Sesstion1 of Beginner DevOps
Http Concepts
What kind of attacks does SSL prevent?
https://venafi.com/machine-identity-basics/the-most-common-ssl-and-tls-attacks/
Man-in-the-Middle (MITM)
Duty Http: Easy Transfer Html files ( Web Server among Browser )
Browser — → webserver with Request
Webserver — -> Browser with Response
Resource In Server = HTML, CSS, JS, JPEG
Request Header
Request Body
Response Header
Response Body
Request Header:
VERB = Request Method = Request Type
*GET a Request the specified resource
Provide me with a resource from the server
*POST a Send specific data to the server for processing
Request Body = Payload
Inspect In Chrome a Network Tab a Preserve log — Disable cache
https://blog.logrocket.com/making-the-most-of-the-chrome-developer-tools-part-2-4aa347970b30/
“Preserve log is a checkbox that lets you persist logs between page refreshes. This is useful when debugging website issues that require you to refresh the page, since all console output is otherwise cleared. When this option is enabled, a new type of “Navigation” log appears in the console to show page refreshes or navigation events to different pages.”
Compress ( gzip )
https://blog.hubspot.com/website/compressing-html
https://serpstat.com/blog/how-to-compress-html-code-to-reach-better-website-loading-speed/
https://chrome.google.com/webstore/detail/beautifer-minify/ahhjkfcneijonkihlcplndcnlpofjaip
https://en.ryte.com/magazine/compress-code-for-a-faster-website
“Key differences between URI and URL
- URI contains both URL and URN to identify the name and location or both of a resource; in contrast, URL is a subset of URI and only identifies the location of the resource.
- The example of URI is urn:isbn:0–476–27557–4, whereas the example of URL, is https://google.com.
- The URI can be used to find resources in HTML, XML, and other files also, whereas, URL can only be used to locate a web page.
- Each URL can be a URI, whereas all URIs cannot always be URLs.”
https://ae.godaddy.com/blog/uri-vs-url/
Request Header à Network à Timing à TTFB (waiting for server response)
From the moment the user reaches the first byte to the server
Time to first bytes
Request Header à Network à initiator
OSI Model
https://www.imperva.com/learn/application-security/osi-model/
PUT à Send Specific data to server
Difference between PUT and POST
https://restfulapi.net/rest-put-vs-post/
Delete à delete the specified rescore
Options à Retrieve the http request that the server support
https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods
The OPTIONS method describes the communication options for the target resource.
In Layer 7 à WAF à Firewall Only Http and Https à Web Application Firewall
https://www.cloudflare.com/en-gb/learning/ddos/glossary/web-application-firewall-waf/
“A WAF or web application firewall helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others.”
Very False Positive
PATCH à Modify the specified Resource
Response Header
Status Code
1XX à Informational Message
2XX à Success
3XX à Redirect
4XX àClient Error
5XX à Server Error
Mask Server In Header Response == In Config Nginx
100 Continue
“The 100 Continue status code means that the initial part of the request has been received by the server and that the client should proceed with the request or ignore the response if the request has already finished.”
101 Switch Protocol ( ws / wss) Http Stateless Web Socket StateFul
https://ably.com/topic/socketio-vs-http
200 OK
201 Created
301 Move Permanently == Redirect
302 Move Temporary
Different In Search Engine
307 a Move Temporary à Only Support in Browser à Man In The Middle à HSTS a Not support For robot google
400 Bad Requests
401 Unauthorized ( is anonymous )
403 Forbidden
404 Not Found
405 Method Not Allowed
407 Proxy Authentications Required
408 Request Timeout
500 Internal Server errors
501 Not implemented
502 Bad Getaways
Nginx indicates wrong place.
503 servers unavailable ::: The web application queue is full
—
Thread Pull ( Software consept ) — — Thread connect process — -
request new — — threads is busy — enter to queue — if queue is full — — process no enter queue — 503 Error — :: Solove:: Tuning Nginx or Tuning develop Or Increase Resource Server
Core (Hardware consept)
-
Diffrent Webserver And ApplicationServer
ApplicationServer ::: PHPFPM Tomcat Web logic glassfish jbos IIS Python (PHP, JAVA, donent)
Webserver :: Serve in static content :: NGINX, Apache, IIS :: ( Image, JS, CSS, Font,…)
CDN:: Content Delivery Network :: Content Cache myself
— — — -
504 Getaway timeout :: Webserver Link to Application is fail
Nginx CPU sensitive
Https Concept
Certificate on (Firewall) WAF off road Or termination
