Rendimiento y confiabilidad
CDN DNS Argo enrutamiento inteligente Equilibrio de carga Optimizaciones web Red de China
Video Streaming y entrega
Cloudflare Stream Stream Delivery
Seguridad avanzada
Protección DDoS WAF Bot Management Limitación de velocidad SSL/TLS DNSSEC Cloudflare Access Cloudflare Spectrum Argo Tunnel
Información
Análisis Cloudflare Logs
Cloudflare para desarrolladores
Trabajadores de Cloudflare Cloudflare Workers KV Mobile SDK
Registro de dominios
Cloudflare Registrar
Cloudflare Marketplace
Aplicaciones de Cloudflare
Cloudflare para todos
1.1.1.1
Rendimiento
Aceleración las aplicaciones de Internet Aceleración las experiencias en dispositivos móviles Disponibilidad de las aplicaciones asegurada
Seguridad
Mitigación de ataques DDoS Prevenir las violaciones de datos de los clientes
Sectores
SaaS Editores Sector público
Asociaciones
Programa de socios Proveedor de alojamiento Remisión Distribuidor/MSP OEM/Tecnología Programa de socios trabajadores Peering Portal Bandwidth Alliance
Integraciones
Nube IBM Wordpress Google Cloud Magento Acquia Rackspace Microsoft Azure Kubernetes Motor de WP
Desarrollar
Guía de la API Centro de desarrollo Fundación para desarrolladores Documentación
Explorar
Estudios de caso Cloudflare en China Mapa de red Webinars Actualizaciones del producto Notas técnicas GDPR
Información
Centro de aprendizaje DDoS Centro de aprendizaje CDN Centro de aprendizaje DNS Centro de aprendizaje de seguridad Centro de aprendizaje Serverless Centro de aprendizaje SSL
Conectar
Blog Contactar con el departamento de ventas Comunidad Asistencia
Contacto

What is HTTP?

The Hypertext Transfer Protocol is used to load pages on the Internet using hyperlinks.

Share facebook icon linkedin icon twitter icon email icon
What is a DDoS Attack?
What is a DDoS Botnet?
Common DDoS Attacks
DDoS Attack Tools
Glossary
DNS
UDP
WAF
Famous DDoS Attacks

HTTP

Objetivos de aprendizaje

Después de leer este artículo podrá:

  • Define HTTP
  • Describe the anatomy of HTTP requests and responses
  • Understand how DDoS attacks can be launched over HTTP

Contenido relacionado

HTTP Flood

TCP/IP

User Datagram Protocol (UDP)

Web Application Firewall (WAF)

Malware

What is HTTP?

The Hypertext Transfer Protocol (HTTP) is the foundation of the World Wide Web, and is used to load web pages using hypertext links. HTTP is an application layer protocol designed to transfer information between networked devices and runs on top of other layers of the network protocol stack. A typical flow over HTTP involves a client machine making a request to a server, which then sends a response message.

What’s in an HTTP request?

An HTTP request is the way internet communications platforms such as web browsers ask for the information they need to load a website.

Each HTTP request made across the Internet carries with it a series of encoded data that carries different types of information. A typical HTTP request contains:

  1. HTTP version type
  2. a URL
  3. an HTTP method
  4. HTTP request headers
  5. Optional HTTP body.

Let’s explore in greater depth how these requests work, and how the contents of a request can be used to share information.

What’s an HTTP method?

An HTTP method, sometimes referred to as an HTTP verb, indicates the action that the HTTP request expects from the queried server. For example, two of the most common HTTP methods are ‘GET’ and ‘POST’; a ‘GET’ request expects information back in return (usually in the form of a website), while a ‘POST’ request typically indicates that the client is submitting information to the web server (such as form information, e.g. a submitted username and password).

What are HTTP request headers?

HTTP headers contain text information stored in key-value pairs, and they are included in every HTTP request (and response, more on that later). These headers communicate core information, such as what browser the client is using what data is being requested.

Example of HTTP request headers from Google Chrome's network tab:

HTTP request headers

What’s in an HTTP request body?

The body of a request is the part that contains the ‘body’ of information the request is transferring. The body of an HTTP request contains any information being submitted to the web server, such as a username and password, or any other data entered into a form.

What’s in an HTTP response?

An HTTP response is what web clients (often browsers) receive from an Internet server in answer to an HTTP request. These responses communicate valuable information based on what was asked for in the HTTP request.

A typical HTTP response contains:

  1. an HTTP status code
  2. HTTP response headers
  3. optional HTTP body

    4. Let's break these down:

    What’s an HTTP status code?

    HTTP status codes are 3-digit codes most often used to indicate whether an HTTP request has been successfully completed. Status codes are broken into the following 5 blocks:

    1. 1xx Informational
    2. 2xx Success
    3. 3xx Redirection
    4. 4xx Client Error
    5. 5xx Server Error

      6. The “xx” refers to different numbers between 00 and 99.

      Status codes starting with the number ‘2’ indicate a success. For example, after a client requests a web page, the most commonly seen responses have a status code of ‘200 OK’, indicating that the request was properly completed.

      If the response starts with a ‘4’ or a ‘5’ that means there was an error and the webpage will not be displayed. A status code that begins with a ‘4’ indicates a client-side error (It’s very common to encounter a ‘404 NOT FOUND’ status code when making a typo in a URL). A status code beginning in ‘5’ means something went wrong on the server side. Status codes can also begin with a ‘1’ or a ‘3’, which indicate an informational response and a redirect, respectively.

      What are HTTP response headers?

      Much like an HTTP request, an HTTP response comes with headers that convey important information such as the language and format of the data being sent in the response body.

      Example of HTTP response headers from Google Chrome's network tab:

      HTTP response headers

      What’s in an HTTP response body?

      Successful HTTP responses to ‘GET’ requests generally have a body which contains the requested information. In most web requests, this is HTML data which a web browser will translate into a web page.

      Can DDoS Attacks Be Launched Over HTTP?

      Keep in mind that HTTP is a “stateless” protocol, which means that each command runs independent of any other command. In the original spec, HTTP requests each created and closed a TCP connection. In newer versions of the HTTP protocol (HTTP 1.1 and above), persistent connection allows for multiple HTTP requests to pass over a persistent TCP connection, improving resource consumption. In the context of DoS or DDoS attacks, HTTP requests in large quantities can be used to mount an attack on a target device, and are considered part of application layer attacks or layer 7 attacks.

Para proporcionarle la mejor experiencia posible en nuestro sitio web, podemos usar cookies, como se indica aquí.
Al hacer clic en aceptar, cerrar este banner o continuar navegando por nuestros sitios web, acepta el uso de dichas cookies.