Graduate Program KB

Overview of HTTP - Lightning Talk 1

-David Wong

Powerpoint Slides

Recording


Content

  1. What is HTTP
  2. HTTP Model
  3. OSI (Open System Interconnection) Layers/Model
  4. HTTP Flow - HTTP Methods
  5. HTTP Flow - GET Request
  6. HTTP Flow - GET Response
  7. HTTP Flow - Status Codes
  8. HTTP Flow - POST Request
  9. HTTP Flow - POST Response
  10. HTTP Versions and HTTPS
  11. HTTP Cookies

1 . What is HTTP

  • Http stands for hypertext transfer protocol, and essentially it's a set of rules that allows communications between systems/computers over the internet.

  • It's used to transfer data in the form of HTML documents between a server and a client.

  • E.g) When you type in google.com into your browser, what the browser does is, sending a HTTP request to the server or servers hosting google.com. Then the server would send back a HTTP response back to the browser which is the content of the website. The contents include HTML, scripts and styling instructions for the browser.


2. HTTP Model

  • HTTP uses a client-server model, client sends a request to the server, server responds back to you with the requested data.

  • Proxies are the middle man between client and server, they are commonly used for purposes like; caching, filtering, load balancing and authentication.

  • Imagine a server hosting google.com, and there are millions of clients trying to send messages to it. It's not gonna handle so many requests at the same time, so with the use of proxies they can split up the traffic from clients. You can have multiple servers as proxies.

    • E.g) Targeting Australian traffic; they could have 5 proxy servers that can respond to Australian clients. Instead of the requests going to the main server, they could go to the other 5 servers.

  • Caching: stores frequently access content, so if it contains that content then it would forward it to the client instead of asking the main server


3. OSI (Open System Interconnection) Layers/Model

  • OSI: Open System Interconnection. It is basically a standard for how different systems communicate with each other. Each layer is responsible for a specific part of network communication.

  • HTTP operates on the top level, application layer, it could operate anywhere else, but the application layer is suited as it provides services to end users, such as downloading web content, email, file transfers. The application layer defines protocols that allows applications to exchanged data with other applications over a network.

  • In HTTP, it uses the TCP Transmission control protocol as well to establish the connection between 2 systems.

  • This can be further explained in another lightning talk.


4. HTTP Flow - HTTP Methods

  • HTTP Methods are used to communicate with webservers. Telling the server what type of action the client wants to perform.
  • GET: Client wants to receive resources/content from a server.
  • POST: Client wants to send resources/data to a server for processing.
  • DELETE: Client wants to delete a specific resource on server.
  • PUT: Client wants to create or update a resource on a server.
  • and many more...
  • Depending on the webserver, some of these methods don't have to be implemented the way it was intended. This is just a guideline for developers.

5. HTTP Flow 1 - GET Request

  • Request Line
    • Method: GET
    • Request-URI: /page2
    • HTTP Version: HTTP/1.1
  • Headers
    • Host: www.example.com
    • User-Agent: Chrome/94.0.1111
    • Accept: text/html
    • (Other Headers)

6. HTTP Flow 1 - GET Response

  • HTML Document
  • Other Content
    • JSON, XML, plain text
    • File
    • Errors

7. HTTP Flow - Status Codes

  • When you send a request you get back an outcome which is a server response which contains content. Status codes are also included and provides whether or not a request was successful.

  • 1xx: Informational

    • Indicates a server has received your request and is currently processing it.
    • 100: Continue informational status response code indicates that everything so far is OK and that the client should continue with the request or ignore it if it is already finished.

  • 2xx: Success

    • Indicates the request was successful and server was able to send a response.
    • 200: Success, indicates the request has worked.

  • 3xx: Redirection

    • Indicates the requested resource isn't at this location anymore.
    • 301: Moved Permanently, requested resource has moved to a different location.

  • 4xx: Client Error

    • Indicates you have an error in the HTTP request.
    • 403: Forbidden, Client doesn't have access to the URL, due to missing authentication.
    • 404: Not Found, Server can't find the requested resource anywhere.

  • 5xx: Server Error

    • Indicates that the server had an error processing a request.
    • 500: Internal Server Error, server failed to process the request for some reason.
    • 503: Service Unavailable, server is under maintenance or is overloaded with requests.

  • Also similar like the HTTP Methods, these are only specifications, developers don't have to follow this and can return whatever they want.


8. HTTP Flow 2 - POST Request

  • Request Line
    • Method: POST
    • Request-URI: /orderfood
    • HTTP Version: HTTP/1.1
  • Headers
    • Host: www.example.com
    • User-Agent: Chrome/94
    • Accept: */*
    • Content-type: application/json
    • (Other Headers)
  • Request Body 
    {
    "name": "Pizza",
    "flavour": "Meat Lovers",
    "size": "family"
}

9. HTTP Flow 2 - POST Response

  • Status Code
  • Custom Server Message
    • JSON, XML, plain text
  • Content
    • HTML Document
    • Files

10. HTTP Versions and HTTPS

  • HTTP Versions 0.9, 1 and 1.1, Version 2, Version 3

  • HTTP 2, 2015

    • Performance: faster and more efficient than version 1, because it uses a new binary format which reduces the data needed to be transmitted between client and server.
      • It can also allow multiple requests and responses to be sent over a single connection, so instead of calling the server multiple times, you can call it once. This is called multiplexing.
    • Security: Includes built in support for encryption.
    • Server pushing: Send data to the client without waiting for the client to request it.
    • Header compression: As you can see from the examples there are a lot of headers that could be sent to server, so HTTP 2 reduces the amount of data needed to be transferred.

  • HTTP 3, 2021

    • Similar to previous versions but doesn't use the TCP connections. It uses a QUIC which is based on UDP, (Quick UDP Internet Connections).
    • Difference between TCP and UDP, in tcp all of the data needs to be sent, so need to check if all of the data is sent. UDP is just sending data through hoping it gets through, sometimes that's why you get bits of videos thats pixelated/choppy.

Even though there are new versions of HTTP, and HTTP 2 and 3 are also backwards compatible, there still needs to be support for HTTP 1 because there are older websites and browsers out there. There are also differences between the request and response messages as well.

  • HTTPS : Hypertext Transfer Protocol Secure, adds a layer of encryption using SSL (Secure Sockets Layer/Transport Layer Security). Ensures the data being transmitted between client and server is encrypted and can't be intercepted by anyone else.

11. HTTP Cookies

  • Cookies are small pieces of data that sent to client from server
  • Purposes:
    • Session Management:
      • Keeps track of clients session on a website.
      • E.G) When you go to an online shop, and add items to cart. When you close the tab and come back later you can still see the same items in the cart.
    • Personalisation:
      • User preferences, such as light or dark theme on a website
    • Tracking:
      • Cookies can also keep track of what the user is doing on the website, how long they are on a specific site, etc.
  • Modern Day Alternatives to client storage
    • Using Web Storage API
      • localStorage: Data stays even when you close browser and tab
      • sessionStorage: Data is gone when you close the tab
    • Improves performance because cookies are sent with every request.
  • Cookies can also be abused by attackers, they can be stolen and used to impersonate a client. Can prevent this with a variety of ways, example would be to use HTTPS to encrypt messages.

Bibliography: