Lecture Week

03: HTTP
Dr. Hamed Hamzeh
06/02/2025
Introduction to HTTP
Hyper Text
Transfer Protocol
• HTTP, which stands for Hypertext
Transfer Protocol, was created by Sir
Tim Berners-Lee, a British computer
scientist.
• He developed HTTP while working at
CERN (European Organization for
Nuclear Research) in 1989, as part of
the foundation for the World Wide
Web.
• HTTP is the protocol that enables
communication and the transfer of
data on the World Wide Web.
HTTP History

1991 1997–1999 2018

HTTP/0.9
•Initial version by Tim Berners-Lee.
•Simple protocol for plain text data.
HTTP/1.1 HTTP/3
•Introduced persistent connections. •Uses QUIC transport protocol.
•Pipelining for concurrent requests. •Focus on reducing latency, improving security.
•Host headers for multiple websites on one IP. •Ongoing development for evolving internet
•Optimizations for caching and compression. demands.

HTTP/2
HTTP/1.0 •Binary framing for concurrent streams.
•Allowed different data types. •Header compression and multiplexing.
•Enabled multiple objects over a single TCP •Backward-compatible with HTTP/1.1.
connection. •Significant performance enhancements.

1996 2015
Position of HTTP in the OSI Model
The OSI (Open Systems Interconnection) model is a conceptual framework
that standardizes the functions of a communication system into seven
abstraction layers.

HTTP operates at the Application Layer (Layer 7) of the OSI model.

The Application Layer deals with high-level protocols, user interfaces, and network-
aware applications.
Key Points: HTTP is responsible for communication between applications, specifically web
browsers, and servers.
Basics of HTTP Request

Request Methods: Request Headers:

GET: Retrieve data from the server. Host: Specifies the domain name of the
POST: Send data to the server to create a server.
resource. User-Agent: Identifies the user agent (e.g.,
browser) making the request.

GET /index.html HTTP/1.1 Host: www.example.com User-

Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
 HTTP request message
▪ two types of HTTP messages: request, response
▪ HTTP request message:
• ASCII (human-readable format) carriage return character
line-feed character
request line (GET, POST,
GET /index.html HTTP/1.1\r\n
HEAD commands) Host: www-net.cs.umass.edu\r\n
User-Agent: Firefox/3.6.10\r\n
Accept: text/html,application/xhtml+xml\r\n
header Accept-Language: en-us,en;q=0.5\r\n
lines Accept-Encoding: gzip,deflate\r\n
Accept-Charset: ISO-8859-1,utf-8;q=0.7\r\n
Keep-Alive: 115\r\n
Connection: keep-alive\r\n
carriage return, line feed \r\n
at start of line indicates
end of header lines
Overview of HTTP Methods

HTTP Methods:

• HTTP defines several methods that indicate the desired action to be

performed on a resource.
• Commonly used methods include GET, POST, PUT, DELETE, and more.

Purpose:

• Each method serves a specific purpose in interacting with resources on

the server.
HTTP GET Method

GET Method: Example: HTTP Request:

Used to request data from a A browser requesting a webpage.
GET /index.html HTTP/1.1
specified resource.
Requests should only retrieve
data and should not have any
other effect on the server.
HTTP POST Method
Used to submit data to be processed to a specified
resource.
POST Method: Often used when uploading a file or submitting a
form.

Example: Submitting a form with user data.

POST /submit-form HTTP/1.1 Content-Type:

HTTP Request: application/x-www-form-urlencoded
username=johndoe&password=secretpassword
 HTTP PUT Method

PUT Method: Example: HTTP Request:

Used to update a resource or Updating the content of an PUT /update-document HTTP/1.1
create a new resource if it doesn't existing document. Content-Type: text/plain This
exist. is the updated content.
The request typically contains the
full representation of the
resource.
HTTP DELETE Method

DELETE Method: Example: HTTP Request:

Used to request the removal of a Deleting a user account. DELETE /user/johndoe HTTP/1.1
resource from the server.
The server decides whether to
delete the resource or not.
 Additional HTTP Methods
HTTP defines additional methods like HEAD, OPTIONS, PATCH, and more.
HEAD: Similar to GET but retrieves headers only.
Other Methods:
OPTIONS: Describes the communication options for the target resource.
PATCH: Applies partial modifications to a resource.

Usage: These methods provide additional functionality and flexibility in various scenarios.
Basics of HTTP Response

Status Codes:

• 200 OK: Successful request.

• 404 Not Found: Requested resource not found.
• Response Headers:

Content-Type: Specifies the type of data in the response.

Server: Identifies the server software.

