HTTP Protocol

The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems. Hypertext is structured text that uses logical links (hyperlinks) between nodes containing text. HTTP is the protocol to exchange or transfer hypertext. HTTP functions as a request-response protocol in the client-server computing model. HTTP is designed to permit intermediate network elements to improve or enable communications between clients and servers. HTTP is an application layer protocol designed within the framework of the Internet Protocol Suite; it presumes an underlying and reliable transport layer protocol.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi,

I am trying to redirect a IIS 8.0 URL from HTTP to HTTPS. Have installed URL redirect and followed below articles.
But still getting error. Can you please help.

https://www.youtube.com/watch?v=U7USHit5mhY
http://stackoverflow.com/questions/19233094/the-http-request-is-unauthorized-with-client-authentication-scheme-anonymous
HTTP-Redirect-error.jpg
0
I'd like to deepen my understanding / knowledge of core web protocols and technologies.

The web is a great resource - but perhaps I've missed some of the sites that might serve me better ..so I'd appreciate some recommendations.

I'd also appreciate any books you have read and can recommend that can make my understanding of HTTP, IIS, and perhaps even TCP/IP rock solid and practical.

I've been in IT for over 20 years, but I've struggled with web.  I can build and maintain a basic website, but I'd like to understand more about the journey of a web page, from the moment the page is requested up through when the page is done rendering after being sent to the browser from the server.  I don't think I truly deeply understand it.  Not really.  So I'd like to learn it.

for example:

click my test link

This is a link to an HTML page residing on a server I am hosting my website on.  I have no idea where the server is physically located.  This is an HTML page in as simple a format as I can conceive of one.  What journey does it take from clicking on the link to getting the message back in the browser moments later?  I want to know, under the hood, everything that happens as deeply as possible.
0
I have a web page the opens in a window via JavaScript.  I've spent a lot of time debugging without much success.  I do see the following error when I go into Developer Tools for that window (in Chrome):

GET https://localhost:44399/505266b2c97b422994d16354c880340c/browserLink net::ERR_INSECURE_RESPONSE

I am wondering what I might focus on in order to resolve this?
0
I'm trying to read data from external php file using ajax, then I want to assign this data to a javascript document variable. I want to check if my code is ok like that or should I define the variable inside the ajax brackets.

Here is my code:

    $.ajax({
      url: 'http://example.com/mydata.php',
      success: function(data) { alert(data); }  
       });
   
     var foo = data;
0
Hello, I am trying to redirect domainA to domainB via the following entry in my .htaccess file:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^domainA.com
RewriteRule ^(.*) http://domainB.com/en/ [P]

Open in new window


This works quite well as I thought it did but it does not when a person types into the url https://domainA.com 
Then the customer is not redirected to domainB.com.

What am I missing here ?
0
Hello,

I get an error on firefox that this site isn't secure. I have secured every item that I can find, when I do a view source / search I can't even find http://

https://www.mycustomkidsbooks.com/
0
Hi,

We are look in doing some pen testing on our servers.  The Pen testing companies have asked how many pages does our website have?

Is there an online tools?  I have tried  http:site ourdomain.com into google  I got 290  then I try this with an  sub domain, 0 results

The website is written in .net if that helps

Help
0
Hi,

I am working on a project which involves the implementation of an HTTPS "Events Streamer".  I need to open a streaming connection to receive async real time authorized accounts’ events.  Ideally, I need a class object that allows me to initiate the connection and receive the chunked async messages through an event handler into my main form.

Aside from the token requirement which I know how to handle because I already have two function calls already made, one is a WebGetRequest function and the other is a WebPostRequest function.  They are designed as a simple request/response pattern.  However, the Events Streaming seems to be a chunked method where chunks are sent periodically and then need to be received and sent through and event handler into the main form.  I don't quite know how to implement such a thing.

Here is the exact reference to what I am talking about:
http://developer.oanda.com/rest-live/streaming/


Refer to the Events Streaming section.
I need some sample vb.net code to get me going with this...
Very much appreciate the help...
0
Hello there,

We have 3 x Citrix farms with Citrix Secure gateway in DMZ and Netscslers in DMZ and 2 x Citrix URL to access these externally. WE had recent;y SQL injection attacks which bypassed FW and tried to hit WI and SF servers which are in DMZ and SF servers are behind FW.

Please advise how to avoid these type of attacks.

I am aware that these attacks use http/https headers.

Any suggestions?

Please advise.

Thanks and Regards
0
When I run this command http://admin:admin@fibaro.tsc.is/api/devices/4 from Microsoft Edge or wget
I get 400 - Bad Request

When I run the same command from Chrome I get right results.
0
For a pci compliance audit I have to turn off Http headers with any type of information in it it.

Has anyone done this on Netscaler 10.5?
0
I am attempting to install DNS/Bind on a CentOS install that obviously did not include the DNS install option upon original install. I tried to install at the command line as a user with the proper authority and got this error.

