Scribd
Upload
21 views53 pages

Internet Web

Uploaded by

kurokosoul44
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
21 views53 pages

Internet Web

Uploaded by

kurokosoul44
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 53

Internet

and
World Wide Web

The following slides are partly based on https://developer.mozilla.org/en-US/docs/Web/HTTP/ and other


references for education purposes.

1
Framework for this subject

Applications

Web
Web System Programming/ Security Payment Others
Development

Business Model

2
Learning Outcomes/Objectives

n Overview of the Internet and its


associated protocols
n Overview of the following:
¢ Web system
¢ HTTP
¢ Selected HTTP headers and features
¢ Cookies

3
The Internet

R
R
§ Collection of networks
§ Connectionless at the network Internet
level
§ Provide best-effort services R : Router
R
§ Similar to the postal network
Modem

ADSL
ISP
Dedicated
connection
Private
network

4
TCP/IP Model

n The Internet is based on a layered model called TCP/IP.


n Layering is an effective way to simplify complex tasks.

Application Layer Provides a specific application

Provides an end-to-end transport


Transport Layer
service between two hosts
Forwards packets across the
Network Layer network
Provides interface or access to
Link Layer the network

5
Encapsulation of Data

n Starting from the application layer, each layer adds the


required header and passes the packet to the underlying
layer.

Application  Application
Application Data Layer
Header

‚
TCP
ƒ Application
Application Data TCP Layer
Header Header

„
IP TCP Application
Application Data IP Layer
Header Header Header

†
‡
Link IP TCP Application Link Layer
Application Data
Header Header Header Header

6
Packet Forwarding

n The packets/datagrams are forwarded through


the routers.

Host A Host B
Application Application
data
Application Application data

TCP TCP

Routers
IP IP IP IP

Link Link Link Link

7
Link Layer / Internet Access
n Telephone modem 56 Kbps
n DSL 1 – 15 Mbps
n Fiber optic 25 Mbps – 500 Mbps
n Cable 15 Mbps – 300 Mbps
n Satellite 5 Mbps – 15 Mbps
n 4G Up to 100 Mbps
n 5G Up to 10 Gbps
n IEEE 802.11 a/b/g/n (WiFi) 11 – 70 Mbps
n IEEE 802.11ac 500 Mbps – 1 Gbps
n IEEE 802.11ad Up to 7 Gbps

Reference/Source: K. C. Laudon and C. G. Traver, E-Commerce 2020-2021, Pearson, 2020.

8
Network Layer

n After you have “accessed” the Internet or


“linked” up to it, packets need to be forwarded
to the destinations.
n This is similar to forwarding a letter through
the postal networks.
n Two key questions:
q Where is the destination?
q How should the packets be forwarded?
n The network layer handles them.

9
IPv4 Addressing

Class Starts Network Range of IP Main uses


with portion addresses
A 0 First 8 0.0.0.0 – Each network has many hosts.
bits 127.255.255.255
B 10 First 16 128.0.0.0 – Each network has moderate number of
bits 191.255.255.255 hosts.
C 110 First 24 192.0.0.0 – Each network has a few hosts.
bits 223.255.255.255
D 111 N.A. 224.0.0.0 – Multicast address
239.255.255.255
E 1111 N.A. 240.0.0.0 – Reserved for experimental use
247.255.255.255

10
IP Address Example

n 128.0.0.1: Class B address


n 128.0.0.0 = network number
n Host numbers:
q 128.0.0.1, 128.0.0.2…… 128.0.255.254
n 128.0.0.0 = network itself
n 128.0.255.255 = broadcast address

11
Subnets
n RFC 950 (www.ietf.org) specifies how to segment a
Class A/B/C network into subnetworks.
n Part of the host number becomes the subnet number.
n The network prefix plus the subnet number becomes
the effective network number.
n A subnet mask is used to identify the network portion.
n For example subnet mask 255.255.255.0
(11111111.11111111.11111111.00000000) means
that the first 8+8+8=24 bits represent the network
portion.

12
Example
n IP address: 128.0.0.1
n This is a class B network (first 16 bits represent the
network): 128.0.0.0.
n It can have hosts ranging from 128.0.0.1 to
128.0.255.254.
n Let’s use a subnet mask 255.255.255.0 (first 24 bits
represent the network).
n One of the subnets: 128.0.255.0.
n Possible hosts are:
q 128.0.255.1 - 128.0.255.254

13
Routing

192.0.1.0 n Each router


192.0.3.0 forwards packets
based on its routing
table.
R1 R2
n The routing tables
are updated
R3
Destination
dynamically based
Next hop
IP address
192.0.2.0 on the traffic
192.0.1.0 R2
192.0.2.0 R3
situations.
:

14
Routing Protocols

n Intra-domain : forwarding of packets within an


autonomous system

q Distance vector (e.g., RIP)


n Forwards a routing table to the neighbors
q Link state (e.g., OSPF)
n Broadcasts link states to other routers in the
autonomous system to build the routing table

n Inter-domain : forwards packets across different


autonomous systems
q Example: BGP

15
Need for a Transport Layer

n IP only provides best-effort services.


n A transport layer is needed to provide reliable and
efficient services between the sender and receiver.
n The Internet has two transport protocols.
q User datagram protocol (UDP) – connectionless:
multiplex data through “ports”.
q Transmission control protocol (TCP) - connection-
oriented: provides reliable transport services.

