HTTP l� vi?t t?t c?a HyperText Transfer Protocol. L� m?t giao th?c c� b?n m� World Wide Web s? d?ng (nh� b?n th?y, t?t c? c�c �?a ch? web �?u c� ph?n m? �?u l� /http:/// ho?c /https:///). HTTP x�c �?nh c�ch c�c th�ng �i?p (nh� c�c file v�n b?n, h?nh ?nh �? ho?, �m thanh, video, v� c�c file multimedia ...) ��?c �?nh d?ng v� truy?n t?i ra sao, v� nh?ng h�nh �?ng n�o m� c�c Webserver v� c�c tr?nh duy?t web (browser) ph?i l�m �? ��p ?ng l?i.
HTTP Header l� m?t ph?n c?t l?i c?a HTTP Request v� HTTP Response, trong m?i HTTP Header �?u k�m theo c�c th�ng tin ph?n h?i v� y�u c?u c?a ph�a client v� server.
C�c ph��ng th?c truy v?n c?a HTTP
1. GET
Ph��ng th?c n�y d�ng �? truy xu?t c�c t?p tin nh� HTML, CSS, Javascript v� h?nh ?nh ...
V� d?, khi truy c?p v�o �?a ch? /example.com/tutorials/, d?ng �?u ti�n trong HTTP Request c?a b?n s? c� d?ng nh� sau:
Ph��ng th?c n�y d�ng �? g?i d? li?u �?n server. Ph��ng th?c POST th�?ng ��?c g?i �?n server d�?i d?ng form, v� d?:
L�c n�y HTTP Request s? c� d?ng nh� sau:
4. HEAD
Ph��ng th?c n�y d�ng �? l?y th�ng tin v? c�c header. C�ch ho?t �?ng c?a HEAD c?ng gi?ng nh� GET. Nh�ng ph�a server ch? tr? v? c�c th�ng tin c?a header, v� d?:
5. PUT
Ph��ng th?c n�y d�ng �? upload 1 file n�o �� l�n server.
6. OPTIONS
Khi s? d?ng ph��ng th?c n�y ph�a server s? ph?n h?i m?t d?ng Allow k�m theo c�c ph��ng th?c m� ph�a client c� th? s? d?ng, v� d?:
HTTP Status Code
Trong m?i HTTP Response �?u ch?a m?t status code, c�c status code n�y cho bi?t k?t qu? truy v?n m� server tr? v?. C�c status code ��?c chia th�nh 5 nh�m:
* 1xx: Th�ng tin.
* 2xx: Truy v?n th�nh c�ng.
* 3xx: Client ��?c chuy?n h�?ng (redirect) �?n m?t �?a ch? web kh�c.
* 4xx: Truy v?n n�y c� l?i.
* 5xx: Server b?t g?p l?i trong khi th?c hi?n truy v?n.
200 OK
Truy v?n th�nh c�ng.
301 Moved Permanently
URL ��?c y�u c?u �? chuy?n v?nh vi?n t?i m?t URL m?i v� trong t��ng lai, n?u client mu?n truy c?p t�i nguy�n c?a URL n�y th? n�n s? d?ng URL �? ��?c chuy?n h�?ng (redirect).
304 Not Modified
Ch? d?n tr?nh duy?t s? d?ng b?n sao c?a trang web trong b? nh? cache m� tr?nh duy?t �? l�u trong l?n truy c?p tr�?c ��.
400 Bad Request
B?n s? nh?n th?y status code n�y n?u nh� g?i m?t truy v?n kh�ng h?p l? l�n web server.
401 Unauthorized
N?u nh� truy c?p v�o m?t trang web y�u c?u nh?p m?t kh?u v� b?n s? th?y status code n�y n?u nh� nh?p sai.
403 Forbidden
B?n s? nh?n ��?c status code n�y truy c?p v�o m?t �?a ch? c?m c?a Server. �?a ch? web n�y kh�ng ��?c ph�p truy c?p.
