World Wide Web, etc.

Similar documents
Applications & Application-Layer Protocols: The Web & HTTP

Web Search An Application of Information Retrieval Theory

COSC 2206 Internet Tools. The HTTP Protocol

HTTP Protocol and Server-Side Basics

How to work with HTTP requests and responses

CS193i Handout #18. HTTP Part 5

Networking. INFO/CSE 100, Spring 2006 Fluency in Information Technology.

About the Tutorial. Audience. Prerequisites. Copyright & Disclaimer

HTTP TRAFFIC CONSISTS OF REQUESTS AND RESPONSES. All HTTP traffic can be

Web Programming 4) PHP and the Web

The HTTP protocol. Fulvio Corno, Dario Bonino. 08/10/09 http 1

WEB TECHNOLOGIES CHAPTER 1

WWW Document Technologies

The TCPProxy. Table of contents

Lecture 7b: HTTP. Feb. 24, Internet and Intranet Protocols and Applications

A programmer can create Internet application software without understanding the underlying network technology or communication protocols.

How the Internet Works

MWR InfoSecurity Advisory. 26 th April Elastic Path Administrative. Quit. Session Hijacking through Embedded XSS

HTTP, circa HTTP protocol. GET /foo/bar.html HTTP/1.1. Sviluppo App Web 2015/ Intro 3/3/2016. Marco Tarini, Uninsubria 1

::/Topics/Configur...

Parameterization in OpenSTA for load testing. Parameterization in OpenSTA Author: Ranjit Shewale

CS 355. Computer Networking. Wei Lu, Ph.D., P.Eng.

Introduction to HTTP. Jonathan Sillito

EDA095 HTTP. Pierre Nugues. March 30, Lund University

Networking and Internet

HTTP Request Handling

Configure ACE with Source NAT and Client IP Header Insert

CORS Attacks. Author: Milad Khoshdel Blog: P a g e. CORS Attacks

Computer Networks - A Simple HTTP proxy -

Introduction to Internet, Web, and TCP/IP Protocols SEEM

LAMP, WEB ARCHITECTURE, AND HTTP

Name Student ID Department/Year. Midterm Examination. Introduction to Computer Networks Class#: 901 E31110 Fall 2015

Notes beforehand... For more details: See the (online) presentation program.

The HTTP Protocol HTTP

2- Application Level Protocols HTTP 1.0/1.1/2

HTML forms and the dynamic web

Web History. Systemprogrammering 2006 Föreläsning 9 Web Services. Internet Hosts. Web History (cont) 1945: 1989: Topics 1990:

HTTP: Advanced Assessment Techniques

Giving credit where credit is due

World-Wide Web Protocols CS 571 Fall Kenneth L. Calvert All rights reserved

HTTP Server Application

Produced by. Mobile Application Development. Higher Diploma in Science in Computer Science. Eamonn de Leastar

CS 43: Computer Networks. Layering & HTTP September 7, 2018

Security Testing is performed to reveal security flaws in the system in order to protect data and maintain functionality.

ECE697AA Lecture 2. Today s lecture

C22: Browser & Web Server Communication

Assignment, part 2. Statement and concepts INFO-0010

TCP/IP Networking An Example

Jeff Offutt SWE 642 Software Engineering for the World Wide Web

Lecture 3. HTTP v1.0 application layer protocol. into details. HTTP 1.0: RFC 1945, T. Berners-Lee HTTP 1.1: RFC 2068, 2616

Forms, CGI. Objectives

Internet Architecture. Web Programming - 2 (Ref: Chapter 2) IP Software. IP Addressing. TCP/IP Basics. Client Server Basics. URL and MIME Types HTTP

Analysis of the effects of removing redundant header information in persistent HTTP connections

Server-Side Web Programming: Python (Part 1) Copyright 2017 by Robert M. Dondero, Ph.D. Princeton University

CS 43: Computer Networks. HTTP September 10, 2018

Applications & Application-Layer Protocols: The Web & HTTP

HTTP (HyperText Transfer Protocol)

CSCI-1680 WWW Rodrigo Fonseca

Homework 2 50 points. CSE422 Computer Networking Spring 2018

Computer Network Midterm Explain Internet protocol stack (1% each layer s name, 1% each layer s functions, 10% total)

Generating the Server Response: HTTP Response Headers

Lab 2. All datagrams related to favicon.ico had been ignored. Diagram 1. Diagram 2

CS631 - Advanced Programming in the UNIX Environment

Getting Some REST with webmachine. Kevin A. Smith

CSCI-1680 WWW Rodrigo Fonseca

Proxying. Why and How. Alon Altman. Haifa Linux Club. Proxying p.1/24

Information systems modeling. Tomasz Kubik

HashCookies A Simple Recipe

ID: Cookbook: browseurl.jbs Time: 19:37:50 Date: 11/05/2018 Version:

1.1 A Brief Intro to the Internet

Add gzip compression to optimize web server served files in Apache, Nginx and LiteSpeed

3. WWW and HTTP. Fig.3.1 Architecture of WWW

TCP/IP Networking Basics

What to shove up your.htaccess

Corporation in the Middle. Lee

Web Programming. Based on Notes by D. Hollinger Also Java Network Programming and Distributed Computing, Chs.. 9,10 Also Online Java Tutorial, Sun.

