HTTP: Hypertext Transfer Protocol

Questions and Answers

What is the primary function of the HTTP protocol regarding data representation?

• Compressing data to minimize bandwidth usage.
• Defining character sets for multimedia content.
• Typing data representation, enabling systems to operate independently of the data. (correct)
• Encrypting data to ensure secure transmission.

According to the HTTP/1.0 specification, what should an application do if it receives an HTTP message without a specified protocol version?

• Reject the message as invalid.
• Assume the message is in the HTTP/1.0 format.
• Attempt to auto-detect the protocol version.
• Assume the message is in the simple HTTP/0.9 format. (correct)

When is the absoluteURI form of Request-URI permitted in an HTTP request?

• When the client and server are on the same local network.
• When the request involves a secure connection using TLS/SSL.
• When directly requesting a resource from the origin server.
• When the request is being made to a proxy. (correct)

In the context of HTTP, what does the term 'tunnel' signify?

An intermediary program acting as a blind relay between two connections, without interpreting the relayed communication. (C)

How should recipients handle HTTP header fields that contain octets outside of the US-ASCII character set?

Assume that the octets represent ISO-8859-1 characters. (B)

Which sequence of characters is defined as the end-of-line marker for all protocol elements in HTTP/1.0, except within the Entity-Body?

CR LF (Carriage Return Line Feed) (C)

What does the HTTP 'Date' general-header field represent?

The date and time at which the message was originated. (A)

Under what condition must an HTTP/1.0 request include a valid Content-Length header field?

When the request contains an entity body. (A)

What is the primary purpose of the 'Content-Encoding' header in HTTP/1.0?

To indicate any additional content coding applied to the data, such as compression. (D)

In HTTP, if a client sends an 'If-Modified-Since' header with a GET request, and the resource hasn't been modified since the specified date, what response should the server return?

304 Not Modified. (C)

What is the significance of the 'Expires' entity-header field in HTTP?

It gives the date and time after which the entity should be considered stale. (A)

Why does the HTTP specification recommend that user agents provide a way to disable or modify the 'From' header field?

Because it may conflict with the user's privacy interests or security policy. (B)

In the context of HTTP status codes, what does a status code beginning with the digit '5' indicate?

Server Error. (C)

Which HTTP method is designed to allow a uniform method to cover annotation of existing resources, posting to bulletin boards, and extending a database through an append operation?

POST (C)

If an HTTP server, acting as a gateway, receives an invalid response from an upstream server, which status code should it return?

502 Bad Gateway (A)

According to the HTTP specifications, what is the purpose of the 'Allow' entity-header field?

To list the set of methods supported by the resource identified by the Request-URI. (D)

In HTTP access authentication, what is the purpose of the 'realm' attribute?

To define the domain over which credentials can be automatically applied by a user agent. (C)

What security measure, related to file and path names, should be taken by HTTP origin servers?

Restricting the documents returned by HTTP requests to be only those that were intended by the server administrators. (A)

What is the recommended action with respect to Pragma directives that are not relevant to a recipient, such as a proxy server?

The proxy should ignore the pragma directive. (A)

What is the purpose of the User-Agent request-header field?

For statistical purposes, the tracing of protocol violations, and automated recognition of user agents. (B)

What action should a client take if a server returns a 401 (Unauthorized) response to a request?

Repeat the request with suitable Authorization header field. (C)

According to the HTTP specification, what is the default action a user agent should take when receiving a 300 Multiple Choices status code?

Present the user with a list of choices. (C)

If a previously requested resource has been assigned a new, permanent URI, what status code should the server return?

301 Moved Permanently (B)

Which of the following is the most appropriate response when a server wishes to be able to indicate that it is temporarily overloaded?

503 Service Unavailable (D)

What is the behavior for a proxy server regarding the 'Allow' header field?

A proxy server must not modify the Allow header field even if it does not understand all the methods specified. (A)

According to the specifications, can HTTP headers be extended over multiple lines?

Yes, by preceding each extra line with at least one space or horizontal tab. (A)

What does the HTTP/1.0 specification state regarding the caching of responses to POST requests?

Responses to POST requests must not be cached. (D)

If a server sends a 204 No Content response, what action should a user agent take?

Not change its document view from that which caused the request to be generated. (D)

When a 301 status code is received in response to a request using the POST method, what does the HTTP specification state?

The user agent must not automatically redirect the request unless it can be confirmed by the user. (D)

What impact does the presence of an Expires field have on history mechanisms employed in user-agent software?

By default, the expires field doesn't apply to history mechanisms. (C)

In HTTP, what URL syntax is acceptable in the 'Referer' request-header field?

Absolute or relative URL. (C)

According to the HTTP/1.0 specifications, what is the proper response when a server receives a request that it cannot fulfill?

It depends on whether there's bad syntax or incomplete request. (C)

What is the proper way for HTTP servers to respond to user agents after getting unauthorized request for URIs?

The server will attempt authentication before proceeding. (D)

What can the application server do regarding log of information on their servers?

They must save personal data about a user's request, can reveal reading or subject interests. (D)

How strict is HTTP/1.0 on the use of "7bit", "8bit", or "binary" encoding?

It only permits '7bit', '8bit', or 'binary'. (B)

Is the relationship of HTTP/1.0 with MIME a separate system?

Both were carefully chosen to have optimum connections. (C)

How is a client notified is a resource they're trying to access isn't allowed?

The server will let them know based on code. (C)

Flashcards

What is HTTP?

An application-level protocol for distributed, collaborative hypermedia information systems.

HTTP Characteristics

A generic, stateless, object-oriented protocol.

Feature of HTTP

Typing of data representation.

HTTP Connection

A transport layer virtual circuit between two application programs.

HTTP Message

The basic unit of HTTP communication, a structured sequence of octets.

HTTP Request

An HTTP request message.

HTTP Response

An HTTP response message.

HTTP Resource

A network data object or service identified by a URI.

HTTP Entity

A particular representation of a data resource.

HTTP Client

An application program that establishes connections for sending requests.

HTTP User Agent

The client which initiates a request.

HTTP Server

An application program that accepts connections to service requests

HTTP Origin Server

The server on which a given resource resides or is to be created

HTTP Proxy

An intermediary program acting as both a server and a client.

HTTP Gateway

A server which act as an intermediary for some other server.

HTTP Tunnel

An intermediary program acting as a blind relay between two connections.

HTTP Cache

A program's local store of response messages.

HTTP Operation

The HTTP protocol is based on what type of paradigm?

What does a client send to a server?

Request Method, URI, and Protocol Version

What is in the Appendix D?

Those feature which have few or inconsistent implementation.

MIME Charset Name Definition

This specifies the mapping to be performed from octets to characters.

Content Coding Values Indicates

To indicate an encoding transformation that has been applied to a resource.

Content-Type header provides...

HTTP uses Internet Media Types to provide what?

HTTP Version Field

HTTP version is indicated in what field?

Why cache responses?

To reduce the response time and network bandwidth consumption.

What does URI identify

Name, location, or a characteristic

Purpose of Server Header

Indicates information about the software used by the origin server.

Default HTTP Port

80

Reliable Transport Needed

HTTP requires a transport protocol that provides what?

Identify an Origin Server

The most common form of Request-URI identifies a what?

Study Notes

• HTTP is a modern approach to sharing data that relies on speed and efficiency
• HTTP has been used in the World-Wide Web since 1990
• HTTP/1.0 describes established features of HTTP clients and servers
• HTTP is suitable for search, updates, and annotations
• HTTP builds its location and addressing structure on top of URIs

Terminology

• Connection: a link made between two applications for communicating
• Message: A string of bytes in a specific order during HTTP
• Request: An HTTP request message
• Response: An HTTP response message
• Resource: A network object or service identifiable through a URI
• Entity: A version of a data resource with meta information and content
• Client: An application that connects to servers to send requests
• User agent: Initiates a request, like browsers, editors or web robots
• Server: Accepts connections and responds
• Origin server: Hosts or creates the resource
• Proxy: A go-between server used to make requests on behalf of other clients
• Gateway: Intermediary server that receives gateway requests as an original server would
• Tunnel: A blind relay between two connections that is not a part of HTTP communication
• Cache: A local store of messages that controls what to save, retrieve, and delete

Operation

• HTTP follows a request/response model
• Clients connect with servers to send a request that includes a method, URI and protocol version
• Requests resemble MIME messages and might contain modifiers, client info and body content
• Servers respond with a status line, protocol version, success/error code and MIME-like data

Caching

• User agents start most HTTP communications
• Cases include connections between user agents and origin servers
• Proxies, gateways, and tunnels can be used to mediate connections
• Intermediaries can act as proxies, gateways or tunnels
• Proxies forward and rewrite requests to other servers
• Gateways receive and translate requests for underlying servers
• Tunnels relay communication
• Caching can shorten request/response chains.

HTTP and MIME

• HTTP/1.0 relies on constructs from MIME, defined in RFC 1521
• Appendix C outlines how HTTP changes Internet Media Types

Notational Conventions and Generic Grammar

• Includes rules and constructs for: Augmented BNF

Protocol Parameters

• HTTP uses a major.minor numbering scheme for protocol versions
• HTTP version indicates the message format and communication capabilities
• Minor number increments with feature additions
• Major number increments with format changes
• The "HTTP-Version" field indicates the version
• Recipients assume messages follow HTTP/1.0 standards if no version is specified

HTTP 1.0 Requirements

• HTTP/1.0 servers have certain requirements
• Recognize the formats for HTTP/0.9 & HTTP/1.0 request lines
• Understand legitimate requests in the formats HTTP/0.9 or HTTP/1.0
• Respond appropriately using the client's protocol version
• HTTP/1.0 clients must recognize the Status-Line for HTTP/1.0 responses
• They must understand valid responses from HTTP/0.9 or HTTP/1.0

Proxies and Gateways

• Proxy and gateway applications should carefully forward requests
• Protocol version shows sender ability, so a proxy/gateway must not send higher versions than its native version
• Upon receiving high version requests the proxy/gateway may downgrade the request or respond with an error
• Upgrade requests with lower versions, before forwarding
• The proxy or gateways response must follow server requirements

Uniform Resource Identifiers (URIs)

• URIs have been referred to by various names like WWW addresses, Universal Document Identifiers, Universal Resource Identifiers, and Uniform Resource Locators (URL)
• In HTTP, Uniform Resource Identifiers are simply formatted strings identifying network resources via name, location, or other characteristics

General Syntax

• URIs in HTTP appear in absolute or relative form based on context
• Absolute URIs always begin with a scheme name and a colon
• BNF-style syntax is used to define URI components

HTTP URLs

• The "http" scheme is used to located network resources through HTTP
• This scheme defines a specific syntax and semantics for HTTP URLs
• If port is empty or absent, port 80 is assumed
• Identified resource is on the server listening for TCP connections through identified host port
• "Request-URI" for the resource is the absolute path
• Absence of absolute path implies root ("/") when used as "Request-URI"

Representations

• Canonical form refers to converting UPALPHA chars to LOALPHA equivs
• Omitting [ ":" port ] if port is 80, and replaces empty absolute path with "/"
• HTTP URLs only identify TCP resources
• Non-TCP resources are identified by another URI scheme

Date/Time Formats

• HTTP/1.0 supports three ways to represent date/time stamps: RFC 822, RFC 850, and ANSI C's asctime() format
• The RFC 1123 format: should be used as preferred Internet standard and fixed-length subset
• Three acceptable formats for parsing
• The third "asctime" format: clients and servers should not generate.
• Ensure robustness when interpreting date values
• All HTTP/1.0 date/time stamps in Universal Time (UT) also known as Greenwich Mean Time (GMT)

Prefixes

• GMT indicates with first two formats
• The third, "asctime" format it should be assumed when reading
• BNF grammar represents these formats
• HTTP date/time requirements apply usage within the protocol stream
• Clients/servers don't have to use these formats in user presentation, request logging, etc

Character Sets

• HTTP uses the same "character set" definition described for MIME
• "character set" converts octets to characters
• Doesn't require unconditional conversion the other way
• A character set provides multiple octet sequences to represent one character
• MIME character set name must describe octets-to-characters mapping
• Use external information to know the exact mapping is not permitted

Nomenclature

• "character set": commonly becomes "character encoding"
• HTTP/MIME share registry, terminology, maintaining consistency
• HTTP character sets are identified by case-insensitive tokens
• Defines preferred names for charsets likely to used with HTTP entities
• Set includes registered RFC 1521 charsets, US-ASCII & ISO-8859
• Register all character sets defined in IANA
• Applications should limit usage to the IANA-defined registries
• Label the entity body character set, the lowest common denominator of used character codes
• Don't label is preferred over labels US-ASCII or ISO-8859-1.

