Category: http

HTTP – Parameters ”; Previous Next This chapter is going to list down few of the important HTTP Protocol Parameters and their syntax the way they are used in the communication. For example, format for date, format of URL, etc. This will help you in constructing your request and response messages while writing HTTP client or server programs. You will see the complete usage of these parameters in subsequent chapters while learning the message structure for HTTP requests and responses. HTTP Version HTTP uses a <major>.<minor> numbering scheme to indicate versions of the protocol. The version of an HTTP message is indicated by an HTTP-Version field in the first line. Here is the general syntax of specifying HTTP version number: HTTP-Version = “HTTP” “/” 1*DIGIT “.” 1*DIGIT Example HTTP/1.0 or HTTP/1.1 Uniform Resource Identifiers Uniform Resource Identifiers (URI) are simply formatted, case-insensitive string containing name, location, etc. to identify a resource, for example, a website, a web service, etc. A general syntax of URI used for HTTP is as follows: URI = “http:” “//” host [ “:” port ] [ abs_path [ “?” query ]] Here if the port is empty or not given, port 80 is assumed for HTTP and an empty abs_path is equivalent to an abs_path of “/”. The characters other than those in the reserved and unsafe sets are equivalent to their “”%” HEX HEX” encoding. Example The following three URIs are equivalent: http://abc.com:80/~smith/home.html http://ABC.com/%7Esmith/home.html http://ABC.com:/%7esmith/home.html Date/Time Formats All HTTP date/time stamps MUST be represented in Greenwich Mean Time (GMT), without exception. HTTP applications are allowed to use any of the following three representations of date/time stamps: Sun, 06 Nov 1994 08:49:37 GMT ; RFC 822, updated by RFC 1123 Sunday, 06-Nov-94 08:49:37 GMT ; RFC 850, obsoleted by RFC 1036 Sun Nov 6 08:49:37 1994 ; ANSI C”s asctime() format Character Sets We use character sets to specify the character sets that the client prefers. Multiple character sets can be listed separated by commas. If a value is not specified, the default is the US-ASCII. Example Following are the valid character sets: US-ASCII or ISO-8859-1 or ISO-8859-7 Content Encodings A content encoding value indicates that an encoding algorithm has been used to encode the content before passing it over the network. Content coding are primarily used to allow a document to be compressed or otherwise usefully transformed without losing the identity. All content-coding values are case-insensitive. HTTP/1.1 uses content-coding values in the Accept-Encoding and Content-Encoding header fields which we will see in the subsequent chapters. Example Following are the valid encoding schemes: Accept-encoding: gzip or Accept-encoding: compress or Accept-encoding: deflate Media Types HTTP uses Internet Media Types in the Content-Type and Accept header fields in order to provide open and extensible data typing and type negotiation. All the Media-type values are registered with the Internet Assigned Number Authority (IANA). The general syntax to specify media type is as follows: media-type = type “/” subtype *( “;” parameter ) The type, subtype, and parameter attribute names are case–insensitive. Example Accept: image/gif Language Tags HTTP uses language tags within the Accept-Language and Content-Language fields. A language tag is composed of one or more parts: a primary language tag and a possibly empty series of subtags: language-tag = primary-tag *( “-” subtag ) White spaces are not allowed within the tag and all tags are case- insensitive. Example Example tags include: en, en-US, en-cockney, i-cherokee, x-pig-latin where any two-letter primary-tag is an ISO-639 language abbreviation and any two-letter initial subtag is an ISO-3166 country code. Print Page Previous Next Advertisements ”;

HTTP – Header Fields ”; Previous Next HTTP header fields provide required information about the request or response, or about the object sent in the message body. There are four types of HTTP message headers: General-header: These header fields have general applicability for both request and response messages. Client Request-header: These header fields have applicability only for request messages. Server Response-header: These header fields have applicability only for response messages. Entity-header: These header fields define meta information about the entity-body or, if no body is present, about the resource identified by the request. General Headers Cache-Control The Cache-Control general-header field is used to specify directives that MUST be obeyed by all the caching system. The syntax is as follows: Cache-Control : cache-request-directive|cache-response-directive An HTTP client or server can use the Cache-control general header to specify parameters for the cache or to request certain kinds of documents from the cache. The caching directives are specified in a comma-separated list. For example: Cache-control: no-cache The following table lists the important cache request directives that can be used by the client in its HTTP request: S.N. Cache Request Directive and Description 1 no-cache A cache must not use the response to satisfy a subsequent request without successful revalidation with the origin server. 