16
Overview of TCP
n First the sender and receiver each establishes a
socket (i.e., IP address together with a local port
number).
n A TCP connection is established between the two
sockets.
n Certain port numbers are standardized e.g., 80 for
HTTP.
n TCP is not message-based but byte-based.
n Each data byte is given a 32-bit sequence number for
acknowledgement and flow control purposes.
n Data segments (a 20-byte header plus some data
bytes) are sent over the TCP connection.

17
Transmission Control Protocol (TCP)

n A TCP connection is established by a three-way handshaking


process: sender initiates the connection, receiver acknowledges and
sender acknowledges receiver’s acknowledgement.
n It is byte-based:

Sender’s Receiver’s
Application Application
Process Process

Segments are transferred from the


Application sender’s TCP process to the receiver’s Application
data TCP process through the underlying data
layers

Sender’s SEGMENT
… SEGMENT Receiver’s Reference: L. L. Peterson and B. S. Davie,
TCP 1 N TCP Computer Networks: A System Approach,
Process Process
Morgan Kaufmann, 1996.
Socket
connection

18
Transmission Control Protocol (TCP)

n Flow control: prevents the overloading problem


between the sender and the receiver.
n Congestion control: prevents the overloading
problem in the network.
n Sliding window mechanism: restricts the
amount of data that can be sent.
n The window size is controlled based on
receiver’s acknowledgements.

19
Application Protocols

n Finally, the top layer is the application


layer.
n Make use of the TCP/IP protocol stack to
provide value added services:
n Simple mail transfer protocol (SMTP)
n File transfer protocol (FTP)
n TELNET and Rlogin protocol
n Hyper-text transfer protocol (HTTP)
n Later, we will talk about HTTP.

20
Web System
n Web client: interface to the user
n Internet: communication platform based on the TCP/IP
protocols
n Server: handles the client requests
n Database: provides information for generating the
responses
n HTTP: enables communications between a client and a
server using a request/reply approach

Internet

Web Client Database

Web Server and Application


Server

21
Uniform Resource Locator (URL)
n How to identify a resource (e.g. Web page) on the Internet?
n Answer: Uniform Resource Identifier (URI), two types:
q Uniform Resource Locator (URL)
q Uniform Resource Name (URN): RFC 2141
n Currently, URL is more commonly used.
n Format:
q protocol://domain_name:port/directory/resource
n http://www.vbs.com/welcome/main.html
• the protocol is http
• the domain name is www.vbs.com

• the directory/resource is welcome/main.html (i.e., the file


main.html is stored under the directory called “welcome”)

22
Getting a Web Page
n Utilizing the URL, the browser obtains the corresponding
IP address from the Domain Name System (DNS).
n After receiving the reply, the browser establishes a TCP
connection to the server at port 80 (default port).
n It then issues a GET command to get the page (e.g., GET
/welcome.html).
n The Web server returns the respective file.
n The TCP connection is closed (in the early version of
HTTP) but is kept open in the new version of HTTP.
n The browser shows the text in the file.
n The browser obtains and displays other objects (e.g.
images) in the file.

Reference: A. S. Tanenbaum, Computer Networks, 3rd edn., Prentice-Hall, 1996.

23
Overview of HTTP
n Request/response protocol, stateless (memoryless)
n Request in ASCII format
n Response in Multipurpose Internet Mail Extension (MIME)
format
• text/html – text file in html format

• image/JPEG – image file in JPEG format


• image/GIF – image file in GIF format
n RFC1945 : HTTP/1.0
n RFC2616 : HTTP/1.1
n HTTP/2.0: Binary and multiplexed protocols with compressed
headers
n HTTP/3.0: HTTP over QUIC instead of TCP
n Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP
24
HTTP/1.1
n Persistent connection: the TCP connection
remains opened
n Pipelining of requests
n Sharing of IP addresses : supports multiple
hosts at a server
n Byte range transfer : allows partial transfer
n Better cache control
n Better support for data compression
n Better language support

25
Client’s Request

Request_method Resource_address HTTP/Version_number


General_header(s)
Request_header(s)
Entity_header(s)
Blank_line
Entity_body (Additional_data)

26
Server Response

HTTP/Version_number Status_code Status_message


General_header(s)
Response_header(s)
Entity_header(s)
Blank_line
Entity_body (e.g., Web page)

27
Major Request Methods

n GET
q Requests a Web page.
n HEAD
q Requests the header information of the Web page.
n POST
q Submits additional data to the Web server in the HTTP
request message.

