iptables: Overview and Practical Use

iptables: Overview and Practical Use
Hostman Team
Technical writer
Network
05.11.2024
Reading time: 11 min

The iptables utility allows you to manage the network firewall in Linux distributions. iptables is a popular command-line utility for interacting with the built-in Linux kernel firewall called Netfilter, which has been included in the Linux kernel since version 2.4. 

In this article, we will examine how iptables works and go through practical usage examples.

Installing iptables

As mentioned, iptables is included in nearly all Linux distributions, from the most common (Ubuntu, Debian, RHEL) to distributions like openSUSE, Arch Linux, Gentoo, and others. First, let's check if iptables is already installed on your cloud server by displaying its version with the command:

iptables --version

If this command returns a version number, iptables is already installed on the system. However, if you see the message iptables: command not found, you’ll need to install it manually. Below are instructions for installing iptables using package managers across various Linux distributions. Alternatively, you can compile and install iptables from the source code.

APT

For APT-based distributions (Ubuntu/Debian/Linux Mint/Kali Linux), use the command:

apt -y install iptables

RPM

For RPM-based distributions (CentOS, Fedora, Red Hat Enterprise Linux, ALT Linux), use one of the following commands:

For the YUM package manager:

yum -y install iptables

For the DNF package manager:

dnf -y install iptables

Pacman

For Pacman-based distributions (Arch Linux, ArchLabs, Manjaro), use the command:

pacman -S iptables

All commands must be run as the root user or as a regular user with sudo privileges.

How iptables Works

iptables operates using a system of rules. These rules control incoming and outgoing traffic, organized into chains that either allow or block traffic.

A more detailed breakdown of how iptables works is as follows:

  • Network packets pass through one or more chains.
  • As a network packet moves through a chain, each rule in that chain is applied to it. During this process, the packet is checked against specified criteria. If it does not meet a criterion, a specific action is applied to it. These actions can include allowing or blocking traffic, among other operations.

Key iptables Terminology

While working with iptables, you may encounter the following terms:

  • Chain: A sequence or set of rules that determine how traffic will be handled.
  • Rules: Defined actions that contain criteria and a target or goal.
  • Module: An added feature that provides extra options for iptables, allowing for more extensive and complex traffic filtering rules.
  • Table: An abstraction in iptables that stores chains of rules. iptables includes the following tables: Security, Raw, NAT, Filter, and Mangle. Each table has a specific function, described below.

iptables Tables

Filter Table

The Filter table is the default table, using three chains: OUTPUT, FORWARD, and INPUT.

  • INPUT: Controls incoming connections. For instance, this might manage incoming SSH connections.
  • FORWARD: Manages incoming connections not directed to the local device, typically used on a router.
  • OUTPUT: Controls outgoing connections, such as navigating to a website using a browser.

NAT Table

The NAT (Network Address Translation) table includes three chains: PREROUTING, POSTROUTING, and OUTPUT.

  • PREROUTING: Determines the destination IP address of a packet.
  • POSTROUTING: Alters the source IP address.
  • OUTPUT: Changes the target address of outgoing packets.

Mangle Table

The Mangle table is used to modify packet IP headers.

Raw Table

The Raw table provides a mechanism for marking packets to bypass connection tracking.

Security Table

The Security table enables interaction with various OS security mechanisms, such as SELinux.

iptables Rules

The rules in iptables are designed to control incoming and outgoing network traffic. Rules can also be used to configure port forwarding and create protocol-specific rules.

Each rule is made up of criteria and a target. The criteria of a rule are matched, and the specified actions are applied to the target object. If a packet doesn’t match a rule’s criteria, the next rule is processed. The decisions made by iptables are called actions. Below is a list of key actions for handling connections:

  • ACCEPT: Opens (allows) the connection.
  • DROP: Closes the connection without sending a response to the client.
  • QUEUE: Sends the packet to a queue for further processing by an external application.
  • RETURN: Returns the packet to the previous rule, stopping the processing of the current rule.
  • REJECT: Blocks the connection and sends an error message in response.
  • DENY: Drops the incoming connection without sending a response.
  • ESTABLISHED: Marks an already established connection, as the session has already received at least one packet

Practical Application of iptables

Let's look at using iptables in practice. All the commands below will work on any Linux distribution. iptables commands must be run as the root user or a regular user with sudo privileges.