Content Coding

• Indicate encoding transformation with content coding values
• Main use to compress/encrypt docs yet retain the media type indentity
• Resource stored and decoded before rendering/analogous usage
• Content-coding = "x-gzip" | "x-compress" | token
• Applications should view "gzip" and "compress" as equiv to "x-gzip" & "x-compress"
• Content-coding: values: case-insensitive.
• HTTP/1.0's Content-Encoding value, describes mechanism needed to remove the encoding
• Single programs may be able to decode several content-coding formats

Types

• "x-gzip" is made through "gzip": a Lempel-Ziv coding (LZ77) with 32 bit CRC
• The "compress" program produces "x-compress": an adaptive Lempel-Ziv-Welch coding (LZW)
• Discourage to identify encoding formats by program names for future. Use here demonstrates bad "historical practice"

Media Types

• HTTP uses Internet Media Types in the Content-Type header field to provide open and extensible data typing
• media-type = type "/" subtype *(";" parameter)
• type = token, subtype = token
• Parameters may follow type and subtype with attribute/value pairs
• Parameter = attribute "=" value, attribute/value = token
• Parameter = attribute "=" value where the value is, a "quoted-string"
• Type/subtype parameter and attribute names are case-insensitive
• Parameter values might be case dependent, on "parameter name semantics"
• Don't make LWS between type/subtype, nor attribute and value
• Upon receiving media type with unknown parameter, a user agent should treat media type as its not shown

Processing Media Type

• Many old HTTP apps do not process media type parameters
• HTTP/1.0 clients should only do so when needed to define message content
• Media-type values, register in Internet Assigned Number Authority", IANA
• Media type registration process in RFC 1590. Discourage non-registered media types
• Register Internet media types with "canonical form"
• In general, HTTP-transferred "Entity-Body" must be there before transmission
• Encode body with Content-Encoding = underlying data, canonical form before encoded

Line Breaks

• Media subtypes of "text" use/use CRLF breaks
• plain CR or LF alone = consistent line breaks
• HTTP applications must accept
• CRLF Line Break Bare
• CR or LINE breaks
• if TEXT media in "Entity-Body"

Header Fields and Message Types

• The charset parameter - some media uses types to define their character set
• When transmitter provides no explicit charset, it is considered to have, "ISO-8859-1"
• Label those other than "ISO-8859-1" (or subset)
• Many HTTP servers offer data: using "ISO-8859-1" or similar
• This lowers interoperability: thus, some HTTP user agents can config option, allow user toggle

Other protocols

• MIME offers "multipart", multiple entities inside single message body
• Multipart types registered by (IANA = irrelevant to HTTP/1.0
• User agents might need to understand in order to read body part purposes
• Multipart types share common syntax- including"boundary parameter as part of media data type
• Message body * IS * a protocol and should always use CRLF", linebreaks

Headers

• Include the header files and is significant
• Product Tokens
• Communicate to identify token products, slash, or version identifier
• More fields apply tokens: subproducts are vital part of product to
• BNF grammar for the field follows.

HTTP Messages

• HTTP messages have requests and responses
• Message - Simple-Request: HTTP/0.9 messages or Full-Request HTTP/1.0 messages
• "Full-Request" and "Full-Response": generic from RFC 822 to transmission
• Both messages: include optional header fields/headers + entity body
• Body gets separated from headers by a null line (CRLF)
• "Simple-Request" and "Simple-Response": don't used any header info or used a single request method (GET).
• Simple-Request = "GET" SP Request-URI CRLF
• Simple-Response
• Use of "Simple-Request" form: discouraged = since stops server " from identifying the returned entity's media.

Headers

• HTTP header fields includes General Request/Response and entity
• They come under identical format in section 3.1", RFC 822
• header": field comes from ""name"", a single space, to the ""field value
• ""Header fields: extend over lines: at /least/ one space or (Not Recommended)
• HTTP-header
• text from each of field value are the combinations.

Order

• Not important to order the fields
• Sending General-Header's + subsequent Request- or followed the "Request / ""Response -header" and is GOOD PRACTICE

"Multiple HTTP- Header-fields":

• With same field -name may occur in msg ONLY IF each whole field- value for THAT header is defined.
• Must combine into one ""field. name, and field value"" with no semantics - to then add subsequent.

General Headers

• Some Headers have common request applicability/ answer data, or applies to entity data being transmitted
• Headers apply to message transmissions only
• "General Headers" headers" + date & pragma
• "Good only with protocol General Header"", unrecognised means entity header
• "Re: request msg: from client-Server, includes,
• 1): method for resource
• 2): identifier for resource
• 3):""protocol versions in use.""
• backward compatibility: and ""HTTP / 0.9"" protocol only.
• "Request
• ==: 1. simple request and + 2 Full-Request
• === Get request ""
• Full-requests "" are (headers) + (entity body)/ headers/crlf =4.7.1 sections

First Line

• Line includes: = request method header or request-URIs, as its also called