What happens after we type a web address into the browser? It is a common interview question for web developers. You can find a detailed answer to this question on GitHub. The main thing the interviewer wants to know is your level of understanding of HTTP. In this lesson, we'll cover this topic in more detail.
What is HTTP
To better understand this term, let's remind ourselves what a protocol is. It's a set of conventions or rules by which different programs can exchange information. One of the most common web protocols is HTTP (Hypertext Transfer Protocol). It is a set of rules that both your computer and a computer located far away will know. These rules help the browser and the web server communicate with each other.
You already know that a web server is a program installed on a server and handles incoming connections. A web server works in two stages:
- The server receives information from the browser about which page of which site we want to load
- The server then returns the contents of this webpage to the browser
This request-response cycle is an HTTP session. Now, we will use the curl program to see what it looks like:
curl -v --head https://hexlet.io
* Trying 174.66.43.105:443...
* TCP_NODELAY set
* Connected to hexlet.io (174.66.43.105) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
* start date: Dec 21 00:00:00 2021 GMT
* expire date: Dec 20 23:59:59 2022 GMT
* issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x560728425e30)
> HEAD / HTTP/2
> Host: ru.hexlet.io
> user-agent: curl/7.68.0
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
< HTTP/2 200
HTTP/2 200
< date: Wed, 09 Feb 2022 07:13:32 GMT
date: Wed, 09 Feb 2022 07:13:32 GMT
< content-type: text/html; charset=utf-8
content-type: text/html; charset=utf-8
...
<
* Connection #0 to host ru.hexlet.io left intact
Now we know HTTP technology, but that is not enough. Also, we should learn how to make raw HTTP requests not through the browser but independently, emulating the browser's behavior. This task involves using the telnet program. There's a Hexlet course on this topic. You can learn everything there.
Why do we use HTTP?
Programmers use the HTTP protocol for many different tasks:
- When working with forms, when uploading files, and when redirecting
- For authentication, since it depends entirely on HTTP
- Obtain request details (for example, you can see from which browser we sent a request)
- To increase performance and caching
The HTTPS protocol
In addition to HTTP, the more secure protocol HTTPS is widespread on the web. If the site runs under the HTTP protocol, you shouldn't perform any actions related to sensitive data, such as credit cards. Anyone who maintains the site or the equipment between you and the server can read your data.
Note that popular sites always give payment pages via HTTPS. In turn, the ability to work with HTTPS gives you access to new concepts straight away:
- Encryption, asymmetric encryption
- Certificates
- Digital signatures
TCP/IP
Only using the HTTP and HTTPS protocols isn't enough. The fact is that HTTP doesn't exist by itself but on top of the TCP/IP protocol stack. A basic knowledge of networks is essential for the following reasons:
- Security. Without basic knowledge, it's easy to make a mistake and get hacked
- Debugging. Even minor problems with sites are difficult to troubleshoot without basic networking knowledge. It is because many problems with starting and configuring sites are related to network sockets
DNS
Another pillar of the web is the domain name service. Imagine typing an address into a browser. At that point, the browser makes DNS queries to the appropriate servers and tries to find out what IP address belongs to the site. The connection to the server is over TCP/IP, not HTTP. The HTTP protocol starts working after establishing the TCP connection.
Knowing DNS will help:
- Bind a domain to the server
- Configure mail for a domain
- Verify your project with various services
- Provide faster and more efficient debugging because often booting problems are related to the DNS
How to study
Many books on operating systems discuss networks in great detail. There's at least one source on the subject on Hexlet's list of recommended books.
For full access to the course you need a professional subscription.
A professional subscription will give you full access to all Hexlet courses, projects and lifetime access to the theory of lessons learned. You can cancel your subscription at any time.