To display the current iptables configuration (including all existing rules), use the command:

iptables --list

85c00f9e 64b3 4cea 9647 13304c7bb8c6

For a more detailed output, which includes the number and size of processed packets in the INPUT, FORWARD, and OUTPUT chains, along with IP addresses and port numbers in numeric format, use:

iptables --line-numbers -L -v -n

Ee0b2682 A15a 4737 Ad14 F4f1ebefd20e

You can also specify a specific chain to display rules for just that chain, such as:

iptables -L INPUT
iptables -L FORWARD
iptables -L OUTPUT

Initially, iptables does not create or store any rule chains, so the output of these commands may be empty.

Blocking IP Addresses

To block a specific IP address, add a rule to the INPUT chain and specify the appropriate table. In the command below, the table is explicitly set. If the -t option is omitted, the rule is added to the default Filter table. For example, to block the IP address 10.0.36.126:

iptables -t filter -A INPUT -s 10.0.36.126 -j REJECT

This command uses the following options:

  • -t: Specifies the table for the rule.
  • -A: Adds the rule to the specified chain, in this case, the INPUT chain.
  • -s: Specifies the source IP address to which the action applies.
  • -j: Specifies the action to take; here, traffic is rejected (action REJECT).

To block an entire subnet, specify it with the -s option:

iptables -A INPUT -s 10.0.36.0/24 -j REJECT

Or, you can specify the subnet mask in full format:

iptables -A INPUT -s 10.0.36.0/255.255.255.0 -j REJECT

To block outgoing traffic to a specific IP address, use the OUTPUT chain and the -d option:

iptables -A OUTPUT -d 10.0.36.126 -j REJECT

Blocking Ports

Ports can be blocked by specifying them directly. This is done with the --dport option, which designates the port of the service. Instead of a port number, you can use the service name. You must specify the protocol as well. For example, to block SSH connections from host 10.0.36.126 using the TCP protocol:

iptables -A INPUT -p tcp --dport ssh -s 10.0.36.126 -j REJECT

For the UDP protocol, use:

iptables -A INPUT -p udp --dport ssh -s 10.0.36.126 -j REJECT

Alternatively, to block SSH connections from 10.0.36.126 using the SSH service port (22), use:

iptables -A INPUT -p tcp --dport 22 -s 10.0.36.126 -j REJECT

To block SSH connections from any IP address over TCP:

iptables -A INPUT -p tcp --dport ssh -j DROP

Allowing an IP Address

To allow traffic from a specific IP address, use the ACCEPT action. In the example below, all traffic from the IP address 10.0.36.126 is allowed:

iptables -A INPUT -s 10.0.36.126 -j ACCEPT

To allow traffic from a specific range of IP addresses, for example, from 10.0.36.126 to 10.0.36.156, use the iprange module and the --src-range option:

iptables -A INPUT -m iprange --src-range 10.0.36.126-10.0.36.156 -j ACCEPT

Here:

  • iprange: A module for working with IP address ranges.
  • --src-range: Specifies the source IP address range.

To perform the reverse operation (allowing all traffic from the server to a specific IP range from 10.0.36.126 to 10.0.36.156), use the --dst-range option:

iptables -A OUTPUT -m iprange --dst-range 10.0.36.126-10.0.36.156 -j ACCEPT
  • --dst-range: Specifies the destination IP address range.

Opening Ports

To open a port, specify the protocol using the -p option. Supported protocols include tcp, udp, etc. A full list of supported protocols can be found in /etc/protocols:

cat /etc/protocols

Specify the port using the --dport option. You can use either numeric values or service names. The ACCEPT action is used to open ports.

To open port 22 for TCP traffic from IP address 10.0.36.126:

iptables -A INPUT -p tcp --dport 22 -s 10.0.36.126 -j ACCEPT

To open multiple ports at once, use the multiport module and the --dports option, listing the ports separated by commas. For example, to open ports 22, 80, and 443 over TCP from IP address 10.0.36.126:

iptables -A INPUT -p tcp -m multiport --dports 22,80,443 -s 10.0.36.126 -j ACCEPT
  • multiport: A module for managing multiple ports simultaneously.
  • --dports: Specifies multiple ports, unlike --dport, which supports only a single port.

Blocking ICMP Traffic

One commonly used feature in iptables is blocking ICMP traffic, often generated by the ping utility. To block incoming ICMP traffic, use the following command:

iptables -A INPUT -j DROP -p icmp --icmp-type echo-request

Image7

This command will prevent the ping command from receiving a response without displaying an error message. If you want to display an error message like "Destination Port Unreachable," replace the DROP action with REJECT:

iptables -A INPUT -j REJECT -p icmp --icmp-type echo-request

123

Allowing ICMP Traffic

To allow previously blocked ICMP traffic, run the following command:

iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT

However, it’s important to note that if ICMP traffic was previously blocked with this command:

iptables -A INPUT -j DROP -p icmp --icmp-type echo-request

and then allowed with:

iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT

the ICMP traffic will still be blocked, as the drop rule will be the first rule in the INPUT chain.

Blocking Traffic by MAC Address

In addition to IP addresses, traffic can be blocked based on the device’s MAC address. Below is an example to block traffic from a device with the MAC address 00:0c:29:ed:a9:60:

iptables -A INPUT -m mac --mac-source 00:0c:29:ed:a9:60 -j DROP
  • mac: A module for working with device MAC addresses.
  • mac-source: Specifies the MAC address of the device.

Allowing Traffic by MAC Address

To allow traffic from a specific MAC address, use this command:

iptables -A INPUT -m mac --mac-source 00:0c:29:ed:a9:60 -j ACCEPT

Blocking traffic by MAC address with iptables will only work if the devices are on the same network segment. For broader use cases, blocking traffic by IP address is generally more effective.

Allowing Traffic on the Loopback Interface

Traffic on the loopback interface can also be controlled. To allow incoming traffic on the loopback interface, use:

iptables -A INPUT -i lo -j ACCEPT

For outgoing traffic on the loopback interface, the command is:

iptables -A OUTPUT -o lo -j ACCEPT

Restricting Network Access by Schedule

One of the useful features of iptables is the ability to temporarily allow or restrict traffic to specific services or ports based on a schedule. For example, let’s say we want to allow incoming SSH access only on weekdays, Monday through Friday, from 9 AM to 6 PM. The command would look like this:

iptables -A INPUT -p tcp --dport 22 -m time --timestart 09:00 --timestop 18:00 --weekdays Mon,Tue,Wed,Thu,Fri -j ACCEPT
  • time: Module for working with time-based rules.
  • timestart: Specifies the start time for the rule.
  • timestop: Specifies the end time for the rule.
  • weekdays: Specifies the days of the week when the rule will be active, separated by commas. Supported values are: Mon, Tue, Wed, Thu, Fri, Sat, Sun, or numbers 1 to 7.

Saving iptables Rules

By default, user-created iptables rules are not saved automatically. This means that the rules are cleared after a server reboot or shutdown. To save the rules, install the iptables-persistent package with the following command:

apt -y install iptables-persistent

During the installation, two dialog boxes will appear, allowing you to save the current rules to /etc/iptables/rules.v4 for IPv4 and /etc/iptables/rules.v6 for IPv6.

To manually save all rules for the IPv4 protocol, use:

iptables-save > /etc/iptables/rules.v4

For IPv6 rules, use:

ip6tables-save > /etc/iptables/rules.v6

This method has a significant advantage: saved rules can be restored from the file, which is helpful, for example, when transferring rules to another host. To restore previously saved rules, run:

iptables-restore < /etc/iptables/rules.v4

If executing this command on a different host, transfer the rule file first and then execute the restore command.

Deleting Rules in iptables

You can delete rules in iptables using several methods.

Deleting a Specific Rule

One way to delete a rule is to target a specific rule in a chain using its line number. To display the rule numbers, use:

iptables -L --line-numbers

Image10

For example, in the INPUT chain, we might see two rules that open ports 80 and 443 over TCP for IP addresses 10.0.36.126 (rule number 1) and 10.0.36.127 (rule number 2). To delete rule number 2, use:

iptables -D INPUT 2

Then, display the list of all current rules to verify:

iptables -L --line-numbers

Rule number 2 should now be removed successfully.

Image1

Deleting All Rules in a Specific Chain

You can also delete all rules in a specific chain at once. For example, to clear all rules in the OUTPUT chain:

iptables -F OUTPUT

Deleting All Rules

To delete all rules across all chains, simply run:

iptables -F

Use caution with this command, as it will remove all existing rules, including potentially essential ones.

Conclusion

In summary, iptables is a powerful tool for managing the built-in firewall in Linux-based operating systems. Its extensive features and modular support allow flexible configuration for controlling network traffic.

For more detailed information on iptables, consult the official documentation or use the man iptables command in Linux-based systems.

Network
05.11.2024
Reading time: 11 min

Similar

Network

How to Use tcpdump to Capture and Analyze Network Traffic

Sometimes, troubleshooting network issues requires capturing network traffic. tcpdump is a network traffic analyzer, or "sniffer," that allows you to intercept and analyze network traffic passing through the utility. This tool provides a rich set of options and various filters, making it versatile for different purposes. tcpdump is entirely console-based, meaning it doesn’t have a graphical interface, so it can be run on servers without GUI support. The first version of tcpdump was released back in 1988. Since then, it has been actively maintained, with new versions released every year. This article will cover various scenarios for using tcpdump. Prerequisites To follow this tutorial, you will need:  A cloud server or virtual machine with a Linux OS installed. Any Linux distribution will work. Access to the root user or a user with sudo privileges. Installing tcpdump We will install tcpdump on Ubuntu 22.04. The tcpdump package is available in the OS’s official repository. First, update the package index: sudo apt update Next, install the utility: sudo apt -y install tcpdump Confirm that the installation was successful by checking the tcpdump version: tcpdump --version Note that further use of the utility requires running it as the root user or a user with sudo privileges. Running tcpdump Without Parameters If you run tcpdump without any parameters, it will start capturing all traffic on all available interfaces in the system and display the data on the screen (stdout): tcpdump To stop the program, press Ctrl + C. After each run, tcpdump provides the following information: packets captured — shows the number of packets captured (packets that were received and processed by tcpdump). packets received by filter — shows the number of packets captured using filters. packets dropped by kernel — shows the number of packets dropped by the OS kernel. By default, tcpdump does not save its output. We will discuss saving the output to a file later in the article. tcpdump Output Format Let's analyze the output of a captured packet using the TCP protocol as an example. By default, tcpdump displays the following data for each capture: 09:33:57.063196 IP nexus-test.com.ssh > 192.168.111.1.50653: Flags [P.], seq 27376:27440, ack 321, win 521, length 64 The parameter descriptions are provided in the table below. Parameter Description 09:33:57.063196 Timestamp. Uses the format hours:minutes:seconds.fraction, where "fraction" represents seconds from midnight. In this example, the packet was captured at 9:33:57.063196. IP Protocol used. nexus-test.com.ssh Domain name (or IP address) and port of the source host. Here, ssh is shown instead of port number 22. To display addresses and protocols as numbers, run tcpdump with the -n option. 192.168.111.1.50653 Domain name (or IP address) and port of the destination host. Flags [P.] ACK flag(s) used to indicate the connection state. Multiple values are possible. In this example, P is used, indicating the PUSH flag for processing packets immediately rather than buffering them. seq 27376:27440 Sequence number of data in the packet. Shows the data range as bytes 27376 through 27440 in the packet. ack 321 Acknowledgment of the received packet. win 521 Window size in bytes, showing the available buffer space for receiving data. length 64 Packet length in bytes, indicating the payload size as the difference between the first and last sequence bytes. Practical Use of tcpdump Let’s move on to practical applications of tcpdump with examples. Displaying a List of Network Interfaces To list all network interfaces available in the system for traffic capture, use: tcpdump -D Capturing Traffic from a Specific Network Interface By default, tcpdump captures traffic from all available interfaces. To capture traffic from a specific network interface (e.g., ens33), use: tcpdump -i ens33 Disabling IP Address to Hostname Resolution By default, tcpdump converts IP addresses to hostnames and replaces port numbers with service names. To prevent tcpdump from converting IP addresses to hostnames, add the -n option: tcpdump -n To disable both IP-to-hostname and port-to-service name conversions, use the -nn option: tcpdump -nn Capturing a Specific Number of Packets By default, tcpdump captures an unlimited number of packets. To capture a specified number of packets, for example, 4 packets, use the -c option: tcpdump -c 4 Adding Date Information tcpdump does not display the date of packet capture by default. To include the date in the output, use the -tttt option. The date will appear at the beginning of each line in the format year:month:day: tcpdump -tttt Packet Filtering in tcpdump tcpdump has extensive filters that allow capturing only the desired packets. Here are some key filters. Filtering by Port To capture traffic on a specific port, use the port option. For example, to capture traffic on port 80 directed towards the destination, you can specify dst: tcpdump dst -n port 80 You can also specify a range of ports: tcpdump -n portrange 80-443 Filtering by Protocol tcpdump supports filtering by protocols. Supported protocol values include: ether, fddi, tr, wlan, ppp, slip, link, ip, arp, rarp, tcp, udp, icmp, and ipv6. Examples for capturing specific protocols are: tcpdump icmp tcpdump tcp tcpdump arp tcpdump udp Filtering by Packet Size tcpdump allows capturing packets of a specified size using two options: less — captures packets smaller than the specified number of bytes. greater — captures packets larger than the specified number of bytes. Here are some examples: Capture traffic with packets that are no more than 43 bytes in size: tcpdump less 43 Capture traffic with packets larger than 43 bytes: tcpdump greater 43 Note that the packet size includes header size: an Ethernet header without CRC occupies 14 bytes, an IPv4 header occupies 20 bytes, and an ICMP header occupies 8 bytes. Filtering by MAC Address To filter by MAC address, use the ether host option. For example, to capture any traffic sent to or from a specified MAC address (e.g., 00:0c:29:c7:00:3f), use: tcpdump ether host 00:0c:29:c7:00:3f Filtering by Source or Destination Address You can filter traffic using the IP address or hostname of the source or destination. To capture traffic originating from a specific host, use the src option: tcpdump -nn src 192.168.36.132 To capture traffic directed to a specific host, use the dst option: tcpdump -nn dst 192.168.36.132 Using Logical Operators in tcpdump tcpdump supports various logical operators, allowing you to combine options. The following operators are supported: and or && — logical "AND." Combines multiple conditions and shows results matching all conditions. or or || — logical "OR." Combines multiple conditions and shows results matching at least one condition. not or ! — logical "NOT." Excludes specified conditions, showing results that do not match the given condition. Here are examples of using logical operators: Capture packets sent from the host 192.168.36.132 and only those listening on port 22: tcpdump -nn src 192.168.36.132 and port 22 Capture packets on all available interfaces that are listening on either port 22 or port 80: tcpdump -nn port 22 or port 80 Capture all packets except ICMP packets: tcpdump -nn not icmp Saving Output to a File As previously mentioned, tcpdump does not save its output to a file by default. To save captured data to a file, use the -w option, specifying the filename with a .pcap extension: tcpdump -nn src 192.168.36.132 -w results.pcap While saving to a file, results will not display in the terminal. To stop capturing packets, press CTRL + C. To read the data saved in the file, use the -r option, followed by the filename where the tcpdump results were saved: tcpdump -r results.pcap Conclusion tcpdump is a powerful command-line tool for analyzing networks and identifying issues. The utility supports a wide array of options, enabling users to filter for specific packet information.
05 November 2024 · 7 min to read
Network

