超文本傳輸協議(HTTP)是用於分布式、協作性、超媒體信息系統的應用層協議。這是自1990以來全球資訊網(I.Internet)數據通信的基礎。HTTP是一種通用的無狀態協議,可以用於其他目的,也可以使用其請求方法、錯誤代碼和頭的擴展。
基本上,HTTP是一種基於TCP/IP的通信協議,用於在全球資訊網上傳送數據(HTML文件、圖像文件、查詢結果等)。默認埠是TCP80,但可以使用其他埠。它爲計算機之間的通信提供了一種標準化的方式。HTTP規範指定客戶機請求數據將如何構造並發送到服務,以及伺服器如何響應這些請求。
Basic Features
以下三個基本特性使HTTP成爲一個簡單而強大的協議:
HTTP是無連接的:HTTP客戶端ie.browser啓動HTTP請求,請求發出後,客戶端斷開與伺服器的連接並等待響應。伺服器處理該請求並重新建立與客戶端的連接以發送響應。
HTTP與媒體無關:這意味著,只要客戶端和伺服器都知道如何處理數據內容,任何類型的數據都可以通過HTTP發送。這是客戶端和伺服器使用適當的MIME類型指定內容類型所必需的。
HTTP是無狀態的:如上所述,HTTP是無連接的,這是HTTP是無狀態協議的直接結果。只有在當前請求期間,伺服器和客戶機才知道彼此。後來,他們倆都忘記了彼此。由於協議的這種性質,客戶端和瀏覽器都不能在網頁上的不同請求之間保留信息。
HTTP/1.0 uses a new connection for each request/response exchange where as HTTP/1.1 connection may be used for one or more request/response exchanges.
Basic Architecture
下圖顯示了web應用程式的一個非常基本的體系結構,並描述了HTTP的位置:
HTTP協議是基於客戶機/伺服器架構的請求/響應協議,其中web瀏覽器、機器人和搜尋引擎等充當HTTP客戶機,web伺服器充當伺服器。
Client
HTTP客戶端以請求方法、URI和協議版本的形式向伺服器發送一個請求,然後是一個類似MIME的消息,該消息通過TCP/IP連接包含請求修飾符、客戶端信息和可能的正文內容。
伺服器
HTTP伺服器使用狀態行(包括消息的協議版本和成功或錯誤代碼)進行響應,然後是包含伺服器信息、實體元信息和可能的實體體內容的類似MIME的消息。
HTTP - Parameters
本章將列出一些重要的HTTP協議參數及其語法,它們在通信中的使用方式。例如,日期格式、URL格式等。這將幫助您在編寫HTTP客戶端或伺服器程序時構造請求和響應消息。您將在隨後的章節中看到這些參數的完整用法,同時解釋HTTP請求和響應的消息結構。
HTTP Version
HTTP使用<major><minor>編號方案來指示協議的版本。HTTP消息的版本由第一行的HTTP版本欄位指示。下面是指定HTTP版本號的一般語法:
HTTP-Version = "HTTP" "/" 1*DIGIT "." 1*DIGIT
Example
HTTP/1.0 or HTTP/1.1
Uniform Resource Identifiers (URI)
統一資源標識符(Uniform Resource Identifiers,URI)是簡單格式化的,不區分大小寫的字符串,包含名稱、位置等,用於標識資源,例如網站、web服務等。用於HTTP的URI的一般語法如下:
URI = "http:" "//" host [ ":" port ] [ abs_path [ "?" query ]]
在這裡,如果埠爲空或未給定,則假定埠80用於HTTP,空的abs路徑等於「/」的abs路徑。保留的和不安全的集中的字符以外的字符等效於它們的「%」十六進位編碼。
Example
以下兩個uri是等效的:
http://abc.com:80/~smith/home.html http://ABC.com/%7Esmith/home.html http://ABC.com:/%7esmith/home.html
Date/Time Formats
所有HTTP日期/時間戳必須以格林威治標準時間(GMT)表示,沒有例外。允許HTTP應用程式使用以下三種日期/時間戳表示形式之一:
Sun, 06 Nov 1994 08:49:37 GMT ; RFC 822, updated by RFC 1123 Sunday, 06-Nov-94 08:49:37 GMT ; RFC 850, obsoleted by RFC 1036 Sun Nov 6 08:49:37 1994 ; ANSI C's asctime() format
Character Sets
可以使用字符集指定客戶端首選的字符集。多個字符集可以用逗號分隔。如果未指定值,則默認值爲US-ASCII。
Example
以下是有效的字符集:
US-ASCII or ISO-8859-1 or ISO-8859-7
Content Encodings
內容編碼值表示在通過網絡傳遞內容之前已使用編碼算法對內容進行編碼。內容編碼主要用於在不丟失標識的情況下對文檔進行壓縮或其他有用的轉換。
所有內容編碼值都不區分大小寫。HTTP/1.1在Accept Encoding和content Encoding頭欄位中使用內容編碼值,我們將在後面的章節中看到這些值。
Example
以下是有效的編碼方案:
Accept-encoding: gzip or Accept-encoding: compress or Accept-encoding: deflate
Media Types
HTTP在Content Type和Accept頭欄位中使用Internet媒體類型,以便提供開放和可擴展的數據類型和類型協商。所有媒體類型值都已註冊到Internet分配的號碼頒發機構((IANA)。以下是指定媒體類型的通用語法:
media-type = type "/" subtype *( ";" parameter )
類型、子類型和參數屬性名稱不區分大小寫。
Example
Accept: image/gif
Language Tags
HTTP在接受語言和內容語言欄位中使用語言標記。語言標記由一個或多個部分組成:主語言標記和一系列可能爲空的子標記:
language-tag = primary-tag *( "-" subtag )
標記中不允許有空格,並且所有標記都不區分大小寫。
Example
示例標記包括:
en, en-US, en-cockney, i-cherokee, x-pig-latin
其中任何兩個字母的主標記是ISO-639語言縮寫,任何兩個字母的初始子標記是ISO-3166國家代碼。
HTTP - Messages
HTTP基於客戶機-伺服器體系結構模型和無狀態請求/響應協議,該協議通過可靠的TCP/IP連接交換消息來運行。
HTTP「客戶端」是爲了發送一個或多個HTTP請求消息而建立到伺服器的連接的程序(Web瀏覽器或任何其他客戶端)。HTTP「伺服器」是一個程序(通常是Apache web伺服器或Internet信息服務IIS等web伺服器),它接受連接,以便通過發送HTTP響應消息來服務HTTP請求。
HTTP使用統一資源標識符(Uniform Resource Identifier,URI)來標識給定的資源並建立連接。一旦建立連接,HTTP消息將以某種格式傳遞
HTTP-message = <Request> | <Response> ; HTTP/1.1 messages
HTTP請求和HTTP響應使用RFC 822的通用消息格式來傳輸所需的數據。此通用消息格式由以下四項組成。
- A Start-line
- Zero or more header fields followed by CRLF
- An empty line (i.e., a line with nothing preceding the CRLF) indicating the end of the header fields
- Optionally a message-body
下一節將解釋HTTP消息中使用的每個實體。
Message Start-Line
起始行將具有以下通用語法:
start-line = Request-Line | Status-Line
在分別討論HTTP請求和HTTP響應消息時,我們將討論請求行和狀態行。現在讓我們看看請求和響應情況下的起始行示例:
GET /hello.htm HTTP/1.1 (This is Request-Line sent by the client) HTTP/1.1 200 OK (This is Status-Line sent by the server)
Header Fields
HTTP deader欄位提供有關請求或響應或消息正文中發送的對象的必需信息。有以下四種類型的HTTP消息頭:
常規頭:這些頭欄位對請求和響應消息都具有通用性。
請求頭:這些頭欄位僅適用於請求消息。
響應頭:這些頭欄位僅適用於響應消息。
實體標題:這些標題欄位定義有關實體正文的元信息,如果沒有正文
上面提到的所有標題都遵循相同的通用格式,每個標題欄位由名稱、冒號(:)和欄位值組成,如下所示:
message-header = field-name ":" [ field-value ]
以下是各種標題欄位的示例:
User-年齡nt: curl/7.16.3 libcurl/7.16.3 OpenSSL/0.9.7l zlib/1.2.3 Host: www.example.com Accept-Language: en, mi Date: Mon, 27 Jul 2009 12:28:53 GMT 伺服器: Apache Last-Modified: Wed, 22 Jul 2009 19:15:56 GMT ETag公司: "34aa387-d-1568eb00" 接受範圍: bytes 內容長度: 51 變化:接受編碼 Content-Type: text/plain
Message Body
消息體部分對於HTTP消息是可選的,但是如果它可用,那麼它將用於攜帶與請求或響應相關聯的實體體。如果實體體關聯,則通常內容類型和內容長度標題行指定關聯實體的性質。
消息體是承載來自伺服器的實際HTTP請求數據(包括表單數據和上傳等)和HTTP響應數據(包括文件、圖像等)的消息體。以下是消息正文的簡單內容:
<html> <body> <h1>Hello, World!</h1> </body> </html>
HTTP - Requests
HTTP客戶端以請求消息的形式向伺服器發送HTTP請求,請求消息的格式如下:
- A Request-line
- Zero or more header (General|Request|Entity) fields followed by CRLF
- An empty line (i.e., a line with nothing preceding the CRLF) indicating the end of the header fields
- Optionally a message-body
下一節將解釋HTTP消息中使用的每個實體。
Message Request-Line
