Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content

Fielding, Roy T.; Reschke, Julian F.

doi:10.17487/rfc7231

Cited by 149 publications

(17 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, an HTTP request starts by specifying the method. The HTTP method has to be assumed as arbitrary string given the protocol's extensibility [21]. Hence, after analyzing the first token of a line there can be multiple options for the underlying protocol.…”

Section: Misleading Startmentioning

confidence: 99%

Attacks on Dynamic Protocol Detection of Open Source Network Security Monitoring Tools

Grashöfer

Titze

Hartenstein

2020

2020 IEEE Conference on Communications and Network Security (CNS)

View full text Add to dashboard Cite

Protocol detection is the process of determining the application layer protocol in the context of network security monitoring, which requires a timely and precise decision to enable protocol-specific deep packet inspection. This task has proven to be complex, as isolated characteristics like port numbers are not sufficient to reliably determine the application layer protocol. Hence, more dynamic detection approaches have been developed. In this paper, we analyze the Dynamic Protocol Detection mechanisms employed by popular and widespread open-source network monitoring tools. We show on the example of HTTP that all analyzed detection mechanisms are vulnerable to evasion attacks, which pose a serious threat to real-world monitoring operations. We find that the underlying fundamental problem of protocol disambiguation is not adequately addressed in two of three monitoring systems that we analyzed. To enable adequate operational decisions, this paper highlights the inherent trade-offs within Dynamic Protocol Detection.

show abstract

Section: Misleading Startmentioning

confidence: 99%

Attacks on Dynamic Protocol Detection of Open Source Network Security Monitoring Tools

Grashöfer

Titze

Hartenstein

2020

2020 IEEE Conference on Communications and Network Security (CNS)

View full text Add to dashboard Cite

show abstract

“…The LoCO system supports uniform resource locator (URL) etc. to specify the data, since it is relied upon to perform the range request function [19] which is a kind of conditional request [20] within HTTP/1.1 [21], [22] to enhance its flexibility and versatility. The function is also usable in the future because it is compatible with HTTP/2.0 [23].…”

Section: Local Cooperative Data Offloading System Based On Location Imentioning

confidence: 99%

“…Next, each terminal cooperatively downloads 10 MB of data via the LoCO system. Note that the data request and download via the Internet was performed based on the range request [20], which is a kind of a conditional request [19] in HTTP/1.1 [21], [22]. We also focused the evaluation on the effect on mobile and fixed networks, and thus we excluded the direct communication traffic from the result describing the total amount of traffic.…”

Section: Overall Performance Evaluation Setupmentioning

confidence: 99%

LoCO: Local Cooperative Data Oﬄoading System Based on Location Information

Yamazaki¹,

Asano²,

Arai³

et al. 2019

JTIT

View full text Add to dashboard Cite

The development of high speed mobile networks and the widespread use of smartphones have enabled users to easily obtain large data volumes via the Internet. This causes a heavy consumption of network resources, a burden on the available bandwidth. To solve such problems, a data oﬄoading method with a wireless LAN access point has been used to distribute traﬃc from mobile to ﬁxed networks. However, the method using wireless LAN access points can only change the communication paths but cannot reduce the overall traﬃc. This paper proposes a local cooperative data ofﬂoading system (LoCO) that reduces the overall traﬃc by sharing data, with direct communication between neighbors based on their location-related information. Moreover, the authors implemented the LoCO system on Android smartphones and clariﬁed its performance in comparison with a traditional client/server system through experiments to download data in a real-world environment.

show abstract

“…See Section 3.2.6 of [RFC7230]. Likewise, note the rules for when parameter values need to be quoted in Section 3.1.1 of [RFC7231].…”

Section: The Cdn-loop Request Header Fieldmentioning

confidence: 99%

Loop Detection in Content Delivery Networks (CDNs)

Ludin¹,

Nottingham²,

Sullivan³

2019

View full text Add to dashboard Cite

This document defines the CDN-Loop request header field for HTTP. CDN-Loop addresses an operational need that occurs when an HTTP request is intentionally forwarded between Content Delivery Networks (CDNs), but is then accidentally or maliciously rerouted back into the original CDN causing a non-terminating loop. The new header field can be used to identify the error and terminate the loop. Status of this Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8586 1 .

show abstract

Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content

Cited by 149 publications

References 11 publications

Attacks on Dynamic Protocol Detection of Open Source Network Security Monitoring Tools

Attacks on Dynamic Protocol Detection of Open Source Network Security Monitoring Tools

LoCO: Local Cooperative Data Oﬄoading System Based on Location Information

Loop Detection in Content Delivery Networks (CDNs)

Contact Info

Product

Resources

About