See this page as a slide show
CT320 WWW
First web server, CERN
URL
- All web stuff is done with URLs (URLs, URIs, URNs—not going there).
- A URL is scheme:info. Examples:
https://www.colostate.edu/
http://example.com/foo/bar
magnet:?xt=urn:btih:c12fe1c06bba254a9dc9f519b335aa7c1367a88a&dn
ftp://ftp.cisco.com/pub/mibs/v1/
mailto:pinkie-pie@my-little-pony.example.net
tel:+1-970-555-1212
- There are scores of schemes registered:
https://www.iana.org/assignments/uri-schemes/uri-schemes.xhtml
Web Browsing
- Web browsers use HTTP & HTTPS application-level protocols.
- These are TCP protocols on ports 80 & 443.
- Use HTTPS!
- HTTP is unencrypted. Anybody can see what you’re doing.
- HTTP is unsigned. Its contents can be replaced
or modified anywhere en route, and you wouldn’t know.
- Downloading software? I hope that nobody in the middle altered it!
Fetching a web page
Let’s fetch this web page:
- Translate www.cs.colostate.edu to 129.82.45.48 via DNS.
- Make a TCP connection to 129.82.45.48 at port 443 (HTTPS).
- Send an HTTP request through the socket, which looks like …
Fetching a web page
Send an HTTP request:
GET /~ct320/Fall18/Lecture/WWW HTTP/1.1
Accept: */*
Accept-Encoding: gzip, br, zstd, deflate
Host: cs.colostate.edu
User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Browsing Response
The response from the web server looks like this:
HTTP/1.1 200 OK
Date: Sun, 02 Feb 2025 19:09:33 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux)
X-Powered-By: PHP/5.4.16
Vary: Accept-Encoding
Set-Cookie: ☠☠☠
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8
<!doctype html>
<meta charset='utf-8'>
<title>CT320 | Lecture / WWW</title>
…
HTML
- The response can be in many different formats.
- A popular format is HTML, which has tags, e.g.,
I <strong>love</strong> My Little Pony!
- It’s your browser’s job to translate that HTML to a good-looking
display on the screen.
- The network doesn’t care about any of this. It just delivers the
bits from the server to the browser.
Browsing Security Considerations
- The HTTPS payload (request & response) is encrypted, going both ways.
- However, IP source & destination numbers are in the IP packet, so everybody
knows that I’m talking to www.cs.colostate.edu.
- However, nobody knows that I’m asking for the CT320 WWW lecture.
- What will be revealed if you fetch
https://male.personal.health.com/hair/restoration ?
Private Browsing
Private Browsing
- Chrome: Incognito
- Firefox: Private
- Internet Explorer: InPrivate
- What does it actually do?
- It doesn’t affect what you send or receive from the Internet at all.
- It limit evidence is kept in your browser.
- It saves you from your spouse, but not from the FBI.
- Routers see all IP addresses, port numbers, and DNS requests.
