current position:Home>What are HTTP and HTTPS? What is the difference between them

What are HTTP and HTTPS? What is the difference between them

2021-08-23 02:32:30 Feichen

HTTP brief introduction

HTTP( Hypertext transfer protocol ) It is the most extensive transmission protocol on the network , Used in web Transport protocol between browser and web server .HTTP It's a simple request - Response protocol , It usually runs on TCP above . It specifies what messages the client may send to the server and what response it will get . The header of the request and response message is ASCII Form gives ; The message content has a similar MIME The format of . This simple model is early Web Successful and meritorious subjects , Because it makes development and deployment very straightforward .

HTTP It's the application layer protocol , Like other application layer protocols , Is to achieve a certain type of specific application of the protocol , And it is implemented by an application running in user space .HTTP It's a protocol specification , This specification is documented , To really pass HTTP Communicating HTTP The implementation of the program .

Message format

HTTP The message consists of a request from the client to the server and a response from the server to the client . The request message format is as follows :  
Request line - General header - Request header - Entity head - Message body
( For convenience , The picture uses excel So there's a line )
The format of response message is as follows :
Status line - General header - Response head - Entity head - Message body

HTTP The features of the agreement

1.HTTP Protocol is stateless

   That means every time HTTP Requests are all independent , There is no necessary connection between any two requests . But in practical application, it is not exactly like this , Introduced Cookie and Session Mechanism to associate requests .

2. many times HTTP request

   In most cases, when a client requests a web page, it is not a single request that can succeed , The server first is the response HTML page , Then the browser receives the response and finds HTML The page also references other resources , for example ,CSS,JS file , Pictures, etc. , It will also automatically send HTTP Request these required resources . current HTTP The version supports the pipeline mechanism , Multiple requests can be requested and responded to simultaneously , Greatly improved efficiency .

3. be based on TCP agreement

  HTTP The purpose of the protocol is to specify the format and data interaction behavior of data transmission between the client and the server , Not responsible for the details of data transmission . The bottom layer is based on TCP Realized . In the current version, the default persistent connection is , Many times HTTP Request to use a TCP Connect .

HTTP Request method

   The request method is the method used by the client to inform the server of its action intention . It's like giving orders . stay HTTP1.1 Version supports GET、POST Nearly equal 10 Methods .


HTTP Request method
Method describe
GET Access to resources GET Method to request access has been URI Identified resources . That is, it specifies the content of the response after the server processes the request .

Transport entity body POST Method to transfer the entity body .POST And GET One of the differences is the purpose , The difference between the two will be explained in detail at the end of the article . although GET Method can also transmit , But in general, there is no need to , because GET The purpose of is to get ,POST The purpose of is to transmit .


Transfer files PUT Method to transfer files . similar FTP agreement , The content of the file is contained in the entity of the request message , Then the request is saved to URL Specified server location


Get the message header HEAD The method is similar to GET Method , But here's the difference HEAD Method does not require data to be returned . Used to confirm URI The validity and resource update time of


Delete file DELETE Method to delete a file , Is with the PUT The opposite way .DELETE It's a request to return URL Designated resources


Ask for support Because not all servers support the specified method , For the sake of security, some servers may prohibit some methods such as DELETE、PUT etc. . that OPTIONS It's a way to ask for server support


Trace path TRACE The way is to let Web The method of the server looping back the previous request communication to the client . This method is not commonly used


Require a tunnel protocol to connect to the agent CONNECT Method requires a tunnel to be built when communicating with the proxy server , Implementation with tunnel protocol TCP signal communication . The main use of SSL/TLS The protocol encrypts and transmits the communication content .


HTTPS brief introduction

HTTPS( Secure socket layer Hypertext Transfer Protocol ) It's about security HTTP passageway .

Why use https

First of all, let's get to know HTTP The shortcomings of :

  1. Communications are transmitted in clear text
  2. Do not verify the identity of the communicating party
  3. Unable to verify message integrity

At this time, in order to solve this defect, another protocol needs to be used :HTTPS. For the safety of data transmission ,HTTPS stay HTTP On the basis of adding SSL agreement ,SSL Rely on certificates to verify the identity of the server , And encrypt the communication between browser and server . namely HTTP Lower join SSL layer ,HTTPS The safety basis of SSL, So the details of encryption need to be SSL,http+ encryption + authentication + Integrity protection =https.