3.1 Understanding HTTP

CS144 Notes: Web Standards

Web Architecture and Technologies

CSE 333 Lecture HTTP

AN4965 Application note

Extreme Web Access: What to Do When FILENAME URL Is Not Enough Garth Helf, Hitachi Global Storage Technologies, San Jose, CA

Penetration Test Report

Forms, CGI. HTML forms. Form example. Form example...

HTML 5 Form Processing

8/8/17. HTTP Overview. It s all about the network. If you want to really do Web programming right you will need to know the ins and outs of HTTP

HTTP Review. Carey Williamson Department of Computer Science University of Calgary

Introduc)on to Computer Networks

Computer Science 571 Exam #1 Prof. Papa Thursday, February 23, 2017, 6:00pm 7:20pm

Policies to Resolve Archived HTTP Redirection

Networks Programming Engr. Abdul-Rahman Mahmood MS, PMP, MCP, QMR(ISO9001:2000)

Outline Computer Networking. HTTP Basics (Review) How to Mark End of Message? (Review)

The key networking element that are typically used in an analysis of network traffic are:

Forms, CGI. Cristian Bogdan 2D2052 / 2D1335 F5 1

02267: Software Development of Web Services

Outline of Lecture 3 Protocols

How browsers talk to servers. What does this do?

Browser behavior can be quite complex, using more HTTP features than the basic exchange, this trace will show us how much gets transferred.

DATA COMMUNICATOIN NETWORKING

UR what? ! URI: Uniform Resource Identifier. " Uniquely identifies a data entity " Obeys a specific syntax " schemename:specificstuff

Transcription:

World Wide Web, etc. Alex S. Raw data-packets wouldn t be much use to humans if there weren t many application level protocols, such as SMTP (for e-mail), HTTP & HTML (for www), etc. 1 The Web The following discussion applies to CGI, ASP, JSP, Servlets, Web Services, etc. Anything that works with the web. 1.1 Introduction What people call the WWW (World Wide Web) is just a huge collection of web-servers, which you access via web-clients (or web-browsers). The process works like this: a person types in some address in the address bar of their web-browser. The address is in the form of a URL, which has both the hostname and the resource name (along with the protocol and possibly a port). (sample URL with port and resource: http://www.theparticle.com:80/profphreak/profphreak.html where http is the protocol, www.theparticle.com is the hostname, 80 is the port address on that host [80 is the default for web-servers] and /profphreak/profphreak.html is the resource, an html file in our case.) The web-browser connects to the host, and requests the resource. The server either returns the resource or an error, and user s web-browser displays whatever the server returned. Simple? That s all there is. Well, as far as the simple situation is concerned. Very often however, we are not just dealing with static resources such as a web page, but with programs. In that case, the situation works like this: the web-browser requests a resource, which the web-server determines to be an executable program - in which case, the server executes the program, and returns the output as the resource. Common Gateway Interface (or CGI for short), defines the environment in which such programs execute. It defines how these web programs get their parameters, how their input and output is processed (how they talk to the web-server), etc. alex@theparticle.com 1

1.2 The Request (technical) 1 THE WEB CGI is system and language independent, meaning that you can write these web-programs in any language for any system (yes, even UNIX and Windows, and yes, using Perl). 1.2 The Request (technical) All client/server interactions start with a client request. In HTTP, a request is a fairly basic command to the server to fetch some resource. The usual request would look something like this: GET /somefile.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: en-us Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;.NET CLR 1.0.3705) Connection: Keep-Alive This is a request using Microsoft Internet Explorer 6.0 (as you can see from the User-Agent header variable). The URL used is: http://localhost:8080/somefile.cgi Which you can also spot inside the header (the Host has the host, and the first GET line has the resource. When the web-server gets such a request, it knows what to GET and what types of content the user s browser is willing to accept (which includes Microsoft Word documents, among other things). The same URL but requested via the Mozilla 1.1 web-browser produces the request: GET /somefile.cgi HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-us; rv:1.1) Gecko/20020826 Accept: text/xml, application/xml, application/xhtml+xml, text/html;q=0.9, text/plain;q=0.8, video/x-mng, image/png, image/jpeg, image/gif;q=0.2, text/css, */*;q=0.1 Accept-Language: en-us, en;q=0.50 Accept-Encoding: gzip, deflate, compress;q=0.9 Accept-Charset: ISO-8859-1, utf-8;q=0.66, *;q=0.66 Keep-Alive: 300 Connection: keep-alive 2