HTTP/1.1 200 OK Content-Type: text/html

Server: Apache/2.4.41 (Unix)
Common HTTP Response Codes
HTTP 200 OK – Success

Explanation:

• The server successfully processed the request, and the

response contains the requested information.
• This is the standard response for successful HTTP
requests.
HTTP response message

status line (protocol HTTP/1.1 200 OK\r\n

status code status phrase) Date: Sun, 26 Sep 2010 20:09:20 GMT\r\n
Server: Apache/2.0.52 (CentOS)\r\n
Last-Modified: Tue, 30 Oct 2007 17:00:02 GMT\r\n
ETag: "17dc6-a5c-bf716880"\r\n
header Accept-Ranges: bytes\r\n
Content-Length: 2652\r\n
lines Keep-Alive: timeout=10, max=100\r\n
Connection: Keep-Alive\r\n
Content-Type: text/html; charset=ISO-8859-1\r\n
\r\n
data data data data data ...

data, e.g., requested

HTML file
HTTP response
codes
• Three-digit numbers that are returned by a server in
response to a client's request.
• These codes provide information about the status of
the request and help in troubleshooting and
understanding the outcome of the request.
1xx Informational Codes

100 Continue:

• The server has received the initial part of the request and is
ready to proceed.

101 Switching Protocols:

• The server is switching protocols as requested by the client.

 2xx Success Codes

200 OK: • The request was successful.

• The request was successful, and a new

201 Created: resource was created.

• The request was successful, but there

204 No Content: is no content to send back.
3xx Redirection Codes

301 Moved Permanently:

• The requested resource has been permanently moved to a new location.

• Example: URL structure change.

302 Found (or 303 See Other):

• Indicates that the requested resource is temporarily located at another URI.

• Example: Temporary redirection.

307 Temporary Redirect:

• Similar to 302 but explicitly indicates that the request method should not change.
 Client Error Codes

400 Bad Request: The server 401 Unauthorized: The request 404 Not Found: The requested
cannot understand the request requires user authentication. resource could not be found on
due to a client error. the server.
 5xx Server Error Codes

500 Internal Server Error:

• The server encountered an unexpected condition that
prevented it from fulfilling the request.

503 Service Unavailable:

• The server is currently unavailable to handle the request due to
maintenance or overload.
Question
• Imagine a scenario where a user submits a form on a website to perform an action, such as submitting a comment
or making a purchase. After the action is completed, the server wants to redirect the user back to a specific page,
typically the page they were on before submitting the form. Which http response code you may get from the server?
 HTTP is a stateless protocol,
meaning each request is
independent and has no
knowledge of previous requests.

Statelessness Cookies and sessions are used to

of HTTP maintain state between requests.

A user logging into a website

might receive a session cookie
Example: to maintain their
authenticated state.
 HTTPS (Hypertext Transfer Protocol
Secure) is the secure version of HTTP.

It encrypts data using SSL/TLS to

ensure confidentiality and integrity.
HTTPS and
Security SSL/TLS encryption.
Secure Sockets Layer (SSL)
Security Measures: and its successor Transport
Layer Security (TLS)
protocols.

https://www.example.com
Example: indicates a secure
connection.
Maintaining user/server state: cookies
Web sites and client browser use
cookies to maintain some state
between transactions
four components:
1) cookie header line of HTTP response
message
2) cookie header line in next HTTP
request message
3) cookie file kept on user’s host,
managed by user’s browser
4) back-end database at Web site
Example:
▪ Susan uses browser on laptop,
visits specific e-commerce site
for first time
▪ when initial HTTP requests
arrives at site, site creates:
• unique ID (aka “cookie”)
• entry in backend database for
ID
• subsequent HTTP requests from
Susan to this site will contain
cookie ID value, allowing site to
“identify” Susan
Maintaining user/server state: cookies
client
server
ebay 8734 usual HTTP request msg Amazon server
cookie file creates ID
usual HTTP response 1678 for user backend
create
ebay 8734 set-cookie: 1678 entry database
amazon 1678

usual HTTP request msg

cookie: 1678 cookie- access
specific
usual HTTP response msg action

one week later:

access
ebay 8734 usual HTTP request msg
amazon 1678 cookie: 1678 cookie-
specific
usual HTTP response msg action
time time
HTTP cookies: comments

aside
What cookies can be used for: cookies and privacy:
▪ authorization ▪ cookies permit sites to
▪ shopping carts learn a lot about you on
their site.
▪ recommendations
▪ third party persistent
▪ user session state (Web e-mail) cookies (tracking cookies)
allow common identity
(cookie value) to be
Challenge: How to keep state: tracked across multiple
▪ protocol endpoints: maintain state at
web sites
sender/receiver over multiple transactions
▪ cookies: HTTP messages carry state
 Web caches (proxy servers)
Goal: satisfy client request without involving origin server
▪ user configures browser to point
to a Web cache proxy
▪ browser sends all HTTP requests server
to cache client
origin
• if object in cache: cache server

