Friday, 26 June 2015

HTTP - Methods

The set of common methods for HTTP/1.1 is defined below and this set can be expanded based on requirements. These method names are case sensitive and they must be used in uppercase.

GET
The GET method is used to retrieve information from the given server using a given URI. Requests using GET should only retrieve data and should have no other effect on the data.
HEAD
Same as GET, but transfers the status line and header section only.
POST
A POST request is used to send data to the server, for example, customer information, file upload, etc. using HTML forms.
PUT
Replaces all current representations of the target resource with the uploaded content.
DELETE
Removes all current representations of the target resource given by a URI.
CONNECT
Establishes a tunnel to the server identified by a given URI.The following example requests a connection with a web server running on the host infosecaffairs.com:
CONNECT www.infosecaffairs.com HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT)
The connection is established with the server and the following response is sent back to the client:
HTTP/1.1 200 Connection established
Date: Mon, 27 Jul 2015 12:28:53 GMT
Server: Apache/2.2.14 (Win32)
OPTIONS
Describes the communication options for the target resource.The following example requests a list of methods supported by a web server running on infosecaffairs.com:
OPTIONS * HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT)
The server will send an information based on the current configuration of the server, for example:
HTTP/1.1 200 OK
Date: Mon, 27 Jul 2015 12:28:53 GMT
Server: Apache/2.2.14 (Win32)
Allow: GET,HEAD,POST,OPTIONS,TRACE
Content-Type: httpd/unix-directory
TRACE
Performs a message loop-back test along the path to the target resource.The TRACE method is used to echo the contents of an HTTP Request back to the requester which can be used for debugging purpose at the time of development
TRACE / HTTP/1.1
Host: www.infosecaffairs.com
User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT)
The server will send the following message in response to the above request:
HTTP/1.1 200 OK
Date: Mon, 27 Jul 2009 12:28:53 GMT
Server: Apache/2.2.14 (Win32)
Connection: close
Content-Type: message/http
Content-Length: 39
TRACE / HTTP/1.1
Host: www.infosecaffairs.com
User-Agent: Mozilla/4.0 (compatible; MSIE5.01; Windows NT)

No comments:

Post a Comment

Prevention Techniques: Cross-site request forgery (CSRF)

1. The best defense against CSRF attacks is unpredictable tokens, a piece of data that the server can use to validate the request, and wh...