請求行以方法標記開頭,後跟請求URI和協議版本,以CRLF結尾。元素由空格SP字符分隔。
Request-Line = Method SP Request-URI SP HTTP-Version CRLF
讓我們討論請求行中提到的每個部分。
Request Method
請求方法指示要在由給定的請求URI標識的資源上執行的方法。該方法是區分大小寫的,應始終使用大寫字母。下面是HTTP/1.1中支持的方法
| S.N. | Method and Description |
|---|---|
| 1 | GET The GET method is used to retrieve information from the given server using a given URI. Requests using GET should only retrieve data and should have no other effect on the data. |
| 2 | HEAD Same as GET, but only transfer the status line and header section. |
| 3 | POST A POST request is used to send data to the server, for example customer information, file upload etc using HTML forms. |
| 4 | PUT Replace all current representations of the target resource with the uploaded content. |
| 5 | DELETE Remove all current representations of the target resource given by URI. |
| 6 | CONNECT Establish a tunnel to the server identified by a given URI. |
| 7 | OPTIONS Describe the communication options for the target resource. |
| 8 | TRACE Perform a message loop-back test along the path to the target resource. |
Request-URI
請求URI是一個統一的資源標識符,用於標識要應用請求的資源。以下是指定URI最常用的表單:
Request-URI = "*" | absoluteURI | abs_path | authority
| S.N. | Method and Description |
|---|---|
| 1 | The asterisk * is used when HTTP request does not apply to a particular resource, but to the server itself, and is only allowed when the method used does not necessarily apply to a resource. For example: options*http/ |
| 2 | The absoluteURI is used when HTTP request is being made to a proxy. The proxy is requested to forward the request or service it from a valid cache, and return the response. For example: HO b b獲取http://www.w3.org/WW/WW/TheProject hthtml TP/1/1/1/1 |
| 3 | The most common form of Request-URI is that used to identify a resource on an origin server or gateway. For example, a client wishing to retrieve the resource above directly from the origin server would create a TCP connection to port 80 of the host "www.w3.org" and send the lines: 獲取/pub/WWW/TheProject.html HTTP/1.1 注意絕對路徑不能爲空;如果原始URI中沒有絕對路徑,則必須將其指定爲「/」(伺服器根目錄) |
Request Header Fields
在學習HTTP頭欄位時,我們將在單獨的一章中研究通用頭和實體頭。現在讓我們檢查什麼是請求頭欄位。
請求頭欄位允許客戶機向伺服器傳遞有關請求和客戶機本身的其他信息。這些欄位充當請求修飾符,並且有以下重要的請求頭欄位可供根據需求使用。
接受字符集
接受編碼
接受語言
授權
期待
從
主持人
如果匹配
如果修改自
如果不匹配
中頻範圍
如果未修改自
最大前進速度
代理授權
範圍
工具書類
TE公司
用戶代理
如果要編寫自己的自定義客戶機和Web伺服器,可以引入自定義欄位。
Request Message Examples
GET /hello.htm HTTP/1.1 User-年齡nt: Mozilla/4.0 (compatible; MSIE5.01; Windows NT) Host: www.tutorialspoint.com Accept-Language: en-us Accept-Encoding: gzip, deflate Connection: Keep-Alive
在這裡,我們不會向伺服器發送任何請求數據,因爲我們正在從伺服器獲取計劃HTML頁。連接是此處使用的通用頭,其餘的頭是請求頭。下面是我們使用請求消息體向伺服器發送表單數據的另一個示例:
POST /cgi-bin/process.cgi HTTP/1.1 User-年齡nt: Mozilla/4.0 (compatible; MSIE5.01; Windows NT) Host: www.tutorialspoint.com Content-Type: application/x-www-form-urlencoded 內容長度: length Accept-Language: en-us Accept-Encoding: gzip, deflate Connection: Keep-Alive licenseID=string&content=string&/paramsXML=string
在這裡,給定的URL/cgi bin/process.cgi將用於處理傳遞的數據,並相應地重新調整響應。這裡content type告訴伺服器傳遞的數據是簡單的web表單數據,length將是放入消息正文中的數據的實際長度。下面的示例演示如何將計劃XML傳遞到web伺服器:
POST /cgi-bin/process.cgi HTTP/1.1 User-年齡nt: Mozilla/4.0 (compatible; MSIE5.01; Windows NT) Host: www.tutorialspoint.com Content-Type: text/xml; charset=utf-8 內容長度: length Accept-Language: en-us Accept-Encoding: gzip, deflate Connection: Keep-Alive <?xml version="1.0" encoding="utf-8"?> <string xmlns="http://clearforest.com/">string</string>
HTTP - Responses
在接收並解釋請求消息後,伺服器將使用HTTP響應消息進行響應:
- A Status-line
- Zero or more header (General|Response|Entity) fields followed by CRLF
- An empty line (i.e., a line with nothing preceding the CRLF) indicating the end of the header fields
- Optionally a message-body
下一節將解釋HTTP消息中使用的每個實體。
Message Status-Line
由協議版本、數字狀態碼及其相關文本短語組成的狀態行。元素由空格SP字符分隔。
Status-Line = HTTP-Version SP Status-Code SP Reason-Phrase CRLF
讓我們討論狀態行中提到的每個部分。
HTTP Version
支持HTTP版本1.1的伺服器將返回以下版本信息:
HTTP-Version = HTTP/1.1
Status Code
狀態代碼元素是一個3位整數,其中狀態代碼的第一位定義響應的類,最後兩位不具有任何分類角色。第一個數字有5個值:
| S.N. | Code and Description |
|---|---|
| 1 | 1xx: Informational This means request received and continuing process. |
| 2 | 2xx: Success This means the action was successfully received, understood, and accepted. |
| 3 | 3xx: Redirection This means further action must be taken in order to complete the request. |
| 4 | 4xx: Client Error This means the request contains bad syntax or cannot be fulfilled |
| 5 | 5xx: 伺服器 Error The server failed to fulfill an apparently valid request |
HTTP狀態代碼是可擴展的,HTTP應用程式不需要理解所有註冊狀態代碼的含義。所有狀態代碼的列表已在單獨一章中給出,供您參考。
Response Header Fields
在學習HTTP頭欄位時,我們將在單獨的一章中研究通用頭和實體頭。現在讓我們檢查什麼是響應頭欄位。
響應頭欄位允許伺服器傳遞有關無法放置在狀態行中的響應的附加信息。這些頭欄位提供有關伺服器的信息,以及有關對由請求URI標識的資源的進一步訪問的信息。
接受範圍
年齡
ETag公司
位置
代理認證
稍後重試
伺服器
變化
WWW認證
You can introduce your custom fields in case you are going to write your own custom Web Client and 伺服器.