2 no-store The cache should not store anything about the client request or server response. 3 max-age = seconds Indicates that the client is willing to accept a response whose age is not greater than the specified time in seconds. 4 max-stale [ = seconds ] Indicates that the client is willing to accept a response that has exceeded its expiration time. If seconds are given, it must not be expired by more than that time. 5 min-fresh = seconds Indicates that the client is willing to accept a response whose freshness lifetime is not less than its current age plus the specified time in seconds. 6 no-transform Does not convert the entity-body. 7 only-if-cached Does not retrieve new data. The cache can send a document only if it is in the cache, and should not contact the origin-server to see if a newer copy exists. The following important cache response directives that can be used by the server in its HTTP response: S.N. Cache Response Directive and Description 1 public Indicates that the response may be cached by any cache. 2 private Indicates that all or part of the response message is intended for a single user and must not be cached by a shared cache. 3 no-cache A cache must not use the response to satisfy a subsequent request without successful re-validation with the origin server. 4 no-store The cache should not store anything about the client request or server response. 5 no-transform Does not convert the entity-body. 6 must-revalidate The cache must verify the status of the stale documents before using it and expired ones should not be used. 7 proxy-revalidate The proxy-revalidate directive has the same meaning as the must- revalidate directive, except that it does not apply to non-shared user agent caches. 8 max-age = seconds Indicates that the client is willing to accept a response whose age is not greater than the specified time in seconds. 9 s-maxage = seconds The maximum age specified by this directive overrides the maximum age specified by either the max-age directive or the Expires header. The s-maxage directive is always ignored by a private cache. Connection The Connection general-header field allows the sender to specify options that are desired for that particular connection and must not be communicated by proxies over further connections. Following is the simple syntax for using connection header: Connection : “Connection” HTTP/1.1 defines the “close” connection option for the sender to signal that the connection will be closed after completion of the response. For example: Connection: close By default, HTTP 1.1 uses persistent connections, where the connection does not automatically close after a transaction. HTTP 1.0, on the other hand, does not have persistent connections by default. If a 1.0 client wishes to use persistent connections, it uses the keep-alive parameter as follows: Connection: keep-alive Date All HTTP date/time stamps MUST be represented in Greenwich Mean Time (GMT), without exception. HTTP applications are allowed to use any of the following three representations of date/time stamps: Sun, 06 Nov 1994 08:49:37 GMT ; RFC 822, updated by RFC 1123 Sunday, 06-Nov-94 08:49:37 GMT ; RFC 850, obsoleted by RFC 1036 Sun Nov 6 08:49:37 1994 ; ANSI C”s asctime() format Here the first format is the most preferred one. Pragma The Pragma general-header field is used to include implementation specific directives that might apply to any recipient along the request/response chain. For example: Pragma: no-cache The only directive defined in HTTP/1.0 is the no-cache directive and is maintained in HTTP 1.1 for backward compatibility. No new Pragma directives will be defined in the future. Trailer The Trailer general field value indicates that the given set of header fields is present in the trailer of a message encoded with chunked transfer-coding. Following is the syntax of Trailer header field: Trailer : field-name Message header fields listed in the Trailer header field must not include the following header fields: Transfer-Encoding Content-Length