion. If the status code indicated a problem, the user agent might display the reason phrase to the user to provide further information about the nature of the problem. The standard also allows the user agent to attempt to interpret the reason phrase, though this might be unwise since the standard explicitly specifies that status codes are machine-readable and reason phrases are human-readable. A web developers workstation. ...

Persistent Connections

Main article: HTTP persistent connections

In HTTP/0.9 and 1.0, the connection is closed after a single request/response pair. In HTTP/1.1 a keep-alive-mechanism was introduced, where a connection could be reused for more than one request. Schema of multiple vs. ...

Such persistent connections reduce lag perceptibly, because the client does not need to re-negotiate the TCP connection after the first request has been sent. Lag is a common term used to describe a symptom often encountered in computing and especially networked systems, where results of actions appear much later than expected. ...

Version 1.1 of the protocol made bandwidth optimization improvements to HTTP/1.0. For example, HTTP/1.1 introduced chunked transfer encoding to allow content on persistent connections to be streamed, rather than buffered. HTTP pipelining further reduces lag time, allowing clients to send multiple requests before a previous response has been received to the first one. Another improvement to the protocol was byte serving, which is when a server transmits just the portion of a resource explicitly requested by a client. There are very few or no other articles that link to this one. ... Schema of non-pipelined vs. ... Byte serving is the process of sending only a portion of an HTTP/1. ...

HTTP session state

HTTP is stateless protocol. The advantage of a stateless protocol is that hosts do not need to retain information about users between requests, but this forces web developers to use alternative methods for maintaining users' states. For example, when a host would like to customize content for a user while visiting a website, the web application must be written to track the user's progress from page to page. A common method for solving this problem involves sending and requesting cookies. Other methods include server side sessions, hidden variables (when current page is a form), and URL encoded parameters (such as /index.php?userid=3). A stateless server is one that treats each request as an independent transaction, unrelated to any previous request. ... A web developers workstation. ... A website (alternatively, Web site or web site) is a collection of Web pages, images, videos or other digital assets that is hosted on one or several Web server(s), usually accessible via the Internet, cell phone or a LAN. A Web page is a document, typically written in HTML... In software engineering, a web application is an application delivered to users from a web server over a network such as the World Wide Web or an intranet. ... This article is about the HTTP state mechanism. ... A webform on a web page allows a user to enter data that is, typically, sent to a server for processing and to mimic the usage of paper forms. ... A Uniform Resource Locator, URL (spelled out as an acronym, not pronounced as earl), or Web address, is a standardized address name layout for resources (such as documents or images) on the Internet (or elsewhere). ...

Secure HTTP

There are currently two methods of establishing a secure HTTP connection: the https URI scheme and the HTTP 1.1 Upgrade header, introduced by RFC 2817. Browser support for the Upgrade header is, however, nearly non-existent, hence the https URI scheme is still the dominant method of establishing a secure HTTP connection. https is a URI scheme used to indicate a secure HTTP connection. ... A Uniform Resource Identifier (URI), is a compact string of characters used to identify or name a resource. ... https is a URI scheme used to indicate a secure HTTP connection. ... A Uniform Resource Identifier (URI), is a compact string of characters used to identify or name a resource. ...

https URI Scheme

Main article: https

https: is a URI scheme syntactically identical to the http: scheme used for normal HTTP connections, but which signals the browser to use an added encryption layer of SSL/TLS to protect the traffic. SSL is especially suited for HTTP since it can provide some protection even if only one side of the communication is authenticated. In the case of HTTP transactions over the Internet, typically, only the server side is authenticated. https is a URI scheme used to indicate a secure HTTP connection. ... Secure Sockets Layer (SSL) and Transport Layer Security (TLS), its successor, are cryptographic protocols which provide secure communications on the Internet. ... Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide secure communications on the Internet for such things as web browsing, e-mail, Internet faxing, instant messaging and other data transfers. ...

HTTP 1.1 Upgrade header

HTTP 1.1 introduced support for the Upgrade header. In the exchange, the client begins by making a clear-text request, which is later upgraded to TLS. Either the client or the server may request (or demand) that the connection be upgraded. The most common usage is a clear-text request by the client followed by a server demand to upgrade the connection, which looks like this: Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide secure communications on the Internet for such things as web browsing, e-mail, Internet faxing, instant messaging and other data transfers. ...

Client:

 GET /encrypted-area HTTP/1.1 Host: www.example.com

Server:

 HTTP/1.1 426 Upgrade Required Upgrade: TLS/1.0, HTTP/1.1 Connection: Upgrade

The server returns a 426 status-code because 400 level codes indicate a client failure (see List of HTTP status codes), which correctly alerts legacy clients that the failure was client-related. The following is a list of HTTP response status codes and standard associated phrases, intended to give a short textual description of the status. ...

The benefits of using this method for establishing a secure connection are:

that it removes messy and problematic redirection and URL rewriting on the server side,
it allows virtual hosting (single IP, multiple domain-names) of secured websites, and
it reduces user confusion by providing a single way to access a particular resource.

A weakness with this method is that the requirement for secure HTTP cannot be specified in the URI. In practice, the (untrusted) server will thus be responsible for enabling secure HTTP, not the (trusted) client.

Sample

Below is a sample conversation between an HTTP client and an HTTP server running on www.example.com, port 80. This same page is served for example. ...

