HTTP Protocol

The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems. Hypertext is structured text that uses logical links (hyperlinks) between nodes containing text. HTTP is the protocol to exchange or transfer hypertext. HTTP functions as a request-response protocol in the client-server computing model. HTTP is designed to permit intermediate network elements to improve or enable communications between clients and servers. HTTP is an application layer protocol designed within the framework of the Internet Protocol Suite; it presumes an underlying and reliable transport layer protocol.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi,

We are look in doing some pen testing on our servers.  The Pen testing companies have asked how many pages does our website have?

Is there an online tools?  I have tried  http:site ourdomain.com into google  I got 290  then I try this with an  sub domain, 0 results

The website is written in .net if that helps

Help
0
Hi,

I am working on a project which involves the implementation of an HTTPS "Events Streamer".  I need to open a streaming connection to receive async real time authorized accounts’ events.  Ideally, I need a class object that allows me to initiate the connection and receive the chunked async messages through an event handler into my main form.

Aside from the token requirement which I know how to handle because I already have two function calls already made, one is a WebGetRequest function and the other is a WebPostRequest function.  They are designed as a simple request/response pattern.  However, the Events Streaming seems to be a chunked method where chunks are sent periodically and then need to be received and sent through and event handler into the main form.  I don't quite know how to implement such a thing.

Here is the exact reference to what I am talking about:
http://developer.oanda.com/rest-live/streaming/


Refer to the Events Streaming section.
I need some sample vb.net code to get me going with this...
Very much appreciate the help...
0
Hello there,

We have 3 x Citrix farms with Citrix Secure gateway in DMZ and Netscslers in DMZ and 2 x Citrix URL to access these externally. WE had recent;y SQL injection attacks which bypassed FW and tried to hit WI and SF servers which are in DMZ and SF servers are behind FW.

Please advise how to avoid these type of attacks.

I am aware that these attacks use http/https headers.

Any suggestions?

Please advise.

Thanks and Regards
0
When I run this command http://admin:admin@fibaro.tsc.is/api/devices/4 from Microsoft Edge or wget
I get 400 - Bad Request

When I run the same command from Chrome I get right results.
0
For a pci compliance audit I have to turn off Http headers with any type of information in it it.

Has anyone done this on Netscaler 10.5?
0
I am attempting to install DNS/Bind on a CentOS install that obviously did not include the DNS install option upon original install. I tried to install at the command line as a user with the proper authority and got this error.

___________

[root@localhost yum.repos.d]# yum install bind* -y
Loaded plugins: fastestmirror, langpacks
Could not retrieve mirrorlist http://mirrors.securehost.com/centos/ error was
14: curl#6 - "Could not resolve host: mirrors.securehost.com; Unknown error"

 One of the configured repositories failed (Unknown),
 and yum doesn't have enough cached data to continue. At this point the only
 safe thing yum can do is fail. There are a few ways to work "fix" this:

     1. Contact the upstream for the repository and get them to fix the problem.

     2. Reconfigure the baseurl/etc. for the repository, to point to a working
        upstream. This is most often useful if you are using a newer
        distribution release than is supported by the repository (and the
        packages for the previous distribution release still work).

     3. Disable the repository, so yum won't use it by default. Yum will then
        just ignore the repository until you permanently enable it again or use
        --enablerepo for temporary usage:

            yum-config-manager --disable <repoid>

     4. Configure the failing repository to be skipped, if it is unavailable.
        Note that yum will try to contact the repo. when it runs most …
0
Hi,
I've followed these 2 url instructions and still when I use http it doesn't get redirected.  Instead I would get HTTP 404 error that the resource is not found.  Attached is the web.config from the web server.  I tried both "pattern="off" and pattern="^OFF$"  and they both didn't work.  
Also, in IIS, SSL Setting, I unchecked the "Required SSL".
I also removed this line form the web.config file, "        "<httpRedirect enabled="false" destination="" />"
But that didn't help solve the problem either.  What is this line for?  It was right before the Rewrite Rules section.
I'm attaching the Rules from my web.config file here.

