Hypertext Transfer Protocol (HTTP)
HTTP
Hypertext Transfer Protocol
HTTP protocol defines the format and rules for communication between web servers and clients.
Port: 80 TCP | RFC:7231
OSI Layer: 7 (Application Layer)
Cyber Security Stance:
Designed by Vivekanand Padala
Protocol Overview
HTTP is an application-level protocol for hypermedia information systems. This protocol has been used by the World Wide Web initiative since 1990. It is built on the discipline of refence provided by Uniform Resource Identification (URI). From the HTTP protocol standpoint URIs are formatted strings that represent resources.
Because it is high level protocol it assumes that connection has been established and on a lower layers everything is being taken care of. Before HTTP protocol can start sending requests and responses from client and server respectively, reliable TCP transport must be established.
The overall protocol operation is built on the request & response communication model. A client sends a request to the server in the form of a request method, the server responds with a status line, including a success or error code, and possible entity-body content. It was primarily designed for communication between web browsers and web servers. The simplest way to visualize it is a single connection between client and server.
Due to its extensibility, it can be used for myriad of tasks and use cases. Extensibility is achieved by HTTP headers mechanism.
HTTP workflow
- The client establishes a TCP (Transmission Control Protocol) connection with the server:
- The client sends an HTTP request to the server:
- The server processes the HTTP request:
- The server sends an HTTP response to the client:
- The client receives the HTTP response:
- The TCP connection is closed:
Before sending any requests, the client establishes a TCP connection with the server. This connection is established by the client sending a SYN (Synchronize) packet to the server, and the server responding with a SYN-ACK (Synchronize-Acknowledge) packet. The client then sends an ACK (Acknowledge) packet to the server, and the connection is established.
After the TCP connection is established, the client sends an HTTP request to the server. This request contains information such as the type of request (GET, POST, etc.), the URI (Uniform Resource Identifier) of the resource being requested, and any additional headers or data.
Upon receiving the request, the server processes it according to the method specified in the request (GET, POST, etc.). The server may perform various actions, such as retrieving data from a database or performing calculations.
After processing the request, the server sends an HTTP response to the client. This response contains information such as the status code (indicating the success or failure of the request), any headers, and the response data.
Upon receiving the response, the client processes it according to the information contained in the response. This may include displaying the response data to the user, or performing some other action based on the response
After the response is received, the TCP connection is closed. This is done by the client sending a FIN (Finish) packet to the server, and the server responding with an ACK packet.