HTTP working principle

HTTPS and HTTP The main difference

  1. HTTPS The agreement needs to reach CA Apply for a certificate , Generally, there are fewer free certificates , So there is a certain cost .
  2. HTTP It's the hypertext transfer protocol , The message is transmitted in clear text ,HTTPS It is safe ssl/tls Encrypted transport protocol .
  3. HTTP and HTTPS It USES a completely different connection
  4. HTTP port :80,HTTPS port :443
  5. HTTP Connection stateless ;HTTPS Agreement is made SSL/TLS+HTTP The protocol is built for encrypted transmission 、 Network protocol for identity authentication , Than HTTP Security agreement .

HTTPS The shortcomings of

HTTPS It is not without shortcomings :

  1. although HTTPS Added a layer of security , But it's not absolutely safe ,  The organization that holds the root certificate 、 Organizations that master encryption algorithms can also conduct man in the middle attacks
  2. HTTPS The protocol handshake phase is quite time-consuming , Increase power consumption and loading time
  3. HTTPS Connection cache is inferior to HTTP, Will increase data overhead and power consumption , Even existing security measures will be affected
  4. CA Certificates need money , The more powerful the certificate, the higher the cost ( The white whoring party cried directly )
  5. SSL Usually you need to bind IP, Can't be in the same IP Bind multiple domain names on ,IPv4 Resources are very difficult to support this consumption

notes :

Status code :

1xx: Information
100 Continue
The server receives only part of the request , But once the server doesn't reject the request , The client should continue to send the rest of the requests .
101 Switching Protocols
Server conversion protocol : The server will follow the client's request and convert to another protocol .
2xx: success
200 OK
The request is successful ( After that is right GET and POST Requested response document .)
201 Created
The request is created , At the same time, new resources are created .
202 Accepted
The request for processing has been accepted , But the processing is not complete .
203 Non-authoritative Information
The document has returned normally , But some responders may not be correct , Because it's a copy of the document .
204 No Content
No new documents . The browser should continue to display the original document . If the user refreshes the page regularly , and Servlet Make sure the user document is new enough , This status code is very useful .
205 Reset Content
No new documents . But the browser should reset what it shows . Used to force the browser to clear form input .
206 Partial Content
The customer sent a Range The head of the GET request , The server completes it .
3xx: Redirect
300 Multiple Choices
Multiple choice . Link list . The user can choose a link to reach the destination . Up to five addresses are allowed .
301 Moved Permanently
The requested page has been moved to the new url.
302 Found
The requested page has been temporarily moved to the new url.
303 See Other
The requested page can be in another url Next found .
304 Not Modified
The document was not modified as expected . The client has buffered documents and made a conditional request ( Generally provided If-Modified-Since The header indicates that the customer only wants to update documents that are older than the specified date ). Server tells customer , The original buffered document can still be used .
305 Use Proxy
The document requested by the customer should pass Location Proxy extraction indicated by header .
306 Unused
This code is used in the previous version . It is no longer in use , But the code is still preserved .
307 Temporary Redirect
The requested page has been temporarily moved to a new url.
4xx: Client error
400 Bad Request
The server failed to understand the request .
401 Unauthorized
The requested page needs a user name and password .
Login failed .
Login failed due to server configuration .
because ACL Restrict resources without authorization .
Filter authorization failed .
ISAPI/CGI Application authorization failed .
Access was Web On the server URL Authorization policy rejection . This error code is IIS 6.0 Dedicated .
402 Payment Required
This code is not yet available .
403 Forbidden
Access to the requested page is prohibited .
Execution access is forbidden .
Read access is disabled .
Write access is disabled .
requirement SSL.
requirement SSL 128.
IP Address denied .
Require client certificate .
Site access denied .
Too many users .
Invalid configuration .
Password change .
Access denied to map .
Client certificate is revoked .
Reject directory list .
Client access permission exceeded .
Client certificate is not trusted or invalid .
The client certificate has expired or is not yet valid .
The requested cannot be performed in the current application pool URL. This error code is IIS 6.0 Dedicated .
Cannot execute for clients in this application pool CGI. This error code is IIS 6.0 Dedicated .
Passport Login failed . This error code is IIS 6.0 Dedicated .
404 Not Found
The server could not find the requested page .
( nothing )– No files or directories found .
Unable to access on requested port Web Site .
Web Service extension lock policy prevents this request .
MIME Mapping policy prevents this request .
405 Method Not Allowed
The method specified in the request is not allowed .
406 Not Acceptable
The response generated by the server cannot be accepted by the client .
407 Proxy Authentication Required
Users must first use a proxy server for authentication , So that the request can be processed .
408 Request Timeout
The request exceeds the waiting time of the server .
409 Conflict
Due to conflict , The request could not be completed .
410 Gone
Requested page is not available .
411 Length Required
"Content-Length" Undefined . If there is no such content , The server will not accept the request .
412 Precondition Failed
The precondition in the request is evaluated as failed by the server .
413 Request Entity Too Large
Because the requested entity is too large , The server will not accept the request .
414 Request-url Too Long
because url Too long , The server will not accept the request . When post The request is converted to get When asked , That's what happens .
415 Unsupported Media Type
Because the media type is not supported , The server will not accept the request .
416 Requested Range Not Satisfiable
The server cannot meet the requirements specified by the client in the request Range head .
417 Expectation Failed
Execution failure .
Locked error .
5xx: Server error
500 Internal Server Error
Request not completed . The server is in an unpredictable situation .
The application is busy Web Restart on server .
Web Server too busy .
Direct request not allowed Global.asa.
UNC Incorrect authorization credentials . This error code is IIS 6.0 Dedicated .
URL Authorization store cannot be opened . This error code is IIS 6.0 Dedicated .
Inside ASP error .
501 Not Implemented
Request not completed . The server does not support the requested function .
502 Bad Gateway
Request not completed . The server received an invalid response from the upstream server .
CGI Application timeout .
CGI Application error .
503 Service Unavailable
Request not completed . Server temporarily overloaded or down .
504 Gateway Timeout
gateway timeout .
505 HTTP Version Not Supported
The server does not support HTTP edition .