Response Message Examples
HTTP/1.1 200 OK Date: Mon, 27 Jul 2009 12:28:53 GMT 伺服器: Apache/2.2.14 (Win32) Last-Modified: Wed, 22 Jul 2009 19:15:56 GMT 內容長度: 88 Content-Type: text/html Connection: Closed <html> <body> <h1>Hello, World!</h1> </body> </html>
下面是一個顯示web伺服器找不到請求頁時出現錯誤情況的HTTP響應消息示例:
HTTP/1.1 404 Not Found Date: Sun, 18 Oct 2012 10:36:20 GMT 伺服器: Apache/2.2.14 (Win32) 內容長度: 230 Connection: Closed Content-Type: text/html; charset=iso-8859-1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html> <head> <title>404 Not Found</title> </head> <body> <h1>Not Found</h1> <p>The requested URL /t.html was not found on this server.</p> </body> </html>
下面是當web伺服器在給定的HTTP請求中遇到錯誤的HTTP版本時顯示錯誤條件的HTTP響應消息示例:
HTTP/1.1 400 Bad Request Date: Sun, 18 Oct 2012 10:36:20 GMT 伺服器: Apache/2.2.14 (Win32) 內容長度: 230 Content-Type: text/html; charset=iso-8859-1 Connection: Closed <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html> <head> <title>400 Bad Request</title> </head> <body> <h1>Bad Request</h1> <p>Your browser sent a request that this server could not understand.<p> <p>The request line contained invalid characters following the protocol string.<p> </body> </html>
HTTP - Methods
下面定義了HTTP/1.1的一組常用方法,可以根據需要擴展該組。這些方法名區分大小寫,必須使用大寫。
| S.N. | Method and Description |
|---|---|
| 1 | GET The GET method is used to retrieve information from the given server using a given URI. Requests using GET should only retrieve data and should have no other effect on the data. |
| 2 | HEAD Same as GET, but only transfer the status line and header section. |
| 3 | POST A POST request is used to send data to the server, for example customer information, file upload etc using HTML forms. |
| 4 | PUT Replace all current representations of the target resource with the uploaded content. |
| 5 | DELETE Remove all current representations of the target resource given by URI. |
| 6 | CONNECT Establish a tunnel to the server identified by a given URI. |
| 7 | OPTIONS Describe the communication options for the target resource. |
| 8 | TRACE Perform a message loop-back test along the path to the target resource. |
GET Method
GET請求通過在請求的URL部分指定參數從web伺服器檢索數據。這是文獻檢索的主要方法。下面是一個使用GET方法獲取hello.htm的簡單示例:
GET /hello.htm HTTP/1.1 User-年齡nt: Mozilla/4.0 (compatible; MSIE5.01; Windows NT) Host: www.tutorialspoint.com Accept-Language: en-us Accept-Encoding: gzip, deflate Connection: Keep-Alive
以下是針對上述GET請求的伺服器響應:
HTTP/1.1 200 OK Date: Mon, 27 Jul 2009 12:28:53 GMT 伺服器: Apache/2.2.14 (Win32) Last-Modified: Wed, 22 Jul 2009 19:15:56 GMT ETag公司: "34aa387-d-1568eb00" 變化:授權,Accept 接受範圍: bytes 內容長度: 88 Content-Type: text/html Connection: Closed <html> <body> <h1>Hello, World!</h1> </body> </html>
HEAD Method
HEAD方法在功能上與GET類似,只是伺服器使用響應行和頭進行響應,但沒有實體體。下面是一個簡單的示例,它使用HEAD方法獲取有關hello.htm的頭信息:
HEAD /hello.htm HTTP/1.1 User-年齡nt: Mozilla/4.0 (compatible; MSIE5.01; Windows NT) Host: www.tutorialspoint.com Accept-Language: en-us Accept-Encoding: gzip, deflate Connection: Keep-Alive
以下是針對上述GET請求的伺服器響應:
HTTP/1.1 200 OK Date: Mon, 27 Jul 2009 12:28:53 GMT 伺服器: Apache/2.2.14 (Win32) Last-Modified: Wed, 22 Jul 2009 19:15:56 GMT ETag公司: "34aa387-d-1568eb00" 變化:授權,Accept 接受範圍: bytes 內容長度: 88 Content-Type: text/html Connection: Closed
您可以注意到,這裡的伺服器不會在頭之後發送任何數據。
POST Method
POST方法用於將某些數據發送到伺服器,例如文件更新、表單數據等。下面是一個簡單的示例,它使用POST方法將表單數據發送到伺服器,伺服器將由process.cgi處理並最終返迴響應:
POST /cgi-bin/process.cgi HTTP/1.1 User-年齡nt: Mozilla/4.0 (compatible; MSIE5.01; Windows NT) Host: www.tutorialspoint.com Content-Type: text/xml; charset=utf-8 內容長度: 88 Accept-Language: en-us Accept-Encoding: gzip, deflate Connection: Keep-Alive <?xml version="1.0" encoding="utf-8"?> <string xmlns="http://clearforest.com/">string</string>
伺服器 side script process.cgi process the passed data and send following response:
HTTP/1.1 200 OK Date: Mon, 27 Jul 2009 12:28:53 GMT 伺服器: Apache/2.2.14 (Win32) Last-Modified: Wed, 22 Jul 2009 19:15:56 GMT ETag公司: "34aa387-d-1568eb00" 變化:授權,Accept 接受範圍: bytes 內容長度: 88 Content-Type: text/html Connection: Closed <html> <body> <h1>Request Processed Successfully</h1> </body> </html>
PUT Method
PUT方法用於請求伺服器將包含的實體體存儲在給定URL指定的位置。以下示例請求伺服器將給定實體體保存在伺服器根目錄下的hello.htm中:
PUT /hello.htm HTTP/1.1 User-年齡nt: Mozilla/4.0 (compatible; MSIE5.01; Windows NT) Host: www.tutorialspoint.com Accept-Language: en-us Connection: Keep-Alive Content-type: text/html 內容長度: 182 <html> <body> <h1>Hello, World!</h1> </body> </html>
伺服器將把給定的實體體存儲在hello.htm文件中,並將以下響應發送回客戶端:
HTTP/1.1 201 Created Date: Mon, 27 Jul 2009 12:28:53 GMT 伺服器: Apache/2.2.14 (Win32) Content-type: text/html Content-length: 30 Connection: Closed <html> <body> <h1>The file was created.</h1> </body> </html>
DELETE Method
DELETE方法用於請求伺服器在給定URL指定的位置刪除文件。以下示例請求伺服器刪除伺服器根目錄下的給定文件hello.htm:
DELETE /hello.htm HTTP/1.1 User-年齡nt: Mozilla/4.0 (compatible; MSIE5.01; Windows NT) Host: www.tutorialspoint.com Accept-Language: en-us Connection: Keep-Alive
伺服器將刪除上述文件hello.htm,並將以下響應發送回客戶端:
HTTP/1.1 200 OK Date: Mon, 27 Jul 2009 12:28:53 GMT 伺服器: Apache/2.2.14 (Win32) Content-type: text/html Content-length: 30 Connection: Closed <html> <body> <h1>URL deleted.</h1> </body> </html>
CONNECT Method
CONNECT www.tutorialspoint.com HTTP/1.1 User-年齡nt: Mozilla/4.0 (compatible; MSIE5.01; Windows NT)
與伺服器建立連接,並將以下響應發送回客戶端:
HTTP/1.1 200 Connection established Date: Mon, 27 Jul 2009 12:28:53 GMT 伺服器: Apache/2.2.14 (Win32)
OPTIONS Method
OPTIONS * HTTP/1.1 User-年齡nt: Mozilla/4.0 (compatible; MSIE5.01; Windows NT)
伺服器將根據伺服器的當前配置發送信息,例如:
HTTP/1.1 200 OK Date: Mon, 27 Jul 2009 12:28:53 GMT 伺服器: Apache/2.2.14 (Win32) Allow: GET,HEAD,POST,OPTIONS,TRACE Content-Type: httpd/unix-directory
TRACE Method
TRACE方法用於將HTTP請求的內容返回給請求程序,該請求程序可在開發時用於調試目的。以下示例顯示跟蹤方法的用法:
TRACE / HTTP/1.1 Host: www.tutorialspoint.com User-年齡nt: Mozilla/4.0 (compatible; MSIE5.01; Windows NT)
伺服器將響應上述請求發送以下消息:
HTTP/1.1 200 OK Date: Mon, 27 Jul 2009 12:28:53 GMT 伺服器: Apache/2.2.14 (Win32) Content-Type: message/http 內容長度: 39 Connection: Closed TRACE / HTTP/1.1 Host: www.tutorialspoint.com User-年齡nt: Mozilla/4.0 (compatible; MSIE5.01; Windows NT)
HTTP - Status Codes
伺服器響應中的狀態代碼元素是一個3位整數,其中狀態代碼的第一位定義響應的類,最後兩位不具有任何分類角色。第一個數字有5個值:
| S.N. | Code and Description |
|---|---|
| 1 | 1xx: Informational This means request received and continuing process. |
| 2 | 2xx: Success This means the action was successfully received, understood, and accepted. |
| 3 | 3xx: Redirection This means further action must be taken in order to complete the request. |
