HTTP Protocol Overview

The HyperText Transfer Protocol (HTTP) is the de facto standard for transferring World Wide Web documents, although it is designed to be extensible to almost any document format. HTTP Version 1.1 is documented in RFC 2068; version 1.0 (depricated) is documented in RFC 1945.

HTTP operates over TCP connections, usually to port 80, though this can be overridden and another port used. After a successful connection, the client transmits a request message to the server, which sends a reply message back. HTTP messages are human-readable, and an HTTP server can be manually operated with a command such as telnet server 80.

The simplest HTTP message is "GET url", to which the server replies by sending the named document. If the document doesn't exist, the server will probably send an HTML-encoded message stating this. I say probably, because this simple method offers poor error handling and has been deprecated in favor of the more elaborate scheme outlined below.

A complete HTTP 1.0 message begins "GET url HTTP/1.0". The addition of the third field indicates that full headers are being used. The client may then send additional header fields, one per line, terminating the message with a blank link. The server replies in a similar vein, first with a series of header lines, then a blank line, then the document proper.

Here a sample HTTP 1.0 exchange:

GET / HTTP/1.0   >
                 >
                    < HTTP/1.0 200 OK
                    < Date: Wed, 18 Sep 1996 20:18:59 GMT
                    < Server: Apache/1.0.0
                    < Content-type: text/html
                    < Content-length: 1579
                    < Last-modified: Mon, 22 Jul 1996 22:23:34 GMT
                    <
                    < HTML document

The use of full headers is preferred for several reasons:

• The first line of a server header includes a response code indicating the success or failure of the operation.

• One of the server header fields will be Content-type:, which specifies a MIME type to describe how the document should be interpreted.

• If the document has moved, the server can specify its new location with a Location: field, allowing the client to transparently retry the request using the new URL.

• The Authorization: and WWW-Authenticate: fields allow access controls to be placed on Web documents.

• The Referer: field allows the client to tell the server the URL of the document that triggered this request, permitting savvy servers to trace clients through a series of requests.

In addition to GET requests, clients can also send HEAD and POST requests, of which POSTs are the most important. POSTs are used for HTML forms and other operations that require the client to transmit a block of data to the server. After sending the header and the blank line, the client transmits the data. The header must have included a Content-Length: field, which permits the server to determine when all the data has been received.