Menu
homeYandex

Difference between HTTP and HTTPS. Brief description of the HTTP protocol

IN global network scammers and hackers try to steal every day personal information. In the past, phishing was considered the most popular method of stealing. The attacker replaces the original site, and data from the user falls into his hands (passwords, card numbers, private messages and so on.). To solve this problem, we created a secure HTTPS connection. Therefore, site administrators are often concerned with the question of how to create and configure a secure https connection.

and why is it needed

Before moving your site to an HTTPS connection, you should understand what it is and how it works. HTTPS is a secure version of the HTTP protocol (Hypertext transmits the necessary data for pages to work (browser name, screen resolution, presence of Cookies, etc.).

HTTP is used by developers to send and receive variables; without this protocol, websites will not be able to function. All files transferred via HTTP could previously be easily intercepted using a fake website (phishing).

Previously, passwords, logins, card numbers, secret messages and other things were stolen using a similar method. important information. To protect users from phishing, they were invented SSL certificate s and checking their authenticity before starting the exchange of information.

HTTPS must be used on banking websites or online stores. If these resources are not available, the browser will deny the connection and a danger warning will be displayed. As a result, the site will lose the trust of its users.

What is an SSL/TLS certificate

The main innovation in HTTPS is the mandatory use of a digital SSL certificate. This is a file in which all information is stored (IP address of the server, country of the site, E-mail of the owner, etc.). Digital document is encrypted on the site server and on the server of the certification authority (GoDaddy, Comodo, etc.). At each connection, these files are compared, and if they are the same, the connection continues. Otherwise, a security warning appears.

Many readers do not know how to make a secure https connection. The first step is to obtain an SSL certificate from a trusted authority. Exist different types these documents:

  • DV - only confirm the domain (for small sites and blogs).
  • OV - domain and organization are checked.
  • EV - extended verification (a green bar and a padlock will appear in the browser).

The EV option is considered the most preferable for shops and banks. Further clarifications follow in the form:

  • SGC (supports older browsers).
  • Wildcard (subdomain support).
  • SAN (alternate domains in one certificate).
  • IDN (support national domains www).

For most sites, it is enough to use a DV SSL certificate. It is inexpensive and guarantees protection against phishing.

How to transfer a site to a secure connection

More and more owners online business I'm interested in how to create a secure https connection. To do this you will have to make some changes to program code pages. The most important thing is to write additional rule in the .htaccess file. It contains code for Apache settings web server.

Most hosting providers allow you to configure an SSL certificate for the server through the control panel. Check with your service provider for details on how to do this. The entire website translation process can be divided into the following stages:

  1. Obtaining an SSL certificate.
  2. Installing a certificate on the server.
  3. Changing internal site links.
  4. Setting up redirect to port 301.
  5. Changing Hosts in robots.txt.

If used paid hostings type beget, then contact support with a certificate, and all further actions will be performed by service workers. The most difficult step when answering the question of how to make an https connection is the setup, since most scripts do not help.

Obtaining a certificate and installing it on the server

We have theoretically figured out how to make an https connection, let’s move on to action. The first step is to obtain an SSL certificate from one of the trusted centers. You can find many on the Internet various options in different price ranges. At the present time, to receive free document there are 2 centers:

  • WoSign.
  • Startssl.

Other services require payment. The amount depends on the type of certificate and its additional features(multi-domain, support for older browsers, etc.). Certification authorities:

  • Reg.ru.
  • Godaddy.
  • Hostland.
  • Symantec.
  • Comodo.
  • GlobalSign.
  • Thawte.

In addition, some hosting providers provide their users with SSL certificates when purchasing a certain tariff plan. The certification website describes in detail the necessary actions. But the whole procedure consists of the following steps:

  • generating a CSR request;
  • filling in the site email (admin@[site address]);
  • filling in information about the domain owner (for EV and OV documents).

The CSR request includes general data for verification (organization, city, region, country). After filling out the information, the user receives 2 codes ( The secret key and CSR code), be sure to save them in separate document. Send this code to receive an SSL certificate and wait for it to be issued from the center.

