Principes d'ergonomie des interfaces WEB ( INTERNET / INTRANET )
Internet Engineering Course Web Servers. Introduction Company needs to provide various web services...
-
Upload
robyn-ball -
Category
Documents
-
view
213 -
download
0
Transcript of Internet Engineering Course Web Servers. Introduction Company needs to provide various web services...
Internet Engineering Course
Web Servers
IntroductionCompany needs to provide various
web services◦Hosting intranet applications◦Company web site◦Various internet applications
Therefore there is a need to provide http server◦First we have a look at what http protocol
is◦Then we talk about Web Servers and
Apache as leading web server application
The World Wide Web (WWW) Global hypertext system Initially developed in 1989
◦ By Tim Berners Lee at the European Laboratory for Particle Physics, CERN in Switzerland.
◦ To facilitate an easy way of sharing and editing research documents among a geographically dispersed groups of scientists.
In 1993, started to grow rapidly◦ Mainly due to the NCSA developing a Web browser
called Mosaic (an X Window-based application) First graphical interface to the Web More convenient
browsing Flexible way people can navigate through worldwide
resources in the Internet and retrieve them
Web Browsers
Provides access to a Web server
Basic components◦HTML interpreter◦HTTP client used to
retrieve HTML pagesSome also support
◦FTP, NTTP, POP, SMTP, …
Web ServersDefinitions
◦A computer, responsible for accepting HTTP requests from clients, and serving them Web pages.
◦A computer program that provides the above mentioned functionality.
Common features◦Accepting HTTP requests from the network◦Providing HTTP response to the requester
Typically consists of an HTML
◦Usually capable of logging Client requests/Server responses
Web Servers cont.Returned content
◦Static Comes from an existing file
◦Dynamic Dynamically generated by some other
program/script called by the Web server.
Path translation◦Translate the path component of a
URL into a local file system resource Path specified by the client is relative to
the server’s root dir
Overall organization of the Web.
• Basic function operation is to fetch documents– Client issues requests, browser displays document– Server responsible for retrieving document from local file system
• Client/server communications based on HTTP protocol
Basic Client/Server Architecture in WWW
Dynamic Content
Parts of documents may be specified via scripts/programs
Client-side (executed on client machine, e.g., within the browser)◦ Client-side script - Script embedded in html
document◦ Applet - pre-compiled program passed to
clientServer-side (executed on server
machine)◦ Server-side script embedded in document◦ Servelet - precompiled program executed
within the server’s address space◦ CGI scripts
The principle of using server-side CGI programs.• Allows documents can be generated dynamically “on-the-fly”• Provides a standard way for web server to execute a program
using user-provided data as input• To the server, CGI program appears as program responsible for
fetching the requested document
Common Gateway Interface (CGI)
Architectural OverviewArchitectural details of a client and server in
the Web.
• Document fetch (and possibly server-side script): 2b-3b• Execute CGI Script (separate process): 2c-3c-4c• Execute servlet program (run within server): 2a-3a-4a
http protocolDefines the communication between a
web server and a clientUsed to deliver virtually all files and
other data (collectively called resources) on the World Wide Web
A browser is an HTTP client because it sends requests to an HTTP server (Web server
The standard (and default) port for HTTP servers to listen on is 80, though they can use any port.
Structure of http transactionsRequest/Response, text based
protocolFormat of a http message:
<initial line, different for request vs. response>
Header1: value1 Header2: value2 Header3: value3 <optional message body goes here, like
file contents or query data; it can be many lines long, or even binary data >
13
The Format of a RequestThe Format of a Request
method sp URL sp versionheader
cr lf: value cr lf
header : value cr lfcr lf
Entity Body
headerslines
14
Request ExampleGET /index.html HTTP/1.1 [CRLF]Accept: image/gif, image/jpeg [CRLF]User-Agent: Mozilla/4.0 [CRLF]Host: www.ui.ac.ir:80 [CRLF]Connection: Keep-Alive [CRLF][CRLF]
Request Example
GET /index.html HTTP/1.1Accept: image/gif, image/jpegUser-Agent: Mozilla/4.0Host: www.ui.ac.ir:80Connection: Keep-Alive[blank line here]
methodrequest URL
version
headers
16
The Format of a ResponseThe Format of a Response
version spstatus codesp phraseheader
cr lf: value cr lf
header : value cr lfcr lf
Entity Body
headerslines
statusline
17
HTTP/1.0 200 OK Date: Fri, 31 Dec 1999 23:59:59 GMT Content-Type: text/html Content-Length: 1354
<html> <body> <h1>Hello World</h1> (more file contents) . . . </body> </html>
Response Example
18
HTTP/1.0 200 OK Date: Fri, 31 Dec 1999 23:59:59 GMT Content-Type: text/html Content-Length: 1354
<html> <body> <h1>Hello World</h1> (more file contents) . . . </body> </html>
Response Exampleversion
message body
headers
reason phrasestatus code
Initial line A typical initial request line:
◦ GET /path/to/file/index.html HTTP/1.0 Initial response line:
◦ HTTP/1.0 200 OK ◦ HTTP/1.0 404 Not Found
Status code:◦ 1xx indicates an informational message only ◦ 2xx indicates success of some kind ◦ 3xx redirects the client to another URL ◦ 4xx indicates an error on the client's part ◦ 5xx indicates an error on the server's part
Common status codes:◦ 200 OK ◦ 404 Not Found ◦ 301 Moved Permanently ◦ 302 Moved Temporarily ◦ 303 See Other (HTTP 1.1 only) ◦ 500 Server Error
Header linesTypical request headers:
◦From: email address of requester◦User-Agent: for example User-agent: Mozilla/3.0Gold
Typical response headers:◦Server: for example Server: Apache/1.2b3-dev
◦Last-modified: for example Last-Modified: , 19 Feb 2006 23:59:59 GMT
Message bodyIn a response, this is where the requested
resource is returned to the client (the most common use of the message body), or perhaps explanatory text if there's an error.
In a request, this is where user-entered data or uploaded files are sent to the server.
If an HTTP message includes a body, there are usually header lines in the message that describe the body. In particular, ◦The Content-Type: header gives the MIME-type of
the data in the body, such as text/html or image/gif.
◦The Content-Length: header gives the number of bytes in the body.
MIME Media typesMultipurpose Internet Mail ExtensionsHTTP sends the media type of the file
using the Content-Type: headerSome important media types are
◦ text/plain, text/html◦ image/gif, image/jpeg◦ audio/basic, audio/wav◦ model/vrml◦ video/mpeg, video/quicktime◦ application/*, application-specific data that
does not fall under any other MIME category, e.g. application/octet-stream
Sample HTTP exchangeTo retrieve the file at the URL
http://www.somehost.com/path/file.html Request:
GET /path/file.html HTTP/1.0 From: [email protected] User-Agent: HTTPTool/1.0 [blank line here]
Response:HTTP/1.0 200 OK Date: Fri, 31 Dec 1999 23:59:59 GMT Content-Type: text/html Content-Length: 1354 <html> <body> <h1>Happy New
Millennium!</h1> (more file contents) . . . </body> </html>
HTTP methods GET: request a resource by url HEAD
◦ is just like a GET request, except it asks the server to return the response headers only, and not the actual resource (i.e. no message body).
◦ This is useful to check characteristics of a resource without actually downloading it, thus saving bandwidth.
POST◦ A POST request is used to send data to the server
to be processed in some way, like by a CGI script.◦ There's a block of data sent with the request, in the
message body. There are usually extra headers to describe this message body, like Content-Type: and Content-Length:.
◦ The request URI is not a resource to retrieve; it's usually a program to handle the data you're sending.
◦ The HTTP response is normally program output, not a static file.
HTTP 1.1It is a superset of HTTP 1.0. Improvements
include:◦Faster response, by allowing multiple
transactions to take place over a single persistent connection.
◦Faster response and great bandwidth savings, by adding cache support.
◦Faster response for dynamically-generated pages, by supporting chunked encoding, which allows a response to be sent before its total length is known.
◦Efficient use of IP addresses, by allowing multiple domains to be served from a single IP address.
26
Manually Experimentingwith HTTP
>telnet eng.ui.ac.ir 80Trying 192.168.50.84…Connected to eng.ui.ac.irEscape character is ‘^]’.
27
Sending a Request
> GET /~ladani/index.htm HTTP/1.0
[blank line]
28
The ResponseHTTP/1.1 200 OKDate: Fri, 29 Feb 2008 08:23:33 GMTServer: Apache/2.0.52 (CentOS)Last-Modified: Wed, 07 Nov 2007 12:27:44 GMTETag: "6ccb6-741c-43e55e05a5000"Accept-Ranges: bytesContent-Length: 29724Connection: closeContent-Type: text/html; charset=WINDOWS-1256<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html> <head> <metahttp-equiv="Content-Type" content="text/html; charset=windows-
1252"> <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
….
29
GET /~ladani/index.htm HTTP/1.0
HTTP/1.1 200 OK
HTML code
30
GET /~ladani/no-such-page.htm HTTP/1.0
HTTP/1.1 404 Not Found
HTML code
31
GET /index.html HTTP/1.1
HTTP/1.1 400 Bad Request
HTML code
Why is it a Bad Request?
HTTP/1.1 without Host Header
Session-persistent State What does session-persistent state mean?
◦ State information that is preserved between browsing sessions.
◦ Information that is stored semi-permanently (i.e., on disk) for later access.
Why was calculator example not session-persistent?◦ Sum, current display, etc. not preserved if we
went to a different website and back to calculator.
Why session-persistence?User-based customizations.
◦MyYahoo, E*Trade, etc.Long transactions.
◦Electronic shopping carts.◦Order preparation
Server-side state maintenance.◦Large amounts of state info that you
don’t want to pass back and forth.
Cookie OverviewHTTP cookies are a mechanism for
creating and using session-persistent state.
Cookies are simple string values that are associated with a set of URL’s.
Servers set cookies using an HTTP header.
Client transmits the cookie as part of HTTP request whenever an associated URL is visited in the future.