1.3 GET, POST, etc. 1 THE WEB As you can see, even though the requests appear different, they do contain fundamentally the same information (like Host, and GET line). This is how the server can be platform independent (and be able to talk to various web-clients). 1.3 GET, POST, etc. What we ve seen so far is a GET request. There are about half a dozen different requests which are standard. Apart from GET, another request types stands out as being very common: the POST. The POST request is usually used to send form data to the server. It is also different from GET in that it has a body. (GET just had the header; all user data has to be crammed into the few lines of the request header). With POST, we can send a LOT more data (like upload files), and submit forms with a lot of fields. To test POST, let s create an HTML form, and post data to our URL from the previous section. <HTML> <HEAD> <TITLE>This is a test.</title> </HEAD> <BODY> <H3>Enter Your Info Form</H3> <FORM ACTION="http://localhost:8080/somefile.cgi" METHOD="POST"> <P>Name: <INPUT TYPE="TEXT" NAME="USERNAME"><BR> Age: <INPUT TYPE="TEXT" NAME="AGE"><BR> <INPUT TYPE="SUBMIT" VALUE="Send Info"> </FORM> </BODY> </HTML> Notice that the FORM has a METHOD="POST" (this is the key part). When we post data using this form, the request becomes: POST /somefile.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: en-us Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;.NET CLR 1.0.3705) 3

1.3 GET, POST, etc. 1 THE WEB Content-Length: 27 Connection: Keep-Alive Cache-Control: no-cache USERNAME=Prof.Phreak&AGE=25 Notice that the request stars with a POST and not a GET and that now we also have a header argument named Content-Length which has a value of 27. This 27 represents how much data there is in the body of the request. It is the length of USERNAME=Prof.Phreak&AGE=25 (this is the body; since the request skips a line right before it). Now let s do the same exact form with a GET: <HTML> <HEAD> <TITLE>This is a test.</title> </HEAD> <BODY> <H3>Enter Your Info Form</H3> <FORM ACTION="http://localhost:8080/somefile.cgi" METHOD="GET"> <P>Name: <INPUT TYPE="TEXT" NAME="USERNAME"><BR> Age: <INPUT TYPE="TEXT" NAME="AGE"><BR> <INPUT TYPE="SUBMIT" VALUE="Send Info"> </FORM> </BODY> </HTML> Which produces a request to our server: GET /somefile.cgi?username=prof.phreak&age=25 HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: en-us Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;.NET CLR 1.0.3705) Connection: Keep-Alive Notice that this request (the GET) has no Content-Length, and no request body. All the information is encoded as part of the resource: 4

1.4 The Response (technical) 1 THE WEB /somefile.cgi?username=prof.phreak&age=25 So, now we know that if we use GET, our data becomes part of the resource string; and if we use POST it is appended to the request as the request body (and we are given the length). 1.4 The Response (technical) The response is a bit simpler than the request; since now we don t have to worry about various ways of sending data; there is basically one way, and that s in the response body. An OK response to the web-browser from the web-server looks something like this: HTTP/1.1 200 OK Date: Fri, 08 Nov 2002 01:31:36 GMT Server: Apache/2.0.43 (Win32) PHP/4.3.0-pre2 Last-Modified: Fri, 08 Nov 2002 01:21:28 GMT ETag: "1c5bf-194-d53f0a48" Accept-Ranges: bytes Content-Length: 404 Content-Type: text/html; charset=iso-8859-1 <HTML> <HEAD> <TITLE>This is a test.</title> </HEAD> <BODY> <H3>Enter Your Info Form</H3> <FORM ACTION="http://localhost:8080/somefile.cgi" METHOD="GET"> <P>Name: <INPUT TYPE="TEXT" NAME="USERNAME"><BR> Age: <INPUT TYPE="TEXT" NAME="AGE"><BR> <INPUT TYPE="SUBMIT" VALUE="Send Info"> </FORM> </BODY> </HTML> Notice that there is an HTTP header, followed by a blank line, then followed by the HTTP body (the content) of the reply. The header has a Content-Length, which tells us exactly how many types we can read to get the body. (note that the 404 content length is just a coincidence, it has nothing to do with the 404 error). An error response would look something like this: HTTP/1.1 404 Not Found Date: Tue, 12 Nov 2002 06:25:48 GMT Server: Apache/2.0.43 (Win32) PHP/4.3.0-pre2 5

1.5 Web Programming 1 THE WEB Content-Length: 294 Content-Type: text/html; charset=iso-8859-1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html> <head> <title>404 Not Found</title> </head> <body> <h1>not Found</h1> <p>the requested URL /somefilewhichisnotthere.html was not found on this server. </p> <hr /> <address>apache/2.0.43 Server at localhost Port 80</address> </body> </html> Yep, this is the famous 404 Page Not Found error (how our browser sees it in raw form). 1.5 Web Programming Web programming (or programming for the web - however you want to refer to it), is utilizing the HTTP protocol and the structure we ve learned about in these notes. CGI allows us to define our own recipients of these HTTP messages. We can have our own script that would accept form parameters, process them, and just as easily return results in a form that a browser can understand. 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback