Sesstion1 of Beginner DevOps

Yadollah khaje hosseini
4 min readJul 29, 2023

Http Concepts

What kind of attacks does SSL prevent?

https://venafi.com/machine-identity-basics/the-most-common-ssl-and-tls-attacks/

Man-in-the-Middle (MITM)

Duty Http: Easy Transfer Html files ( Web Server among Browser )

Browser — → webserver with Request
Webserver — -> Browser with Response

Resource In Server = HTML, CSS, JS, JPEG

Request Header

Request Body

Response Header

Response Body

Request Header:

VERB = Request Method = Request Type

*GET a Request the specified resource

Provide me with a resource from the server

*POST a Send specific data to the server for processing

Request Body = Payload

Inspect In Chrome a Network Tab a Preserve log — Disable cache

https://blog.logrocket.com/making-the-most-of-the-chrome-developer-tools-part-2-4aa347970b30/

“Preserve log is a checkbox that lets you persist logs between page refreshes. This is useful when debugging website issues that require you to refresh the page, since all console output is otherwise cleared. When this option is enabled, a new type of “Navigation” log appears in the console to show page refreshes or navigation events to different pages.”

Compress ( gzip )

https://blog.hubspot.com/website/compressing-html

https://serpstat.com/blog/how-to-compress-html-code-to-reach-better-website-loading-speed/

https://chrome.google.com/webstore/detail/beautifer-minify/ahhjkfcneijonkihlcplndcnlpofjaip

https://en.ryte.com/magazine/compress-code-for-a-faster-website

https://www.javatpoint.com/uri-vs-url#:~:text=A%20URI%20is%20a%20sequence,resource%20available%20on%20the%20internet.

“Key differences between URI and URL

  • URI contains both URL and URN to identify the name and location or both of a resource; in contrast, URL is a subset of URI and only identifies the location of the resource.
  • The example of URI is urn:isbn:0–476–27557–4, whereas the example of URL, is https://google.com.
  • The URI can be used to find resources in HTML, XML, and other files also, whereas, URL can only be used to locate a web page.
  • Each URL can be a URI, whereas all URIs cannot always be URLs.”

https://ae.godaddy.com/blog/uri-vs-url/

Request Header à Network à Timing à TTFB (waiting for server response)

https://sematext.com/glossary/time-to-first-byte/#:~:text=Definition%3A%20What%20is%20Time%20to,SSL%20connection

From the moment the user reaches the first byte to the server

Time to first bytes

Request Header à Network à initiator

OSI Model

https://www.imperva.com/learn/application-security/osi-model/

PUT à Send Specific data to server

Difference between PUT and POST

https://restfulapi.net/rest-put-vs-post/

Delete à delete the specified rescore

Options à Retrieve the http request that the server support

https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods

The OPTIONS method describes the communication options for the target resource.

In Layer 7 à WAF à Firewall Only Http and Https à Web Application Firewall

https://www.cloudflare.com/en-gb/learning/ddos/glossary/web-application-firewall-waf/

“A WAF or web application firewall helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others.”

Very False Positive

PATCH à Modify the specified Resource

Response Header

Status Code

1XX à Informational Message

2XX à Success

3XX à Redirect

4XX àClient Error

5XX à Server Error

Mask Server In Header Response == In Config Nginx

https://umbraco.com/knowledge-base/http-status-codes/#:~:text=The%20100%20Continue%20status%20code,the%20request%20has%20already%20finished.

100 Continue

“The 100 Continue status code means that the initial part of the request has been received by the server and that the client should proceed with the request or ignore the response if the request has already finished.”

101 Switch Protocol ( ws / wss) Http Stateless Web Socket StateFul

https://ably.com/topic/socketio-vs-http

200 OK

201 Created

301 Move Permanently == Redirect

302 Move Temporary

Different In Search Engine

307 a Move Temporary à Only Support in Browser à Man In The Middle à HSTS a Not support For robot google

400 Bad Requests

401 Unauthorized ( is anonymous )

403 Forbidden

404 Not Found

405 Method Not Allowed

407 Proxy Authentications Required

408 Request Timeout

500 Internal Server errors

501 Not implemented

502 Bad Getaways

Nginx indicates wrong place.

503 servers unavailable ::: The web application queue is full

Thread Pull ( Software consept ) — — Thread connect process — -
request new — — threads is busy — enter to queue — if queue is full — — process no enter queue — 503 Error — :: Solove:: Tuning Nginx or Tuning develop Or Increase Resource Server

Core (Hardware consept)

-

Diffrent Webserver And ApplicationServer
ApplicationServer ::: PHPFPM Tomcat Web logic glassfish jbos IIS Python (PHP, JAVA, donent)
Webserver :: Serve in static content :: NGINX, Apache, IIS :: ( Image, JS, CSS, Font,…)
CDN:: Content Delivery Network :: Content Cache myself

— — — -

504 Getaway timeout :: Webserver Link to Application is fail

Nginx CPU sensitive

Https Concept

Certificate on (Firewall) WAF off road Or termination

--

--