Thank you.
HTTP.txt
0
so i guess im getting all wrapped up in google webmaster tools, seo, page speed..blah blah the whole deal. heheh i cant figure out how to eliminate his one, i have edit my htaccess and thought it would take of it but i guess it did not.. any help would be great.

Leverage browser caching
Setting an expiry date or a maximum age in the HTTP headers for static resources instructs the browser to load previously downloaded resources from local disk rather than over the network.
Leverage browser caching for the following cacheable resources:

    http://assets.pinterest.com/js/pinit_main.js (2.7 minutes)
    http://assets.pinterest.com/js/pinit.js (3.9 minutes)
    http://www.google-analytics.com/analytics.js (2 hours)


my htaccess

Options +FollowSymLinks -Indexes



<IfModule mod_rewrite.c>
  RewriteEngine On

  ## uncomment the following line, if you are having trouble
  ## getting no_script_name to work
  #RewriteBase /

  ## no, so we redirect to our front web controller
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteCond %{REQUEST_FILENAME} !-f
  ## Block start engine when request static file
  #RewriteCond %{REQUEST_FILENAME} !\.(png|gif|jpg|jpeg|css|js|tpl.html|less|twig)$
  RewriteCond %{REQUEST_FILENAME} !\.(png|gif|jpg|jpeg|css|js|less|twig)$
  RewriteRule ^(.*)$ index.php [QSA,L]
</IfModule>

<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType text/html "access plus 10 days"
ExpiresByType image/gif "access
0
We plan to build a cdn with up to six nginx reverse proxy.
But i got my mind complicated. Is tere any way to update all nginx configs at same time  ?
* we decide to use a shared folder to mount remote servers
* we just checked for the master / slave conf.
....etc.

We will glad for any advice
0
we are getting 1000+ get requests like the given below should some body help me how should i block this flood


23:56:48.668164 IP evop26.areserver.net.38393 > 43.101.123.37.salay.com.tr.http: Flags [P.], seq 55371944:55371960, ack 3114960990, win 115, options [nop,nop,TS val 3730753604 ecr 74433803], length 16
EH.DS.@.&.......%{e+...P.L.....^...sI......
.^.D.o..GET / HTTP/1.0

23:56:48.671637 IP bhl-1.bilintel.com.39165 > 43.101.123.37.salay.com.tr.http: Flags [P.], seq 0:16, ack 1, win 115, options [nop,nop,TS val 523522517 ecr 74433234], length 16
E..DR.@.8....T.Z%{e+...PP..ov.q7...s.V.....
.4Q..o..GET / HTTP/1.0

23:56:48.672706 IP bhl-1.bilintel.com.39164 > 43.101.123.37.salay.com.tr.http: Flags [P.], seq 0:16, ack 1, win 115, options [nop,nop,TS val 523522517 ecr 74433234], length 16
E..D*.@.8....T.Z%{e+...P..`"..a....s.......
.4Q..o..GET / HTTP/1.0

23:56:48.684112 IP 5.46.8.17.30782 > 43.101.123.37.salay.com.tr.http: Flags [P.], seq 4022608471:4022608941, ack 2434570519, win 1460, options [nop,nop,TS val 193209 ecr 74405043], length 470




2.900734707 62.81.159.98 -> 37.123.101.43 HTTP 176 GET / HTTP/1.1
2.904401218 216.144.254.162 -> 37.123.101.43 HTTP 176 GET / HTTP/1.1
2.904854808  81.17.231.6 -> 37.123.101.43 HTTP 176 GET / HTTP/1.1
2.904882170 88.198.33.206 -> 37.123.101.43 HTTP 176 [TCP Retransmission] GET / HTTP/1.1
2.907318038 89.143.11.210 -> 37.123.101.43 HTTP 104 GET / HTTP/1.0
2.908602175 82.137.166.90 -> 37.123.101.43 HTTP 176 [TCP 

Open in new window

0
Hi,

I can't access internal resources that require Java. I always get Security Exception errors stating Found unsigned entry in resource: http://internal_ip/configureLogin.jar.

I have added the site to the exclusion list reboot but still no luck.

Windows 2012r2
Downloaded & installed the Java for the first time.