| 4 | 4xx: Client Error This means the request contains bad syntax or cannot be fulfilled |
| 5 | 5xx: 伺服器 Error The server failed to fulfill an apparently valid request |
HTTP狀態代碼是可擴展的,HTTP應用程式不需要理解所有註冊狀態代碼的含義。下面是所有狀態代碼的列表。
1xx: Information
| Message: | Description: |
|---|---|
| 100 Continue | Only a part of the request has been received by the server, but as long as it has not been rejected, the client should continue with the request |
| 101 Switching Protocols | The server switches protocol |
2xx: Successful
| Message: | Description: |
|---|---|
| 200 OK | The request is OK |
| 201 Created | The request is complete, and a new resource is created |
| 202 Accepted | The request is accepted for processing, but the processing is not complete |
| 203 Non-authoritative Information | The information in the entity header is from a local or third-party copy, not from the original server. |
| 204 No Content | A status code and header are given in the response, but there is no entity-body in the reply. |
| 205 Reset Content | The browser should clear the form used for this transaction for additional input. |
| 206 Partial Content | The server is returning partial data of the size requested. Used in response to a request specifying a Range header. The server must specify the range included in the response with the Content-Range header. |
3xx: Redirection
| Message: | Description: |
|---|---|
| 300 Multiple Choices | A link list. The user can select a link and go to that location. Maximum five addresses |
| 301 Moved Permanently | The requested page has moved to a new url |
| 302 Found | The requested page has moved temporarily to a new url |
| 303 See Other | The requested page can be found under a different url |
| 304 Not Modified | This is the response code to an If-Modified-Since or If-None-Match header, where the URL has not been modified since the specified date. |
| 305 Use Proxy | The requested URL must be accessed through the proxy mentioned in the 位置 header. |
| 306 Unused | This code was used in a previous version. It is no longer used, but the code is reserved |
| 307 Temporary Redirect | The requested page has moved temporarily to a new url |
4xx: Client Error
| Message: | Description: |
|---|---|
| 400 Bad Request | The server did not understand the request |
| 401 Unauthorized | The requested page needs a username and a password |
| 402 Payment Required | You can not use this code yet |
| 403 Forbidden | Access is forbidden to the requested page |
| 404 Not Found | The server can not find the requested page |
| 405 Method Not Allowed | The method specified in the request is not allowed |
| 406 Not Acceptable | The server can only generate a response that is not accepted by the client |
| 407 Proxy Authentication Required | You must authenticate with a proxy server before this request can be served |
| 408 Request Timeout | The request took longer than the server was prepared to wait |
| 409 Conflict | The request could not be completed because of a conflict |
| 410 Gone | The requested page is no longer available |
| 411 Length Required | The "內容長度" is not defined. The server will not accept the request without it |
| 412 Precondition Failed | The precondition given in the request evaluated to false by the server |
| 413 Request Entity Too Large | The server will not accept the request, because the request entity is too large |
| 414 Request-url Too Long | The server will not accept the request, because the url is too long. Occurs when you convert a "post" request to a "get" request with a long query information |
| 415 Unsupported Media Type | The server will not accept the request, because the media type is not supported |
| 416 Requested範圍 Not Satisfiable | The requested byte range is not available and is out of bounds. |
| 417期待ation Failed | The expectation given in an期待 request-header field could not be met by this server. |
5xx: 伺服器 Error
| Message: | Description: |
|---|---|
| 500 Internal 伺服器 Error | The request was not completed. The server met an unexpected condition |
| 501 Not Implemented | The request was not completed. The server did not support the functionality required |
| 502 Bad Gateway | The request was not completed. The server received an invalid response from the upstream server |
| 503 Service Unavailable | The request was not completed. The server is temporarily overloading or down |
| 504 Gateway Timeout | The gateway has timed out |
| 505 HTTP Version Not Supported | The server does not support the "http protocol" version |
HTTP - Header Fields
HTTP deader欄位提供有關請求或響應或消息正文中發送的對象的必需信息。有以下四種類型的HTTP消息頭:
常規頭:這些頭欄位對請求和響應消息都具有通用性。
客戶端請求頭:這些頭欄位僅適用於請求消息。
伺服器 Response-header: These header fields are applicability only for response messages.
實體標題:這些標題欄位定義有關實體正文的元信息,如果沒有正文
General Headers
Cache-control
Cache Control general header欄位用於指定所有緩存系統必須遵守的指令。以下是語法:
Cache-Control : cache-request-directive|cache-response-directive
HTTP客戶機或伺服器可以使用緩存控制常規頭來指定緩存參數或從緩存中請求某些類型的文檔。緩存指令在逗號分隔的列表中指定。例如:
Cache-control: no-cache
客戶機可以在其HTTP請求中使用以下重要的緩存請求指令:
| S.N. | Cache Request Directive and Description |
|---|---|
| 1 | no-cache A cache must not use the response to satisfy a subsequent request without successful revalidation with the origin server. |
| 2 | no-store The cache should not store anything about the client request or server response. |
| 3 | max-age = seconds Indicates that the client is willing to accept a response whose age is no greater than the specified time in seconds. |
| 4 | max-stale [ = seconds ] Indicates that the client is willing to accept a response that has exceeded its expiration time. If seconds are given, it must not be expired by more than that time. |
| 5 | min-fresh = seconds Indicates that the client is willing to accept a response whose freshness lifetime is no less than its current age plus the specified time in seconds. |
| 6 | no-transform Do not convert the entity-body. |
| 7 | only-if-cached Do not retrieve new data. The cache can send a document only if it is in the cache, and should not contact the origin-server to see if a newer copy exists. |
伺服器可以在其HTTP響應中使用以下重要的緩存響應指令:
| S.N. | Cache Request Directive and Description |
|---|---|
| 1 | public Indicates that the response may be cached by any cache. |
| 2 | private Indicates that all or part of the response message is intended for a single user and must not be cached by a shared cache. |