___________

[root@localhost yum.repos.d]# yum install bind* -y
Loaded plugins: fastestmirror, langpacks
Could not retrieve mirrorlist http://mirrors.securehost.com/centos/ error was
14: curl#6 - "Could not resolve host: mirrors.securehost.com; Unknown error"

 One of the configured repositories failed (Unknown),
 and yum doesn't have enough cached data to continue. At this point the only
 safe thing yum can do is fail. There are a few ways to work "fix" this:

     1. Contact the upstream for the repository and get them to fix the problem.

     2. Reconfigure the baseurl/etc. for the repository, to point to a working
        upstream. This is most often useful if you are using a newer
        distribution release than is supported by the repository (and the
        packages for the previous distribution release still work).

     3. Disable the repository, so yum won't use it by default. Yum will then
        just ignore the repository until you permanently enable it again or use
        --enablerepo for temporary usage:

            yum-config-manager --disable <repoid>

     4. Configure the failing repository to be skipped, if it is unavailable.
        Note that yum will try to contact the repo. when it runs most …
0
Hi,
I've followed these 2 url instructions and still when I use http it doesn't get redirected.  Instead I would get HTTP 404 error that the resource is not found.  Attached is the web.config from the web server.  I tried both "pattern="off" and pattern="^OFF$"  and they both didn't work.  
Also, in IIS, SSL Setting, I unchecked the "Required SSL".
I also removed this line form the web.config file, "        "<httpRedirect enabled="false" destination="" />"
But that didn't help solve the problem either.  What is this line for?  It was right before the Rewrite Rules section.
I'm attaching the Rules from my web.config file here.

Thank you.
HTTP.txt
0
so i guess im getting all wrapped up in google webmaster tools, seo, page speed..blah blah the whole deal. heheh i cant figure out how to eliminate his one, i have edit my htaccess and thought it would take of it but i guess it did not.. any help would be great.

Leverage browser caching
Setting an expiry date or a maximum age in the HTTP headers for static resources instructs the browser to load previously downloaded resources from local disk rather than over the network.
Leverage browser caching for the following cacheable resources:

    http://assets.pinterest.com/js/pinit_main.js (2.7 minutes)
    http://assets.pinterest.com/js/pinit.js (3.9 minutes)
    http://www.google-analytics.com/analytics.js (2 hours)


my htaccess

Options +FollowSymLinks -Indexes



<IfModule mod_rewrite.c>
  RewriteEngine On

  ## uncomment the following line, if you are having trouble
  ## getting no_script_name to work
  #RewriteBase /

  ## no, so we redirect to our front web controller
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteCond %{REQUEST_FILENAME} !-f
  ## Block start engine when request static file
  #RewriteCond %{REQUEST_FILENAME} !\.(png|gif|jpg|jpeg|css|js|tpl.html|less|twig)$
  RewriteCond %{REQUEST_FILENAME} !\.(png|gif|jpg|jpeg|css|js|less|twig)$
  RewriteRule ^(.*)$ index.php [QSA,L]
</IfModule>

<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType text/html "access plus 10 days"
ExpiresByType image/gif "access
0
We plan to build a cdn with up to six nginx reverse proxy.
But i got my mind complicated. Is tere any way to update all nginx configs at same time  ?
* we decide to use a shared folder to mount remote servers
* we just checked for the master / slave conf.
....etc.

We will glad for any advice
0
we are getting 1000+ get requests like the given below should some body help me how should i block this flood


23:56:48.668164 IP evop26.areserver.net.38393 > 43.101.123.37.salay.com.tr.http: Flags [P.], seq 55371944:55371960, ack 3114960990, win 115, options [nop,nop,TS val 3730753604 ecr 74433803], length 16
EH.DS.@.&.......%{e+...P.L.....^...sI......
.^.D.o..GET / HTTP/1.0

23:56:48.671637 IP bhl-1.bilintel.com.39165 > 43.101.123.37.salay.com.tr.http: Flags [P.], seq 0:16, ack 1, win 115, options [nop,nop,TS val 523522517 ecr 74433234], length 16
E..DR.@.8....T.Z%{e+...PP..ov.q7...s.V.....
.4Q..o..GET / HTTP/1.0

23:56:48.672706 IP bhl-1.bilintel.com.39164 > 43.101.123.37.salay.com.tr.http: Flags [P.], seq 0:16, ack 1, win 115, options [nop,nop,TS val 523522517 ecr 74433234], length 16
E..D*.@.8....T.Z%{e+...P..`"..a....s.......
.4Q..o..GET / HTTP/1.0

23:56:48.684112 IP 5.46.8.17.30782 > 43.101.123.37.salay.com.tr.http: Flags [P.], seq 4022608471:4022608941, ack 2434570519, win 1460, options [nop,nop,TS val 193209 ecr 74405043], length 470