Trailer Transfer-Encoding The Transfer-Encoding general-header field indicates what type of transformation has been applied to the message body in order to safely transfer it between the sender and the recipient. This is not the same as content-encoding because transfer-encodings are a property of the message, not of the entity-body. The syntax of Transfer-Encoding header field is as follows: Transfer-Encoding: chunked All transfer-coding values are case-insensitive. Upgrade The Upgrade general-header allows the client to specify what additional communication protocols it supports and would like to use if the server finds it appropriate to switch protocols. For example: Upgrade: HTTP/2.0, SHTTP/1.3, IRC/6.9, RTA/x11 The Upgrade header field is intended to provide a simple mechanism for transition from HTTP/1.1 to some other, incompatible protocol. Via The Via general-header must be used by gateways and proxies to

HTTP – Security ”; Previous Next HTTP is used for communications over the internet, so application developers, information providers, and users should be aware of the security limitations in HTTP/1.1. This discussion does not include definitive solutions to the problems mentioned here but it does make some suggestions for reducing security risks. Personal Information Leakage HTTP clients are often privy to large amount of personal information such as the user”s name, location, mail address, passwords, encryption keys, etc. So you should be very careful to prevent unintentional leakage of this information via the HTTP protocol to other sources. All the confidential information should be stored at the server in encrypted form. Revealing the specific software version of the server might allow the server machine to become more vulnerable to attacks against software that is known to contain security holes. Proxies that serve as a portal through a network firewall should take special precautions regarding the transfer of header information that identifies the hosts behind the firewall. The information sent in the ”From” field might conflict with the user”s privacy interests or their site”s security policy, and hence, it should not be transmitted without the user being able to disable, enable, and modify the contents of the field. Clients should not include a Referer header field in a (non-secure) HTTP request, if the referring page was transferred with a secure protocol. Authors of services that use the HTTP protocol should not use GET based forms for the submission of sensitive data, because it will cause the data to be encoded in the Request-URI. File and Path Names Based Attack The document should be restricted to the documents returned by HTTP requests to be only those that were intended by the server administrators. For example, UNIX, Microsoft Windows, and other operating systems use ”..” as a path component to indicate a directory level above the current one. On such a system, an HTTP server MUST disallow any such construct in the Request-URI, if it would otherwise allow access to a resource outside those intended to be accessible via the HTTP server. DNS Spoofing Clients using HTTP rely heavily on the Domain Name Service, and are thus generally prone to security attacks based on the deliberate mis-association of IP addresses and DNS names. So clients need to be cautious in assuming the continuing validity of an IP number/DNS name association. If HTTP clients cache the results of host name lookups in order to achieve a performance improvement, they must observe the TTL information reported by the DNS. If HTTP clients do not observe this rule, they could be spoofed when a previously-accessed server”s IP address changes. Location Headers and Spoofing If a single server supports multiple organizations that do not trust one another, then it MUST check the values of Location and Content Location headers in the responses that are generated under the control of said organizations to make sure that they do not attempt to invalidate resources over which they have no authority. Authentication Credentials Existing HTTP clients and user agents typically retain authentication information indefinitely. HTTP/1.1 does not provide a method for a server to direct clients to discard these cached credentials which is a big security risk. There are a number of work around to the parts of this problem, and so it is recommended to make the use of password protection in screen savers, idle time-outs, and other methods that mitigate the security problems inherent in this problem. Proxies and Caching HTTP proxies are men-in-the-middle, and represent an opportunity for man-in-the-middle attacks. Proxies have access to security-related information, personal information about individual users and organizations, and proprietary information belonging to users and content providers. Proxy operators should protect the systems on which proxies run, as they would protect any system that contains or transports sensitive information. Caching proxies provide additional potential vulnerabilities, since the contents of the cache represent an attractive target for malicious exploitation. Therefore, cache contents should be protected as sensitive information. Print Page Previous Next Advertisements ”;