404 Not Found
M?t truy v?n kh�ng ��?c t?m th?y tr�n server.
405 Method Not Allowed
B?n �ang s? d?ng m?t ph��ng th?c m� web server kh�ng h? tr?. V� d? n?u b?n s? d?ng ph��ng th?c POST m� web server kh�ng h? tr? th? b?n s? th?y status code n�y.
500 Internal Server Error
Server �? b?t g?p l?i trong khi th?c hi?n truy v?n ��?c g?i t? ph�a client.
503 Service Unavailable
?ng d?ng tr�n server kh�ng ph?n h?i l?i truy v?n c?a client ho?c c� th? ?ng d?ng n�y kh�ng ho?t �?ng n?a.
HTTP Request
To�n b? c�c th�ng tin c?a HTTP Request v� HTTP Response �?u bao g?m 1 ho?c nhi?u c�c header. ��?c c�ch nhau b?ng m?i d?ng ri�ng bi?t. V� d? sau c?a HTTP Request:
* D?ng �?u ti�n cho th?y �ang s? d?ng ph��ng th?c *GET*. Phi�n b?n HTTP ��?c s? d?ng l� 1.1, c�c phi�n b?n c?a HTTP g?m 1.0 v� 1.1. Nhi?u tr?nh duy?t web m?c �?nh s? d?ng phi�n b?n 1.1.
* Referer cho ta bi?t r?ng URL tr�n c� ngu?n g?c t? �?a ch? n�o. ? v� d? tr�n Referer cho th?y truy v?n //books/search.asp?q=example/ ��?c g?i t? �?a ch? /http://example.com/books/default.asp/
* User-Agent d�ng �? cung c?p cho web server bi?t l� ta �ang d�ng tr?nh duy?t web n�o. Trong �o?n User-Agent tr�n cho th?y r?ng ta �ang s? d?ng Windows XP v� tr?nh duy?t IE 7. (T?m hi?u th�m
* Host cho bi?t b?n �ang g?i truy v?n �?n host n�o. �i?u n�y r?t h?u �ch n?u nh� nhi?u trang web c�ng �?t chung 1 web server.
* Cookie ��?c g?i l?i l�n web server n?u nh� tr�?c ��y �? t?ng truy c?p v�o �?a ch? n�y.
HTTP Response
Sau khi client g?i HTTP Request l�n server th? server s? g?i l?i HTTP Response.
V� d?:
* D?ng �?u ti�n l� phi�n b?n HTTP 1.1 ��?c s? d?ng. M?t status code l� 200 cho bi?t l� truy v?n n�y th�nh c�ng.
* Server cho bi?t th�ng tin v? web server. ? v� d? tr�n web server ��?c s? d?ng l� Apache v� h? �i?u h�nh Unix. Tuy nhi�n th�ng tin v? web server c� th? kh�ng ch�nh x�c.
* Pragma ? v� d? cho th?y tr?nh duy?t web kh�ng l�u tr? c�c ph?n h?i (response) n�o trong b? nh? cache.
* Content-Type cho th?y r?ng ph?n th�ng tin tr�n g?m c� HTML.
* Content-Length cho bi?t �? d�i c?a g�i tin ph?n h?i t? ph�a server g?i v?, ��?c t�nh b?ng byte.
HTTP Header trong HTTP Request
Accept-Encoding
V� d? tr�n cho th?y l� ph�a client ch?p nh?n �?nh d?ng gzip, vi?c n�y c� th? l�m ti?t ki?m b�ng th�ng.
Accept-Language
If-Modified-Since
N?u nh� n?i dung trang web ��?c tr?nh duy?t l�u l?i trong b? nh? cache. V� l?n sau n?u truy c?p n?a th? tr?nh duy?t s? g?i:
User Agent
Cookie
N?u nh� tr�?c �� b?n �? truy c?p v�o m?t trang web n�o �� th? cookie n�y s? g?i l�n web server.
Host
T�n hostname m� ph�a client mu?n g?i HTTP Request. Hostname n�y bao g?m domain v� subdomain.
Vd:
Host: example.com
Referer
N?u nh� b?n truy c?p v�o �?a ch? /example.com/books/default.asp/ v� click b?t k? li�n k?t n�o th? Referer Header s? l�:
Referer: http://example.com/books/default.asp
HTTP Header trong HTTP Response
Content-Length
Web server th�ng b�o cho ph�a client v? dung l�?ng c?a g�i tin g?i cho ph�a client. �i?u n�y r?t t?t cho vi?c download v? tr?nh duy?t c� th? d? �o�n m?t bao nhi�u th?i gian �? download. V� d?:
Header n�y cho bi?t th�ng tin v? �?nh d?ng c?a v�n b?n. V� d? n?u nh� l� m?t trang html th? k?t qu? s? tr? v? l�:
Header n�y tr? v? m?t �?nh d?ng m? ho� n?i dung, v� d?:
Header n�y d�ng �? l�u tr? b? nh? trong cache, v� d?:
Expires
Th�ng b�o cho tr?nh duy?t bi?t c�c n?i dung n�y c� hi?u l?c trong bao l�u k? t? l�c ph�a server ph?n h?i l?i, v� d?:
Last-Modified
L?n cu?i c�ng �o?n v�n b?n ��?c ch?nh s?a, th?i gian �?nh d?ng trong GMT, v� d?:
Location
Header n�y ��?c s? d?ng �? chuy?n h�?ng (redirect). V?i status code l� 301 ho?c 302.
Pragma
Cho ph�p tr?nh duy?t c� ��?c l�u v�o trong b? nh? cache kh�ng. V� d?:
Server
HTTP Header l� m?t ph?n c?t l?i c?a HTTP Request v� HTTP Response, trong m?i HTTP Header �?u k�m theo c�c th�ng tin ph?n h?i v� y�u c?u c?a ph�a client v� server.
C�c ph��ng th?c truy v?n c?a HTTP
1. GET
Ph��ng th?c n�y d�ng �? truy xu?t c�c t?p tin nh� HTML, CSS, Javascript v� h?nh ?nh ...
V� d?, khi truy c?p v�o �?a ch? /example.com/tutorials/, d?ng �?u ti�n trong HTTP Request c?a b?n s? c� d?ng nh� sau:
GET /tutorials/ HTTP/1.12. POST
Ph��ng th?c n�y d�ng �? g?i d? li?u �?n server. Ph��ng th?c POST th�?ng ��?c g?i �?n server d�?i d?ng form, v� d?:
<form method="POST" action="login.php">
Username: <input type="text" name="username" />
Email: <input type="text" name="email" />
<input type="submit" name="action" value="Submit" />
</form>
L�c n�y HTTP Request s? c� d?ng nh� sau:
POST /login.php HTTP/1.1
Host: example.com
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://example.com/test.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 43
first_name=John&last_name=Doe&action=Submit
4. HEAD
Ph��ng th?c n�y d�ng �? l?y th�ng tin v? c�c header. C�ch ho?t �?ng c?a HEAD c?ng gi?ng nh� GET. Nh�ng ph�a server ch? tr? v? c�c th�ng tin c?a header, v� d?:
HTTP/1.1 200 OK
Date: Mon, 18 Aug 2013 22:44:11 GMT
Server: Apache/1.3.26 (Unix)
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Content-Language: EN
Connection: close
Content-Type: text/html; charset=ISO-8859-1
5. PUT
Ph��ng th?c n�y d�ng �? upload 1 file n�o �� l�n server.