Request header :

Header explain Example
Accept Specify the type of content the client can receive Accept: text/plain, text/html
Accept-Charset The character encoding set that the browser can accept . Accept-Charset: iso-8859-5
Accept-Encoding Specify what the browser can support web The server returns the content compression encoding type . Accept-Encoding: compress, gzip
Accept-Language Browser acceptable language Accept-Language: en,zh
Accept-Ranges You can request one or more sub range fields of a web entity Accept-Ranges: bytes
Authorization HTTP Authorized certificate of Authorization Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
Cache-Control Specifies the caching mechanism that requests and responses follow Cache-Control: no-cache
Connection Indicates whether a persistent connection is required .(HTTP 1.1 Persistent connection by default ) Connection: close
Cookie HTTP When the request is sent , Will save all the cookie Value sent to web The server . Cookie: $Version=1; Skin=new;
Content-Length Requested content length Content-Length: 348
Content-Type The requested corresponds to the entity MIME Information Content-Type: application/x-www-form-urlencoded
Date The date and time when the request was sent Date: Tue, 15 Nov 2010 08:12:31 GMT
Expect The specific server behavior of the request Expect: 100-continue
From Of the requesting user Email From: [email protected]
Host Specify the domain name and port number of the requested server Host:
If-Match Only the request content matches the entity is valid If-Match: “737060cd8c284d8af7ad3082f209582d”
If-Modified-Since If the requested part is modified after the specified time, the request succeeds , If it is not modified, it will return 304 Code If-Modified-Since: Sat, 29 Oct 2010 19:43:31 GMT
If-None-Match If the content does not change, return 304 Code , The parameter is sent by the server Etag, In response to the server Etag Compare and judge whether it changes If-None-Match: “737060cd8c284d8af7ad3082f209582d”
If-Range If the entity does not change , The server sends the missing part of the client , Otherwise send the whole entity . The parameter is Etag If-Range: “737060cd8c284d8af7ad3082f209582d”
If-Unmodified-Since The request succeeds only if the entity has not been modified after the specified time If-Unmodified-Since: Sat, 29 Oct 2010 19:43:31 GMT
Max-Forwards Limit the time that information is sent through agents and gateways Max-Forwards: 10
Pragma Used to contain implementation specific instructions Pragma: no-cache
Proxy-Authorization Authorization certificate to connect to the agent Proxy-Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
Range Request only a part of the entity , Specified scope Range: bytes=500-999
Referer Address of previous web page , The current request page follows , That's the way Referer:
TE The transmission code that the client is willing to accept , And notify the server to accept the ending header information TE: trailers,deflate;q=0.5
Upgrade Specify a transport protocol to the server for conversion ( If the support ) Upgrade: HTTP/2.0, SHTTP/1.3, IRC/6.9, RTA/x11
User-Agent User-Agent The content of contains the requested user information User-Agent: Mozilla/5.0 (Linux; X11)
Via Notify intermediate gateway or proxy address , Communication protocol Via: 1.0 fred, 1.1 (Apache/1.1)
Warning Warning about the message entity Warn: 199 Miscellaneous warning


copyright notice
author[Feichen],Please bring the original link to reprint, thank you.

Random recommended