HTTP – Requests ”; Previous Next An HTTP client sends an HTTP request to a server in the form of a request message which includes following format: A Request-line Zero or more header (General|Request|Entity) fields followed by CRLF An empty line (i.e., a line with nothing preceding the CRLF) indicating the end of the header fields Optionally a message-body The following sections explain each of the entities used in an HTTP request message. Request-Line The Request-Line begins with a method token, followed by the Request-URI and the protocol version, and ending with CRLF. The elements are separated by space SP characters. Request-Line = Method SP Request-URI SP HTTP-Version CRLF Let”s discuss each of the parts mentioned in the Request-Line. Request Method The request method indicates the method to be performed on the resource identified by the given Request-URI. The method is case-sensitive and should always be mentioned in uppercase. The following table lists all the supported methods in HTTP/1.1. S.N. Method and Description 1 GET The GET method is used to retrieve information from the given server using a given URI. Requests using GET should only retrieve data and should have no other effect on the data. 2 HEAD Same as GET, but it transfers the status line and the header section only. 3 POST A POST request is used to send data to the server, for example, customer information, file upload, etc. using HTML forms. 4 PUT Replaces all the current representations of the target resource with the uploaded content. 5 DELETE Removes all the current representations of the target resource given by URI. 6 CONNECT Establishes a tunnel to the server identified by a given URI. 7 OPTIONS Describe the communication options for the target resource. 8 TRACE Performs a message loop back test along with the path to the target resource. Request-URI The Request-URI is a Uniform Resource Identifier and identifies the resource upon which to apply the request. Following are the most commonly used forms to specify an URI: Request-URI = “*” | absoluteURI | abs_path | authority   S.N. Method and Description 1 The asterisk * is used when an HTTP request does not apply to a particular resource, but to the server itself, and is only allowed when the method used does not necessarily apply to a resource. For example: OPTIONS * HTTP/1.1 2 The absoluteURI is used when an HTTP request is being made to a proxy. The proxy is requested to forward the request or service from a valid cache, and return the response. For example: GET http://www.w3.org/pub/WWW/TheProject.html HTTP/1.1 3 The most common form of Request-URI is that used to identify a resource on an origin server or gateway. For example, a client wishing to retrieve a resource directly from the origin server would create a TCP connection to port 80 of the host “www.w3.org” and send the following lines: GET /pub/WWW/TheProject.html HTTP/1.1 Host: www.w3.org Note that the absolute path cannot be empty; if none is present in the original URI, it MUST be given as “/” (the server root). Request Header Fields We will study General-header and Entity-header in a separate chapter when we will learn HTTP header fields. For now, let”s check what Request header fields are. The request-header fields allow the client to pass additional information about the request, and about the client itself, to the server. These fields act as request modifiers.Here is a list of some important Request-header fields that can be used based on the requirement: Accept-Charset Accept-Encoding Accept-Language Authorization Expect From Host If-Match If-Modified-Since If-None-Match If-Range If-Unmodified-Since Max-Forwards Proxy-Authorization Range Referer TE User-Agent You can introduce your custom fields in case you are going to write your own custom Client and Web Server. Examples of Request Message Now let”s put it all together to form an HTTP request to fetch hello.htm page from the web server running on tutorialspoint.com GET /hello.htm HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT) Host: www.tutorialspoint.com Accept-Language: en-us Accept-Encoding: gzip, deflate Connection: Keep-Alive Here we are not sending any request data to the server because we are fetching a plain HTML page from the server. Connection is a general-header, and the rest of the headers are request headers. The following example shows how to send form data to the server using request message body: POST /cgi-bin/process.cgi HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT) Host: www.tutorialspoint.com Content-Type: application/x-www-form-urlencoded Content-Length: length Accept-Language: en-us Accept-Encoding: gzip, deflate Connection: Keep-Alive licenseID=string&content=string&/paramsXML=string Here the given URL /cgi-bin/process.cgi will be used to process the passed data and accordingly, a response will be returned. Here content-type tells the server that the passed data is a simple web form data and length will be the actual length of the data put in the message body. The following example shows how you can pass plain XML to your web server: POST /cgi-bin/process.cgi HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT) Host: www.tutorialspoint.com Content-Type: text/xml; charset=utf-8 Content-Length: length Accept-Language: en-us Accept-Encoding: gzip, deflate Connection: Keep-Alive <?xml version=”1.0″ encoding=”utf-8″?> <string xmlns=”http://clearforest.com/”>string</string> Print Page Previous Next Advertisements ”;

HTTP Tutorial PDF Version Quick Guide Resources Job Search Discussion The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypermedia information systems. This is the foundation for data communication for the World Wide Web (i.e. internet) since 1990. HTTP is a generic and stateless protocol which can be used for other purposes as well using extensions of its request methods, error codes, and headers. This tutorial is based on RFC-2616 specification, which defines the protocol referred to as HTTP/1.1. HTTP/1.1 is a revision of the original HTTP (HTTP/1.0). A major difference between HTTP/1.0 and HTTP/1.1 is that HTTP/1.0 uses a new connection for each request/response exchange, where as HTTP/1.1 connection may be used for one or more request/response exchanges. Audience This tutorial has been prepared for computer science graduates and web developers to help them understand the basic to advanced level concepts related to Hypertext Transfer Protocol (HTTP). Prerequisites Before proceeding with this tutorial, it is good to have a basic understanding of web concepts, web browsers, web servers, client and server architecture based software. Print Page Previous Next Advertisements ”;

HTTP – Caching ”; Previous Next HTTP is typically used for distributed information systems, where performance can be improved by the use of response caches. The HTTP/1.1 protocol includes a number of elements intended to make caching work. The goal of caching in HTTP/1.1 is to eliminate the need to send requests in many cases, and to eliminate the need to send full responses in many other cases. The basic cache mechanisms in HTTP/1.1 are implicit directives to caches where server-specifies expiration times and validators. We use the Cache-Control header for this purpose. The Cache-Control header allows a client or server to transmit a variety of directives in either requests or responses. These directives typically override the default caching algorithms. The caching directives are specified in a comma-separated list. For example: Cache-control: no-cache The following cache request directives can be used by the client in its HTTP request: S.N. Cache Request Directive and Description 1 no-cache A cache must not use the response to satisfy a subsequent request without successful revalidation with the origin server. 2 no-store The cache should not store anything about the client request or server response. 3 max-age = seconds Indicates that the client is willing to accept a response whose age is not greater than the specified time in seconds. 4 max-stale [ = seconds ] Indicates that the client is willing to accept a response that has exceeded its expiration time. If seconds are given, it must not be expired by more than that time. 5 min-fresh = seconds Indicates that the client is willing to accept a response whose freshness lifetime is not less than its current age plus the specified time in seconds. 6 no-transform Does not convert the entity-body. 7 only-if-cached Does not retrieve new data. The cache can send a document only if it is in the cache, and should not contact the origin-server to see if a newer copy exists. The following cache response directives can be used by the server in its HTTP response: S.N. Cache Response Directive and Description 1 public Indicates that the response may be cached by any cache. 2 private Indicates that all or part of the response message is intended for a single user and must not be cached by a shared cache. 3 no-cache A cache must not use the response to satisfy a subsequent request without successful re-validation with the origin server. 4 no-store The cache should not store anything about the client request or server response. 5 no-transform Does not convert the entity-body. 6 must-revalidate The cache must verify the status of stale documents before using it and expired ones should not be used. 7 proxy-revalidate The proxy-revalidate directive has the same meaning as the must- revalidate directive, except that it does not apply to non-shared user agent caches. 8 max-age = seconds Indicates that the client is willing to accept a response whose age is not greater than the specified time in seconds. 9 s-maxage = seconds The maximum age specified by this directive overrides the maximum age specified by either the max-age directive or the Expires header. The s-maxage directive is always ignored by a private cache. Print Page Previous Next Advertisements ”;

HTTP – URL Encoding ”; Previous Next HTTP URLs can only be sent over the Internet using the ASCII character-set, which often contain characters outside the ASCII set. So these unsafe characters must be replaced with a % followed by two hexadecimal digits. The following table shows the ASCII symbols of the characters and their replacements which can be used in the URL before passing it to the server: ASCII Symbol Replacement < 32   Encode with %xx where xx is the hexadecimal representation of the character. 32 space + or %20 33 ! %21 34 “ %22 35 # %23 36 $ %24 37 % %25 38 & %26 39 ” %27 40 ( %28 41 ) %29 42 * * 43 + %2B 44 , %2C 45 – – 46 . . 47 / %2F 48 0 0 49 1 1 50 2 2 51 3 3 52 4 4 53 5 5 54 6 6 55 7 7 56 8 8 57 9 9 58 : %3A 59 ; %3B 60 %3C 61 = %3D 62 > %3E 63 ? %3F 64 @ %40 65 A A 66 B B 67 C C 68 D D 69 E E 70 F F 71 G G 72 H H 73 I I 74 J J 75 K K 76 L L 77 M M 78 N N 79 O O 80 P P 81 Q Q 82 R R 83 S S 84 T T 85 U U 86 V V 87 W W 88 X X 89 Y Y 90 Z Z 91 [ %5B 92 %5C 93 ] %5D 94 ^ %5E 95 _ _ 96 ` %60 97 a a 98 b b 99 c c 100 d d 101 e e 102 f f 103 g g 104 h h 105 i i 106 j j 107 k k 108 l l 109 m m 110 n n 111 o o 112 p p 113 q q 114 r r 115 s s 116 t t 117 u u 118 v v 119 w w 120 x x 121 y y 122 z z 123 { %7B 124 | %7C 125 } %7D 126 ~ %7E 127   %7F > 127   Encode with %xx where xx is the hexadecimal representation of the character. Print Page Previous Next Advertisements ”;

HTTP – Useful Resources ”; Previous Next The following resources contain additional information on HTTP. Please use them to get more in-depth knowledge on this. Useful Video Courses IT Security Gumbo: Exploitation with Kali 9 Lectures 1 hours Corey Charles More Detail Master Wireshark 3 in 5 Days 33 Lectures 2 hours Mohamad Mahjoub More Detail A-Z Python Bootcamp- Basics To Data Science (50+ Hours) Best Seller 436 Lectures 46 hours Chandramouli Jayendran More Detail Java Servlets Training (beginner to advanced) 31 Lectures 12.5 hours Uplatz More Detail Zabbix 6 76 Lectures 11 hours Teachmemore Formation More Detail Computer Networks Fundamentals Featured 46 Lectures 4.5 hours CyberQuince More Detail Print Page Previous Next Advertisements ”;

HTTP – Overview ”; Previous Next The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypermedia information systems. This is the foundation for data communication for the World Wide Web (i.e. internet) since 1990. HTTP is a generic and stateless protocol which can be used for other purposes as well using extensions of its request methods, error codes, and headers. Basically, HTTP is a TCP/IP based communication protocol, that is used to deliver data (HTML files, image files, query results, etc.) on the World Wide Web. The default port is TCP 80, but other ports can be used as well. It provides a standardized way for computers to communicate with each other. HTTP specification specifies how clients” request data will be constructed and sent to the server, and how the servers respond to these requests. Basic Features There are three basic features that make HTTP a simple but powerful protocol: HTTP is connectionless: The HTTP client, i.e., a browser initiates an HTTP request and after a request is made, the client waits for the response. The server processes the request and sends a response back after which client disconnect the connection. So client and server knows about each other during current request and response only. Further requests are made on new connection