6. OPTIONS
Khi s? d?ng ph��ng th?c n�y ph�a server s? ph?n h?i m?t d?ng Allow k�m theo c�c ph��ng th?c m� ph�a client c� th? s? d?ng, v� d?:
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Tue, 31 Oct 2013 08:00:29 GMT
Connection: close
Allow: GET, HEAD, POST, TRACE, OPTIONS
Content-Length: 0
HTTP Status Code
Trong m?i HTTP Response �?u ch?a m?t status code, c�c status code n�y cho bi?t k?t qu? truy v?n m� server tr? v?. C�c status code ��?c chia th�nh 5 nh�m:
* 1xx: Th�ng tin.
* 2xx: Truy v?n th�nh c�ng.
* 3xx: Client ��?c chuy?n h�?ng (redirect) �?n m?t �?a ch? web kh�c.
* 4xx: Truy v?n n�y c� l?i.
* 5xx: Server b?t g?p l?i trong khi th?c hi?n truy v?n.
200 OK
Truy v?n th�nh c�ng.
301 Moved Permanently
URL ��?c y�u c?u �? chuy?n v?nh vi?n t?i m?t URL m?i v� trong t��ng lai, n?u client mu?n truy c?p t�i nguy�n c?a URL n�y th? n�n s? d?ng URL �? ��?c chuy?n h�?ng (redirect).
304 Not Modified
Ch? d?n tr?nh duy?t s? d?ng b?n sao c?a trang web trong b? nh? cache m� tr?nh duy?t �? l�u trong l?n truy c?p tr�?c ��.
400 Bad Request
B?n s? nh?n th?y status code n�y n?u nh� g?i m?t truy v?n kh�ng h?p l? l�n web server.
401 Unauthorized
N?u nh� truy c?p v�o m?t trang web y�u c?u nh?p m?t kh?u v� b?n s? th?y status code n�y n?u nh� nh?p sai.
403 Forbidden
B?n s? nh?n ��?c status code n�y truy c?p v�o m?t �?a ch? c?m c?a Server. �?a ch? web n�y kh�ng ��?c ph�p truy c?p.
404 Not Found
M?t truy v?n kh�ng ��?c t?m th?y tr�n server.
405 Method Not Allowed
B?n �ang s? d?ng m?t ph��ng th?c m� web server kh�ng h? tr?. V� d? n?u b?n s? d?ng ph��ng th?c POST m� web server kh�ng h? tr? th? b?n s? th?y status code n�y.
500 Internal Server Error
Server �? b?t g?p l?i trong khi th?c hi?n truy v?n ��?c g?i t? ph�a client.
503 Service Unavailable
?ng d?ng tr�n server kh�ng ph?n h?i l?i truy v?n c?a client ho?c c� th? ?ng d?ng n�y kh�ng ho?t �?ng n?a.
HTTP Request
To�n b? c�c th�ng tin c?a HTTP Request v� HTTP Response �?u bao g?m 1 ho?c nhi?u c�c header. ��?c c�ch nhau b?ng m?i d?ng ri�ng bi?t. V� d? sau c?a HTTP Request:
GET /books/search.asp?q=example HTTP/1.1
Accept: image/gif, image/xxbitmap, image/jpeg, image/pjpeg,
application/xshockwaveflash, application/vnd.msexcel,
application/vnd.mspowerpoint, application/msword, */*
Referer: http://example.com/books/default.asp
Accept-Language: en-gb,en-us;q=0.5
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Host: example.com
Cookie: lang=en; JSESSIONID=0000tI8rk7joMx44S2Uu85nSWc_:vsnlc502
* D?ng �?u ti�n cho th?y �ang s? d?ng ph��ng th?c *GET*. Phi�n b?n HTTP ��?c s? d?ng l� 1.1, c�c phi�n b?n c?a HTTP g?m 1.0 v� 1.1. Nhi?u tr?nh duy?t web m?c �?nh s? d?ng phi�n b?n 1.1.