Thx.
0
I have a web app running on Azure with IP & Domain restrictions enabled to Whitelist specific sources.  We want to ensure our app is only used by sources we trust.

A new product we are trying to incorporate uses custom HTTP Headers to validate it's requests to us.  They do not have an IP range or domain name we can whitelist.

Is it possible to add something to the web.config that would allow these inbound HTTP requests through to my web app if the specified custom header is present?
0
Should all pages of a site be ok (no cert error in address bar) in https for any general reason?
0
Windows 7 Home Premium x64 on Toshiba laptop. Both Chrome and IE11 installed. Both browsers get 403 forbidden errors when attempting to access houzz.com. All other sites seem to be fine. Tried clearing browser cache, cookies, all that stuff. Did a system restore to a couple of weeks ago. No change. Ideas?
0
If I go to an online login page and I don't see the "HTTPS" preceding the site address, but I know that the site uses a WSDL for authentication that uses "HTTPS", is this still an unsecure connection?
0
Hi,

I just upgrade the Veeam Backup & Replication from V7 to V8 with latest update patches.

2 VM's is failed in replication, both VM's are running Win Server 2003 SP2 Standard edition, installed with latest guest integration services. The replication error as below:

9/10/2015 4:53:23 PM :: Failed to finalize guest processing. Error: Cannot copy file. Source file: [\\192.1.2.2\ADMIN$\VeeamVssSupport\metadata\VSS\BackupComponents.xml]. Target file: [C:\Users\Administrator\AppData\Local\Temp\253d88fa-267f-40b0-88a6-ca4dc002ca71\BackupComponents.xml].
CopyFile() failed.
Win32 error:The system cannot find the path specified.
 Code: 3

I had performed below troubleshooting but same issue still persist.
http://www.veeam.com/kb1855

Is there any hotfix need to apply in order to rectify this issue? Please advise!
0
RewriteCond     %{REQUEST_URI}  ^/(mysite|yoursite)$
RewriteRule     ^(.*)           $1/     [R=301,L]

Open in new window


As per my understanding when you use R=301 then you need to provide a domain name (e.g. http://example.com) so that redirection can happen, what is the point in redirecting in the same server?
0
I am trying to fix a vulnerability found during a penetration scan. I need to correct the  X-Frame-Options response header and set it to DENY so that the webpage is unable to be opened in a frame. I found this page:

https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options

That says to add this to the <system.webServer> section.

<system.webServer>
  ...

  <httpProtocol>
    <customHeaders>
      <add name="X-Frame-Options" value="SAMEORIGIN" />
    </customHeaders>
  </httpProtocol>

  ...
</system.webServer>

to my web.config file. It looked straightforward enough, so I found that section and added that to the web.config file and still getting the alert when I run the penetration test after the change was made.

I need to know if there is something else I need to do in order for this to be set correctly.
0
Hello,

I am looking for a provider who offers a free plan that would allow checking just a single URL with
https
variables
additonal headers
and that should check it using a PUT request, looking for a keyword in the answer.

Using cron from within the platform, a plain "curl -X PUT -H headers ... https://site.here/dirs.here/login?username=e%40mail.here&password=pwd|grep keyword" would allow doing such an automated 24x7 check.
However, public WebService checking would make more sense from the outside.

I tried literally dozens of providers, most of them offering POST requests at best ... or PUT requests without headers ... or without keyword matching.

Anybody knows a free plan that would offer all of the above altogether ... even in a limited trial offer ?
1
In WinInet, what should I use for objectname, the second argument to CHttpConnection::OpenRequest() ?
I am using this function to get a pointer to a CHttpFile file, in order to get data from a web site.
0
I'm using C# to write something to make it easier to post my company's jobs.

One of the job boards allows us to upload jobs using a webservice, and we have to send it a SOAP envelope.

(see section "Create the XML Request" on page http://partner.monster.com/real-time-posting-devguide )

I have constructed my XML as a System.String based on user input in a form. I based it on the XML example given by the webservice provider.

