Hypertext Transfer Protocol (HTTP) is a method for encoding and transporting information between a client (such as a web browser) and a web server. HTTP is the primary protocol for transmission of information across the Internet. Show
Information is exchanged between clients and servers in the form of Hypertext documents, from which HTTP gets its name. Hypertext is structured text that uses logical links, or hyperlinks, between nodes containing text. Hypertext documents can be manipulated using the Hypertext Markup Language (HTML). Using HTTP and HTML, clients can request different kinds of content (such as text, images, video, and application data) from web and application servers that host the content. HTTP follows a request‑response paradigm in which the client makes a request and the server issues a response that includes not only the requested content, but also relevant status information about the request. This self‑contained design allows for the distributed nature of the Internet, where a request or response might pass through many intermediate routers and proxy servers. It also allows intermediary servers to perform value‑added functions such as load balancing, caching, encryption, and compression. HTTP is an application‑layer protocol and relies on an underlying network‑layer protocol such as Transmission Control Protocol (TCP) to function. HTTP resources such as web servers are identified across the Internet using unique identifiers known as Uniform Resource Locators (URLs). How Can NGINX Plus Help?NGINX Plus and NGINX are the best-in-class load‑balancing solutions used by high‑traffic websites such as Dropbox, Netflix, and Zynga. More than 350 million websites worldwide rely on NGINX Plus and NGINX Open Source to deliver their content quickly, reliably, and securely. NGINX Plus provides functionality in addition to facilitating HTTP communication, including:
With NGINX Plus you can provide your customers with high-quality web experiences, boosting customer satisfaction and revenue. What is Hypertext Transfer Protocol Secure (HTTPS)?Hypertext Transfer Protocol Secure (HTTPS) is a protocol that secures communication and data transfer between a user's web browser and a website. HTTPS is the secure version of HTTP. The protocol protects users against eavesdroppers and man-in-the-middle (MitM) attacks. It also protects legitimate domains from domain name system (DNS) spoofing attacks. HTTPS plays a significant role in securing websites that handle or transfer sensitive data, including data handled by online banking services, email providers, online retailers, healthcare providers and more. Simply put, any website that requires login credentials or involves financial transactions should use HTTPS to ensure the security of users, transactions and data. HTTP vs. HTTPSA malicious actor can easily impersonate, modify or monitor an HTTP connection. HTTPS provides protection against these vulnerabilities by encrypting all exchanges between a web browser and web server. As a result, HTTPS ensures that no one can tamper with these transactions, thus securing users' privacy and preventing sensitive information from falling into the wrong hands. HTTPS is not a separate protocol from HTTP. Rather, it is a variant that uses Transport Layer Security (TLS)/Secure Sockets Layer (SSL) encryption over HTTP to secure communications. When a web server and web browser talk to each other over HTTPS, they engage in what's known as a handshake -- an exchange of TLS/SSL certificates -- to verify the provider's identity and protect the user and their data. An HTTPS URL begins with https:// instead of http://. Most web browsers show that a website is secure by displaying a closed padlock symbol to the left of the URL in the browser's address bar. In some browsers, users can click on the padlock icon to check if an HTTPS-enabled website's digital certificate includes identifying information about the website owner, such as their name or company name. HTTPS is a variant of HTTP that uses TLS/SSL encryption over HTTP to secure communications.How is HTTPS superior to HTTP?In HTTP, the information shared over a website may be intercepted, or sniffed, by any bad actor snooping on the network. This is especially risky if a user is accessing the website over an unsecured network, such as public Wi-Fi. Since all HTTP communications happen in plaintext, they are highly vulnerable to on-path MitM attacks. HTTPS ensures that all communications between the user's web browser and a website are completely encrypted. Even if cybercriminals intercept the traffic, what they receive looks like garbled data. This data can be converted to a readable form only with the corresponding decryption tool -- that is, the private key. Encryption in HTTPSHTTPS is based on the TLS encryption protocol, which secures communications between two parties. TLS uses asymmetric public key infrastructure for encryption. This means it uses two different keys:
How HTTPS worksAs noted in the previous section, HTTPS works over SSL/TLS with public key encryption to distribute a shared symmetric key for data encryption and authentication. It uses port 443 by default, whereas HTTP uses port 80. All secure transfers require port 443, although the same port supports HTTP connections as well. Before a data transfer starts in HTTPS, the browser and the server decide on the connection parameters by performing an SSL/TLS handshake. The handshake is also important to establish a secure connection. Here's how the entire process works:
Example of how HTTPS worksSuppose a customer visits a retailer's e-commerce website to purchase an item. When the customer is ready to place an order, they are directed to the product's order page. The URL of this page starts with https://, not http://. To place the order, the customer is prompted to enter some personal details (e.g., their name and shipping address), as well as financial data (e.g., their credit card number). HTTPS encrypts this data to ensure that it cannot be compromised or stolen by an unauthorized party, such as a hacker or cybercriminal. The order then reaches the server where it is processed. Once the order is successfully placed, the user receives an acknowledgement from the server, which also travels in encrypted form and displays in their web browser. This acknowledgement is decrypted by the browser's HTTPS sublayer. HTTPS and the CIA triadHTTPS guarantees the CIA triad, which is a foundational element in information security:
Advantages of HTTPSHTTPS offers numerous advantages over HTTP connections:
Common mistakes to avoid when adapting HTTPS connectionWhile HTTPS can enhance website security, implementing it improperly can negatively affect a site's security and usability. Common mistakes include the following issues.
Are HTTPS connections vulnerable to attacks?While HTTPS is more secure than HTTP, neither is immune to cyber attacks. HTTPS connections may be vulnerable to the following malicious activities:
See what the most important email security protocols are. What is the primary protocol used for communication between a browser and web server?Hypertext Transfer Protocol (HTTP) is a method for encoding and transporting information between a client (such as a web browser) and a web server. HTTP is the primary protocol for transmission of information across the Internet.
Which two encryption protocols might be used to provide secure transmissions for browsers and Web server communications?SSL (Secure Sockets Layer) and its successor, Transport Layer Security (TLS), provide a way to encrypt a communication channel between two computers over the Internet.
Which of the following protocols are used to secure HTTP?Transport Layer Security (TLS) is a cryptographic protocol that aims at providing secure communication over an IP network. It is a very common protocol today since it is used to secure HTTP communication between web browsers and web servers.
Is TCP or UDP normally used when streaming live video?If your streaming content is recorded and made available to the viewers later, such as in the form of VOD, then TCP works well. On the other hand, UDP is typically used for live streaming and multicast video conferencing. Such applications normally require their own protocol (commonly RTP/RTCP over UDP) on top of UDP.
|