5 Mart 2015 Perşembe

HTTP protokolü üzerine.

HTTP protokolünün şeması




Kullanıcı tarafından bir adres görüntülenmek istendiğinde, ilgili adrese bir request gönderilir.

Bu request, sunucu tarafında değerlendirilerek bir response oluşturulur ve istemciye geri gönderilir. Burada browser tarafından oluşturulan request nesnesinde kullanıcı tarafından girilen bazı bilgiler de gönderilir. Mesela kullanıcı adı ve şifre gibi.

Örnek bir request mesajı


Bir request mesajı nelerden oluşur?

<request-line>
<general-headers>
<request-headers>
<entity-headers>
<empty-line>
[<message-body>]

Yukarıdaki sıralama bir request mesajının anatomisidir.
Bu listedeki request header'lar "Host" haricinde tamamen opsiyoneldir. Yani bulunmaları mecburi değildir.
Yani sadece request line ve Host header'ı bir request yollamak için yeterlidir.

Örneğin şu request geçerlidir:

GET /index.html HTTP/1.1
Host: www.example.com

Bütün alanlar <CR><LF> ile bitmek zorundadır. 
CR: carriage return
LF: line feed
Empty-line alanı sadece <CR><LF> den oluşur. Başka karakter içeremez.

Request mesajının ilk satırı yani "request line" neler içerir?

Request mesajının ilk satırı şöyledir:
request-method-name request-URI HTTP-version

Buradaki metod : HTTP 1.1de tanımlanan 8 metoddan biri (örneğin GET)
Request-uri : İstenilen kaynağın adresi (örneğin /index.html)
Http-version : HTTP/1.1

Request line örnekleri:
GET /test.html HTTP/1.1
HEAD /query.html HTTP/1.0
POST /index.html HTTP/1.1

Request line'daki HTTP request (istek) metodları nelerdir?

GET: Dosya çağırma komutudur.
HEAD: Get komutuna benzer ancak sadece başlık bilgilerini gönderir.
POST: Web servera veri yollamak için kullanılır. Parametre içerir.
DELETE: Serverdan dosyayı silmesini ister.
OPTIONS: Serverdan desteklediği metodların listesini ister.
PUT: Bir veriyi serverda saklamak üzere gönderir.
TRACE: Serverdan yaptığı işlemlerin diagnostic trace ini göndermesini ister.
CONNECT:SSL bağlantılarının proxy ile yapılmasında kullanılır.

En çok kullanılan http request metodları Get ve Post metodlarıdır.
Get metodu basit istekler veya bilgi alma amaçlı kullanılır.
Post ise daha kompleks istekler veya veritabanı işlemleri için kullanılabilir. 

Request'te bulunan header'lar nelerdir?

HTTP headerları name:value yani isim:değer çiftleridir.
Birden fazla değer araya virgül konarak belirtilebilir.

Örnek request headerları:
Host: www.xyz.com
Connection: Keep-Alive
Accept: image/gif, image/jpeg, */*
Accept-Language: us-en, fr, cn

HTTP request leri test etmek

Telnet ile bir servera TCP/IP bağlantısı kurup direkt olarak http requestleri gönderebiliriz.
Örneğin:
> telnet
telnet> help
... telnet help menu ...
telnet> open 127.0.0.1 8000
Connecting To 127.0.0.1...
GET /index.html HTTP/1.0
(Hit enter twice to send the terminating blank line ...)
... HTTP response message ...