like client and server are new to each other. HTTP is media independent: It means, any type of data can be sent by HTTP as long as both the client and the server know how to handle the data content. It is required for the client as well as the server to specify the content type using appropriate MIME-type. HTTP is stateless: As mentioned above, HTTP is connectionless and it is a direct result of HTTP being a stateless protocol. The server and client are aware of each other only during a current request. Afterwards, both of them forget about each other. Due to this nature of the protocol, neither the client nor the browser can retain information between different requests across the web pages. HTTP/1.0 uses a new connection for each request/response exchange, where as HTTP/1.1 connection may be used for one or more request/response exchanges. Basic Architecture The following diagram shows a very basic architecture of a web application and depicts where HTTP sits: The HTTP protocol is a request/response protocol based on the client/server based architecture where web browsers, robots and search engines, etc. act like HTTP clients, and the Web server acts as a server. Client The HTTP client sends a request to the server in the form of a request method, URI, and protocol version, followed by a MIME-like message containing request modifiers, client information, and possible body content over a TCP/IP connection. Server The HTTP server responds with a status line, including the message”s protocol version and a success or error code, followed by a MIME-like message containing server information, entity meta information, and possible entity-body content. Print Page Previous Next Advertisements ”;

HTTP – Message Examples ”; Previous Next Example 1 HTTP request to fetch hello.htm page from the web server running on tutorialspoint.com. Client request GET /hello.htm HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT) Host: www.tutorialspoint.com Accept-Language: en-us Accept-Encoding: gzip, deflate Connection: Keep-Alive Server response HTTP/1.1 200 OK Date: Mon, 27 Jul 2009 12:28:53 GMT Server: Apache/2.2.14 (Win32) Last-Modified: Wed, 22 Jul 2009 19:15:56 GMT Content-Length: 88 Content-Type: text/html Connection: Closed <html> <body> <h1>Hello, World!</h1> </body> </html> Example 2 HTTP request to fetch t.html page that does not exist on the web server running on tutorialspoint.com. Client request GET /t.html HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT) Host: www.tutorialspoint.com Accept-Language: en-us Accept-Encoding: gzip, deflate Connection: Keep-Alive Server response HTTP/1.1 404 Not Found Date: Sun, 18 Oct 2012 10:36:20 GMT Server: Apache/2.2.14 (Win32) Content-Length: 230 Content-Type: text/html; charset=iso-8859-1 Connection: Closed <!DOCTYPE HTML PUBLIC “-//IETF//DTD HTML 2.0//EN”> <html> <head> <title>404 Not Found</title> </head> <body> <h1>Not Found</h1> <p>The requested URL /t.html was not found on this server.</p> </body> </html> Example 3 HTTP request to fetch hello.htm page from the web server running on tutorialspoint.com, but the request goes with an incorrect HTTP version: Client request GET /hello.htm HTTP1 User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT) Host: www.tutorialspoint.com Accept-Language: en-us Accept-Encoding: gzip, deflate Connection: Keep-Alive Server response HTTP/1.1 400 Bad Request Date: Sun, 18 Oct 2012 10:36:20 GMT Server: Apache/2.2.14 (Win32) Content-Length: 230 Content-Type: text/html; charset=iso-8859-1 Connection: Closed <!DOCTYPE HTML PUBLIC “-//IETF//DTD HTML 2.0//EN”> <html> <head> <title>400 Bad Request</title> </head> <body> <h1>Bad Request</h1> <p>Your browser sent a request that this server could not understand.<p> <p>The request line contained invalid characters following the protocol string.<p> </body> </html> Example 4 HTTP request to post form data to process.cgi CGI page on a web server running on tutorialspoint.com. The server returns the passed name after setting them as cookies: Client request POST /cgi-bin/process.cgi HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT) Host: www.tutorialspoint.com Content-Type: text/xml; charset=utf-8 Content-Length: 60 Accept-Language: en-us Accept-Encoding: gzip, deflate Connection: Keep-Alive first=Zara&last=Ali Server response HTTP/1.1 200 OK Date: Mon, 27 Jul 2009 12:28:53 GMT Server: Apache/2.2.14 (Win32) Content-Length: 88 Set-Cookie: first=Zara,last=Ali;domain=tutorialspoint.com;Expires=Mon, 19- Nov-2010 04:38:14 GMT;Path=/ Content-Type: text/html Connection: Closed <html> <body> <h1>Hello Zara Ali</h1> </body> </html> Print Page Previous Next Advertisements ”;