Client request (followed by a blank line, so that request ends with a double newline, each in the form of a carriage return followed by a line feed): In computing, a newline is a special character or sequence of characters signifying the end of a line of text. ... Originally, carriage return was the term for the key, lever, or mechanism on a typewriter that would cause the cylinder on which the paper was held (the carriage) to return to the left side of the paper after a line of text had been typed, and would often move it... In computing, line feed (LF) is a control character indicating that one line should be fed out. ...

 GET /index.html HTTP/1.1 Host: www.example.com

The "Host" header distinguishes between various DNS names sharing a single IP address, allowing name-based virtual hosting. While optional in HTTP/1.0, it is mandatory in HTTP/1.1. It has been suggested that this article be split into multiple articles. ... This article or section does not cite any references or sources. ... It has been suggested that this article or section be merged into shared web hosting service. ...

Server response (followed by a blank line and text of the requested page):

 HTTP/1.1 200 OK Date: Mon, 23 May 2005 22:38:34 GMT Server: Apache/1.3.27 (Unix) (Red-Hat/Linux) Last-Modified: Wed, 08 Jan 2003 23:11:55 GMT Etag: "3f80f-1b6-3e1cb03b" Accept-Ranges: bytes Content-Length: 438 Connection: close Content-Type: text/html; charset=UTF-8

The ETag (entity tag) header is used to determine if the URI cached is identical to the requested URI on the server. Content-Type specifies the Internet media type of the data conveyed by the http message, while Content-Length indicates its length in bytes. The HTTP/1.1 webserver publishes its ability to respond to requests for certain byte ranges of the document by setting the header Accept-Ranges: bytes. This is useful if the client needs to have only certain portions^[6] of a file sent by the server, which is called byte serving. When Connection: close is sent in a header, it means that the web server will close the TCP connection immediately after the transfer of this package. An ETag (entity tag) is an HTTP response header returned by an HTTP/1. ... Uri may refer to: geography: Canton of Uri is a canton (region) of Switzerland. ... An Internet media type,[1] originally called a MIME type after MIME and sometimes a Content-type after the name of a header in several protocols whose value is such a type, is a two-part identifier for file formats on the Internet. ... The term web server can mean one of two things: a computer responsible for serving web pages, mostly HTML documents, via the HTTP protocol to clients, mostly web browsers; a software program that is working as a daemon serving web documents. ... Byte serving is the process of sending only a portion of an HTTP/1. ... The inside/front of a Dell PowerEdge web server The term Web server can mean one of two things: A computer program that is responsible for accepting HTTP requests from clients, which are known as Web browsers, and serving them HTTP responses along with optional data contents, which usually are... TCP is an abbreviation of all of: Transmission Control Protocol Thermal conversion process Top Cow Productions Tool Center Point of a robot A number of chemical substances: Trichlorophenol, a fungicide Trichlorophenylmethyliodosalicyl, a germicide, see TCP (antiseptic) Tricresylphosphate, a lubricant, gasoline additive, plasticizer, and flame retardant Thienylcyclohexylpiperidine, which has been sold...

References

^ Vulnerability Note VU#150227: HTTP proxy default configurations allow arbitrary TCP connections. US-CERT (2002-05-17). Retrieved on 2007-05-10.
^ First release of HTTP/1.1 specification is dated January 1997 RFC 2068
^ Latest release of HTTP/1.1 specification is dated June 1999 RFC 2616
^ [1] PEP: An Extension Mechanism for HTTP. Quote: "For experimental purposes, PEP-compatibility is equated with HTTP/1.2."
^ 6.1 Status-Line
^ http://tools.ietf.org/html/draft-ietf-http-range-retrieval-00

Results from FactBites:

RFC 1945 (rfc1945) - Hypertext Transfer Protocol -- HTTP/1.0 (15946 words)
	The protocol versioning policy is intended to allow the sender to indicate the format of a message and its capacity for understanding further HTTP communication, rather than the features obtained via that communication.
	Since the protocol version indicates the protocol capability of the sender, a proxy/gateway must never send a message with a version indicator which is greater than its native version; if a higher version request is received, the proxy/gateway must either downgrade the request version or respond with an error.
	Proxies and gateways from HTTP to MIME-compliant protocols are responsible for ensuring that the message is in the correct format and encoding for safe transport on that protocol, where "safe transport" is defined by the limitations of the protocol being used.

Hypertext Transfer Protocol: Definition and Much More from Answers.com (1892 words)
	Hypertext Transfer Protocol (HTTP) is a method used to transfer or convey information on the World Wide Web.
	That version of the protocol also introduced chunked encoding to allow content on persistent connections to be streamed, rather than buffered, and HTTP pipelining, which allows clients to send some types of requests before the previous response has been received, further reducing lag.
	The advantage of a stateless protocol is that hosts don't need to retain information about users between requests, but this forces the use of alternative methods for maintaining users' state, for example, when a host would like to customize content for a user who has visited before.

More results at FactBites »

COMMENTARY

Share your thoughts, questions and commentary here

Want to know more?
Search encyclopedia, statistics and forums:

Feeds | Contact
The Wikipedia article included on this page is licensed under the GFDL.
Images may be subject to relevant owners' copyright.
All other elements are (c) copyright NationMaster.com 2003-5. All Rights Reserved.
Usage implies agreement with terms.

Contents

Request Message GA_googleFillSlot("encyclopedia_square");