Ya da örneğin Java'da Socket kullanarak bir http client yazabiliriz:
import java.net.*;
import java.io.*;
   
public class HttpClient {
   public static void main(String[] args) throws IOException {
      // The host and port to be connected.
      String host = "127.0.0.1";
      int port = 8000;
      // Create a TCP socket and connect to the host:port.
      Socket socket = new Socket(host, port);
      // Create the input and output streams for the network socket.
      BufferedReader in
         = new BufferedReader(
              new InputStreamReader(socket.getInputStream()));
      PrintWriter out
         = new PrintWriter(socket.getOutputStream(), true);
      // Send request to the HTTP server.
      out.println("GET /index.html HTTP/1.0");
      out.println();   // blank line separating header & body
      out.flush();
      // Read the response and display on console.
      String line;
      // readLine() returns null if server close the network socket.
      while((line = in.readLine()) != null) {
         System.out.println(line);
      }
      // Close the I/O streams.
      in.close();
      out.close();
   }
}

Örnek bir response mesajı

Bir response mesajı nelerden oluşur?

<status-line>
<general-headers>
<response-headers>
<entity-headers>
<empty-line>
[<message-body>]
[<message-trailers>]

Yukarıdaki sıralama bir response mesajının anatomisidir.

Response mesajının ilk satırı yani "status line" neler içerir?

Status line şu şekildedir: <HTTP-VERSION> <status-code> <reason-phrase>
HTTP-Version: Server'ın kullandığı http protokolü versiyonunu belirtir (örneğin HTTP/1.1)
Status-code : 3 haneli durum kodu (örneğin 200)
Reason-phrase : Durum açıklaması (örneğin OK)

Örnek bir response'tan status line:
HTTP/1.1 200 OK

Status-code yani durum kodları nelerdir?


1xx : Bilgi amaçlı kodlardır
2xx : İşlemin başarılı olduğunu belirtir
3xx : Yönlendirme yapıldığını belirtir
4xx : Client error yani istemcinin gönderdiği istekte bir hata olduğunu belirtir (syntax hatası vb.)
5xx : Server error yani sunucuda bir hata olduğunu belirtir (gönderilen istekte hata olmadığı, serverdan kaynaklanan bir sorun nedeniyle işlemin yapılamadığı anlamına gelir)

En sık görülenler:
200: OK , yani işlem başarılı.
404: not found, yani aradığımız sayfa belirttiğimiz adreste yok.
500: internal server error, yani sunucuda bir hata oluştuğundan isteğimizi gerçekleştiremedi.

Durum kodları tam listesi


100
Continue
Client should continue sending its request. This is a special status code; see below for details.
101
Switching Protocols
The client has used the Upgrade header to request the use of an alternative protocol and the server has agreed.
200
OK
Generic successful request message response. This is the code sent most often when a request is filled normally.
201
Created
The request was successful and resulted in a resource being created. This would be a typical response to a PUT method.
202
Accepted
The request was accepted by the server but has not yet been processed. This is an intentionally “non-commital” response that does not tell the client whether or not the request will be carried out; the client determines the eventual disposition of the request in some unspecified way. It is used only in special circumstances.
203
Non-Authoritative Information
The request was successful, but some of the information returned by the server came not from the original server associated with the resource but from a third party.
204
No Content
The request was successful, but the server has determined that it does not need to return to the client an entity body.
205
Reset Content
The request was successful; the server is telling the client that it should reset the document from which the request was generated so that a duplicate request is not sent. This code is intended for use with forms.
206
Partial Content
The server has successfully fulfilled a partial GET request. See the topic on methods for more details on this, as well as the description of the Range header.
300
Multiple Choices
The resource is represented in more than one way on the server. The server is returning information describing these representations, so the client can pick the most appropriate one, a process called agent-driven negotiation.
301
Moved Permanently
The resource requested has been moved to a new URL permanently. Any future requests for this resource should use the new URL.

This is the proper method of handling situations where a file on a server is renamed or moved to a new directory. Most people don't bother setting this up, which is why URLs “break” so often, resulting in 404 errors as discussed below.
302
Found
The resource requested is temporarily using a different URL. The client should continue to use the original URL. See code 307.
303
See Other
The response for the request can be found at a different URL, which the server specifies. The client must do a fresh GET on that URL to see the results of the prior request.
304
Not Modified
The client sent a conditional GET request, but the resource has not been modified since the specified date/time, so the server has not sent it.
305
Use Proxy
To access the requested resource, the client must use a proxy, whose URL is given by the server in its response.
306
(unused)
Defined in an earlier (draft?) version of HTTP and no longer used.
307
Temporary Redirect
The resource is temporarily located at a different URL than the one the client specified.

