HTTP Protocol

The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems. Hypertext is structured text that uses logical links (hyperlinks) between nodes containing text. HTTP is the protocol to exchange or transfer hypertext. HTTP functions as a request-response protocol in the client-server computing model. HTTP is designed to permit intermediate network elements to improve or enable communications between clients and servers. HTTP is an application layer protocol designed within the framework of the Internet Protocol Suite; it presumes an underlying and reliable transport layer protocol.

Share tech news, updates, or what's on your mind.

Sign up to Post

RewriteCond     %{REQUEST_URI}  ^/(mysite|yoursite)$
RewriteRule     ^(.*)           $1/     [R=301,L]

Open in new window

As per my understanding when you use R=301 then you need to provide a domain name (e.g. so that redirection can happen, what is the point in redirecting in the same server?
I am trying to fix a vulnerability found during a penetration scan. I need to correct the  X-Frame-Options response header and set it to DENY so that the webpage is unable to be opened in a frame. I found this page:

That says to add this to the <system.webServer> section.


      <add name="X-Frame-Options" value="SAMEORIGIN" />


to my web.config file. It looked straightforward enough, so I found that section and added that to the web.config file and still getting the alert when I run the penetration test after the change was made.

I need to know if there is something else I need to do in order for this to be set correctly.

I am looking for a provider who offers a free plan that would allow checking just a single URL with
additonal headers
and that should check it using a PUT request, looking for a keyword in the answer.

Using cron from within the platform, a plain "curl -X PUT -H headers ...|grep keyword" would allow doing such an automated 24x7 check.
However, public WebService checking would make more sense from the outside.

I tried literally dozens of providers, most of them offering POST requests at best ... or PUT requests without headers ... or without keyword matching.

Anybody knows a free plan that would offer all of the above altogether ... even in a limited trial offer ?
In WinInet, what should I use for objectname, the second argument to CHttpConnection::OpenRequest() ?
I am using this function to get a pointer to a CHttpFile file, in order to get data from a web site.
I'm using C# to write something to make it easier to post my company's jobs.

One of the job boards allows us to upload jobs using a webservice, and we have to send it a SOAP envelope.

(see section "Create the XML Request" on page )

I have constructed my XML as a System.String based on user input in a form. I based it on the XML example given by the webservice provider.

I haven't used SOAP before so I thought I could just POST the XML to the URL using HttpWebRequest, as I did this with another more basic webservice (see earlier post: However I got a 400 error.

So I googled sending a SOAP message and I got this:
But it doesn't allow (or so it seems to me) to just append the *already formed* XML message and simply send it (or am I wrong).

(on top of that the SOAPClient class is in microsoft.web.services3.dll which aint on my machine)

So maybe looking for another way...

Any tips guys?

I want to create and upload records on our service provider's (jobs) database.

They told me to write an "XML Feed". Is this the same as SOAP? I read a bit and I don't see any "soap" keywords in the XML tags (see below). If it's not SOAP, what *is* the protocol and where can I get a tutorial?

The most common XML message I'll be sending apparently looks like this (they gave me the format):

Input XML Format

<XML ID="Transaction">
* : The JobContactName & JobContactEmail must be registered Contacts to be able to manipulate the Job using RMS , if the same are not registered Contacts the RMS will show the Job only for “Group Admin” User, though the Job may still be Updated/Deleted/Previewed using XML-Feed.
** : The JobDetDesc Tag must embed a CDATA Tag to enable <HTML> Tags within the JobDetDesc Tag.
Please refer the example below to note the usage of CDATA Tag.

Open in new window

Sorry, I copied it from a PDF and lost the tabs/indents in the process

I'd like to find a good solution to track/sniff HTTPS traffic on my local computer in decrypted format as Fiddler2 does it. I wouldn't like to use any external driver or service as WireShark (that uses Winpcap). I use Rad Studio Delphi so I need a solution for this.

Thank you in advance for your answers!
On this site here
Things were ok, but main menu way playing up a bit and there wasn't a clear solution, but a lot of issues came up.  See't-sitting-straight-on-their-broweser.html
Basically I hid the blue ribbon and everything seemed to be ok - EXCEPT on the mobile and multiple browsers I imagine.

I am not sure how to proceed.  The mobile view is a joke and the site does work responsively, but it just seems buggy.....I am not sure how to proceed from here.
A new site would be ideal?
I have this command that is currently being passed using PHP and the CURL command:

curl -s -X POST -d '{"jsonrpc":"2.0","id":1,"method":"PublicApi.getDevicePublicKey"}'

What I'm trying to do in convert this to VB.  I believe the place to start is to use the WebRequest command.  What I'm not sure about is how to code the rest of it, especially the json part.

Can someone show me an example?
I'm writing a bot that mimics my browser, Chrome.