| 3 | no-cache A cache must not use the response to satisfy a subsequent request without successful revalidation with the origin server. |
| 4 | no-store The cache should not store anything about the client request or server response. |
| 5 | no-transform Do not convert the entity-body. |
| 6 | must-revalidate The cache must verify the status of stale documents before using it and expired one should not be used. |
| 7 | proxy-revalidate The proxy-revalidate directive has the same meaning as the must- revalidate directive, except that it does not apply to non-shared user agent caches. |
| 8 | max-age = seconds Indicates that the client is willing to accept a response whose age is no greater than the specified time in seconds. |
| 9 | s-maxage = seconds The maximum age specified by this directive overrides the maximum age specified by either the max-age directive or the Expires header. The s-maxage directive is always ignored by a private cache. |
Connection
Connection general header欄位允許發送方指定特定連接所需的選項,並且不能通過代理通過其他連接進行通信。以下是使用連接頭的簡單語法:
Connection : "Connection"
HTTP/1.1定義了「closed」連接選項,供發送方在響應完成後發出關閉連接的信號。例如:
Connection: Closed
默認情況下,HTTP 1.1使用持久連接,在這種情況下,連接不會在事務之後自動關閉。另一方面,HTTP 1.0在默認情況下沒有持久連接。如果1.0客戶機希望使用持久連接,則使用keep alive參數,如下所示:
Connection: keep-alive
Date
所有HTTP日期/時間戳必須以格林威治標準時間(GMT)表示,沒有例外。允許HTTP應用程式使用以下三種日期/時間戳表示形式之一:
Sun, 06 Nov 1994 08:49:37 GMT ; RFC 822, updated by RFC 1123 Sunday, 06-Nov-94 08:49:37 GMT ; RFC 850, obsoleted by RFC 1036 Sun Nov 6 08:49:37 1994 ; ANSI C's asctime() format
這裡第一種格式是最受歡迎的。
Pragma
Pragma general header欄位用於包含特定於實現的指令,這些指令可能應用於請求/響應鏈上的任何收件人。例如:
Pragma: no-cache
HTTP/1.0中定義的唯一指令是no-cache指令,並在HTTP 1.1中維護該指令以實現向後兼容性。將來不會定義新的Pragma指令。
拖車
拖車 general欄位值指示給定的頭欄位集存在於用分塊傳輸編碼編碼的消息的尾部中。以下是尾部頭欄位的語法:
拖車 : field-name
尾部標題欄位中列出的郵件標題欄位不能包含以下標題欄位:
傳輸編碼
內容長度
拖車
傳輸編碼
The 傳輸編碼 general-header field indicates what type of transformation has been applied to the message body in order to safely transfer it between the sender and the recipient. This is not the same as content-encoding because transfer-encodings are a property of the message, not of the entity-body. Following is the syntax of 傳輸編碼 header field:
傳輸編碼: chunked
所有傳輸編碼值都不區分大小寫。
Upgrade
Upgradegeneral頭允許客戶機指定它支持哪些附加通信協議,如果伺服器發現它適合交換協議,則可以使用哪些附加通信協議。例如:
Upgrade: HTTP/2.0, SHTTP/1.3, IRC/6.9, RTA/x11
Upgrade header欄位旨在提供一種簡單的機制,用於從HTTP/1.1轉換到其他一些不兼容的協議
Via
網關和代理必須使用Via常規頭來指示中間協議和收件人。例如,請求消息可以從HTTP/1.0用戶代理髮送到名爲「fred」的內部代理代碼,後者使用HTTP/1.1將請求轉發到nowhere.com上的公共代理,後者通過將請求轉發到www.ics.uci.edu上的源伺服器來完成請求。然後,www.ics.uci.edu接收到的請求將具有以下Via header欄位:
Via: 1.0 fred, 1.1 nowhere.com (Apache/1.1)
Upgrade header欄位旨在提供一種簡單的機制,用於從HTTP/1.1轉換到其他一些不兼容的協議
Warning
警告常規頭用於攜帶有關消息狀態或轉換的附加信息,這些信息可能不會反映在消息中。響應可能包含多個警告標題。
Warning : warn-code SP warn-agent SP warn-text SP warn-date
Client Request Headers
Accept
Accept請求頭欄位可用於指定響應可接受的某些媒體類型。以下是通用語法:
Accept: type/subtype [q=qvalue]
多個媒體類型可以用逗號分隔,可選的qvalue表示接受類型的可接受質量級別,範圍爲0到1。下面是一個例子:
Accept: text/plain; q=0.5, text/html, text/x-dvi; q=0.8, text/x-c
這將被解釋爲文本/html和文本/x-c是首選媒體類型,但如果它們不存在,則發送文本/x-dvi實體,如果不存在,則發送文本/plain實體。
接受字符集
The 接受字符集 request-header field can be used to indicate what character sets are acceptable for the response. Following is the general syntax:
接受字符集: character_set [q=qvalue]
多個字符集可以用逗號分隔列出,可選的qvalue表示按0到1的比例表示非引用字符集的可接受質量級別。下面是一個例子:
接受字符集: iso-8859-5, unicode-1-1; q=0.8
The special value "*", if present in the 接受字符集 field, matches every character set and if no 接受字符集 header is present, the default is that any character set is acceptable.
Accept-Encoding
接受編碼請求頭欄位與接受類似,但限制響應中可接受的內容編碼。以下是通用語法:
Accept-Encoding: encoding types
以下是示例:
Accept-Encoding: compress, gzip Accept-Encoding: Accept-Encoding: * Accept-Encoding: compress;q=0.5, gzip;q=1.0 Accept-Encoding: gzip;q=1.0, identity; q=0.5, *;q=0
Accept-Language
Accept Language請求頭欄位類似於Accept,但限制了作爲請求響應首選的自然語言集。以下是通用語法:
Accept-Language: language [q=qvalue]
多個語言可以用逗號分隔,可選的qvalue表示非引用語言的可接受質量級別,範圍爲0到1。下面是一個例子:
Accept-Language: da, en-gb;q=0.8, en;q=0.7
Authorization
Authorizationrequest header欄位值由包含所請求資源領域的用戶代理的身份驗證信息的憑據組成。以下是通用語法:
Authorization : credentials
HTTP/1.0規範定義了基本授權方案,其中授權參數是以64爲基數編碼的用戶名:密碼字符串。下面是一個例子:
Authorization: BASIC Z3Vlc3Q6Z3Vlc3QxMjM=
解碼爲的值是guest:guest123,其中guest是用戶ID,guest123是密碼。
Cookie
Cookie請求頭欄位值包含爲該URL存儲的名稱/值信息對。以下是通用語法:
Cookie: name=value
多個cookie可以用分號分隔,如下所示:
Cookie: name1=value1;name2=value2;name3=value3
Expect
Expect請求頭欄位用於指示客戶端需要特定的伺服器行爲。以下是通用語法:
Expect : 100-continue | expectation-extension
If a server receives a request containing an期待 field that includes an expectation-extension that it does not support, it must respond with a 417 (Expectation Failed) status.
From
From請求頭欄位包含控制請求用戶代理的用戶的Internet電子郵件地址。下面是一個簡單的例子:
From: webmaster@w3.org
此頭欄位可用於日誌記錄,並用作識別無效或不需要的請求源的方法。
Host
主機請求頭欄位用於指定所請求資源的Internet主機和埠號。以下是通用語法:
Host : "Host" ":" host [ ":" port ] ;
A沒有任何後續埠信息的主機表示默認埠,即80。例如,在源伺服器上請求http://www.w3.org/pub/www/將是:
GET /pub/WWW/ HTTP/1.1 Host: www.w3.org
If-Match
The If-Match request-header field is used with a method to make it conditional. This header request the server to perform the requested method only if given value in this tag matches the given entity tags represented by ETag公司. Following is the general syntax:
If-Match : entity-tag
星號(*)與任何實體匹配,並且僅當該實體存在時,事務才繼續。以下是可能的示例:
If-Match: "xyzzy" If-Match: "xyzzy", "r2d2xxxx", "c3piozzzz" If-Match: *
如果沒有匹配的實體標記,或者如果給定「*」,並且當前實體不存在,則伺服器不得執行請求的方法,並且必須返回412(前提條件失敗)響應。
If-Modified-Since
If Modified Sincerequest header欄位與一個使其成爲條件的方法一起使用。如果請求的URL自該欄位中指定的時間以來未被修改,則不會從伺服器返回實體;相反,將返回304(未修改)響應,而不返回任何消息正文。以下是通用語法:
If-Modified-Since : HTTP-date
例如:
If-Modified-Since: Sat, 29 Oct 1994 19:43:31 GMT
如果沒有匹配的實體標記,或者如果給定「*」,並且當前實體不存在,則伺服器不得執行請求的方法,並且必須返回412(前提條件失敗)響應。
If-None-Match
The If-None-Match request-header field is used with a method to make it conditional. This header request the server to perform the requested method only if one of the given value in this tag matches the given entity tags represented by ETag公司. Following is the general syntax:
If-None-Match : entity-tag
星號(*)與任何實體匹配,並且僅當該實體不存在時,事務才繼續。以下是可能的示例:
If-None-Match: "xyzzy" If-None-Match: "xyzzy", "r2d2xxxx", "c3piozzzz" If-None-Match: *
If-Range
If Rangerequest header欄位可與條件GET一起使用,僅請求缺少的實體部分(如果未更改),以及更改後的整個實體。以下是通用語法:
If-Range : entity-tag | HTTP-date
可以使用實體標記或日期來標識已接收的部分實體。例如:
If-Range: Sat, 29 Oct 1994 19:43:31 GMT
Here if the document has not been modified since the given date, the server returns the byte range given by the範圍 header otherwise, it returns all of the new document.
