./ . / - - PDF document

• G. Bianchi, G. Neglia
• !

!" " # #

• $

$ % % & & '&( '&& '&( '&&

• G. Bianchi, G. Neglia

) )

*

• +#
• +# , -
• ! "

!#

But TCP not mandatory: any reliable transport connection is ok

• G. Bianchi, G. Neglia

. ./ /

• HTTP

Application Process (Browser)

Socket Client

HTTP Application Process (HTTP Daemon)

Socket Server HTTP request HTTP response

Can you give me /people/bianchi/index.htm? Here it is: “<HTML> bla bla bla …”

TCP connection

PORT: 1024 IP: 194.121.63.2 PORT: 80 IP: 131.175.21.1

Of course HTTP ignores IP & PORT: These info belong to lower layers, and have already been used to address the web server and enable connection!

• G. Bianchi, G. Neglia

. ./ /

." 1%2

• 3"1%2
• 1 % 2

General information (es: date, no-cache)

• 1% -2

allows client to optionally pass additional information about the request, and about the client itself that could not be stored in the request line allows server to optionally pass additional information about the response, and about the server itself that could not be stored in the status line

• G. Bianchi, G. Neglia

40% 40%

GET /test/index.html?foo=bar+baz&name=steve HTTP/1.0\r\n Connection: Keep-Alive\r\n User-Agent: Mozilla/4.07 [en] (X11; I; Linux 2.0.36 i686)\r\n Host: ninja.cs.berkeley.edu:5556\r\n Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*\r\n Accept-Encoding: gzip\r\n Accept-Language: en\r\n Accept-Charset: iso-8859-1,*,utf-8\r\n \r\n xxxxxxxxxxxxxxxxxxxxxx

• HTTP/1.0 200 OK

Server: Netscape-Enterprise/2.01 Date: Thu, 04 Feb 1999 00:28:19 GMT Accept-ranges: bytes Last-modified: Wed, 01 Jul 1998 17:07:38 GMT Content-length: 1848 Content-type: text/html \r\n xxxxxxxxxxxxxxxxxxxxxxx

Response:

• G. Bianchi, G. Neglia
• %5

%5

)4 # $%&'&()) 4*6)4 -75- ) ! * )) + ), *- 839% : ))!"---

• -- &!)"-

:7 #75 7 6444% # ;<= :<;<=1 /2

• G. Bianchi, G. Neglia

3 3

• '00

*

200=OK, 204=no content, 201=created, 202=accepted, …

00 )!,!)

301=moved permanently, 302=moved temporarily, 304=not modified

00 4

• 400=bad request, 404=not found, 401=unauthorized,

403=forbidden, ...

00 * *

500=internal server error, 501=not implemented, 502=bad gateway, 503=service unavailable, ...

Brilliant idea: unrecognized xnn codes treated as x00 codes!

• G. Bianchi, G. Neglia

/) /)

• 5>
• 5>

6 .!))"

Sun, 06 Nov 1994 08:49:37 GMT

» RFC 822, updated by RFC 1123 » Fixed-length field

Sunday, 06-Nov-94 08:49:37 GMT

» RFC 850, obsoleted by RFC 1036

Sun Nov 6 08:49:37 1994

» ANSI C’s asctime() format

#% !!&*

The word “pragma” taken from programming languages (directives to compiler)

/&))!

• G. Bianchi, G. Neglia

/ /

95#>5# 95#>5#

;9"+9"3? - " "+9" - 0!)*1*2)! !!& !34!!30 !3 40" - !"#$$$%$$$$ 0)))

primitive caching expiration date functionality Allows to quantify how “volatile” a resource is

* )

• G. Bianchi, G. Neglia
• )4

)4

;9 ;9" "+9 +9" "3 3 5 5 9 9 7 7 5# 5# If-Modified-Since: 18/11/2000 If-Modified-Since: 22/11/2000 Last-Modified: 20/11/2000

! $ & '(!! ! $$ ))'(!!

• G. Bianchi, G. Neglia

/ /

9>-$ 9>-$" "$# $#

" - " **+++, , +45!) . 9 " - !!" **!'!,), )&, !))

i.e. the page you come from none if request entered from keyboard

, )!6 *7'))

• G. Bianchi, G. Neglia

/ /

99%12 99%12

%" -

• !&'".), )&,

!)!) /*" :"*#" - /!012))*,$3456788,$,%%9%: )38!6

Multi-channel portals build on this idea

• G. Bianchi, G. Neglia

/ /

99%1'2 99%1'2

3" - !;!< ! !*,$ **9 "

Used for measurement & statistics Allows hackers to better prepare an attack :-)

*7" - !) 0))+=0# *& ,))

• G. Bianchi, G. Neglia

@@@"*5" - >>>0"?"))1@ >>>0"'!)&AB>))(>!)B

Basic=scheme used (may specify enhanced schemes) Challenge string: assigned by server to identify protected space

:;<)6" ! ))6)

Authorization must be valid for the current “challenge”

*5A" - 0"!2?!)@ 0"!2'C>"D 'E ;F=<)-DCAA

<credentials> = Base64(username:password) Base64: coding done on 64 characters only.

» A…Z a…z 0…9 + / » = used as special 65th symbol » See RFC 1521

/ /

95 95

=G! $ 0" !

# (

=G! H"!2 6I:

• G. Bianchi, G. Neglia

;%5$ ;%5$

BC%% BC%%

*%#/#9 %#/D# 0/E E/E + ))!

• *"4##A

)!) *"## ) ) "*91212 =;.**" F3"G$H<%-IJ$H5HJK LIJJK5IJ/%J M1%%2M

• G. Bianchi, G. Neglia

$ $

/, $%0# (!*

Preference & personalization Save passwords for further visits And a lot more

%/% >))), 3-K-. 45JKG!L<&'!ABKL"!L$$$B8F!ABB8G"AB*&M *89N >?(,@#@0!(@!@#,

Your cookie page SHOWS UP your navigation preferences!

',!!

Goal: gain access to your personal information & ) 6'( ,(",&: 4 AB.BBC;BDA%8/$(/$#/?$%(%5$ 5E4$%/#

• )-!F

<;G: .:;;<;HHHC .;..B:I: C::I=C<GB GIC;:.;H J

• G. Bianchi, G. Neglia

$87 $87

$%5%9 ##"

• $%#5

759:O 3$# 5 %5$9 .75 :59

• G. Bianchi, G. Neglia

• G. Bianchi, G. Neglia
• G. Bianchi, G. Neglia

*%9$ *%9$

$5& /! E 0! )

• (

<%L. 5 59

• G. Bianchi, G. Neglia

$ $

6% %*!), #

Ex: Cookie associated with “.unc.edu” will be returned to any server with that ending

5 %+45)!), # 40;75$70 3;75

• G. Bianchi, G. Neglia

$50 $50

%B3"$C

• /
• Set-cookie: name=cname; value=cvalue;

domain=.cs.unc.edu; path=/~kmp

• G. Bianchi, G. Neglia

3#$ 3#$

*$#5B3"$C 5 3#953"$5 %" 9595999 5$ P *;59 $ #, #, !)(*4 $-5

• G. Bianchi, G. Neglia

3#$ 3#$

4%%$ . $9 %5 $%59M #,!+45*- #,)- #,)+45)- #,- ;9%5% 5%/ 9$B$C 5.

• G. Bianchi, G. Neglia

$+5# $+5#

!##%# (*44%E,7 (*4#%E,*

• 3

(!*,) 1(&,2)- #*,,-

• G. Bianchi, G. Neglia

$+5# $+5#

3' K!)) **,- #,!* 1#,2)- 3 (* ,, *-

• G. Bianchi, G. Neglia

*40% *40%

@0#9

• #$

%, ),- % ,- *#Q !- 6#Q %!*!) L *-

• G. Bianchi, G. Neglia
• %#%

%#%

• 4 95;1R2

!) /)!

• in languages with accents (italian, french, german,…)

Non latin alphabets (Russian, Hebrew) languages wihout alphabet (Chinese, Japanese)

) * !"

each media with various coding schemes

• G. Bianchi, G. Neglia

4 4 5 5

+"9% - 5 - #& #& +;+4"$5 !!!!- ('%'4#<=G<" =5

• resource

# !F%

=) ! ) GIF viewer resource GIF

• G. Bianchi, G. Neglia
• %#%

%#%

"" -

'%'&, )!&- !F ! * %/% /! )"- J( *"&) with optional charset parameter: default ISO-8859-1; J( &1*E 1 !F!

"4#" -5

!)!") )

• J112

6& !: ) ) !!>"

• G. Bianchi, G. Neglia

4 4 % % N N

777 777 ( )4/05% / 1-$ 2