returns object to client

• else cache requests object
from origin server, caches
received object, then client
returns object to client origin
server
Caching example
Scenario:
▪ access link rate: 1.54 Mbps origin
▪ RTT from institutional router to server: 2 sec servers
▪ Web object size: 100K bits public
Internet
▪ Average request rate from browsers to origin
servers: 15/sec
▪ average data rate to browsers: 1.50 Mbps
1.54 Mbps
access link
Performance: problem: large
▪ LAN utilization: .0015 delays at high institutional
network
▪ access link utilization = .97 utilization! 1 Gbps LAN

▪ end-end delay = Internet delay +

access link delay + LAN delay
= 2 sec + minutes + usecs
 Caching example: buy a faster access link
Scenario: 154 Mbps
▪ access link rate: 1.54 Mbps origin
▪ RTT from institutional router to server: 2 sec servers
▪ Web object size: 100K bits public
Internet
▪ Avg request rate from browsers to origin
servers: 15/sec
▪ avg data rate to browsers: 1.50 Mbps 154 Mbps
1.54 Mbps
access link
Performance:
▪ LAN utilization: .0015 institutional
network
▪ access link utilization = .97 .0097 1 Gbps LAN

▪ end-end delay = Internet delay +

access link delay + LAN delay
= 2 sec + minutes + usecs
Cost: faster access link (expensive!) msecs
 Caching example: install a web cache
Scenario:
▪ access link rate: 1.54 Mbps origin
▪ RTT from institutional router to server: 2 sec servers
▪ Web object size: 100K bits public
Internet
▪ Avg request rate from browsers to origin
servers: 15/sec
▪ avg data rate to browsers: 1.50 Mbps
1.54 Mbps
access link
Performance:
▪ LAN utilization: .? How to compute link
institutional
network
▪ access link utilization = ? utilization, delay? 1 Gbps LAN

▪ average end-end delay = ?

Cost: web cache (cheap!) local web cache
Caching example: install a web cache
Calculating access link utilization, end-
end delay with cache: origin
▪ suppose cache hit rate is 0.4: 40% requests servers
satisfied at cache, 60% requests satisfied at public
Internet
origin
▪ access link: 60% of requests use access link
▪ data rate to browsers over access link
1.54 Mbps
= 0.6 * 1.50 Mbps = .9 Mbps access link
▪ utilization = 0.9/1.54 = .58 institutional
network
▪ average end-end delay 1 Gbps LAN
= 0.6 * (delay from origin servers)
+ 0.4 * (delay when satisfied at cache)
local web cache
= 0.6 (2.01) + 0.4 (~msecs) = ~ 1.2 secs
lower average end-end delay than with 154 Mbps link (and cheaper too!)
 Domain Name System(DNS)
It is a decentralized naming system that translates domain names (e.g., example.com) into IP addresses (e.g.,
192.0.2.1) . There are different record types:

A (Address) Record: This record type maps a domain name to an IPv4 address. It provides the IP address associated
with a hostname.

AAAA (IPv6 Address) Record: This record type maps a domain name to an IPv6 address. It provides the IPv6 address
associated with a hostname.

CNAME (Canonical Name) Record: This record type provides an alias or canonical name for a domain. It allows a
domain name to be associated with another domain name.

MX (Mail Exchanger) Record: This record type specifies the mail servers responsible for accepting incoming emails for
a domain. It provides information about the email servers that should be used to send emails to a particular domain

DNS (Name Server) Record: This record type specifies the authoritative name servers for a domain. It provides
information about the servers responsible for handling DNS queries for a particular domain.
HTTP/2

Content:HTTP/2 Overview: Advantages:

Developed to overcome limitations of Faster loading times, reduced latency, and
HTTP/1.1. improved efficiency.
A binary protocol that brings performance
improvements.
Multiplexing, header compression, and
prioritization are key features.
 Multiple requests and
responses can be sent
Multiplexing: concurrently over a single
connection.

Header Headers are compressed to

reduce overhead, improving
Compression: efficiency.

Key Features
of HTTP/2
Requests can be assigned
Prioritization: priority levels to optimize
resource loading.

Loading multiple resources

in parallel without waiting for
Example: one to complete before
starting another.
 Performance Improvements:
• HTTP/2 performs better than HTTP/1.1
due to its advanced features.
HTTP/2 in Multiplexing Comparison:
Comparison • HTTP/1.1 relies on multiple
to HTTP/1.1 connections for parallelism, while
HTTP/2 uses a single connection.