If-Unmodified-Since
If Unmodified Sincerequest header欄位與一個使其成爲條件的方法一起使用。以下是通用語法:
If-Unmodified-Since : HTTP-date
If the requested resource has not been modified since the time specified in this field, the server should perform the requested operation as if the如果未修改自 header were not present. For example:
If-Unmodified-Since: Sat, 29 Oct 1994 19:43:31 GMT
如果請求通常會導致2xx或412以外的任何狀態,則應忽略If Unmodified Since頭。
Max-Forwards
Max Forwardsrequest header欄位提供了一種帶有TRACE和OPTIONS方法的機制,用於限制可以將請求轉發到下一個入站伺服器的代理或網關的數量。以下是通用語法:
Max-Forwards : n
The最大前進速度 value is a decimal integer indicating the remaining number of times this request message may be forwarded. This is useful for debugging with the TRACE method, avoiding infinite loops. For example:
Max-Forwards : 5
The最大前進速度 header field may be ignored for all other methods defined in HTTP specification.
Proxy-Authorization
Proxy Authorizationrequest header欄位允許客戶端向需要身份驗證的代理標識自己(或其用戶)。以下是通用語法:
Proxy-Authorization : credentials
The代理授權 field value consists of credentials containing the authentication information of the user agent for the proxy and/or realm of the resource being requested.
Range
Range請求頭欄位指定從文檔請求的內容的部分範圍。以下是通用語法:
Range: bytes-unit=first-byte-pos "-" [last-byte-pos]
字節範圍規範中的第一個字節pos值給出範圍中第一個字節的字節偏移量。最後一個字節pos值給出範圍內最後一個字節的字節偏移量;也就是說,指定的字節位置是包含的。可以將字節單位指定爲從零開始的字節偏移量。下面是一個簡單的例子:
- The first 500 bytes Range: bytes=0-499 - The second 500 bytes Range: bytes=500-999 - The final 500 bytes Range: bytes=-500 - The first and last bytes only Range: bytes=0-0,-1
可以列出多個範圍,用逗號分隔。如果逗號分隔字節範圍中的第一個數字丟失,則假定該範圍從文檔結尾開始計算。如果缺少第二個數字,則範圍是從n字節到文檔末尾。
Referer
Referer請求頭欄位允許客戶機指定從中請求URL的資源的地址(URI)。以下是通用語法:
Referer : absoluteURI | relativeURI
下面是一個簡單的例子:
Referer: http://www.tutorialspoint.org/http/index.htm
如果欄位值是相對URI,則應相對於請求URI對其進行解釋。
TE
TE請求頭欄位指示它在響應中願意接受的擴展名傳輸編碼以及它是否願意接受分塊傳輸編碼中的尾部欄位。以下是通用語法:
TE : t-codings
關鍵字「trailures」的出現表示客戶端願意接受分塊傳輸編碼中的trailer欄位,並通過以下任一方式指定:
TE: deflate TE: TE: trailers, deflate;q=0.5
If theTE公司field-value is empty or if noTE公司field is present, the only transfer-coding is chunked. A message with no transfer-coding is always acceptable.
User-年齡nt
The User-年齡nt request-header field contains information about the user agent originating the request. Following is the general syntax:
User-年齡nt : product | comment
例子:
User-年齡nt: Mozilla/4.0 (compatible; MSIE5.01; Windows NT)
伺服器 Response Headers
接受範圍
The 接受範圍 response-header field allows the server to indicate its acceptance of range requests for a resource. Following is the general syntax:
接受範圍 : range-unit | none
例如,接受字節範圍請求的伺服器可以發送
接受範圍: bytes
伺服器s that do not accept any kind of range request for a resource may send:
接受範圍: none
這將建議客戶端不要嘗試範圍請求。
年齡
The 年齡 response-header field conveys the sender's estimate of the amount of time since the response (or its revalidation) was generated at the origin server. Following is the general syntax:
年齡 : delta-seconds
年齡 values are non-negative decimal integers, representing time in seconds. 下面是一個簡單的例子:
年齡: 1030
An HTTP/1.1 server that includes a cache must include an 年齡 header field in every response generated from its own cache.
ETag公司
The ETag公司 response-header field provides the current value of the entity tag for the requested variant. Following is the general syntax:
ETag公司 : entity-tag
以下是簡單的例子:
ETag公司: "xyzzy" ETag公司: W/"xyzzy" ETag公司: ""
位置
The 位置 response-header field is used to redirect the recipient to a location other than the Request-URI for completion. Following is the general syntax:
位置 : absoluteURI
下面是一個簡單的例子:
位置: http://www.tutorialspoint.org/http/index.htm
The Content-位置 header field differs from 位置 in that the Content-位置 identifies the original location of the entity enclosed in the request.
代理認證
The 代理認證 response-header field must be included as part of a 407 (Proxy Authentication Required) response. Following is the general syntax:
代理認證 : challenge
稍後重試
The 稍後重試 response-header field can be used with a 503 (Service Unavailable) response to indicate how long the service is expected to be unavailable to the requesting client. Following is the general syntax:
稍後重試 : HTTP-date | delta-seconds
下面是兩個簡單的例子:
稍後重試: Fri, 31 Dec 1999 23:59:59 GMT 稍後重試: 120
在後一個示例中,延遲爲2分鐘。
伺服器
The 伺服器 response-header field contains information about the software used by the origin server to handle the request. Following is the general syntax:
伺服器 : product | comment
下面是一個簡單的例子:
伺服器: Apache/2.2.14 (Win32)
If the response is being forwarded through a proxy, the proxy application must not modify the 伺服器 response-header.