28
Status Code Examples

n 200 OK
n 201 Created
n 204 No content
n 301 Moved Permanently
n 302 Moved Temporarily
n 304 Not Modified
n 400 Bad Request
1xx: Information
n 401 Unauthorized 2xx: Success
n 403 Forbidden 3xx: Redirection
n 404 Not Found 4xx: Client’s error
5xx: Server’s error

29
HTTP Headers - Examples
n Date
q Specifies when (i.e., date and time) the message was
created.
n Pragma (for HTTP/1.0)
q Specifies implementation-specific directives. e.g.,
Pragma=No-cache.
n Authorization
q Forwards authentication information to the Web server.
q Supports a basic authentication scheme - encode
username and password in Base64 format.

30
HTTP Headers - Examples
n From
q Provides the contact email address.

n If-Modified-Since
q Asks the Web server to provide the requested resource only
if it has been modified since the specified date.
n Referer
q Specifies where (i.e., URL) did the client get the address.

n User-Agent
q Provides information on the user agent (Web browser) used
by the Web client.

31
HTTP Headers - Examples

n Allow
q Indicates the request methods e.g., GET, POST and
HEAD allowed.
n Content-Encoding
q Specifies the encoding method (e.g., compression
method).
n Content-Length
q Indicates the size of the content in number of
bytes/octets.

32
HTTP Headers - Examples

n Content-Type
q Indicates the content type e.g., text/html means HTML
document.
n Expire
q Specifies the date and time after which the information
becomes invalid.
n Last-Modified
q Specifies when the content (Web page) was last
modified.

33
HTTP Headers - Examples

n Location
q Provides the new URL for redirection purpose.
n Server
q Provides information about the HTTP server.
n WWW-Authenticate
q Gives the authentication information that the client
must provide.

34
Request Example

GET /main.html HTTP/1.1


If-modified-since: Fri, 1 Feb 2021 20:00:00 GMT
Referer: http://www.abc.com

What does it mean?

35
Response Example

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 600
Date: Sat, 30 Sep. 2022 09:30:00 GMT
Last-Modified: Sat, 30 Sep. 2022 09:00:00 GMT

What does it mean?

36
Passing Data to a Web Server

n GET - Attach to the URL: (query string)


q ?name1=value1&name2=value2&….&nameN=valueN
n http://www.vbs.com/servlet/booksearch?title=ecommerce&year=2022
n Command:
q GET /servlet/booksearch?title=ecommerce&year=2022 HTTP/1.1
n POST - Embed in the HTTP request message
n The entity in the POST request:
q title=ecommerce&year=2022

37
Encoding Scheme

§ Each space becomes a plus.


§ Each nonalphanumeric character becomes a hexidecimal
number preceded by a %.
§ %2F%7Eecommerce%2Flecture2%2Dnotes.html
§ /~ecommerce/lecture2-notes.html
§ Further information:
§ http://www.w3schools.com/tags/ref_urlencode.asp

Reference: M. Hall, Core Web Programming, Prentice Hall, 1998.

38
HTTP Authentication
n A user wants to get a protected document
(secure.html) from a Web server (www.abc.com)
by using HTTP/1.1.
n The document is stored under the directory
“secure”.
n Assume that the basic authentication scheme is
used and the realm is “general”.
n Show the requests/responses if the client enters
the password incorrectly.

Reference: D. Gourley and B. Totty, HTTP: The Definitive Guide, O’Reilly, 2002.

39
HTTP Authentication
n Client
GET /secure/secure.html HTTP/1.1
n Server
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Basic realm=“general”
n Client
GET /secure/secure.html HTTP/1.1
Authorization: Basic xyxyxy
n Server
HTTP/1.1 403 Forbidden
Reference: D. Gourley and B. Totty, HTTP: The Definitive Guide, O’Reilly, 2002.

