HyperText Transfer Protocol (HTTP)
HyperText Transfer Protocol (HTTP) enables clients (e.g., web browsers) to request resources from an HTTP server.
- is the foundation of web technology
- process:
- a client connects to the HTTP server using a TCP port
- TCP/80 by default
- client submits a request for a resource (GET)
- using a uniform resource locator (URL)
- server acknowledges the request and either responds with the data or with an error message
- a client connects to the HTTP server using a TCP port
HTTP Headers and Payload
- response and request formats are defined in the HTTP header
- HTTP payload is usually used to server HyperText Markup Language (HTML) webpages
- plain text files with coded tags describing how the page should be formatted
- a web browser can interpret the tags and display the text and other resources associated with the page
- e.g., binary picture or sound files linked to the page
- HTTP features a forms mechanism (POST)
- enables a user to submit data from the client to the server
- HTTP is a stateless protocol
- means that the server is not required to preserve information about the client during a session
- however, the basic functionality of HTTP servers is often extended by support for scripting and programmable features (web applications)
- servers can also set text file cookies to preserve session information
- these coding features and integration with databases increase flexibility and interactivity
- but also increases the attack surface and expose more vulnerabilities
Info
- many argue that HTTP is a stateful protocol
- version 2 of HTTP adds more state-preserving features