Netscape Enterprise Server Administrator's Guide: Appendix BHyperText Transfer Protocol

Administrator's Guide
Netscape Enterprise Server

Appendix B HyperText Transfer Protocol

This appendix provides a short introduction to the HyperText Transfer Protocol (HTTP). For more information on HTTP, see the Internet Engineering Task Force (IETF) home page at:

http://www.ietf.org/home.html

This appendix contains the following sections:

About HyperText Transfer Protocol (HTTP)

Requests

Responses

About HyperText Transfer Protocol (HTTP)

The HyperText Transfer Protocol (HTTP) is a protocol (a set of rules that describe how information is exchanged on a network) that allows a web browser and a web server to "talk" to each other using the ISO Latin1 alphabet, which is ASCII with extensions for European languages.

HTTP is based on a request/response model. The client connects to the server and sends a request to the server. The request contains the following: request method, URI, and protocol version. The client can then send additional header information. The server's response includes protocol version, status code, followed by a header that contains server information, additional information headers, and then the requested data. The connection is then closed.

Netscape Enterprise Server supports HTTP 1.1. Some previous versions of the server supported HTTP 1.0. The server is conditionally compliant with the HTTP 1.1 proposed standard, as approved by the Internet Engineering Steering Group (IESG) and the Internet Engineering Task Force (IETF) HTTP working group. For more information on the criteria for being conditionally compliant, see the Hypertext Transfer Protocol—HTTP/1.1 specification (RFC 2068) at:

www.ietf.org/rfc/rfc2068.txt?number=2068

Requests

A request from a client to a server includes the following information:

Request method

Request header

Request data

Request Method

A client can request information using a number of methods. The commonly used methods include the following:

GET—Requests the specified document

HEAD—Requests only the header information for the document

POST—Requests that the server accept some data from the client, such as form input for a CGI program

PUT—Replaces the contents of a server's document with data from the client

Request Header

The client can send header fields to the server. Most are optional. Some commonly used request headers are shown in Table B-1.

Table B-1    Common request headers

Request header

Description

Accept

The file types the client can accept.

Authorization

Used if the client wants to authenticate itself with a server; information such as the username and password are included.

User-agent

The name and version of the client software.

Referer

The URL of the document where the user clicked on the link.

Host

The Internet host and port number of the resource being requested. (Required for HTTP/1.1 requests.)

Request Data

If the client has made a POST or PUT request, it can send data after the request header and a blank line. If the client sends a GET or HEAD request, there is no data to send; the client waits for the server's response.

Responses

The server's response includes the following:

Status code

Response header

Response data

Status Code

When a client makes a request, one item the server sends back is a status code, which is a three-digit numeric code. There are four categories of status codes:

Status codes in the 100-199 range indicate a provisional response.

Status codes in the 200-299 range indicate a successful transaction.

Status codes in the 300-399 range are returned when the URL can't be retrieved because the requested document has moved.

Status codes in the 400-499 range indicate an error in the request (document doesn't exist, authorization is required, and so on).

Status codes of 500 and higher indicate that the server can't perform the request, or an error has occurred.

Table B-2 contains some common status codes.

Table B-2    Common HTTP status codes

Status code

Meaning

200

OK; successful transmission. This is not an error.

302

Found. Redirection to a new URL. The original URL has moved. This is not an error; most browsers will get the new page.

304

Use a local copy. If a browser already has a page in its cache, and the page is requested again, some browsers (such as Netscape) relay to the web server the "last-modified" timestamp on the browser's cached copy. If the copy on the server is not newer than the browser's copy, the server returns a 304 code instead of returning the page, reducing unnecessary network traffic. This is not an error.

401

Unauthorized. The user requested a document but didn't provide a valid username or password.

403

Forbidden. Access to this URL is forbidden.

404

Not found. The document requested isn't on the server. This code can also be sent if the server has been told to protect the document by telling unauthorized people that it doesn't exist.

500

Server error. A server-related error occurred. The server administrator should check the server's error log to see what happened.

Response Header

The response header contains information about the server and information about the document that will follow. Common response headers are shown in Table B-3.

Table B-3    Common response headers

Response header

Description

Server

The name and version of the Enterprise Server.

Date

The current date (in Greenwich Mean Time).

Last-modified

The date when the document was last modified.

Expires

The date when the document expires.

Content-length

The length of the data that follows (in bytes).

Content-type

The MIME type of the following data.

WWW-authenticate

Used during authentication and includes information that tells the client software what is necessary for authentication (such as username and password).

Response Data

The server sends a blank line after the last header field. The server then sends the document data.

Request header	Description
`Accept`	The file types the client can accept.
`Authorization`	Used if the client wants to authenticate itself with a server; information such as the username and password are included.
`User-agent`	The name and version of the client software.
`Referer`	The URL of the document where the user clicked on the link.
`Host`	The Internet host and port number of the resource being requested. (Required for HTTP/1.1 requests.)

Status code	Meaning
`200`	OK; successful transmission. This is not an error.
`302`	Found. Redirection to a new URL. The original URL has moved. This is not an error; most browsers will get the new page.
`304`	Use a local copy. If a browser already has a page in its cache, and the page is requested again, some browsers (such as Netscape) relay to the web server the "last-modified" timestamp on the browser's cached copy. If the copy on the server is not newer than the browser's copy, the server returns a 304 code instead of returning the page, reducing unnecessary network traffic. This is not an error.
`401`	Unauthorized. The user requested a document but didn't provide a valid username or password.
`403`	Forbidden. Access to this URL is forbidden.
`404`	Not found. The document requested isn't on the server. This code can also be sent if the server has been told to protect the document by telling unauthorized people that it doesn't exist.
`500`	Server error. A server-related error occurred. The server administrator should check the server's error log to see what happened.

Response header	Description
`Server`	The name and version of the Enterprise Server.
`Date`	The current date (in Greenwich Mean Time).
`Last-modified`	The date when the document was last modified.
`Expires`	The date when the document expires.
`Content-length`	The length of the data that follows (in bytes).
`Content-type`	The MIME type of the following data.
`WWW-authenticate`	Used during authentication and includes information that tells the client software what is necessary for authentication (such as username and password).

Last Updated August 02, 2002