40
HTTP Caching
n To enhance response time, HTTP caching can be used (i.e., to
serve a request using a saved response).
n There are three types of caches:
q Private caches – for a specific client

q Proxy caches – provided by a proxy server for shared uses (e.g.,

reduce outbound traffic)


q Managed caches – used by service developers for enhancing

service response time for example


n Two major HTTP headers are:
q Cache-control

q Age

n Each saved HTTP response (cache) has two states:


q Fresh – it is still valid

q Stale – it is updated
Reference/Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Caching

41
HTTP Caching – Example 1
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1024
Date: Tue, 22 Feb 2022 22:22:22 GMT
Last-Modified: Tue, 22 Feb 2021 22:22:22 GMT

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1024
Date: Tue, 22 Feb 2022 22:22:22 GMT
Cache-Control: max-age=302400

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 1024
Date: Tue, 22 Feb 2022 22:22:22 GMT
Cache-Control: max-age=302400
Age: 43200
Reference/Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Caching

42
HTTP Caching – Example 2
GET /index.html HTTP/1.1
Host: example.com
Accept: text/html
If-Modified-Since: Tue, 22 Feb 2021 22:00:00 GMT

HTTP/1.1 304 Not Modified


Content-Type: text/html
Date: Tue, 22 Feb 2022 23:00:22 GMT
Last-Modified: Tue, 22 Feb 2021 22:00:00 GMT
Cache-Control: max-age=1800

Reference/Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Caching

43
HTTP Cache-Control
n Cache-Control: no-cache
q Should not store a cache, revalidation is needed

n Cache-Control: max-age=0, must-revalidate


q Effectively no cache

n Cache-Control: no-store
q Similar to no cache but previous stored response can still be used

n Cache-Control: max-age=31536000, immutable


q The response will never change

n Cache-Control: private
q This is for a specific user
Reference/Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Caching

44
HTTP Conditional Requests
n Response is returned based on a validator in the HTTP request.
n There are two key validators:
q Last-Modified – when the resource is last modified

q E-Tag – a unique identifier for the resource (e.g., hash)

n Examples (condition for processing the request or return the resource):


q If-Match – if the E-Tag in the request matches with that of the

resource
q If-Non-Match – if non of the E-Tag(s) in the request matches with that

of the resource
q If-Modified-Since – if the resource has been modified since the

date/time in the request


q If-Unmodified-Since – if the resource has not been modified since the

date/time in the request


Reference/Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Conditional_requests

45
HTTP Range Requests
n If a resource size is large, range requests can be used to get partial content.

n Here is an example:

Request

GET /image.jpg HTTP/1.1


Host: image_server.com
Range: bytes=0-1023

Response

HTTP/1.1 206 Partial Content


Content-Range: bytes 0-1023/132457
Content-Length: 1024

Reference/Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Range_requests

46
HTTP Range Requests
n You can also get multiple ranges using the Range header e.g.,
q Range: bytes=0-50, 100-150

n Example:

HTTP/1.1 206 Partial Content


Content-Type: multipart/byteranges; boundary=4e7c7b416g9c6

-- 4e7c7b416g9c6
Content-Type: text/html
Content-Range: bytes 0-50/1270

-- 4e7c7b416g9c6
Content-Type: text/html
Content-Range: bytes 100-150/1270

Reference/Source: https://developer.mozilla.org/en-US/docs/Web/HTTP/Range_requests

47
HTTP Cookies
n HTTP is stateless.
n Many e-commerce applications are not stateless
q shopping carts

q login

n Use “cookies” to manage sessions, tracking users and supporting


personalisation.
n Cookies: keep state data (e.g. session ID) at the client side.
n Cookie specification : RFC6265.
n There are two types of cookies:
q Session cookies: removed after each session (i.e., removed upon closing a browser)
q Persistent cookies: saved and removed after the expiry time

48
Basic Principle

n Server
q Set-Cookie: CookieName=CookieValue
n Client
q Cookie : CookieName=CookieValue

49
Simple Shopping Cart Example

n There are two items in the shopping cart : “11111” and


“22222”.
n “33333” is put into the shopping cart.
n Server
q Set-Cookie: Item3=33333

n Client
q Cookie: Item1=11111

q Cookie: Item2=22222
q Cookie: Item3=33333
n In reality, a session ID is stored for retrieving the information
(e.g. from a database).

50
Major Cookie Headers (RFC 6265)

• Expires – specifies when the cookie will expire.


• Path – specifies where (directory path) to send the
cookies.
• Domain – specifies which domain the cookie is effective.
• Secure – applies to secure connection only.
• Comment – provides information on the cookie.
• Max-Age – specifies the cookie’s lifetime in seconds.

51
Example

n Set-Cookie: Credit=111; Secure;


Expires=Wednesday, 07-Dec-2022 10:00:00 GMT;
Domain=abc.com

52
Question
A client wants to get a protected resource “webpage.html” from
the root directory of a web server running on web.abc.com if it
has been changed since Mon, 23 Jan 2023 11:30:00 GMT. The
basic authentication scheme is used with the realm of “normal”.
Suppose that the password is entered correctly and the resource
has been modified on Tue, 24 Jan 2023 11:30:00 GMT. The
response date is Wed, 25 Jan 2023 11:30:00 GMT. The modified
resource should not be cached and a cookie called Session with a
value of 123 should be stored. Show the HTTP/1.1 requests and
responses. State any assumptions or provide other information
(e.g., you may assume any non-specified value(s)), if required.

53

You might also like