Set-Cookie
設置Cookie響應頭欄位包含要爲此URL保留的名稱/值信息對。以下是通用語法:
Set-Cookie: NAME=VALUE; OPTIONS
Set Cookie response header包含標記Set Cookie:,後跟一個或多個Cookie的逗號分隔列表。以下是可以指定爲選項的可能值:
| S.N. | Options and Description |
|---|---|
| 1 | Comment=comment This option can be used to specify any comment associated with the cookie. |
| 2 | Domain=domain The Domain attribute specifies the domain for which the cookie is valid. |
| 3 | Expires=Date-time The date the cookie will expire. If this is blank, the cookie will expire when the visitor quits the browser |
| 4 | Path=path The Path attribute specifies the subset of URLs to which this cookie applies. |
| 5 | Secure This instructs the user agent to return the cookie only under a secure connection. |
以下是伺服器生成的簡單cookie頭的示例:
Set-Cookie: name1=value1,name2=value2; Expires=Wed, 09 Jun 2021 10:18:14 GMT
變化
The 變化 response-header field specifies that the entity has multiple sources and may therefore vary according to specified list of request header(s). Following is the general syntax:
變化 : field-name
You can specify multiple headers separated by commas and a value of asterisk "*" signals that unspecified parameters not limited to the request-headers. 下面是一個簡單的例子:
變化:接受語言,接受編碼
這裡的欄位名不區分大小寫。
WWW認證
The WWW認證 response-header field must be included in 401 (Unauthorized) response messages. The field value consists of at least one challenge that indicates the authentication scheme(s) and parameters applicable to the Request-URI. Following is the general syntax:
WWW認證 : challenge
WWW- Authenticate field value as it might contain more than one challenge, or if more than one WWW認證 header field is provided, the contents of a challenge itself can contain a comma-separated list of authentication parameters. 下面是一個簡單的例子:
WWW認證: BASIC realm="Admin"
Entity Headers
Allow
Allow實體頭欄位列出由請求URI標識的資源支持的方法集。以下是通用語法:
Allow : Method
You can specify multiple method separated by commas. 下面是一個簡單的例子:
Allow: GET, HEAD, PUT
此欄位不能阻止客戶端嘗試其他方法。
Content-Encoding
內容編碼實體標題欄位用作媒體類型的修飾符。以下是通用語法:
Content-Encoding : content-coding
The content-coding is a characteristic of the entity identified by the Request-URI. 下面是一個簡單的例子:
Content-Encoding: gzip
如果源伺服器不接受請求消息中實體的內容編碼,則伺服器應使用狀態代碼415(不支持的媒體類型)響應。
Content-Language
內容語言實體標題欄位描述了所附實體的預期訪問羣體的自然語言。以下是通用語法:
Content-Language : language-tag
Multiple languages may be listed for content that is intended for multiple audiences. 下面是一個簡單的例子:
Content-Language: mi, en
內容語言的主要目的是允許用戶根據自己的首選語言識別和區分實體。
內容長度
The 內容長度 entity-header field indicates the size of the entity-body, in decimal number of OCTETs, sent to the recipient or, in the case of the HEAD method, the size of the entity-body that would have been sent had the request been a GET. Following is the general syntax:
內容長度 : DIGITS
下面是一個簡單的例子:
內容長度: 3495
Any 內容長度 greater than or equal to zero is a valid value.
Content-位置
The Content-位置 entity-header field may be used to supply the resource location for the entity enclosed in the message when that entity is accessible from a location separate from the requested resource's URI. Following is the general syntax:
Content-位置: absoluteURI | relativeURI
下面是一個簡單的例子:
Content-位置: http://www.tutorialspoint.org/http/index.htm
The value of Content-位置 also defines the base URI for the entity.
Content-MD5
Content-MD5實體頭欄位可用於提供實體的MD5摘要,以檢查完整性
Content-MD5 : md5-digest using base64 of 128 bit MD5 digest as per RFC 1864
下面是一個簡單的例子:
Content-MD5 : 8c2d46911f3f5a326455f0ed7a8ed3b3
MD5摘要基於實體體的內容計算,包括已應用的任何內容編碼,但不包括應用於消息體的任何傳輸編碼。
Content-Range
Content Rangeentity header欄位與部分實體體一起發送,以指定部分實體體在整個實體體中的應用位置。以下是通用語法:
Content-Range : bytes-unit SP first-byte-pos "-" last-byte-pos
字節內容範圍規範值的示例,假設實體總共包含1234個字節:
- The first 500 bytes: Content-Range : bytes 0-499/1234 - The second 500 bytes: Content-Range : bytes 500-999/1234 - All except for the first 500 bytes: Content-Range : bytes 500-1233/1234 - The last 500 bytes: Content-Range : bytes 734-1233/1234
When an HTTP message includes the content of a single range, this content is transmitted with a Content-Range header, and a 內容長度 header showing the number of bytes actually transferred. For example,
HTTP/1.1 206 Partial content Date: Wed, 15 Nov 1995 06:25:24 GMT Last-Modified: Wed, 15 Nov 1995 04:58:08 GMT Content-Range: bytes 21010-47021/47022 內容長度: 26012 Content-Type: image/gif
Content-Type
Content Typeentity header欄位指示發送給收件人的實體體的媒體類型,或者在HEAD方法的情況下,指示如果請求是GET,則本應發送的媒體類型。以下是通用語法:
Content-Type : media-type
下面是一個例子:
Content-Type: text/html; charset=ISO-8859-4
Expires
Expiresentity header欄位給出了將響應視爲過時的日期/時間。以下是通用語法:
Expires : HTTP-date
下面是一個例子:
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Last-Modified
Last Modifiedentity header欄位指示源伺服器認爲變體上次修改的日期和時間。以下是通用語法:
Last-Modified: HTTP-date
下面是一個例子:
Last-Modified: Tue, 15 Nov 1994 12:45:26 GMT
HTTP - Caching
HTTP通常用於分布式信息系統,在分布式信息系統中,通過使用響應緩存可以提高性能。HTTP/1.1協議包含了許多旨在使緩存工作的元素。
在HTTP/1.1中,緩存的目標是在許多情況下消除發送請求的需要,在許多其他情況下消除發送完整響應的需要。
HTTP/1.1中的基本緩存機制是對緩存的隱式指令,其中伺服器指定過期時間和驗證器。爲此,我們使用緩存控制頭。
緩存控制頭允許客戶端或伺服器在請求或響應中傳輸各種指令。這些指令通常會覆蓋默認的緩存算法。緩存指令在逗號分隔的列表中指定。例如:
Cache-control: no-cache
客戶機可以在其HTTP請求中使用以下重要的緩存請求指令:
| S.N. | Cache Request Directive and Description |
|---|---|
| 1 | no-cache A cache must not use the response to satisfy a subsequent request without successful revalidation with the origin server. |
| 2 | no-store The cache should not store anything about the client request or server response. |
| 3 | max-age = seconds Indicates that the client is willing to accept a response whose age is no greater than the specified time in seconds. |
| 4 | max-stale [ = seconds ] Indicates that the client is willing to accept a response that has exceeded its expiration time. If seconds are given, it must not be expired by more than that time. |
| 5 | min-fresh = seconds Indicates that the client is willing to accept a response whose freshness lifetime is no less than its current age plus the specified time in seconds. |
| 6 | no-transform Do not convert the entity-body. |
| 7 | only-if-cached Do not retrieve new data. The cache can send a document only if it is in the cache, and should not contact the origin-server to see if a newer copy exists. |
伺服器可以在其HTTP響應中使用以下重要的緩存響應指令:
| S.N. | Cache Response Directive and Description |
|---|---|
| 1 | public Indicates that the response may be cached by any cache. |
| 2 | private Indicates that all or part of the response message is intended for a single user and must not be cached by a shared cache. |
| 3 | no-cache A cache must not use the response to satisfy a subsequent request without successful revalidation with the origin server. |