* Referer cho ta bi?t r?ng URL tr�n c� ngu?n g?c t? �?a ch? n�o. ? v� d? tr�n Referer cho th?y truy v?n //books/search.asp?q=example/ ��?c g?i t? �?a ch? /http://example.com/books/default.asp/
* User-Agent d�ng �? cung c?p cho web server bi?t l� ta �ang d�ng tr?nh duy?t web n�o. Trong �o?n User-Agent tr�n cho th?y r?ng ta �ang s? d?ng Windows XP v� tr?nh duy?t IE 7. (T?m hi?u th�m
* Host cho bi?t b?n �ang g?i truy v?n �?n host n�o. �i?u n�y r?t h?u �ch n?u nh� nhi?u trang web c�ng �?t chung 1 web server.
* Cookie ��?c g?i l?i l�n web server n?u nh� tr�?c ��y �? t?ng truy c?p v�o �?a ch? n�y.
HTTP Response
Sau khi client g?i HTTP Request l�n server th? server s? g?i l?i HTTP Response.
V� d?:
HTTP/1.1 200 OK
Date: Tue, 17 Dec 2013 03:30:53 GMT
Server: IBM_HTTP_SERVER/1.3.26.2 Apache/1.3.26 (Unix)
Set-Cookie: tracking=tI8rk7joMx44S2Uu85nSWc
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 24246
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html lang="en">
<head>
<meta http-equiv="Content-Type" content=�text/html;
charset=iso-8859-1�>
* D?ng �?u ti�n l� phi�n b?n HTTP 1.1 ��?c s? d?ng. M?t status code l� 200 cho bi?t l� truy v?n n�y th�nh c�ng.
* Server cho bi?t th�ng tin v? web server. ? v� d? tr�n web server ��?c s? d?ng l� Apache v� h? �i?u h�nh Unix. Tuy nhi�n th�ng tin v? web server c� th? kh�ng ch�nh x�c.
* Pragma ? v� d? cho th?y tr?nh duy?t web kh�ng l�u tr? c�c ph?n h?i (response) n�o trong b? nh? cache.
* Content-Type cho th?y r?ng ph?n th�ng tin tr�n g?m c� HTML.
* Content-Length cho bi?t �? d�i c?a g�i tin ph?n h?i t? ph�a server g?i v?, ��?c t�nh b?ng byte.
HTTP Header trong HTTP Request
Accept-Encoding
Accept-Encoding: gzip,deflateTh�ng b�o cho web server bi?t l� ph�a client ch?p nh?n lo?i �?nh d?ng m? ho� n�o.
V� d? tr�n cho th?y l� ph�a client ch?p nh?n �?nh d?ng gzip, vi?c n�y c� th? l�m ti?t ki?m b�ng th�ng.
Accept-Language
Accept-Language: en-gb,en-us;q=0.5Header cho bi?t ng�n ng? m?c �?nh c?a ph�a client. N?u nh� trang web c� nhi?u ng�n ng? th? ph�a client s? ��?c chuy?n h�?ng �?n ng�n ng? ph� h?p h�n.
If-Modified-Since
N?u nh� n?i dung trang web ��?c tr?nh duy?t l�u l?i trong b? nh? cache. V� l?n sau n?u truy c?p n?a th? tr?nh duy?t s? g?i:
If-Modified-Since: Sat, 28 Nov 2009 06:38:19 GMTN?u nh� kh�ng c� b?t k? thay �?i n�o th? server s? g?i m?t status code 304. Sau �� tr?nh duy?t s? load n?i dung ��?c l�u trong b? nh? cache �? l�u tr�?c ��.
User Agent
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)�o?n header tr�n c� th? cho ta bi?t v? th�ng tin sau: tr?nh duy?t, h? �i?u h�nh. ��y ch�nh l� l? do t?i sao c�c web server bi?t ng�?i d�ng �ang d�ng h? �i?u h�nh v� tr?nh duy?t g?. V� d? n?u nh� web server ph�t hi?n ng�?i d�ng �ang d�ng tr?nh duy?t tr�n �i?n tho?i th? s? chuy?n h�?ng �?n phi�n b?n mobile c?a trang web.
