Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Understanding the Web through HTTP

Olivia Brundage
January 03, 2017
Technology
1
83

Understanding the Web through HTTP

Ever wonder how the web really works?

Demystify the process through looking at how the HTTP protocol works through the OSI and TCP/IP model.

Olivia Brundage

January 03, 2017
Tweet

Other Decks in Technology

See All in Technology
「最高のチューニング」をしないために / hack@delta 24.10
fujiwara3
18
3k
チームを主語にしてみる / Making "Team" the Subject
ar_tama
3
260
Data Migration on Rails
ohbarye
7
5k
AI Builder について
miyakemito
1
140
Java x Spring Boot Warm up
kazu_kichi_67
2
460
LLMアプリをRagasで評価して、Langfuseで可視化しよう!
minorun365
PRO
2
280
Commitment vs Harrisonism - Keynote for Scrum Niseko 2024
miholovesq
3
240
小規模に始めるデータメッシュとデータガバナンスの実践
kimujun
3
470
都市伝説バスターズ「WebアプリのボトルネックはDBだから言語の性能は関係ない」 - Kaigi on Rails 2024
osyoyu
17
9.7k
CAMERA-Suite: 広告文生成のための評価スイート / ai-camera-suite
cyberagentdevelopers
PRO
3
250
生成AIとAWS CDKで実現! 自社ブログレビューの効率化
ymae
2
280
AIを使って小説を書こう!【2024/10/25講演資料】
kamomeashizawa
0
170

Featured

See All Featured
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
27
1.9k
We Have a Design System, Now What?
morganepeng
50
7.2k
The Cost Of JavaScript in 2023
addyosmani
45
6.6k
Raft: Consensus for Rubyists
vanstee
136
6.6k
4 Signs Your Business is Dying
shpigford
180
21k
Building Your Own Lightsaber
phodgson
102
6k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
43
6.6k
For a Future-Friendly Web
brad_frost
175
9.4k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
225
22k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5k
A better future with KSS
kneath
238
17k
How GitHub (no longer) Works
holman
311
140k

Transcript

  1. Understanding the Web through HTTP Olivia Brundage

  2. Agenda • Overall Flow of Data • How HTTP Requests

    Work • Introduction to HTTPS

  3. Meet Datum! He’s just a baby now, but let’s see

    how he grows into a big data through the OSI (Open System Interconnection) model.

  4. Physical Layer Datum’s home town. He communicates with everyone through

    a physical medium (like wires). His language is bits (0’s and 1’s).

  5. Trailer Data Link Layer To talk to neighbors, Datum’s bits

    gets encapsulated as a frame so that the receiver know the start and end of the message. This layer provides node- to-node data transfer. Header DATA 1010 1010 01000100111 Bit pattern that specifies the start of the frame Bit pattern that specifies the end of the frame Frame

  6. Network Layer In order to reach the outside world, Datum

    has to be transformed into a packet. Routers are responsible directing data to the correct machine. This is where you’ll find IP addresses. IP

  7. Transport Layer To reach his destination, Datum must be transported

    via a segment or datagram. Segments are sent through the Transmission Control Protocol (TCP), which is for a connection- oriented transmission. Datagrams are sent through the User Datagram Protocol (UDP), which is for a connectionless transmission (e.g., streaming). IP

  8. Session Layer Upon arriving at his destination, Datum must create

    an open session to the client, so that they can continue their business. Once here, Datum evolves into his final form: Data. IP

  9. Presentation Layer Datum is now on the full screen! This

    layer takes all your backend code, CSS files, etc and delivers them to the final layer. IP

  10. Application Layer This layer is the end-user product and contains

    high-level APIs like resource sharing and remote file access. This is also the layer you develop in! IP

  11. What’s with this abstraction? • Gives us a framework on

    how data transforms throughout the network. • But it’s a little too specific; real networks are a lot muddier than this.

  12. OSI vs TCP/IP TCP/IP combines some layers of the OSI,

    making it more succinct to the messier way of real life.

  13. Where does HTTP fit into this?

  14. First, let’s go over what HTTP is • HTTP stands

    for hyper-text transfer protocol. • This protocol is in plain-text and is stateless. • This protocol resides in the application layer.

  15. Let’s break down these requests!

  16. Make the Request! You type the URL (Uniform Resource Locator)

    in the browser: http://www.google.com

  17. Hey, wait! What’s an URL? http://www.domain.com:1234/path/to/resource?a=b&x=y protocol host port resource

    path query

  18. Now, time to get the IP address! After you type

    the address, another application layer protocol is used to get the IP address:
 the Domain Name System (DNS) What’s the IP to Google’s server? Google’s IP is 65.246.5.22 Domain Name Server Web Browser

  19. HTTP makes the Request Racket

  20. Generic Structure of HTTP Requests message = <start-line>
 *(<message-header>)
 CRLF

    # Carriage Return Line Feed (i.e., new line)
 [<message-body>] • Start line contains the initial request • Message headers give more details about the request you’re making (i.e., the host, how to maintain the connection, how to handle cookies, etc). NB: GET requests do not contain a message body, but POST requests can.