A Complete Guide to the nslookup Command in Linux and Windows

The nslookup command is a widely used tool for querying Domain Name System (DNS) records. It helps network administrators troubleshoot DNS-related issues by allowing them to perform a range of lookups, from finding IP addresses associated with domain names to querying specific DNS servers. This tutorial will guide you through the basics of using nslookup on both Linux and Windows platforms. In this tutorial, you will learn: Basic syntax and options of nslookup How to perform simple DNS queries Retrieving mail exchange (MX) records Performing reverse DNS lookups Querying specific DNS servers Using non-interactive mode By the end of this tutorial, you will be familiar with the most common and useful nslookup commands for effective DNS troubleshooting. Basic Syntax and Options for nslookup The basic syntax for the nslookup command is straightforward: nslookup [options] [domain] Here is a breakdown of the commonly used options: No parameters: Opens an interactive mode where you can enter multiple queries [domain]: Performs a DNS lookup for the specified domain name -type=[record_type]: Specify the type of DNS record to query (e.g., A, MX, AAAA, etc.) [server]: Specify a DNS server for querying instead of using the default system server For example: nslookup example.com This command performs a DNS lookup for "example.com" using your default DNS server. Common Options for nslookup -query=A: Query the IP address (default record type) -query=MX: Retrieve mail exchange records -query=AAAA: Query for IPv6 addresses -timeout=[seconds]: Set a timeout for the response -debug: Show detailed information about the query process How to Perform a Simple DNS Query One of the most common uses of nslookup is to resolve domain names to IP addresses. Step-by-Step Guide to Performing a Simple DNS Query Open the terminal or command prompt. Type the nslookup command followed by the domain name: nslookup google.com Output: In this example, the DNS server at 8.8.8.8 (Google's public DNS server) returned the IP address 142.250.65.238 for google.com. Using nslookup to Retrieve MX Records The mail exchange (MX) records for a domain indicate which mail servers are responsible for receiving emails on behalf of that domain. To retrieve the MX records using nslookup: Use the -type=MX option to specify that you want to retrieve MX records.     nslookup -query=MX gmail.com The output will list the MX records, including the mail servers and their priority: Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: gmail.com mail exchanger = 20 alt2.gmail-smtp-in.l.google.com.. gmail.com mail exchanger = 10 alt1.gmail-smtp-in.l.google.com. In this case, the mail servers for gmail.com are listed along with their priorities. The lower the number, the higher the priority. Performing Reverse DNS Lookups A reverse DNS lookup translates an IP address back to its associated domain name. This is useful for identifying the domain that corresponds to a given IP address. To perform a reverse DNS lookup, input the IP address into the nslookup command: nslookup 142.250.65.238 The output should display the domain name associated with the IP: Non-authoritative answer: 238.65.250.142.in-addr.arpa name = lga25s73-in-f14.1e100.net. In this example, the IP 142.250.65.238 resolves back to lga25s73-in-f14.1e100.net, which is part of Google's infrastructure. Querying Specific DNS Servers By default, `nslookup` uses the system's configured DNS server to perform queries. However, you can specify a different DNS server if needed. To query a specific DNS server, append the server's IP address to the command: nslookup example.com 1.1.1.1 The command will query the 1.1.1.1 DNS server (Cloudflare's DNS) for the domain example.com: Server: 1.1.1.1 Address: 1.1.1.1#53 Non-authoritative answer: Name: example.com Address: 93.184.215.14 This allows you to test DNS resolution from different servers. Using Non-Interactive Mode in nslookup In non-interactive mode, you can issue multiple queries without entering nslookup's interactive shell. This is useful when scripting or automating tasks. To use nslookup non-interactively, simply pass the domain name and the server (optional) in one command: nslookup example.com 8.8.8.8 The response will be printed directly, without entering the interactive shell: Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: Name: example.com Address: 93.184.215.14 This method is efficient when you need to quickly query DNS records without additional input. Conclusion The nslookup command is a powerful and flexible tool for performing DNS queries. Whether you're troubleshooting domain resolution, retrieving MX records, or performing reverse lookups, nslookup is an essential command for network administrators. By mastering the options and syntax, you can use nslookup effectively on both Linux and Windows systems. To recap, here’s what we covered in this tutorial: Performing simple DNS queries Retrieving MX records Conducting reverse DNS lookups Querying specific DNS servers Using non-interactive mode
18 October 2024 · 4 min to read
Python