Cookie
Cookie: lang=en; JSESSIONID=0000tI8rk7joMx44S2Uu85nSWc_:vsnlc502
N?u nh� tr�?c �� b?n �? truy c?p v�o m?t trang web n�o �� th? cookie n�y s? g?i l�n web server.
Host
T�n hostname m� ph�a client mu?n g?i HTTP Request. Hostname n�y bao g?m domain v� subdomain.
Vd:
Host: example.com
Referer
N?u nh� b?n truy c?p v�o �?a ch? /example.com/books/default.asp/ v� click b?t k? li�n k?t n�o th? Referer Header s? l�:
Referer: http://example.com/books/default.asp
HTTP Header trong HTTP Response
Content-Length
Web server th�ng b�o cho ph�a client v? dung l�?ng c?a g�i tin g?i cho ph�a client. �i?u n�y r?t t?t cho vi?c download v? tr?nh duy?t c� th? d? �o�n m?t bao nhi�u th?i gian �? download. V� d?:
Content-Length: 24246Content-Type
Header n�y cho bi?t th�ng tin v? �?nh d?ng c?a v�n b?n. V� d? n?u nh� l� m?t trang html th? k?t qu? s? tr? v? l�:
Content-Type: text/html;charset=ISO-8859-1text/html l� m?t trong c�c �?nh d?ng th�?ng g?p nhi?u. Ngo�i ra header n�y c?n c� �?nh d?ng h?nh ?nh:
Content-Type: image/gifContent-Encoding
Header n�y tr? v? m?t �?nh d?ng m? ho� n?i dung, v� d?:
Content-Encoding: gzipEtag
Header n�y d�ng �? l�u tr? b? nh? trong cache, v� d?:
Etag: "pub1259380237;gz"Khi server g?i header n�y cho ph�a client th? tr?nh duy?t s? l�u l?i gi� tr? n�y l?i. L?n sau n?u nh� c?n truy c?p ti?p th? tr?nh duy?t s? g?i HTTP Request sau:
If-None-Match: "pub1259380237;gz"N?u nh� gi� tr? c?a header n�y h?p v?i server th? client nh?n status code 304. L�c n�y tr?nh duy?t s? load n?i d?ng t? trong b? nh? cache m� kh�ng c?n nh? t?i server.
Expires
Th�ng b�o cho tr?nh duy?t bi?t c�c n?i dung n�y c� hi?u l?c trong bao l�u k? t? l�c ph�a server ph?n h?i l?i, v� d?:
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified
L?n cu?i c�ng �o?n v�n b?n ��?c ch?nh s?a, th?i gian �?nh d?ng trong GMT, v� d?:
Last-Modified: Sat, 28 Nov 2009 03:50:37 GMT
Location
Header n�y ��?c s? d?ng �? chuy?n h�?ng (redirect). V?i status code l� 301 ho?c 302.
Pragma
Cho ph�p tr?nh duy?t c� ��?c l�u v�o trong b? nh? cache kh�ng. V� d?:
Pragma: no-cacheSet-Cookie
Set-Cookie: tracking=tI8rk7joMx44S2Uu85nSWcWeb server s? g?i cookie cho ph�a client v� ph�a client s? g?i cookie n�y l?i cho web server trong c�c l?n truy c?p ti?p theo.
Server
Server: IBM_HTTP_SERVER/1.3.26.2 Apache/1.3.26 (Unix)Cung c?p th�ng tin v? server v� h? �i?u h�nh ��?c s? d?ng.
Chap 21 - Nh?ng ki?n th?c c� b?n �? tr? th�nh hacker : HTTP Header
4/
5
Oleh
Unknown