Example:
• Faster page load times and improved
user experience.
 Server and Browser Support:
• Ensure that both servers and clients support
HTTP/2.

Configuration:
Considerations • Update server configurations to enable
HTTP/2.
for Migrating
to HTTP/2 Testing:
• Thoroughly test the website/application for
compatibility.

Example:
• Verifying that both the server and the client
support HTTP/2.
 Introduction to HTTP/3:

• Ongoing development to further

enhance web communication.
• Based on the QUIC protocol, aiming to
improve performance and security.
Future
Trends - Advancements:

HTTP/3 • Reduced latency, improved security, and

better handling of packet loss.

Example:

• Potential for even faster and more

secure communication.
 Understanding Sockets:

• Sockets are communication endpoints

that allow data transfer between a
client and a server.
Sockets and • HTTP, being a protocol, utilizes sockets
for communication between clients
HTTP and servers.

Interaction Connection Establishment:

• Sockets are used to establish

connections between clients and
servers, facilitating HTTP
communication.
Java and HTTP
Socket Interaction in HTTP - Overview
Client-Side Interaction:
The client creates a socket and initiates a
connection to the server.
The client sends an HTTP request using the
socket.
Server-Side Interaction:
The server accepts the connection, creates a
new socket for communication, and
processes the HTTP request.
The server sends an HTTP response back to
the client using the socket.
HTTP in Java

The com.sun.net.httpserver package includes classes to create an

HTTP server and handle HTTP requests.

The main class in this package is HttpServer, which is responsible

for creating and managing the server.

It allows you to create contexts for different URIs and associate

handlers with these contexts to handle incoming HTTP requests.
Overview of Java's java.net Package

The java.net package in Java is a core package that provides

fundamental networking functionality.

It includes classes and interfaces for working with URLs, sockets, and
network connections.

java.net is crucial for implementing HTTP communication in Java

applications.
URL Class

• Represents a Uniform Resource Locator.

• Used for creating, parsing, and manipulating URLs.
• Example:

URL url = new URL("https://example.com");

URLConnection Class

• Abstract class that represents a communication link between an

application and a URL.
• Serves as the superclass for HttpURLConnection.
• Example:

URLConnection connection = url.openConnection();

HttpURLConnection Class

• Extends URLConnection and provides specific support for HTTP.

• Allows setting HTTP request methods, headers, and handling responses.
• Example:

HttpURLConnection httpURLConnection = (HttpURLConnection) url.openConnection();

 HTTPServer in Java

HTTPServer is a class in the com.sun.net.httpserver package in Java.

It provides a simple HTTP server framework for creating and handling HTTP
requests.

import com.sun.net.httpserver.HttpServer;
import com.sun.net.httpserver.HttpHandler;
import com.sun.net.httpserver.HttpExchange;

HttpServer server = HttpServer.create(new InetSocketAddress(port), 0);

HTTPServer Class
HTTP Handlers
• HTTP handlers handle incoming requests and generate responses.
• Implement the HttpHandler interface:
HTTP Exchange Methods
Example
 HTTP Status Codes in Java

HTTP Status Codes: Handling Responses:

HTTP responses include status codes that Demonstrates how to use HttpURLConnection
indicate the result of the request. to check and handle different HTTP status
Java provides classes like HttpURLConnection codes.
to handle HTTP responses.
Handling HTTP Status Codes - Example 1
• Checking Status Code:
• Demonstrates checking the HTTP status code using HttpURLConnection.
• Example shows handling a successful response (status code 200).
Handling HTTP Status Codes - Example 3
Multi-Threading for Sockets
Single-Threaded Socket Programming

Traditional (Single-threaded) Socket Communication:

• In single-threaded socket programming, each client request is processed sequentially.

• The server handles one client at a time, moving on to the next once the current task is
completed.
• Simple and straightforward approach but has limitations.

Limitations and Challenges:

• Limited Scalability:
• Handling multiple clients concurrently becomes challenging.
• Performance may degrade as the number of clients increases.
• Blocking Nature:
• The server blocks while waiting for a client request to be processed.
• If one client takes a long time, other clients have to wait.
 • Handling Multiple Clients Simultaneously:
• In traditional single-threaded socket programming, handling
one client at a time may lead to scalability issues.
• Multithreading enables concurrent processing of multiple client
requests.
• Each client connection is assigned its own thread, allowing
parallel execution.
Multithreading • Improving Performance and Responsiveness:
in Sockets • Parallel Execution:
• Multithreading allows the server to process multiple client
requests concurrently, significantly improving throughput.
• Tasks that would otherwise block the server can be
parallelized.
• Reduced Latency:
• With multithreading, the server can respond to clients
more quickly, reducing the overall latency of the system.
• Clients experience improved responsiveness and faster
service.