Anatomy of a cookie.Cookie has 6 parts:
◦ Name◦ Value◦ Domain◦ Path ◦ Expiration◦ Security flag
Name and Value are required, others have default value.
Setting a cookie.A cookie is set using the “Set-
cookie” header in an HTTP response.
String value of the Set-cookie header is parsed into semi-colon separated fields that define the different parts of the cookie.
Cookie is stored by the client.
Sending cookiesEvery time a client makes an HTTP
request, it tests every cookie for a match.
Cookies match if…◦ Cookie domain is suffix of URL server. ◦ Cookie expiration has not passed.◦ Cookie path is prefix of URL path.◦ Cookie security flag is on and connection is
secure.If a match is made, then name/value
pair of cookie is sent as “Cookie” header in request.
Setting a CookieFull cookie:Set-Cookie: my_cookie = This is my cookie value; domain=.eng.ui.ac.ir; path=/~ladani; expires Thu, 06-March-08 12:00:00 GMT
Can have more than one Set-Cookie header, or can combine more than one cookie in one header by separating with ,
Cookie MatchingBiggest misunderstanding:
◦Servers do not RETRIEVE cookies!!!!◦Servers RECEIVE cookies previously
planted.Step 1:
◦Some response by server installs cookie with “Set-cookie” header.
◦Client saves cookie to disk.
Cookie MatchingStep 2:
◦Browser goes to some page which matches previously received cookie.
◦Cookie name and value sent in request as “Cookie” HTTP header.
Step 3:◦CGI program detects presence of
cookie and uses it. Where is the cookie info?
Environment variable HTTP_COOKIE
Where are cookies stored on client?
Client-specific locations.No standard.Latest IE stores in a folder
called “Temporary Internet Files”◦Each cookie stored in a separate
file.Netscape stores in
“cookies.txt”
Typical Cookie UsagesCookies as Database Index
◦Most common use of cookies.◦State information is kept in some
sort of database and the cookie acts as an index.
Cookies as State Variables◦Name of cookie is like variable name.◦Value of cookie is state information.
Cookie SecuritySecurity flag restricts when
browser will send a cookie back to server.◦Requires “secure” connection.
For example: https in effect.
What does this mean about when the cookies was set?
First Web ServerBerners-Lee wrote two programs
◦A browser called WorldWideWeb◦The world’s first Web server, which
ran on NeXSTEP The machine is on exhibition at CERN’s
public museum
Most Famous Web ServersApache HTTP Server from Apache
Software FoundationInternet Information Services (IIS)
from MicrosoftGoogle Web Server (GWS)
◦Started from May 2007Lighttpd
◦powers several popular Web 2.0 sites like YouTube, wikipedia and meebo
Web Servers Usage – StatisticsThe most popular Web servers, used for
public Web sites, are tracked by Netcraft Web Server Survey◦Details given by Netcraft Web Server Reports
Apache is the most popular since April 1996
Currently (February 2008) about◦50.93% Apache◦35.56 % Microsoft (IIS, PWS, etc.)◦5.16 % Google◦0.99% Lighttpd
Web Servers Usage – Statistics cont.
Total Sites Across All Domains August 1995 - February 2008
Web Servers Usage – Statistics cont.
Market Share for Top Servers Across All Domains August 1995 - February 2008
Web Servers Usage – Statistics cont.
Totals for Active Servers Across All DomainsJune 2000 - February 2008
Apache (A PAtCHy) Web Server
Origins: NCSA (Univ. of Illinois,Urbana/Champaign)
Now: Apache Software Foundation (www.apache.org), developers world-wide
Most widely used web server today [NetCraft web survey, 2/2008]
Open source software◦ Geographically distributed developers◦ Modular, extensible design needed where third-party
developers could override or extend basic characteristics
Web Server Processing Steps
Accept ClientConnection
Read HTTPRequest Header
FindFile
Send HTTPResponse Header
Read FileSend Data
Apache HTTP Server
Apache Core◦ Receives client request◦ Typically, allocate new process for each incoming request◦ Allocates request record◦ Invokes handlers on individual modules in sequence
Modules register handlers during configuration Handler
◦ Request record passed as single parameter◦ Each handler reads/modifes request record
Web Server PhasesApache core invokes a handler for each
phase Resolve document reference (URI) to a
local file name (or CGI program+parameters)
Client authentication (verify client identity)
Client access control (determine access rights)
Request access control (check if access allowed)
MIME type determination of the response
General phase for handling leftovers (e.g., check syntax of returned response, build up user profile)
Transmission of the response to clientLogging data on the processing of the
request
Referenceshttp://www.jmarshall.com/easy/http/TCP/IP Tutorial and Technical Overview,
Rodriguez, Gatrell, Karas, Peschke, IBM redbooks, August 2001
Wikipedia, the free encyclopediaApache: The Definitive Guide, 2nd edition,
Ben Laurie, Peter Laurie, O’Reilly, February 1999
Webmaster in a nutshell, 1st edition, Stephen Spainhour, Valerie Quercia, O’Reilly, October 1996
Netcraft: February 2006 Web Server Survey