  21. tl/dr: A simple request looks likes: VERB RESOURCE-URL PROTOCOL
 MESSAGE-HEADERS

    GET / HTTP/1.1
 HOST: www.google.com
 CONNECTION: keep-alive

  22. HTTP Main Verbs • GET: fetches a resource determined by

    the URL • The server sends the resource in the message body if the status code is 200 • POST: creates a new resource where the requests specifies the data needed for the resource • Params are carried in the body of the request instead of the header; making this a more ‘secure’ type of request • PUT: updates a resource • DELETE: deletes a resource NB: PUT and DELETE can be considered a specialized versions of POST

  23. Lesser-known Verbs • HEAD: Requests only the server headers. Primarily

    used for checking if the resource has changed via timestamps. • TRACE: Retrieves the hops that a request takes to round trip the serve. Used for network diagnostic purposes. • OPTIONS: Retrieves the server capabilities. For the client-side, it can be used to modify the request based on what the server can support.

  24. HTTP Packet gets ready for Transportation! HTTP Request HTTP Packet

    TCP Packet The TCP information maintains the session.
 Now to the IP layer! TCP

  25. TCP now hands it over to the Internet Protocol •

    Local/Sender Address: Your PC’s IP • Receiver Address: Google’s Server IP • Post Service Nodes: Routers

  26. HTTP Request IP IP further encapsulates the data TCP TCP

    IP Packet Now we head over to the last layer!

  27. Trailer HTTP Request Header The Network Interface Layer makes the

    Ethernet frame. IP TCP IP Packet Ethernet Frame We can finally send this HTTP request out!

  28. The HTTP request is out!

  29. So let’s recap.

  30. But there’s still more to HTTP!!

  31. Some important notes about the response: • The server will

    send the status code along with the message payload. • The status code tells the client how to interpret the server response.
  32. None

  33. 1xx: Informational Messages • This is just a provisional code

    and provides informational messages like: • Keep this connection alive (i.e., still sending information) • Tell the client to continue sending it’s message • Ignore the next response • This class was introduces in HTTP/1.1. Version 1.0 ignores this message.

  34. 2xx: Successful Your request made it!

  35. Request was completely successful.

  36. Message successful, but there was no message body

  37. 3xx: Redirection Your request needs to directed elsewhere.

  38. Resource has moved to a new URL.

  39. Resource has not been modified since last request.

  40. 4xx: Client Error When the server thinks the client made

    a bad request.

  41. Request can’t be fulfilled due to bad syntax.

  42. Specifically used when authentication has failed.

  43. Request was valid, but the server won’t respond.

  44. Resource can’t be found. Try again later?

  45. Method isn’t supported (like using a GET on a form

    that requires a POST method)

  46. 5xx: Server Error Server failed creating the request

  47. The infamous, generic server error.

  48. The server doesn’t recognize the request method or can’t fulfill

    it.

  49. The server was acting as a proxy and received something

    bad from the upstream server.

  50. The server was acting as a proxy and did not

    receive a timely response from the upstream server.

  51. Want more status codes? Here’s your source: https://httpstatusdogs.com/

  52. Overall HTTP Interaction

  53. So where does HTTPS come into play? That is: HTTP

    over TLS, HTTP over SSL, and HTTP Secure

  54. What HTTPS Is • HTTPS provides authentication to the website

    and protection of the privacy and integrity of the exchanged data • Security is brought to you by the Secure Sockets Layer (SSL) or the improved Transport Layer Security (TLS). • Encryption is brought to you by Public Key Encryption and Symmetric Key Encryption. • This security component happens between HTTP request and TCP (before they connect).

  55. HTTPS Happens Before the Connection is Made

  56. How HTTPS Works • Client/Server Hellos • Authenticate Client and

    Server with Cryptography • Generate session keys • Further interactions will be based on the encrypted session keys

  57. Questions?

  58. Resources • “What is the role of the OSI layers

    when making a request to a website?” 
 https://www.quora.com/What-is-the-role-of-OSI-layers-when-we-open- a-webpage • “HTTP: The Protocol Every Web Developer Must Know - Part 1"
 https://code.tutsplus.com/tutorials/http-the-protocol-every-web- developer-must-know-part-1--net-31177 • “HTTP: The Protocol Every Web Developer Must Know - Part 2"
 https://code.tutsplus.com/tutorials/http-the-protocol-every-web- developer-must-know-part-2--net-31155 • "Understanding HTTP Basics"
 http://learn.onemonth.com/understanding-http-basics