In Chrome, when I interact with the website I'm interested in, the website passes back a cookie "session" using the "Set-Cookie" header in the HTTP response. *However*, on the next HTTP request from the browser, the request headers have an entry "Cookie" with an *altered* value.

Please read my assumptions/guesses about what is happening, and comment if they are valid assumptions or not:

(1) the browser has changed the cookie's value (explanation: the server sent valueA in its http response, but now the browser is using valueB in its next http request)

If assumption (1) is true...
(2) What changed the cookie's value on the browser must be javascript, because only a script can change a cookie's value  on the browser, and the only script in this page is javascipt.

if assumption (2) is true...
(3) Chromes "Inspect Element > Network" tool shows me that 5 javascript files were part of the page request (out of a total of 28 files), so it must be one of these 5 that are changing the "session" cookie.

if assumption (3) is true...
(4) I should be able to find the code that changes the cookie value by searching for ".cookie=" (or similar with whitespace). (Explanation: shows that the syntax for changing a cookie is document.cookie = "session=abc94g290" for example. Document may be assigned to a variable, so not safe to search for "document.cookie=")

Ok, …

I am testing a feature that will display the referring URL on a page. I have Javascript on the page to get the referring URL from the header. How can I set the referring URL?

For example, I may be coming from to, but I want to change the referring URL, in this case, from to something of my choosing.
I'm analysing HTTPS traffic between my Chrome browser and a 3rd party site of interest.

I notice that the website is passing back a cookie called "session" (in HTTP header "Set-Cookie"), but the next request from the browser has changed the cookie (its a long string of hex, maybe 100chars?, only the first say 20 chars have changed, but changed they have)... which is not what I expect to happen...

or is this being done by javascipt on the page when it loads?

I looked at the page searching for "cookie" but couldn't see anything.. however the page loads up a lot of other .JS scripts too... do I need to check all these too?

I'm using Chrome. Is there any way to look at the outgoing (request) HTTPS headers?

Maybe there are other browsers I could use instead that give me this functionality?

I've tried using Wireshark but it only shows HTTP headers.


I am trying to install Wordpress into a folder / directory on my website, which is hosted by Digital Ocean (droplet).

Considering Digital Oceans accounts are self managed VPSs i am not getting much luck with help from their support, which is understandable.

The main parent website (custom php) is working fine, however when i try to install the Wordpress into the /blog directory i get to the installation page, it seems that none of the wordpress assets (css, js, etc...) are loading, because the installation is trying to run on http instead of https.

As you can see none of the assets are loading, so the same applies when you land on the blog home page AFTER you complete the installation steps...

Also, it is important to point out that i can't install any plugins to help, because if i try go to the admin login after the installation, i get looped back to the installation page because of the https issue.

Can anyone offer any advice, thanks in advance for your help.
Currently our web address properly takes to our web site but if we use SSL, i.e.: will go nowhere. How to fix this issue?
I have a bit of an issue I can't seem to solve.  While troubleshooting something else on a server I noticed I couldn't access the internet.  After eliminating the basics with no luck, I tried accessing the internet from another one of my servers and noticed that I couldn't get to the internet either.  I found several more servers with the same problem.  I also found some servers that were able to access the internet.
This only seems to happen to http traffic and to all three server versions.

My environment:
100% VMware virtualized
Cisco UCS Blade servers
Servers:  2003, 2008, 2012 (virtual)
Trend Micro esxi host based AV

What we have been able to eliminate so far:
Not happening to all serves
Not a Trend Micro issue because servers on esxi hosts with Trend working
Not a network issue
Not a firewall issue (Turned the firewall off to test)

Is there a KB that might be affecting port 80 traffic?

Any help would be appreciated.


I have a Forefront TMG server that makes Web publishing. I would like to block a URL as input.

My main URL

https: //myservice.mydomain.dom/

What I want to block is:

https: //myservice.mydomain.dom/admin/

and only permit,

https: //myservice.mydomain.dom/

Note that the publishing port and IP address are the same. So understand that I want to block the url.


Have a webpage that is opened from another system with parameters that can contain extended ascii characters:


Open in new window

The cshtml webpage reads the parameters as usual with:

var pname = Request["pname"];
and shows it on the page with @pname

Works fine for all browsers except IE (even IE11) when pname=Günther or another name with foreign characters; ü, ø and so on.


Open in new window

results in G�nther
The webpage is using <meta charset="UTF-8" />

Why does this work in Chrome and Opera but not in IE?
Any solution? I have no control over the submitting system, som the url cannot be encoded before submit.
Hi, I am having trouble getting my webserver to execute a .cgi script. I am new to this stuff so I must have made a mistake along the way.