Now go to the hosting website and find the “SSL certificate” section or contact support. You will need to provide information about the CSR code, private key and certificate. Don't forget to enable SSL support in your hosting panel.

How to create an https connection permanently

After placing the file on the server, you need to internal setup site. You will need to set up a redirect and change all internal links from absolute to relative.

That is, instead of http://site.ru/img/bg.png install: //site.ru/img/bg.png.

We need to remove HTTP from link names. If in doubt, call a WEB programmer or freelancer, he will quickly set it up. You can look for links through the code editor in each file, or you can find all the information through the search in PhpMyAdmin.

After setting up the links, you need to inform search engines about the change. Open the robots.txt file and in the Host: line, replace HTTP with HTTPS.

Instead of http://example.ru, insert: https://example.ru.

After changing the search file, set up automatic Before further actions check site availability at HTTPS protocol e. If all previous actions were performed correctly, then no errors should occur.

For automatic redirection on secure connection paste this script into the .htacess file, it helps some:

RewriteEngine on

RewriteCond %(HTTP:X-Forwarded-Proto) !https

RewriteRule ^ https://%(HTTP_HOST)%(REQUEST_URI)

But in most cases this method does not work. In these situations, contact your hosting administrator, he will be able to make correct settings. The redirect will start working after the server is restarted, usually within 24 hours.

In addition, you will need to change the settings in the Yandex or Google webmaster panel. In the indexing settings section, you will need to go to the main mirror item and install HTTPS. In addition, you will need to transfer:

  • sitemap.xml;
  • URL exceptions;
  • geolocation;
  • links Disawov Tool for Google.

After this, you just have to wait for the reindexing to finish. During this period, activity on the site will decrease, but then everything will stabilize.

connection in WordPress

Modern blogs and portals mostly run on WordPress; to switch to https, they will need to perform the same steps (obtain a certificate, change links, etc.). But they have a set of built-in plugins that will perform all the actions for the owner:

  • easy HTTPS Redirection;
  • HTTPS (SSL).

The first replaces links, and the second allows you to specify an SSL certificate. Also, go to Settings->General. Here you need to change the URL and specify the HTTPS protocol. Make sure that old pages also have a secure connection. After changing the links, configure the redirect and change the robots.txt file.

There should be no more questions about how to make an https connection on a website. On most hosting sites, to enable protective mode, you only need to write to technical support. They will appoint a specialist, and he will do the setup himself.

HTTP (HyperText Transfer Protocol) was developed as a basis World Wide Web.

The HTTP protocol works as follows: the client program establishes a TCP connection with the server ( Standart room port-80) and issues an HTTP request to it. The server processes this request and issues an HTTP response to the client.

HTTP request structure

An HTTP request consists of a request header and a request body, separated by an empty line. The request body may be missing.

The request header consists of the main (first) line of the request and subsequent lines that clarify the request in the main line. Subsequent lines may also be missing.

The main line query consists of three parts, separated by spaces:

Method(in other words, the HTTP command):

GET- document request. The most commonly used method; in HTTP/0.9, they say, he was the only one.

HEAD- document title request. It differs from GET in that only the request header with information about the document is returned. The document itself is not issued.

POST- this method is used to transfer data to CGI scripts. The data itself appears in subsequent lines of the request in the form of parameters.

PUT- place the document on the server. As far as I know, it is rarely used. A request with this method has a body in which the document itself is transmitted.

Resource- this is the way to specific file on the server that the client wants to receive (or place - for the PUT method). If the resource is simply some file to be read, the server must return it in the response body for this request. If this is the path to a CGI script, then the server runs the script and returns the result of its execution. By the way, thanks to this unification of resources, the client is practically indifferent to what he represents on the server.

Protocol version-version of the HTTP protocol with which the client program works.

So a simple HTTP request might look like this:

This requests the root file from the web server's root directory.

Lines after main line requests have the following format:

Parameter: value.

This is how the request parameters are set. This is optional; all lines after the main query line may be missing; in this case, the server accepts their value by default or based on the results of the previous request (when working in Keep-Alive mode).

I will list some of the most commonly used HTTP request parameters:

Connection(connection) - can take the values ​​Keep-Alive and close. Keep-Alive means that after issuing this document, the connection to the server is not broken, and more requests can be issued. Most browsers work in Keep-Alive mode, since it allows you to “download” an html page and images for it in one connection to the server. Once set, Keep-Alive mode is maintained until the first error or until the next Connection: close request is explicitly specified.
close ("close") - the connection is closed after responding to this request.

User-Agent- the value is the browser "code", for example:

Mozilla/4.0 (compatible; MSIE 5.0; Windows 95; DigExt)

Accept- a list of content types supported by the browser in order of their preference for a given browser, for example for my IE5:

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/msword, application/vnd.ms-powerpoint, */*

This is obviously necessary for the case when the server can output the same document in different formats.

The value of this parameter is used mainly by CGI scripts to generate a response adapted for a given browser.

Referrer- URL from which you came to this resource.

Host- the name of the host from which the resource is requested. Useful if the server has several virtual servers under the same IP address. In this case the name virtual server determined by this field.

Accept-Language- supported language. Significant for a server that may serve the same document in different language versions.

HTTP response format

The response format is very similar to the request format: it also has a header and body separated by an empty line.

The header also consists of a main line and parameter lines, but the format of the main line is different from that of the request header.

The main query string consists of 3 fields separated by spaces:

Protocol version- similar to the corresponding request parameter.

Error code- code designation of the “success” of the request. Code 200 means "everything is normal" (OK).

Verbal description of the error- “deciphering” the previous code. For example, for 200 it is OK, for 500 - Internal Server Error.

The most common http response parameters:

Connection- similar to the corresponding request parameter.
If the server does not support Keep-Alive (there are some), then the Connection value in the response is always close.

Therefore, in my opinion, the correct browser tactic is the following:
1. issue Connection: Keep-Alive in the request;
2. The connection status can be judged by the Connection field in the response.

Content-Type(“content type”) - contains a designation of the content type of the response.

Depending on the Content-Type value, the browser interprets the response as an HTML page, gif picture or jpeg, as a file to be saved to disk, or whatever, and takes appropriate action. The Content-Type value for the browser is the same as the file extension value for Windows.

Some content types:

text/html - text in HTML format (web page);
text/plain - plain text (similar to Notepad);
image/jpeg - picture in JPEG format;
image/gif - the same, in GIF format;
application/octet-stream - a stream of "octets" (i.e. just bytes) to write to disk.

There are actually many more types of content.

Content-Length("content length") - the length of the response content in bytes.

Last-Modified("Modified last time") - date last change document.

Error 500 means that the server of the website you are trying to access has experienced an internal system failure. It follows that either the site owners or the Internet provider can fix it. But there are still some actions on the part of the average user that can affect and fix the HTTP ERROR 500 error.

HTTP status code 500 means there is a problem with the web server configuration or it means that one of the important components has simply failed. With this error everything software is in service, but it has critical internal problems, which cause a conflict in accessing the server and also prevent it from working correctly.

The appearance of error 500 in the browser can be caused by for various reasons. Therefore, we list below all the ways to eliminate it:


Error 500 Google browser Chrome

Causes of HTTP ERROR 500

One of the reasons is incorrect installation access rights to scripts, which is why they are blocked. Rights can be configured for any user, although this is not recommended for security reasons. To configure rights you can use file manager FileZilla from the developer of the FireFox browser.

First, you need to pay attention to the access rights settings. Each type of element needs to be paid attention to separately. For files, the value should be specified - 644, for folders - 755 and for scripts - 600. It is advisable for only one person to set up an account and not allow anyone else to gain such rights.


Access rights settings

Exorbitant duration of script execution

In addition to the runtime limitations imposed by the language PHP programming, such restrictions are imposed on the script and from the outside server systems. An error tends to appear at the moment when limited time the script did not complete its work. In this case, his work will be completed unfinished.

To avoid the HTTP ERROR 500 error and speed up the script, you can use special services to optimize the performance of slow sections of the script. When using VPS or dedicated servers, you can change the server timeout. Such manipulations cannot be carried out using virtual hosting, unless you receive agreement from technical support.

Problems with the .htaccess file

Syntax of this file has a certain structure that cannot be changed or violated. If one of its directives has errors, then this will certainly result in an HTTP ERROR 500 error. It may be that the directive does not have errors or file conflicts, but it is not supported.

Find this “.htaccess” file in the root of the site. Then copy it to another place so as not to lose it. Now remove it from the site. If everything falls into place, then the problem is in this file. In this case, take the file from the new distribution of your CMS (Content Management System).


File.htaccess

You can view information about server errors. All of them are entered into special file under the name – “error.log”. By opening it, you can find information about which of your directives is in conflict. For example, “Invalid command ‘Prive’ tells us that the ‘Price’ directive contains a typo, correcting “v” to “c” will solve this problem.

Code needs more memory

The virtual hosting system strictly controls the memory allocated for needs various scripts and programs. In this way, servers prevent memory overload. When for some erroneous reasons the code starts consuming more memory Error 500 appears.


Memory for scripts

In order to fix similar problem, you need to identify the errors in the code that are causing it to not work properly. If everything is OK with the code, contact technical support. Memory can be increased if necessary by paying extra for an extension of the tariff plan.

An "http" error may occur. Many people then begin to analyze their latest actions, produced in WordPress, but most people simply have no idea what happened, because nothing “bad” seemed to have been done. If you look at the answers on the Internet to the question “why does it give an http error when loading images,” you can find several recommendations that can eliminate this error.

Recommendations to help resolve the “http” image upload error

The first recommendation is to look through the entire list installed plugins and disable all unnecessary ones. You will also need to disable all plugins and enable them one by one, and then watch the effect of their work on your site. Thus, uploading photos may work, but it is far from certain that you will be able to detect exactly the plugin that is throwing the error. If you have time and patience, try this recommendation, but we found it too troublesome, so we left this option in reserve.

The second recommendation states that the whole problem may lie in the server on which your site is located. But if you have other sites that work with this hoster, and everything is fine with them in perfect order, which means the error lies somewhere in the site itself. If there is only one site, then contact the hoster, in case the problem really lies there.

Here we also note that it is not always rational to update to a version that has just been released.

As a rule, it contains many useful innovations/updates, but not all plugin developers have time to make adjustments to their products. That is, if everything is fine with you now, then there’s no point in rushing to update the engine.

The fourth tip is to add the following code to the .htaccess file:

SecFilterEngine Off
SecFilterScanPOST Off

The above code must be placed at the end or beginning of the file, after which everything can start working.
The next tip is to insert the code into the .htaccess file using an FTP uploader:



SecFilterEngine Off
SecFilterScanPOST Off

Note that if you already have such code in the file, then you will need to rewrite it, that is, replace it with a new one. Try downloading the media file now; Moreover, you can download files in unlimited quantity. We have repeatedly noticed that in one case, if you paste the code at the beginning of the file, everything will work; when pasting the code on another site at the beginning of the file, nothing worked, but everything started working as soon as the code was moved to the end of the file.

It is worth remembering that after updating WordPress this file can easily be overwritten and the error may occur again. To prevent this from happening, we recommend saving a backup file to your computer and, if something happens, uploading it to the server via FTP.

Another recommendation is to install the WPupload plugin, which replaces the default WordPress uploader with a new one (it supports HTML5, Flash, BrowserPlus, etc.). However, new plugin may add new problems to the site, but, in any case, it will eliminate this error when loading “http” images.

From all of the above, a simple conclusion follows: if you want your site to work stably, do not rush with . A new version although it promises to be more functional and secure, it third party developers They don’t always have time to optimize their products for new versions (this is why the “http” error may pop up).

Almost any active user Internet when working with websites I encountered errors. It is especially important for the site owner to know the cause of these errors.
Quite often, the problems that cause errors are minor and you can solve them yourself. First, you need to familiarize yourself with the types of the most common errors, and then the algorithm for eliminating them.

Types of errors

An http protocol error can occur if files requested by the user do not reach them from the server. In such a situation, the server reports an error code to the user. There are only four types of server response code: two successful and two unsuccessful.

List of http errors (xx – any numbers):

2xx— the requested request has been completed;
3xx— the requested request has been sent to the user, which is also considered a positive code;
4xx— the file was not sent to the user due to an error. This code indicates an error on the client side;
5xxx- server error.

Below we will look at two latest code server response. This is the most common mistakes, and eliminating them does not require much time.

Error 400 "Bad Request"

If, when requesting a site, you receive a 400 error, it means there was an error in the request itself. But this error may occur if you are trying to log into the control panel of your site. Most often this happens for 4 reasons:

  • browser is blocked by antivirus;
  • the browser is blocked by the Windows firewall;
  • a large number of cookies and cached files;
  • unstable internet connection.

To solve this problem, you need to check each one in turn. possible reason its occurrence.

Browser blocked by antivirus
Check that your browser is not in the list of prohibited applications in your antivirus. If found, increase the level of trust in it and save the settings.

The browser is blocked by a firewall.
In this case, you need to temporarily disable the firewall, clear your cookies and cash, and then refresh the page in your browser. If the problem is resolved, you need to add the browser to the allowed programs in the firewall.

Cookies & cash
The simplest solution is to simply clear the cookies and cash in your browser, and then refresh the error page.

Unstable internet connection.
Call your provider to find out what's causing the outage. Perhaps the provider is undergoing work.

Error 403 "Access Denied"

If the server response is error 403, it means that access to the requested files is denied. The most common reasons:

  • Incorrect index file. To correct this error, you need to create such a file or rename it if it already exists.
  • The file's permissions prevent the web server from reading it. To solve the problem you need to change the rights.
  • The data is located in the wrong directory. To solve, check the location of the files in the public_html directory.

Error 404 – file not found

This error means that the server does not find the data requested. The main reasons for its occurrence:

  • The URL was entered incorrectly. To resolve the error, check the spelling of the link.
  • The requested document is missing. To resolve the error, you need to check whether the requested file is in the correct directory.

Error 500 – server error

To find out what the http error code 500 means, you need to check the reasons for its occurrence.

  • Inability to run the script. If incorrect access rights are specified on documents, such as 777, scripts working with these files are blocked by the server. To eliminate this problem, you must set the correct file permissions.
  • There is an error in the .htaccess file. There may be an error in the directive. To resolve the error, enable error.log.

Error 502 – Bad Gateway

http error statuses such as 502 indicate that the server provided an invalid response. Reasons for this error:

  • The proxy server is not working properly. Make sure you have network access. If you have access to other sites and the Internet is working, delete cookies and clear the cache.
  • Insufficient server resources. This problem can arise if your site exceeds the amount of resources allocated to you by the hosting on this site. tariff plan. Study the hosting plans and choose the one that is more suitable and provides more resources.

Error 503 – Service Temporarily Unavailable

Each site, located on a hosting, has a limited number of work processes at its disposal, depending on the tariff. Processes are executed in turn, and the more processes there are, the more the queue becomes clogged, the number of processes in which is limited. Thus, if a process does not fit into the configured queue size, it will not be executed. In this case, the server displays the error “Service is temporarily unavailable.” Reasons for the error:

  • Limited script running time. Since the scripts stop working after some time, they may not have time to transfer large file. To resolve this error, disable all plugins one by one, identifying the heaviest ones. The culprit should be replaced with a similar plugin or abandoned altogether.
  • High number of requests. Causes:
  1. The resource references too many files, each of which takes a separate process to load. To solve, try to combine as much as possible more files into one.
  2. Spam and DDoS attacks can cause high request volumes. In case of a DDos attack, .

What to do if an error occurs

Even on sites with the most best service Errors occur periodically. For independent decision you need to understand the cause http errors. Such knowledge will help you save time and resources, because you will not need to contact technical support provider.