Understanding HTTP Requests: Structure, Methods & Examples

HTTP is a key to communication on the internet. Methods of HTTP protocols allow clients to send requests to the servers and servers to send responses. Every website on the World Wide Web uses HTTP requests. So, it's necessary to understand them. This article explores the concept of HTTP requests, its structure, common methods, and real-life examples. This helps in understanding the functioning of the web.  What is an HTTP Request An HTTP request is a message where a client, such as a web browser, asks the host located on the server for a specific resource. Clients use URLs in HTTP requests which show the resources they want to access from the server.  Components of an HTTP Request Every HTTP request comprises three components namely; request line, headers and message body. Request Line  A request line is the start line in an HTTP request command. It is used to initialize an action on the server. A request line would also indicate what kind of method and version of HTTP protocol the client is using. Apart from the HTTP method, a request line also consists of a URI or URL to the path or protocol.  Request line example: GET /index.html HTTP/1.1 Headers Headers are right behind the request line. They offer client’s additional information to the server. Headers include data about the host, client’s user agent, language preferences and more. Server leverages this information to identify the browser and OS version of the client. HTTP request headers are case-sensitive, followed by a colon (:) and a value.  HTTP request Headers example:  Host: example.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36 Accept: application/json, text/plain, */* Accept-Language: en-US,en;q=0.9 Accept-Encoding: gzip, deflate, br Connection: keep-alive Message body The message body in an HTTP request is used to send data to the server. They are optional. So, not every HTTP request will have a message body. It depends on the HTTP request types the client uses. The HTTP requests that do have a message body, usually leverage POST to send information. Mainly, the server uses the message body to provide the requested data to the client.  Common HTTP Methods An HTTP request is a way to connect the client with the server. There can be many reasons for pursuing this connection. It might be to retrieve specific resources or delete certain information on the server. The most common HTTP request methods used daily include:  GET: To Retrieve Resources The biggest use case of an HTTP request is to ask the server for a specific set of data or resources. And that is done using the GET method. Every time a user wants to go to a website or any web page, the client browser first sends a request to retrieve the required data to load that page.  The GET in HTTP is a cacheable, safe, and idempotent method. However,, using a GET method multiple times can still impact server performance. The GET Method can only bring existing data from the server to the client. It can’t make any changes to it. So, the data or the resources would be in a read-only format.  POST: To Send Data When a client wants to retrieve any information, they use the GET method, but when providing some information to the server, the client uses the HTTP POST request. Let’s say users need to submit a form or upload a file. In this case, the client’s browser has to execute the POST method in HTTP to send the data to the server.  The message body in an HTTP request contains the data. When a client browser sends a POST request, the server processes the data. Using a POST method multiple times would result in the creation of different resources on the server.  PUT: To Update Resources Similar to the POST method, the PUT method also allows the client to add some information to the server. The only difference between both methods is that in POST, users submit new data whereas in PUT, they update the existing data.  When implementing the PUT request, the client has to specify the resource’s URL that it wants to update. The request also includes the updated representation of the resource in its message body. The server would simply replace the old representation with the new one.  The PUT method is idempotent so there is no harm in implementing multiple identical PUT requests as it would yield the same result.  DELETE: To Remove Resources As the name suggests, the DELETE method helps the client delete any specific resource from the server. Employing the DELETE request helps the client instruct the server to delete the resource mentioned in the request.  Upon the DELETE request of the client, when the server successfully deletes the specified resource, it sends back a confirmation to the client. Sending multiple identical DELETE requests would yield the same result.  What is an HTTP Response? When the server sends back a response to an HTTP request, it is called an HTTP response. The server acts upon the request it receives from the client browser. The HTTP response would then either consist of the requested resource or valuable information regarding the requested operation.  So, like an HTTP request, an HTTP response is also made up of three components with a slight difference. The response starts with a status line, and a request starts with a request line.  