Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
What is HTTP?
HTTP, the Hypertext Transfer Protocol, is the application-level protocol that is used to transfer data on the Web. HTTP comprises the rules by which Web browsers and servers exchange information. Although most people think of HTTP only in the context of the World-Wide Web, it can be, and is, used for other purposes, such as distributed object management systems.
An Example
As an illustration of HTTP, here is an example exchange between a Web browser and the Silicon Press server, www.silicon-press.com. In response to a user request to go to the URL: http://www.silicon.press.com the browser sends the following HTTP request to www.silicon-press.com: GET / HTTP/1.1 Connection: Keep-Alive User-Agent: Mozilla/5.0 (compatible; Konqueror/2.2-11; Linux) Accept: text/*, image/jpeg, image/png, image/*, */* Accept-Encoding: x-gzip, gzip, identity Accept-Charset: Any, utf-8, * Accept-Language: en, en_US Host: www.silicon-press.com -- blank line A brief explanation: o The first line is the request line that comprises three fields: 1. a method: The GET method indicates that the server is supposed to return an entity. 2. a request-URI (Universal Resource Identifier). The / indicates the root of the document system on the server, and 3. HTTP protocol version: 1.1 in this case. o The second line is the optional Connection header informs the server that the browser would like to leave the connection open after the response.
o The third line is the optional User-Agent header that identifies the kind of browser that is sending the request, its version, and its operating system. o The Accept headers specify the type, language, and encoding for the returned entity that the browser would prefer to receive from the server. Responding to the browser, the www.silicon-press.com server sends the following response: HTTP/1.1 200 OK Date: Thu, 24 Jan 2002 17:33:52 GMT Server: Apache/1.3.14 Last-Modified: Mon, 21 Jan 2002 22:08:33 GMT Etag: 47bc6-25e0-3c4c9161 Accept-Ranges: bytes Content-Length: 9696 Connection: close Content-Type: text/html -- blank line--- HTML entity A brief explanation: o The first line is the status line consisting of three fields: 1. HTTP protocol version of the response: 1.1 in this case, 2. a three-digit numeric status code, and 3. a short description of the status code. o The Content-Length, Content-Type, Etag, and Last-Modified header lines describe the entity returned.
More Examples
Example When you type a url in your address bar, your browser sends an HTTP request and it may look like this:
GET /tutorials/other/top-20-mysql-best-practices/ HTTP/1.1
01 02 03 04 05 06 07 08 09 10 11 12
Host: net.tutsplus.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Cookie: PHPSESSID=r2t5uvjq435r4q7ib3vtdjq120 Pragma: no-cache Cache-Control: no-cache
First line is the "Request Line" which contains some basic info on the request. And the rest are the HTTP headers. After that request, your browser receives an HTTP response that may look like this: 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21
<title>Top 20+ MySQL Best Practices - Nettuts+</title> HTTP/1.x 200 OK Transfer-Encoding: chunked Date: Sat, 28 Nov 2009 04:36:25 GMT Server: LiteSpeed Connection: close X-Powered-By: W3 Total Cache/0.8 Pragma: public Expires: Sat, 28 Nov 2009 05:36:25 GMT Etag: "pub1259380237;gz" Cache-Control: max-age=3600, public Content-Type: text/html; charset=UTF-8 Last-Modified: Sat, 28 Nov 2009 03:50:37 GMT X-Pingback: http://net.tutsplus.com/xmlrpc.php Content-Encoding: gzip Vary: Accept-Encoding, Cookie, User-Agent
Request Methods
The two most commonly used request methods are: GET and POST. You're probably already familiar with them, from writing html forms.
GET: Retrieve a Document This is the main method used for retrieving html, images, JavaScript, CSS, etc. Most data that loads in your browser was requested using this method. For example, when loading a Nettuts+ article, the very first line of the HTTP request looks like so:
1 2
Once the html loads, the browser will start sending GET request for images, that may look like this:
1 2
Web forms can be set to use the method GET. Here is an example.
1 2 3 4 5 6 7 8
First Name: <input name="first_name" type="text"> <br /> Last Name: <input name="last_name" type="text"> <br />
</form>
When that form is submitted, the HTTP request begins like this:
1 2
You can see that each form input was added into the query string. POST: Send Data to the Server Even though you can send data to the server using GET and the query string, in many cases POST will be preferable. Sending large amounts of data using GET is not practical and has limitations. POST requests are most commonly sent by web forms. Let's change the previous form example to a POST method. 1 2 3 4 5 6 7 8
</form> <input type="submit" name="action" value="Submit" /> First Name: <input type="text" name="first_name" /> <br /> Last Name: <input type="text" name="last_name" /> <br /> <form method="POST" action="foo.php">
01 02 03 04 05 06 07 08 09 10 11 12 13 14
Host: localhost User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Referer: http://localhost/test.php Content-Type: application/x-www-form-urlencoded Content-Length: 43
first_name=John&last_name=Doe&action=Submit
There are three important things to note here: The path in the first line is simply /foo.php and there is no query string anymore. Content-Type and Content-Length headers have been added, which provide information about the data being sent. All the data is in now sent after the headers, with the same format as the query string. POST method requests can also be made via AJAX, applications, cURL, etc. And all file upload forms are required to use the POST method.
200 OK
As mentioned before, this status code is sent in response to a successful request.
When the requested page or file was not found, a 404 response code is sent by the server.
401 Unauthorized
Password protected web pages send this code. If you don't enter a login correctly, you may see the following in your browser.
Note that this only applies to HTTP password protected pages, that pop up login prompts like this:
403 Forbidden
If you are not allowed to access a page, this code may be sent to your browser. This often happens when you try to open a url for a folder, that contains no index page. If the server settings do not allow the display of the folder contents, you will get a 403 error.
For example, on my local server I created an images folder. Inside this folder I put an .htaccess file with this line: "Options -Indexes". Now when I try to open http://localhost/images/ - I see this:
There are other ways in which access can be blocked, and 403 can be sent. For example, you can block by IP address, with the help of some htaccess directives. 1 2 3 4 5
order allow,deny deny from 192.168.44.201 deny from 224.39.163.12 deny from 172.16.7.92 allow from all
Both 302 and 301 are handled very similarly by the browser, but they can have different meanings to search engine spiders. For instance, if your website is down for maintenance, you may redirect to another location using 302. The search engine spider will continue checking your page later in the future.
But if you redirect using 301, it will tell the spider that your website has moved to that location permanently. To give you a better idea: http://www.nettuts.com redirects to
This code is usually seen when a web script crashes. Most CGI scripts do not output errors directly to the browser, unlike PHP. If there is any fatal errors, they will just send a 500 status code. And the programmer then needs to search the server error logs to find the error messages.
Complete List
You can find the complete list of HTTP status codes with their explanations here.