I haven't used SOAP before so I thought I could just POST the XML to the URL using HttpWebRequest, as I did this with another more basic webservice (see earlier post: http://www.experts-exchange.com/questions/28708426/use-C-to-attach-to-a-URL-and-get-an-XML-feed.html). However I got a 400 error.

So I googled sending a SOAP message and I got this:
https://msdn.microsoft.com/en-us/library/aa529276.aspx?cs-save-lang=1&cs-lang=csharp#code-snippet-3
But it doesn't allow (or so it seems to me) to just append the *already formed* XML message and simply send it (or am I wrong).

(on top of that the SOAPClient class is in microsoft.web.services3.dll which aint on my machine)

So maybe looking for another way...

Any tips guys?
thanks
0
Hi,

I want to create and upload records on our service provider's (jobs) database.

They told me to write an "XML Feed". Is this the same as SOAP? I read a bit and I don't see any "soap" keywords in the XML tags (see below). If it's not SOAP, what *is* the protocol and where can I get a tutorial?

The most common XML message I'll be sending apparently looks like this (they gave me the format):

Input XML Format

<XML ID="Transaction">
<Transaction>
<LoginDetails>
<Email/>
<Password/>
</LoginDetails>
<JobDetails>
<JobRefNo/>
<ApplyLink/>
<JobTitle/>
<JobExpiry/>
<JobContactName/>*
<JobContactEmail/>*
<JobSiteID/>
<JobRoom/>
<JobShortDesc/>
<JobDetDesc/>**
<JobCategories/>
<JobLocations/>
<JobSalaryRange/>
<JobAddnlBens/>
<JobType/>
<JobRoles/>#
<JobTag1/>##
<JobTag2/>##
<JobTag3/>##
<JobMinQual/>
<JobQues1/>
<JobQues2/>
<JobQues3/>
</JobDetails>
</Transaction>
</XML>
* : The JobContactName & JobContactEmail must be registered Contacts to be able to manipulate the Job using RMS , if the same are not registered Contacts the RMS will show the Job only for “Group Admin” User, though the Job may still be Updated/Deleted/Previewed using XML-Feed.
** : The JobDetDesc Tag must embed a CDATA Tag to enable <HTML> Tags within the JobDetDesc Tag.
Please refer the example below to note the usage of CDATA Tag.

Open in new window


Sorry, I copied it from a PDF and lost the tabs/indents in the process
0
Hello,

I'd like to find a good solution to track/sniff HTTPS traffic on my local computer in decrypted format as Fiddler2 does it. I wouldn't like to use any external driver or service as WireShark (that uses Winpcap). I use Rad Studio Delphi so I need a solution for this.

Thank you in advance for your answers!
0
Hi,
On this site here http://thelarder.com.au/
Things were ok, but main menu way playing up a bit and there wasn't a clear solution, but a lot of issues came up.  See
http://www.experts-exchange.com/questions/28702949/Client-insists-their-menu-isn't-sitting-straight-on-their-broweser.html
Basically I hid the blue ribbon and everything seemed to be ok - EXCEPT on the mobile and multiple browsers I imagine.

I am not sure how to proceed.  The mobile view is a joke and the site does work responsively, but it just seems buggy.....I am not sure how to proceed from here.
A new site would be ideal?
0
I have this command that is currently being passed using PHP and the CURL command:

curl http://dtd.yourdomain.com/index.php/api -s -X POST -d '{"jsonrpc":"2.0","id":1,"method":"PublicApi.getDevicePublicKey"}'

What I'm trying to do in convert this to VB.  I believe the place to start is to use the WebRequest command.  What I'm not sure about is how to code the rest of it, especially the json part.

Can someone show me an example?
0

HTTP Protocol

The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems. Hypertext is structured text that uses logical links (hyperlinks) between nodes containing text. HTTP is the protocol to exchange or transfer hypertext. HTTP functions as a request-response protocol in the client-server computing model. HTTP is designed to permit intermediate network elements to improve or enable communications between clients and servers. HTTP is an application layer protocol designed within the framework of the Internet Protocol Suite; it presumes an underlying and reliable transport layer protocol.

Top Experts In
HTTP Protocol
<
Monthly
>