Status Line: As the request line does in an HTTP request, the status line in the HTTP response also indicates which version of HTTP is used along with the status code and the message specifying the outcome of the request.  Headers: Headers in the HTTP response offer additional information like the date and time of response, the type of content that is sent in the message body, details of the server and instructions on how to cache the content.  Body: The actual message or response data that the server sends to the client browser is placed in the message body. The content could be anything from XML, JSON or HTML for the web page, an image, or any other kind of requested resource. Status Codes and Their Meanings HTTP status codes represent the status of the client’s HTTP requests. They come as a part of an HTTP server response. Every status code consists of three digital numbers where the first digit of the code indicates the class or category of the response. There are five types of code groups. Status code group  Description  1xx Informational responses, continuing processing. 2xx Success responses, requests are processed, understood and accepted. 3xx Redirecting responses, suggests further action to complete the request. 4xx Error responses, show what’s wrong with the request on client-side. 5xx Error responses, state what went wrong with processing request on server-side. HTTP Headers and Their Importance HTTP headers provide additional information about requests and responses. This information is critical for communication between client and server. Headers are fundamental for web browsing and app functionality. They play an important role in the following web operations:  Host Identification Headers bear the identification of a server’s domain that is hosting the resources. It is helpful in scenarios where a server hosts multiple domains.  CachingHeaders like Expires and Cache-Control handle how browsers cache responses and intermediate proxies. It helps minimize loading time and server requests by determining how long a response needs to be stored.  Cookie ManagementHeaders like Set-Cookie and Cookie help save and send cookies respectively. They assist in tracking user behavior and maintain user sessions.  Security Headers also play a critical role in securing web applications. An Authorization header helps with user authentication whereas a Content-Security-Policy is used for mitigating XSS and other security risks.  Response ControlHeaders like Status inform whether the request was a success or a failure. It also provides the necessary details so the client can manage responses appropriately.  Practical Examples of HTTP Requests Here are a few real-life examples of how different HTTP requests are commonly used in day-to-day operations. All the examples are in Python with the use of the requests library. GET From entering a simple URL for the website to asking for a specific record from the web server, fetching data requires an HTTP GET request. Let’s say, the client wants to get the weather data of London. The implementation of GET requests in this use case would look like:  import requests response = requests.get("https://api.example.com/data", params={"param1": "value1", "param2": "value2"}) # Print the response print(response.status_code) print(response.json()) # Assuming the response is in JSON format POST When a user wants to create a new user in a hypothetical API. And wants to send the following JSON data: { "username": "newuser", "email": "[email protected]", "password": "securepassword" } The following Python code sends a POST request with the specified data: import requests url = "https://api.example.com/users" data = { "username": "newuser", "email": "[email protected]", "password": "securepassword" } # Make the POST request response = requests.post(url, json=data) if response.status_code == 201: print("User created successfully:", response.json()) else: print("Error:", response.status_code, response.text) PUT When a client wants to update the information of a user with a specific ID.  import requests url = "https://api.example.com/users/123" data = { "username": "updateduser", "email": "[email protected]" } # Make the PUT request response = requests.put(url, json=data) if response.status_code == 200: print("User updated successfully:", response.json()) else: print("Error:", response.status_code, response.text) DELETE When a client wants to delete a specific user. Here’s how it will look like in Python. import requests url = "https://api.example.com/users/123" # Make the DELETE request response = requests.delete(url) if response.status_code == 204: print("User deleted successfully.") else: print("Error:", response.status_code, response.text) Conclusion HTTP requests play a critical role in web interactions. Hence, it is essential to understand various request methods and how they work. However, the key to seamless communication lies in picking a suitable method. This also enhances the efficiency of web applications. If you want to build a web service using Python, you can rent a cloud server at competitive prices with Hostman.
04 October 2024 · 9 min to read

Do you have questions,
comments, or concerns?

Our professionals are available to assist you at any moment,
whether you need help or are just unsure of where to start.
Email us
Hostman's Support