| 4 | no-store The cache should not store anything about the client request or server response. |
| 5 | no-transform Do not convert the entity-body. |
| 6 | must-revalidate The cache must verify the status of stale documents before using it and expired one should not be used. |
| 7 | proxy-revalidate The proxy-revalidate directive has the same meaning as the must- revalidate directive, except that it does not apply to non-shared user agent caches. |
| 8 | max-age = seconds Indicates that the client is willing to accept a response whose age is no greater than the specified time in seconds. |
| 9 | s-maxage = seconds The maximum age specified by this directive overrides the maximum age specified by either the max-age directive or the Expires header. The s-maxage directive is always ignored by a private cache. |
HTTP - URL Encoding
HTTP url只能使用ASCII字符集在Internet上發送,該字符集通常包含ASCII以外的字符。因此,這些不安全的字符必須替換爲後跟兩個十六進位數字的a%。
下表顯示了字符的ASCII符號及其等號,以及在將其傳遞給伺服器之前可以在URL中使用的替換字符:
| ASCII | Symbol | Replacement |
|---|---|---|
| < 32 | Encode with %xx where xx is the hexadecimal representation of the character. | |
| 32 | space | + or %20 |
| 33 | ! | %21 |
| 34 | " | %22 |
| 35 | # | %23 |
| 36 | $ | %24 |
| 37 | % | %25 |
| 38 | & | %26 |
| 39 | ' | %27 |
| 40 | ( | %28 |
| 41 | ) | %29 |
| 42 | * | * |
| 43 | + | %2B |
| 44 | , | %2C |
| 45 | - | - |
| 46 | . | . |
| 47 | / | %2F |
| 48 | 0 | 0 |
| 49 | 1 | 1 |
| 50 | 2 | 2 |
| 51 | 3 | 3 |
| 52 | 4 | 4 |
| 53 | 5 | 5 |
| 54 | 6 | 6 |
| 55 | 7 | 7 |
| 56 | 8 | 8 |
| 57 | 9 | 9 |
| 58 | : | %3A |
| 59 | ; | %3B |
| 60 | < | %3C |
| 61 | = | %3D |
| 62 | > | %3E |
| 63 | ? | %3F |
| 64 | @ | %40 |
| 65 | A | A |
| 66 | B | B |
| 67 | C | C |
| 68 | D | D |
| 69 | E | E |
| 70 | F | F |
| 71 | G | G |
| 72 | H | H |
| 73 | I | I |
| 74 | J | J |
| 75 | K | K |
| 76 | L | L |
| 77 | M | M |
| 78 | N | N |
| 79 | O | O |
| 80 | P | P |
| 81 | Q | Q |
| 82 | R | R |
| 83 | S | S |
| 84 | T | T |
| 85 | U | U |
| 86 | V | V |
| 87 | W | W |
| 88 | X | X |
| 89 | Y | Y |
| 90 | Z | Z |
| 91 | [ | %5B |
| 92 | \ | %5C |
| 93 | ] | %5D |
| 94 | ^ | %5E |
| 95 | _ | _ |
| 96 | ` | %60 |
| 97 | a | a |
| 98 | b | b |
| 99 | c | c |
| 100 | d | d |
| 101 | e | e |
| 102 | f | f |
| 103 | g | g |
| 104 | h | h |
| 105 | i | i |
| 106 | j | j |
| 107 | k | k |
| 108 | l | l |
| 109 | m | m |
| 110 | n | n |
| 111 | o | o |
| 112 | p | p |
| 113 | q | q |
| 114 | r | r |
| 115 | s | s |
| 116 | t | t |
| 117 | u | u |
| 118 | v | v |
| 119 | w | w |
| 120 | x | x |
| 121 | y | y |
| 122 | z | z |
| 123 | { | %7B |
| 124 | | | %7C |
| 125 | } | %7D |
| 126 | ~ | %7E |
| 127 | %7F | |
| > 127 | Encode with %xx where xx is the hexadecimal representation of the character |
HTTP - Security
HTTP用於internet上的通信,因此應用程式開發人員、信息提供者和用戶應該了解HTTP/1.1中的安全限制。本次討論不包括這裡提到的問題的最終解決方案,但它確實爲降低安全風險提出了一些建議。
Personal Information leakage
HTTP客戶端通常會知道大量的個人信息,如用戶名、位置、郵件地址、密碼、加密密鑰等。因此,您應該非常小心,以防止這些信息通過HTTP協議意外洩漏到其他源。
所有機密信息應以加密的形式存儲在伺服器端。
揭示伺服器的特定軟體版本可能會使伺服器計算機更容易受到對已知包含安全漏洞的軟體的攻擊。
作爲通過網絡防火牆的入口的代理應採取特殊的預防措施,以傳輸標識防火牆後面主機的頭信息。
The information sent in the從 field might conflict with the user's privacy interests or their site's security policy, and hence it should not be transmitted without the user being able to disable, enable, and modify the contents of the field.
Clients should not include a工具書類 header field in a (non-secure) HTTP request if the referring page was transferred with a secure protocol.
使用HTTP協議的服務的作者不應該使用基於GET的表單來提交敏感數據,因爲這將導致此數據被編碼在請求URI中
File and path names based attack
文檔應限制爲HTTP請求返回的文檔,而僅限於伺服器管理員希望返回的文檔。
例如,UNIX、Microsoft Windows和其他作業系統使用。作爲路徑組件來指示當前目錄之上的目錄級別。在這樣的系統上,如果HTTP伺服器允許訪問那些通過HTTP伺服器可以訪問的資源之外的資源,那麼它必須禁止請求URI中的任何此類構造。
DNS Spoofing
使用HTTP的客戶端嚴重依賴域名服務,因此通常容易受到基於故意錯誤關聯IP位址和DNS名稱的安全攻擊。因此,客戶端需要謹慎地假設IP號/DNS名稱關聯的持續有效性。
如果HTTP客戶端緩存主機名查找的結果以實現性能改進,則它們必須遵守DNS報告的TTL信息。如果HTTP客戶端不遵守此規則,則當先前訪問的伺服器的IP位址更改時,可能會欺騙它們。
位置 Headers and Spoofing
If a single server supports multiple organizations that do not trust one another, then it MUST check the values of 位置 and Content- 位置 headers in responses that are generated under control of said organizations to make sure that they do not attempt to invalidate resources over which they have no authority.
Authentication Credentials
現有的HTTP客戶端和用戶代理通常無限期地保留身份驗證信息。HTTP/1.1。不提供伺服器指示客戶端丟棄這些緩存憑據的方法,這是一個很大的安全風險。
這個問題有很多解決方法,因此建議在螢幕保護程序、空閒超時和其他方法中使用密碼保護來緩解這個問題固有的安全問題。
Proxies and Caching
HTTP代理是中間人,代表中間人攻擊的機會。代理可以訪問安全相關信息、個人用戶和組織的個人信息以及屬於用戶和內容提供商的專有信息。
代理運算符應保護運行代理的系統,就像保護包含或傳輸敏感信息的任何系統一樣。
緩存代理提供了額外的潛在漏洞,因爲緩存的內容表示惡意攻擊的有吸引力的目標。因此,緩存內容應作爲敏感信息進行保護。
HTTP - Message Examples
Example 1
Client request
GET /hello.htm HTTP/1.1 User-年齡nt: Mozilla/4.0 (compatible; MSIE5.01; Windows NT) Host: www.tutorialspoint.com Accept-Language: en-us Accept-Encoding: gzip, deflate Connection: Keep-Alive
伺服器 response
HTTP/1.1 200 OK Date: Mon, 27 Jul 2009 12:28:53 GMT 伺服器: Apache/2.2.14 (Win32) Last-Modified: Wed, 22 Jul 2009 19:15:56 GMT 內容長度: 88 Content-Type: text/html Connection: Closed <html> <body> <h1>Hello, World!</h1> </body> </html>
Example 2
Client request
GET /t.html HTTP/1.1 User-年齡nt: Mozilla/4.0 (compatible; MSIE5.01; Windows NT) Host: www.tutorialspoint.com Accept-Language: en-us Accept-Encoding: gzip, deflate Connection: Keep-Alive
伺服器 response
HTTP/1.1 404 Not Found Date: Sun, 18 Oct 2012 10:36:20 GMT 伺服器: Apache/2.2.14 (Win32) 內容長度: 230 Content-Type: text/html; charset=iso-8859-1 Connection: close <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html> <head> <title>404 Not Found</title> </head> <body> <h1>Not Found</h1> <p>The requested URL /t.html was not found on this server.</p> </body> </html>
Example 3
Client request
GET /hello.htm HTTP1 User-年齡nt: Mozilla/4.0 (compatible; MSIE5.01; Windows NT) Host: www.tutorialspoint.com Accept-Language: en-us Accept-Encoding: gzip, deflate Connection: Keep-Alive
伺服器 response
HTTP/1.1 400 Bad Request Date: Sun, 18 Oct 2012 10:36:20 GMT 伺服器: Apache/2.2.14 (Win32) 內容長度: 230 Content-Type: text/html; charset=iso-8859-1 Connection: close <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html> <head> <title>400 Bad Request</title> </head> <body> <h1>Bad Request</h1> <p>Your browser sent a request that this server could not understand.<p> <p>The request line contained invalid characters following the protocol string.<p> </body> </html>
Example 4
HTTP request to post form data to process.cgi CGI page on a web server running on tutorialspoint.com. 伺服器 returns passed name after setting them as cookies: