資訊專欄INFORMATION COLUMN
摘要:這不是講協議的很多的東西是知其意而忘其形趁著過年這段時間把很多的知識都下把形找回來寫代碼并不是全部屬于應用層的協議是無狀態的和的作用就體現出來了我這里畫了一張圖下面是我的的部分配置注意以這個為例代表使用協議默認默認就是我使用虛擬機的把虛擬機
這不是講http協議的
很多的東西是知其意而忘其形?, 趁著過年這段時間把很多的知識都review下, 把形找回來, 寫代碼并不是全部
telnet
curl
chrome
postman
fiddler/wireshark
httphttp屬于應用層的協議
http是無狀態的(cookie和session的作用就體現出來了)
我這里畫了一張圖
https://www.processon.com/vie...
下面是我的php.ini的部分配置
session.use_cookies = 1 session.use_only_cookies = 1 session.name = PHPSESSID session.auto_start = 0 session.cookie_lifetime = 0 session.save_path=F:www mpsession
注意session.name = PHPSESSID
http://www.test.com:80/index.php/kill?d=1&a=x 以這個為例
| description | value | commet |
|---|---|---|
| scheme | http | http代表使用http協議/https |
| host | www.test.com | |
| port | 80 | http默認80/https默認443 |
| uri | /index.php/kill?d=1&a=x | |
| args | d=1&a=x | 就是query_string |
我使用虛擬機的, 把虛擬機的80端口映射到本機的8000端口, so下面的host是127.0.0.1:8000
完整的是在chrome里面打開http://127.0.0.1:8000/index/index/test2
request
GET /index/index/test2 HTTP/1.1 Host: 127.0.0.1:8000 Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 DNT: 1 Accept-Encoding: gzip, deflate, sdch, br Accept-Language: en-US,en;q=0.8,zh-CN;q=0.6,zh;q=0.4 Cookie: XDEBUG_SESSION=PHPSTORM
response
HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Jan 2017 02:29:09 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding X-Powered-By: PHP/5.6.22 Proxy-Connection: keep-alive
body
testcurl demo
[xsu@localhost ~]$ curl -v "http://127.0.0.1/index/index/test2" * About to connect() to 127.0.0.1 port 80 (#0) * Trying 127.0.0.1... * Connected to 127.0.0.1 (127.0.0.1) port 80 (#0) > GET /index/index/test2 HTTP/1.1 > User-Agent: curl/7.29.0 > Host: 127.0.0.1 > Accept: */* > < HTTP/1.1 200 OK < Server: nginx < Date: Mon, 23 Jan 2017 02:20:23 GMT < Content-Type: text/html; charset=utf-8 < Transfer-Encoding: chunked < Connection: keep-alive < Vary: Accept-Encoding < X-Powered-By: PHP/5.6.22 < * Connection #0 to host 127.0.0.1 left intact testtelnet demo
[xsu@localhost ~]$ telnet 127.0.0.1 80 Trying 127.0.0.1... Connected to 127.0.0.1. Escape character is "^]". ^] telnet> GET /index/index/test2 HTTP/1.1 Host: 127.0.0.1 HTTP/1.1 200 OK Server: nginx Date: Mon, 23 Jan 2017 02:14:36 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding X-Powered-By: PHP/5.6.22 4 test 0
Transfer-Encoding: chunkedchunked 表示是分段, test前面的4表示接下來的數據的長度, 這是一個16進制的數, test下一段的長度為0 , 即表示結束
request由3部分組成:
request method, uri, protocol versionGET /index.php/index/index/test HTTP/1.1
| request method | curd |
|---|---|
| get | r, read |
| post | u, update |
| put | c, create |
| delete | d, delete |
只說幾個有趣的, 其他的自己看詳細的http協議, 或者chrome調試臺的request header
User-Agent
所有的瀏覽器都是 Mozilla/5.0 開頭的, 當時久我都驚呆了, 至于為什么看知乎
Accept-Language
在chrome地址欄里面打開chrome://settings/languages, 把英文拖到 最上面, 打開www.swoole.com, 再把中文拖到最上面, 再打開www.swoole.com
困惑了我好久, 我之前打開很多網站, 打開的總是默認打開英文版的網站, 后來不小心review了下http協議, 恍然大悟?
X-Forward-For
可以用來偽造ip來源, 刷單, 限制ip的地方
在配置nginx的時候要注意, 和獲取client ip的時候要注意, 不要相信用戶的輸入, 特別是http_xxx, 太容易偽造了
X-Request-With
區分是正常的請求還是ajax請求的, ajax請求一般都帶有這個請求頭, 當然可以直接定義
request bodypost的數據就是放到里面
response protocol version, response status, descriptionHTTP/1.1 200 OKresponse header
Server: nginx Date: Mon, 23 Jan 2017 02:29:09 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding X-Powered-By: PHP/5.6.22 Proxy-Connection: keep-aliveresponse body
就是我們看到的html實體, 或者ajax返回的字符串
PHP大概說下php里面$_SERVER
php的文件內容為
ksort($_SERVER); print_r($_SERVER);
request -> view-source:http://127.0.0.1:8000/index.php/index/index/test?a=1&d=x
返回的數據為(服務器用的是nginx, apache的類似)
Array
(
[CONTENT_LENGTH] =>
[CONTENT_TYPE] =>
[DOCUMENT_ROOT] => /home/wwwroot/tp5/public
[DOCUMENT_URI] => /index.php
[FCGI_ROLE] => RESPONDER
[GATEWAY_INTERFACE] => CGI/1.1
[HOME] => /home/www
[HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,image/webp
[HTTP_ACCEPT_ENCODING] => gzip, deflate, adch, br
[HTTP_ACCEPT_LANGUAGE] => en-US,en;q=0.8,zh-CN;q=0.6,zh;q=0.4
[HTTP_CONNECTION] => keep-alive
[HTTP_COOKIE] => XDEBUG_SESSION=PHPSTORM
[HTTP_DNT] => 1
[HTTP_HOST] => 127.0.0.1:8000
[HTTP_UPGRADE_INSECURE_REQUESTS] => 1
[HTTP_USER_AGENT] => Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
[PATH_INFO] => /index/index/test
[PHP_SELF] => /index/index/test
[QUERY_STRING] => a=1&d=x
[REDIRECT_STATUS] => 200
[REMOTE_ADDR] => 10.0.2.2
[REMOTE_PORT] => 62835
[REQUEST_METHOD] => GET
[REQUEST_SCHEME] => http
[REQUEST_TIME] => 1485139559
[REQUEST_TIME_FLOAT] => 1485139559.6806
[REQUEST_URI] => /index.php/index/index/test?a=1&d=x
[SCRIPT_FILENAME] => /home/wwwroot/tp5/public/index.php
[SCRIPT_NAME] => /index.php
[SERVER_ADDR] => 10.0.2.15
[SERVER_NAME] => www.test.com
[SERVER_PORT] => 80
[SERVER_PROTOCOL] => HTTP/1.1
[SERVER_SOFTWARE] => nginx/1.10.0
[USER] => www
)
大概可以分為以下(#1表)
| 分類 | 描述 |
|---|---|
| HTTP開頭 | request header |
| REQUEST開頭 | request method, protocol |
| SERVER開頭 | 服務器的相關信息 |
| REMOTE開頭 | 客戶端的相關信息 |
| SCRIPT,DOCUMENT開頭 | 腳本相關的名稱, 路徑 |
| 路由, 參數相關 | path_info, query_string |
| 其他 |
cgi -> 公共網關接口, 與語言無關, 規定要傳哪些數據(看#1表), 通過重定向語言的stdin, stdout來實現, 但是cgi很慢, 看下使用cgi的php執行流程
webserver 收到 parse php請求 -> 啟動PHPCGI -> PHPCGI解析php.ini, 初始化運行環境 -> 處理請求, 以cgi規定格式返回 -> 退出PHPCGI -> webserver 返回數據
問題 : 每次都要啟動phpcgi, 和初始化環境
fastcgi -> cgi的改進方案, 啟動一個master進程, 解析配置文件, 初始化運行環境, 再fork多個worker來處理php請求, 返回數據, 他是要管理一個進程池來處理請求
php-fpm -> 是實現了fastcgi協議的 php fastcgi 進程管理器, 并且可以平滑重啟(新的worker使用新的配置, 老的worker執行完就可以自動退出了),
nginx通常都是使用php-fpm, 通信有兩種方式, socket和9000端口
params看下fastcgi的重寫
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param REQUEST_SCHEME $scheme; fastcgi_param HTTPS $https if_not_empty; fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; fastcgi_split_path_info ^(.+?.php)(/.*)$; set $path_info $fastcgi_path_info; fastcgi_param PATH_INFO $path_info;
以$開頭的是nginx ngx_http_core_module 提供的變量, 具體可參看http://nginx.org/en/docs/http/ngx_http_core_module.html#variables
fastcgi_param這條指令就是對php中的$_SERVER賦值
fiddler這個軟件抓包使用很簡單, 可能不滿足需求, 當然需要更加專業wireshark, 可以使用自定義腳本, 這個功能就自己想象了, 并且這個軟件我也只會簡單的抓包, 復雜的不會, 不敢寫
為什么能抓包?打開Internet屬性 -> 連接 -> 局域網設置 -> 高級
你的http和https都使用了代理的, 你的所有的請求都會轉發到代理, 由代理處理, 所以能抓包
你把手機的代理地址, 設置為fiddler自動配置的ip地址和端口, 也可以抓手機的包
http斷點打斷點, 加參數, 就像調試本地程序一樣
這里可能需要用到filter過濾一下, 可以按 host, 進程, 請求頭過濾, 高興就好
postman有空再寫, 回家過年了,