Note that 302 and 307 are basically the same status code. 307 was created to clear up some confusion related to 302 that occurred in earlier versions of HTTP (which I'd rather not get into!)
400
Bad Request
Server says, “huh?” J Generic response when the request cannot be understood or carried out due to a problem on the client's end.
401
Unauthorized
The client is not authorized to access the resource. Often returned if an attempt is made to access a resource protected by a password or some other means without the appropriate credentials.
402
Payment Required
This is reserved for future use. Its mere presence in the HTTP standard has caused a lot of people to scratch their chins and go “hmm…” J
403
Forbidden
The request has been disallowed by the server. This is a generic “no way” response that is not related to authorization. For example, if the maintainer of Web site blocks access to it from a particular client, any requests from that client will result in a 403 reply.
404
Not Found
The most common HTTP error message, returned when the server cannot locate the requested resource. Usually occurs due to either the server having moved/removed the resource, or the client giving an invalid URL (misspellings being the most common cause.)
405
Method Not Allowed
The requested method is not allowed for the specified resource. The response includes an Allow header that indicates what methods the server will permit.
406
Not Acceptable
The client sent a request that specifies limitations that the server cannot meet for the specified resource. This error may occur if an overly-restrictive list of conditions is placed into a request such that the server cannot return any part of the resource.
407
Proxy Authentication Required
Similar to 401, but the client must first authenticate itself with the proxy.
408
Request Timeout
The server was expecting the client to send a request within a particular time frame and the client didn't send it.
409
Conflict
The request could not be filled because of a conflict of some sort related to the resource. This most often occurs in response to a PUT method, such as if one user tries to PUT a resource that another user has open for editing, for example.
410
Gone
The resource is no longer available at the server, which does not know its new URL. This is a more specific version of the 404 code that is used only if the server knows that the resource was intentionally removed. It is seen rarely (if ever) compared to 404.
411
Length Required
The request requires a Content-Length header field and one was not included.
412
Precondition Failed
Indicates that the client specified a precondition in its request, such as the use of an If-Match header, which evaluated to a false value. This indicates that the condition was not satisfied so the request is not being filled. This is used by clients in special cases to ensure that they do not accidentally receive the wrong resource.
413
Request Entity Too Large
The server has refused to fulfill the request because the entity that the client is requesting is too large.
414
Request-URI Too Long
The server has refused to fulfill the request because the URL specified is longer than the server can process. This rarely occurs with properly-formed URLs but may be seen if clients try to send gibberish to the server.
415
Unsupported Media Type
The request cannot be processed because it contains an entity using a media type the server does not support.
416
Requested Range Not Satisfiable
The client included a Range header specifying a range of values that is not valid for the resource. An example might be requesting bytes 3,000 through 4,000 of a 2,400-byte file.
417
Expectation Failed
The request included an Expect header that could not be satisfied by the server.
500
Internal Server Error
Generic error message indicating that the request could not be fulfilled due to a server problem.
501
Not Implemented
The server does not know how to carry out the request, so it cannot satisfy it.
502
Bad Gateway
The server, while acting as a gateway or proxy, received an invalid response from another server it tried to access on the client's behalf.
503
Service Unavailable
The server is temporarily unable to fulfill the request for internal reasons. This is often returned when a server is overloaded or down for maintenance.
504
Gateway Timeout
The server, while acting as a gateway or proxy, timed out while waiting for a response from another server it tried to access on the client's behalf.
505
HTTP Version Not Supported
The request used a version of HTTP that the server does not understand.






Hiç yorum yok:

Yorum Gönder