Hypertext Transfer Protocol

June 17, 2012, by | Start Discussion


HTTP is a hypertext transfer protocol is provides a standard for web browsers and communicate with server. It is an application layer protocol designed within the framework of the Internet protocol suite.

HTTP is also called a stateless protocol because each command is executed without command knowledge.  The main reason that it is difficult to implement web site that react intelligence to the user input. HTTP client and server communicate via HTTP request and response messages. When the client submits a HTTP request to the server the server provides resources such as HTML files and it returns a response message to the clients.

There are three main http messages type are:

  • GET
  • POST
  • HEAD

By default HTTP utilize TCP port 80 and alternatively can used port 8080.

HTTP Basic Authentication

If a HTTP client web browser request pages, the server response with 401 unauthorized status code. It include WWW authentication header field in his response. Header list must contain at least one authentication challenge applicable for requested pages.

The Basic authentication scheme that has authorized issue consist of a username and password where this is secrete only to sever and you.

The server response 401 contains authentication challenge of the token “Basic’ and value and pair specifying the name of the protected realm.

HTTP/1.1 401 Access Denied

WWW-Authenticate: Basic realm=”control panel”

Content length=0

After receipt of server response 401, your web browser prompts username and password. The authentication header of browser’s follow up request again contains token “Basic” and base 64 encoded of the username and colon, password.

Authentication: Basic QWRtaW46Zm9vYmFy

The base 64 decode the string and compare against his username and password database.

HTTP Advance Authentication with PHP

For password protected site the easiest way to use HTTP authentication, where if a browser request a protected page is not with correct username and password. The web server replies with HTTP 401 error mean unauthorized access and an invitation for the browser with proper username and password.

For set up an HTTP authentication use an Apache. Use PHP for server side script language. When we installed Apache module PHP provide two special global variable $PHP_AUTH_USER and $PHP_AUTH_PW. It contains username and password with current HTTP request. If username and password both are incorrect it will respond with an HTTP 401 error.

PHP code:

The first line informs the web browser authentication is done with a username and password and realm option let the particular username and password should be used when a group of web pages.

To protect an entire site we would use PHP’s include the function to use the code that perform the username and password check in every file on your site.

Author bio not avialable

Leave a Reply