I enabled the mods which shows up in mods-enabled folder (cgi.load)

Here is my host config file with the script alias setup
<VirtualHost *:80>
   ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html/current

<VirtualHost *:443>
        # The ServerName directive sets the request scheme, hostname and port t$
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        SSLEngine on
        SSLCertificateFile /var/www/home/
        SSLCertificateKeyFile /var/www/home/
        SSLCACertificateFile /var/www/home/intermediate.crt

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html/current

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for 

Open in new window

I have having issues getting our URL rewrite to work. Our domain name is and it is running on2008R2 with IIS7.5. I have set up DNS records to allow the site to be accessed at but in order for our SSL certificate to function properly, I need to have rewrite or redirect to I have tried configuring the URL Rewrite Module which created the following entry in the web.config file but this doesn't seem to be working

          <httpRedirect enabled="false" destination="" exactDestination="true" httpResponseStatus="Permanent" />
                <rule name="CanonicalHostNameRule1" patternSyntax="Wildcard" stopProcessing="true">
                    <match url="(.*)" />
                        <add input="{HTTP_HOST}" pattern="^www\.sbfoundation\.org$" negate="true" />
                    <action type="Redirect" url="{R:1}" />

I have also tried a few variations on the rule but I just don't seem to be able to get it to function. As best I understand it I believe I have all the bindings set up correctly but I am a little out of my depth here and hoping I have just made a simple mistake somewhere
I'm trying to have an IIS 8.0 website redirected to https when people hit it on http. How would I do that so it is transparent to the user?


I have been using http post to interact with a text message service API from within VBA and it works really well. I am aware that Facebook updates can be updated using http post but am struggling to get this to work. It may well be that it is not possible to achieve, hence this post.

From the Graph API this appears to be the http post code


Open in new window

I have setup an app on Facebook and have all the access tokens etc

Below is a snippet of what I am using to make http post requests to the text service

    Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
    myURL = ""
    postData = "apiKey=" + apiKey + "&message=" + message + "&numbers=" + numbers + "&sender=" + sender
    WinHttpReq.Open "POST", myURL, False
    WinHttpReq.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
    WinHttpReq.Send (postData)
    SendSMS_textlocal = WinHttpReq.responseText

Open in new window

What I am looking to do is if you like, modify what I am using here to use HTTP post to update Facebook.

I am probably barking up the wrong tree and it's not possible, but I thought it worth an ask?  My issue is how to format the request to make the call.

If anyone could help that would be fantastic and much appreciated.
How does one test connectivity from a IIS web server instance in the DMZ to another web server on the internal network? The connection needs to take place over HTTP, but I'd also like to be able to ping as well.

As it stands, we can see the underlying server OS IP address trying to get through the Cisco ASA (5540), but that gets denied (obviously). What we want to do is connect over HTTP (or ping) from the IP address bound to an instance of the IIS web server.

(Forgive me if it's not called an "instance". I'm just talking about how you can bind a different IP address to different "websites" running under IIS.)

Any ideas how we can test connectivity under the alias of the website IP address on the IIS box? As if we were the website itself? I'd think it'd be doable.

Thanks in advance...
Hi, I want through following service and tested it also using Fiddler.

1. I am wondering, if we don't use fiddler, how the client is going to send files because in fiddler I can see Upload files button.
2. or should I prefer making action which takes encoded contents of file as bytes?

I am attempting to move my site to HTTPS.
I am experiencing two issues:

1. My HTTP to HTTPS redirect is working properly, but I've noticed it's displaying a 302 redirect header status.
I understand it needs to be a 301 redirect - how do I fix that?

2. My post forms are no longer taking the user to their thank you pages. Instead, they're giving a 404 error upon submitting.
I'm guessing this is because of difference in protocol. Any ideas on how to approach this?

Here are the necessary details:
- Server: Windows 2008 R2/IIS 7.5
- SSL certificate properly installed and functional
- IIS settings:
- HTTP redirect module: not used (no redirect set up)
- SSL settings module: "Require SSL" is not checked. Under client certificates, "Ignore" is chosen.
- Two key details from my web.config file:
<add key="UriScheme" value="https" />

<rule name="HTTP to HTTPS redirect" stopProcessing="true">
  <match url="(.*)" />
      <add input="{HTTPS}" pattern="off" ignoreCase="true" />
  <action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />

HTTP Protocol

The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems. Hypertext is structured text that uses logical links (hyperlinks) between nodes containing text. HTTP is the protocol to exchange or transfer hypertext. HTTP functions as a request-response protocol in the client-server computing model. HTTP is designed to permit intermediate network elements to improve or enable communications between clients and servers. HTTP is an application layer protocol designed within the framework of the Internet Protocol Suite; it presumes an underlying and reliable transport layer protocol.

Top Experts In
HTTP Protocol