2.900734707 62.81.159.98 -> 37.123.101.43 HTTP 176 GET / HTTP/1.1
2.904401218 216.144.254.162 -> 37.123.101.43 HTTP 176 GET / HTTP/1.1
2.904854808  81.17.231.6 -> 37.123.101.43 HTTP 176 GET / HTTP/1.1
2.904882170 88.198.33.206 -> 37.123.101.43 HTTP 176 [TCP Retransmission] GET / HTTP/1.1
2.907318038 89.143.11.210 -> 37.123.101.43 HTTP 104 GET / HTTP/1.0
2.908602175 82.137.166.90 -> 37.123.101.43 HTTP 176 [TCP 

Open in new window

0
Hi,

I can't access internal resources that require Java. I always get Security Exception errors stating Found unsigned entry in resource: http://internal_ip/configureLogin.jar.

I have added the site to the exclusion list reboot but still no luck.

Windows 2012r2
Downloaded & installed the Java for the first time.

Thx.
0
I have a web app running on Azure with IP & Domain restrictions enabled to Whitelist specific sources.  We want to ensure our app is only used by sources we trust.

A new product we are trying to incorporate uses custom HTTP Headers to validate it's requests to us.  They do not have an IP range or domain name we can whitelist.

Is it possible to add something to the web.config that would allow these inbound HTTP requests through to my web app if the specified custom header is present?
0
Should all pages of a site be ok (no cert error in address bar) in https for any general reason?
0
Windows 7 Home Premium x64 on Toshiba laptop. Both Chrome and IE11 installed. Both browsers get 403 forbidden errors when attempting to access houzz.com. All other sites seem to be fine. Tried clearing browser cache, cookies, all that stuff. Did a system restore to a couple of weeks ago. No change. Ideas?
0
If I go to an online login page and I don't see the "HTTPS" preceding the site address, but I know that the site uses a WSDL for authentication that uses "HTTPS", is this still an unsecure connection?
0
Hi,

I just upgrade the Veeam Backup & Replication from V7 to V8 with latest update patches.

2 VM's is failed in replication, both VM's are running Win Server 2003 SP2 Standard edition, installed with latest guest integration services. The replication error as below:

9/10/2015 4:53:23 PM :: Failed to finalize guest processing. Error: Cannot copy file. Source file: [\\192.1.2.2\ADMIN$\VeeamVssSupport\metadata\VSS\BackupComponents.xml]. Target file: [C:\Users\Administrator\AppData\Local\Temp\253d88fa-267f-40b0-88a6-ca4dc002ca71\BackupComponents.xml].
CopyFile() failed.
Win32 error:The system cannot find the path specified.
 Code: 3

I had performed below troubleshooting but same issue still persist.
http://www.veeam.com/kb1855

Is there any hotfix need to apply in order to rectify this issue? Please advise!
0
RewriteCond     %{REQUEST_URI}  ^/(mysite|yoursite)$
RewriteRule     ^(.*)           $1/     [R=301,L]

Open in new window


As per my understanding when you use R=301 then you need to provide a domain name (e.g. http://example.com) so that redirection can happen, what is the point in redirecting in the same server?
0
I am trying to fix a vulnerability found during a penetration scan. I need to correct the  X-Frame-Options response header and set it to DENY so that the webpage is unable to be opened in a frame. I found this page:

https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options

That says to add this to the <system.webServer> section.

<system.webServer>
  ...

  <httpProtocol>
    <customHeaders>
      <add name="X-Frame-Options" value="SAMEORIGIN" />
    </customHeaders>
  </httpProtocol>

  ...
</system.webServer>

to my web.config file. It looked straightforward enough, so I found that section and added that to the web.config file and still getting the alert when I run the penetration test after the change was made.

I need to know if there is something else I need to do in order for this to be set correctly.
0
Hello,

I am looking for a provider who offers a free plan that would allow checking just a single URL with
https
variables
additonal headers
and that should check it using a PUT request, looking for a keyword in the answer.

Using cron from within the platform, a plain "curl -X PUT -H headers ... https://site.here/dirs.here/login?username=e%40mail.here&password=pwd|grep keyword" would allow doing such an automated 24x7 check.
However, public WebService checking would make more sense from the outside.

I tried literally dozens of providers, most of them offering POST requests at best ... or PUT requests without headers ... or without keyword matching.

Anybody knows a free plan that would offer all of the above altogether ... even in a limited trial offer ?
1

HTTP Protocol

The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems. Hypertext is structured text that uses logical links (hyperlinks) between nodes containing text. HTTP is the protocol to exchange or transfer hypertext. HTTP functions as a request-response protocol in the client-server computing model. HTTP is designed to permit intermediate network elements to improve or enable communications between clients and servers. HTTP is an application layer protocol designed within the framework of the Internet Protocol Suite; it presumes an underlying and reliable transport layer protocol.

Top Experts In
HTTP Protocol
<
Monthly
>