Networking - HyperText Transfer Protocol

HTTP (HyperText Transfer Protocol) 

1. Definition

HTTP is an application layer protocol used for transferring data over the web.
It defines how clients (browsers) and servers communicate.

2. Full Form

HTTPHyperText Transfer Protocol

  • HyperText → Text containing links to other documents.

  • Transfer → Data exchange between client and server.

  • Protocol → Set of rules for communication.

3. Layer in OSI Model

  • HTTP works at the Application Layer (Layer 7).

  • Uses TCP/IP for reliable communication.

4. Default Port

  • Port 80 → Default for HTTP.

  • Port 443 → Used for HTTPS (HTTP Secure).

5. Connection Type

  • HTTP is a stateless protocol:

    • The server does not remember any client information between requests.

    • Every request is independent.

  • To maintain sessions, cookies, sessions, or tokens are used.

6. HTTP Request-Response Model

HTTP works based on a client-server architecture:

  1. Client (Browser) sends an HTTP request.

  2. Web Server processes it.

  3. Server sends back an HTTP response.

Example Flow:

Client → GET /index.html HTTP/1.1 → Server
Server → 200 OK + HTML content → Client

7. HTTP Methods

HTTP defines several request methods:

Method Purpose Example
GET Retrieve data Get a webpage
POST Send data to server Submit a form
PUT Update a resource Update a profile
DELETE Remove a resource Delete a file
HEAD Same as GET, but only headers Check metadata
OPTIONS Lists supported methods Cross-origin requests
PATCH Partially update a resource Update a single field

8. HTTP Versions

Version Released Features
HTTP/0.9 1991 Only GET requests
HTTP/1.0 1996 Added headers, POST, and status codes
HTTP/1.1 1997 Persistent connections, caching
HTTP/2 2015 Multiplexing, faster performance
HTTP/3 2022 Uses QUIC protocol for speed and security

9. HTTP Status Codes

Servers reply with status codes to indicate response results:

Code Category Meaning
1xx Informational Request received
2xx Success Request succeeded
3xx Redirection Resource moved
4xx Client Error Invalid request
5xx Server Error Server failed

Examples:

  • 200 OK → Success

  • 301 Moved Permanently → URL changed

  • 404 Not Found → Page doesn’t exist

  • 500 Internal Server Error → Server crashed

10. HTTP Headers

Headers provide extra information about requests and responses.

Request Headers:

GET /index.html HTTP/1.1
Host: www.example.com
User-Agent: Chrome/118.0
Accept: text/html

Response Headers:

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 3520
Set-Cookie: session=12345

11. HTTP Message Structure

HTTP Request:

Request Line → Method + URL + HTTP Version
Headers → Metadata about request
Body → Optional (used in POST, PUT)

HTTP Response:

Status Line → Version + Status Code + Status Message
Headers → Metadata about response
Body → HTML, JSON, images, etc.

12. HTTP and HTTPS Difference

Feature HTTP HTTPS
Security Not secure Encrypted via SSL/TLS
Port 80 443
Data Protection Vulnerable to attacks Protects against eavesdropping
Use Case Non-sensitive data Banking, login, payments

13. HTTP is Stateless

  • Each request is independent.

  • No memory of previous requests.

  • To maintain state, developers use:

    • Cookies

    • Sessions

    • Tokens

14. HTTP Persistent Connections

  • HTTP/1.0 → Creates a new TCP connection for every request.

  • HTTP/1.1 → Introduced Keep-Alive, allowing multiple requests on a single connection.

15. HTTP Caching

  • HTTP uses caching to improve performance.

  • Cache-Control header controls how resources are cached:

Cache-Control: max-age=3600

  • Reduces server load and speeds up page loading.

16. HTTP and REST APIs

  • HTTP is the foundation for REST APIs.

  • APIs use HTTP methods like GET, POST, PUT, DELETE to exchange JSON or XML data.

  • Example:

GET https://api.example.com/users/101

Response:

{
   "id": 101,
   "name": "John Doe"
}

17. HTTP Authentication

HTTP supports several authentication mechanisms:

  • Basic Authentication

  • Bearer Tokens

  • OAuth 2.0

  • API Keys

Example of a header:

Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR...

18. HTTP Cookies & Sessions

  • Cookies store small pieces of data on the client.

  • Sessions store information on the server.

  • Used for:

    • User authentication

    • Shopping carts

    • Personalization

19. HTTP Security Threats

Since HTTP is not encrypted, it’s vulnerable to:

  • Man-in-the-Middle (MITM) attacks

  • Session hijacking

  • Data theft

Solution → Use HTTPS with SSL/TLS encryption.

20. Real-Life Example of HTTP Communication

Step 1: Browser Request

GET /home HTTP/1.1
Host: www.example.com

Step 2: Server Response

HTTP/1.1 200 OK
Content-Type: text/html

<html>
  <h1>Welcome to Example!</h1>
</html>

Diagram – HTTP Request/Response

   [Client Browser]                     [Web Server]
          |                                   |
          | --- HTTP Request ----------------> |
          |    (GET /index.html)              |
          |                                   |
          | <-------- HTTP Response --------- |
          |    (200 OK + HTML data)          |
          |                                   |

Summary of HTTP

Aspect Details
Protocol Type Application Layer
Port 80 (HTTP), 443 (HTTPS)
Connection Stateless, persistent (HTTP/1.1)
Main Methods GET, POST, PUT, DELETE
Security Uses HTTPS for encryption
Use Case Web browsing, APIs, file sharing