Network Applications: HTTP; High-Perf HTTP Server 2/2/20122 Outline Ø Admin and recap ❒ HTTP ❒ High performance HTTP server3 Recap: TCP Socket state: listening address: {*.6789, *:*} completed connection queue: sendbuf: recvbuf: state: listening address: {*.25, *:*} completed connection queue: sendbuf: recvbuf: state: established address: {128.36.232.5:6789, 198.69.10.10.1500} sendbuf: recvbuf:4 Recap: FTP: Client-Server with Separate Control, Data Connections ❒ Two parallel TCP connections opened: ❍ control: exchange commands, responses between client, server. “out of band control” ❍ data: file data to/from server FTP client FTP server TCP control connection port 21 at server TCP data connection server:20 clientip:cport PORT clientip:cport RETR file.dat5 Recap: the HTTP Protocol PC running Explorer Server running Apache Web server Linux running Firefox GET /somedir/page.html HTTP/1.0 Host: www.somechool.edu Connection: close User-agent: Mozilla/4.0 Accept: text/html, image/gif Accept-language: en (extra carriage return, line feed)6 Design Exercise ❒ Workflow of an HTTP server processing a GET request: GET /somedir/page.html HTTP/1.0 Host: www.somechool.eduSimple HTTP Server TCP socket space state: listening address: {*.6789, *.*} completed connection queue: sendbuf: recvbuf: 128.36.232.5 128.36.230.2 state: listening address: {*.25, *.*} completed connection queue: sendbuf: recvbuf: state: established address: {128.36.232.5:6789, 198.69.10.10.1500} sendbuf: recvbuf: connSocket = accept() Create ServerSocket(6789) read request from connSocket Map URL to file Read from file/ write to connSocket close connSocket8 Dynamic Content Pages ❒ There are multiple approaches to make dynamic web pages: ❍ Embedding code into pages • http server includes an interpreter for the type of pages ❍ Invoke external programs • Q: how to integrate an external program’s output http://www.cs.yale.edu/index.shtml http://www.cs.yale.edu/cgi-bin/ureserve.pl http://www.google.com/search?q=Yale&sourceid=chrome9 Invoking External Programs ❒ Two issues ❍ Pass HTTP request parameters to the external program ❍ Redirect external program output to socket10 Example: CGI ❒ Configuration indicates that a mapped file is executable ❍ Web server sets up environment variables • http://httpd.apache.org/docs/2.2/env.html • CGI standard: http://www.ietf.org/rfc/rfc3875 ❍ Starts the executable as a child process ❍ Redirects input/output of the child process to the socket11 Example: CGI ❒ Example: ❍ GET /search?q=Yale&sourceid=chrome HTTP/1.0 ❍ mapped file search is an executable ❍ setup environment variables, in particular $QUERY_STRING=q=Yale&sourceid=chrome ❍ start search and redirect its input/output http://docs.oracle.com/javase/1.5.0/docs/api/java/lang/ProcessBuilder.html http://docs.oracle.com/javase/1.5.0/docs/api/java/lang/Process.html12 Client Dynamic Pages ❒ There is no need to change the server ❒ See ajax.html for client code exampleHTTP Message Extension: POST ❒ if an HTML page contains forms or parameter too large, they are sent using POST and encoded in message body 1314 HTTP Message Flow Extensions: Keeping State ❒ Why do we need to keep state? ❒ How does FTP keep state (e.g., current dir) and why does HTTP not use it?15 User-server Interaction: Cookies Goal: no explicit application level session ❒ Server sends “cookie” to client in response msg Set-cookie: 1678453 ❒ Client presents cookie in later requests Cookie: 1678453 ❒ Server matches presented-cookie with server-stored info ❍ authentication ❍ remembering user preferences, previous choices client server usual http request msg usual http response + Set-cookie: # usual http request msg Cookie: # usual http response msg usual http request msg Cookie: # usual http response msg cookie- specific action cookie- specific action16 User-Server Interaction: Authentication Authentication goal: control access to server documents ❒ stateless: client must present authorization in each request ❒ authorization: typically name, password ❍ Authorization: header line in request ❍ if no authorization presented, server refuses access, sends WWW-authenticate: header line in response client server usual http request msg 401: authorization req. WWW-authenticate: usual http request msg + Authorization:line usual http response msg usual http request msg + Authorization:line usual http response msg time Browser caches name & password so that user does not have to repeatedly enter it.17 HTTP/1.0 Delay ❒ For each object: ❍ TCP handshake --- 1 RTT ❍ client request and server responds --- at least 1 RTT (if object can be contained in one packet) ❒ Discussion: how to reduce delay? TCP SYN TCP/ACK; HTTP GET TCP ACK base page TCP SYN TCP/ACK; HTTP GET TCP ACK image 118 HTTP Message Flow: Persistent HTTP ❒ Default for HTTP/1.1 ❒ On same TCP connection: server parses request, responds, parses new request, … ❒ Client sends requests for all referenced objects as soon as it receives base HTML ❒ Fewer RTTs19 Browser Cache and Conditional GET ❒ Goal: don’t send object if client has up-to-date stored (cached) version ❒ client: specify date of cached copy in http request If-modified-since: <date> ❒ server: response contains no object if cached copy up-to-date: HTTP/1.0 304 Not Modified client server http request msg If-modified-since: <date> http response HTTP/1.0 304 Not Modified object not modified http request msg If-modified-since: <date> http response HTTP/1.1 200 OK … <data> object modified20 Summary: HTTP ❒ HTTP message format ❍ ASCII (human-readable format) requests, header lines, entity body, and responses line ❒ HTTP message flow ❍ stateless server • each request is self-contained; thus cookie and authentication, are needed in each message ❍ reducing latency • persistent HTTP – the problem is introduced by layering ! • conditional GET reduces server/network workload and latency • cache and proxy reduce traffic and latency - Is the application extensible, scalable, robust, secure?WebServer Implementation TCP socket space state: listening address: {*.6789, *.*} completed connection queue: sendbuf: recvbuf: 128.36.232.5 128.36.230.2 state: