CSS103J-Web Essentials

Unit I Fundamentals of Internet and Web

Internet Overview – Fundamental computer network concepts – Web Protocols – URL – Domain Name- Web
Browsers and Web Servers- Web Development Tools - Working principle of a Website – Web Hosting – Web
Security

Internet
Internet is defiend as an Information super Higway, to access information over the web. However, It can be
defined in many ways as follows:
 Internet is a world-wide global system of interconnected computer networks.
 Internet uses the standard Internet Protocol TCP/IP.
 Every computer in internet is identified by a unique IP address.
 IP Address is a unique set of
 A special computer DNS DomainNameServer numbers suchas110.22.33.114 which identifies a
computer location. is used to give name to the IP Address so that user can locate a computer by a name.
 For example, a DNS server will resolve a name http://www.srm.com to a particular IP address to
uniquely identify the computer on which this website is hosted.
 Internet is accessible to every user all over the world.

Evolution
The concept of Internet was originated in 1969 and has undergone several technological & Infrastructural changes
as discussed below:

The origin of Internet devised from the concept of Advanced Research Project Agency Network
ARPANET.

ARPANET was developed by United States Department of Defense.

Basic purpose of ARPANET was to provide communication among the various bodies of government.

Initially, there were only four nodes, formally called Hosts.

 In 1972, the ARPANET spread over the globe with 23 nodes located at different countries and thus
became known as Internet.

By the time, with invention of new technologies such as TCP/IP protocols, DNS, WWW,
browsers, scripting languages etc.,Internet provided a medium to publish and access information
over the web.

Advantages
Internet covers almost every aspect of life, one can think of. Here, we will discuss some of the advantages of
Internet:

Internet allows us to communicate with the people sitting at remote locations. There are various apps
available on the wed that uses Internet as a medium for communication. One can find various social
networking sites such as:

Facebook

Twitter

Yahoo

Google+

Flickr

Orkut

One can surf for any kind of information over the internet. Information regarding various topics such as
Technology, Health & Science, Social Studies, Geographical Information, Information Technology,
Products etc can be surfed with help of a search engine.

Apart from communication and source of information, internet also serves a medium for entertainment.
Following are the various modes for entertainment over internet.

Online Television

Online Games

Songs
 Videos

Social Networking Apps

Internet allows us to use many services like:

Internet Banking

Matrimonial Services

Online Shopping

Online Ticket Booking

Online Bill Payment

Data Sharing

E-mail

Internet provides concept of electronic commerce, that allows the business deals to be conducted on
electronic systems

Disadvantages
However, Internet has prooved to be a powerful source of information in almost every field, yet there exists
many disadvanatges discussed below:

There are always chances to loose personal information such as name, address, credit card number.
Therefore, one should be very careful while sharing such information. One should use credit cards only
through authenticated sites.

Another disadvantage is the Spamming.Spamming corresponds to the unwanted e-mails in bulk. These
e-mails serve no purpose and lead to obstruction of entire system.

Virus can easily be spread to the computers connected to internet. Such virus attacks may cause your
system to crash or your important data may get deleted.

Also a biggest threat on internet is pornography. There are many pornographic sites that can
 be found, letting your children to use internet which indirectly affects the children healthy
mental life.

There are various websites that do not provide the authenticated information. This leads to
misconception among many people.

Fundamental computer network concepts

A computer network is a collection of interconnected devices that share
resources and information. These devices can include computers, servers, printers,
and other hardware. Networks allow for the efficient exchange of data, enabling
various applications such as email, file sharing, and internet browsing.

 Network: A group of connected computers and devices that can communicate and
share data with each other.

 Node: Any device that can send, receive, or forward data in a network. This
includes laptops, mobiles, printers, earbuds, servers, etc.

 Networking Devices: Devices that manage and support networking functions.

This includes routers, switches, hubs, and access points.
 Transmission Media: The physical or wireless medium through which data
travels between devices.

 Wired media: Ethernet cables, optical fiber.

 Wireless media: Wi-Fi, Bluetooth, infrared

 Service Provider Networks: Networks offered by external providers that allow

users or organizations to lease network access and capabilities. This includes
internet providers, mobile carriers, etc.

How Does a Computer Network Work

Basics building blocks of a Computer network are Nodes and Links.

 A Network Node can be illustrated as Equipment for Data Communication like a
Modem, Router, etc., or Equipment of a Data Terminal like connecting two
computers or more.
 Link in Computer Networks can be defined as wires or cables or free space of
wireless networks (as shown in the below diagram)
 The working of Computer Networks can be simply defined as rules or protocols
which help in sending and receiving data via the links which allow Computer
networks to communicate.
 Each device has an IP Address, that helps in identifying the device.
 A firewall is a network security device either hardware or software-based which
monitors all incoming and outgoing traffic and based on a defined set of security
rules it accepts, rejects, or drops that specific traffic .
 Types of Computer Network Architecture

Computer Network falls under these broad Categories:

 Client-Server Architecture:Client-Server Architecture is a type of Computer
Network Architecture in which Nodes can be Servers or Clients. Here, the server
node can manage the Client Node Behaviour.
 Peer-to-Peer Architecture: In P2P (Peer-to-Peer) Architecture , there is not any
concept of a Central Server. Each device is free for working as either client or
server.
Network Devices
An interconnection of multiple devices, also known as hosts, that are connected using
multiple paths for the purpose of sending/receiving data or media. Computer networks
can also include multiple devices/mediums which help in the communication between
two different devices; these are known as Network devices and include things such as
routers, switches, hubs, and bridges.
Network Topology

The Network Topology is the layout arrangement of the different devices in a

network. Some types of network topologies are,
 Bus Topology: In bus topology all devices are connected to a single central cable
called a bus.
 Star Topology: In star topology all devices are connected to a central node called
hub or switch.
 Ring Topology: In ring topology devices are connected in a circular loop with
each device connected to two others. Data travels in one direction (or sometimes
both) passing through each device until it reaches its destination.
 Mesh Topology: In mesh topology every device is connected to every other
device in the network.
 Tree Topology: Tree topology is the combination of star and bus topology. Tree
topology is good for organizing large networks and allows for easy expansion.
 Hybrid Topology: Hybrid topology is the combination of two or more different
topologies (like star and mesh).
 Point-to-point topology: It is a network setup where two devices are directly
connected with a single dedicated link for communication.
Web Protocols
Protocol:
A protocol is a set of predefined rules that handle how data is exchanged
between computers over the Internet. It ensures that devices can communicate
in a structured, reliable, and secure manner. In essence, protocols dictate how
data is sent, received, formatted, and processed.
While there are over 200 recognized protocols in use today across various domains
like networking, security, and applications, more than 90% of internet communication
relies on a few key protocols—HTTP, HTTPS, TCP/IP, FTP, and DNS—
commonly known as web protocols. Without these protocols, devices wouldn't be
able to understand each other, rendering online communication impossible.

Web protocols operate seamlessly across the TCP/IP model to enable

efficient and reliable communication between devices on the internet. The
TCP/IP model, which is a more practical and simplified version of the OSI
model, consists of four layers: the Application Layer, Transport
Layer, Network Layer, and Network Access Layer. Unlike the OSI
model, which separates responsibilities into seven layers, TCP/IP combines
several OSI layers into broader functional blocks.
For Example, the TCP/IP Application Layer handles the functions of the
OSI's Application, Presentation, and Session layers.
When data is transmitted from a sender to a receiver, the process starts at the
Application Layer, where protocols like HTTP, HTTPS, FTP, and DNS initiate and
manage the communication. The data is then passed to the Transport Layer, which
uses protocols such as TCP or UDP to segment the data into packets and ensure it
reaches the destination reliably and in order. Next, the Network Layer assigns IP
addresses and determines the best routing path using protocols like IP and ICMP.
Finally, the Network Access Layer manages the physical transmission of data through
hardware-specific means such as Ethernet or Wi-Fi, handling MAC addresses and
converting data into signals that travel through the network medium.
On the receiving end, the same layered process happens in reverse. The data is
received and interpreted from the physical medium up through the layers until it
reaches the Application Layer for the user to interact with. This layered structure
ensures a modular, scalable, and interoperable communication system where different
protocols at different layers work together to complete the full data transmission
process. The TCP/IP model is the foundation of internet communication, and
understanding how web protocols operate within this model is essential for grasping
how information flows securely and accurately between users, servers, and systems
across the globe.
1.HTTP (Hyper Text Transfer Protocol)

HTTP Protocol is used to transfer hypertexts over the internet and it is

defined by the www(world wide web) for information transfer. It’s the
protocol that allows web browsers to request web pages from servers and
display them to users.
However, HTTP is not secure, meaning data transmitted over HTTP can be
intercepted by malicious actors. It is used to share text, images, and other multimedia
files on the World Wide Web.
When a user enters a website URL, the client sends an HTTP request to the server
asking for the webpage or specific data. The server then processes this request and
sends back an HTTP response containing the required content. This entire exchange
happens over a TCP (Transmission Control Protocol) connection, which ensures that
the data is sent reliably and in the correct order. HTTP is the communication protocol
that makes this client-server interaction possible, allowing users to access web
content.

2. HTTPS
HTTPS (HyperText Transfer Protocol Secure) is the secure version of
HTTP. It works the same way as HTTP by allowing your browser to request and
receive web pages from a server, but with one important difference — it encrypts the
data being exchanged. This means any information sent between your browser and the
website (like passwords, credit card details, or personal data) is kept private and safe
from hackers. HTTPS uses SSL/TLS encryption to protect the connection, making it
the preferred and trusted protocol for secure websites, especially for online shopping,
banking, or login pages.
The secure communication process in HTTPS involves the following key steps:
 TCP Connection: First, a stable TCP connection is established between the client
and the server to start communication.
 Public Key: The server sends its public key to the client. This key is part of
an SSL certificate and is used to safely exchange information without exposing it
to attackers.
 Session Key: The client then generates a session key and encrypts it using the
server's public key. This ensures that only the server can decrypt and access the
session key.
 Data Encryption : Once the session key is exchanged, all data transferred between
the client and server is encrypted. This keeps personal information, passwords,
and other sensitive data safe from hackers.

3. TCP (Transmission Control Protocol)

TCP (Transmission Control Protocol) is a communication protocol that ensures

reliable, ordered, and error-checked delivery of data between devices over a network.
It breaks data into packets, sends them to the destination, and reassembles them in the
correct order.
TCP (Transmission Control Protocol) establishes a reliable connection between
a client (like your computer) and a server using a method called the three-way
handshake.
1. SYN (Synchronize): The client starts the process by sending a SYN message to
the server, asking to start a connection.
2. SYN + ACK (Acknowledge): The server receives the SYN request and responds
with a SYN-ACK message, which means it agrees to the connection and
acknowledges the client’s request.
3. ACK (Acknowledge): The client replies with an ACK message, confirming the
connection.

4. IP (Internet Protocol
TheInternet Protocol (IP) is the foundational communication protocol that enables
devices to send and receive data across the internet and other networks. It acts like
a digital postal system, assigning unique addresses (IP addresses) to devices and
ensuring data packets are correctly routed from source to destination.
 The sender device (IP: 192.16.00.12) initiates communication by encapsulating data
into a packet, including both its source IP address and the destination IP
address.
 The packet is then forwarded to the internet, which serves as the medium
responsible for routing the packet based on the destination IP ( 192.00.00.75).
 Routing protocols and network infrastructure interpret the destination IP and
determine the most efficient path for delivering the packet.
 Upon reaching the destination, the recipient device (IP: 192.00.00.75) identifies the
packet as intended for it and proceeds to process the received data.
 This process ensures accurate and efficient data delivery between networked
devices, forming the core functionality of the Internet Protocol.

5.FTP (File Transfer Protocol

FTP (File Transfer Protocol) is a standard network protocol used to transfer files
between a client and a server over the internet or a local network. It allows users to
upload, download, delete, or manage files on a remote server. FTP is commonly used
for website management, file sharing, and data backup. However, it does not encrypt
data, making it less secure compared to modern alternatives like SFTP or FTPS.
FTP uses two separate connections: the Control Channel and the Data Channel.
The Control Channel is used to send commands (like login requests or file operation
instructions), while the Data Channel handles the actual transfer of files (uploading
or downloading). This separation allows efficient and organized file management over
a network. A common use case is uploading website files to a server or downloading
backups from it.
Working of Web Protocols
When you type a website address like www.geeksforgeeks.org in the web browser:
1. First, DNS translates the domain into an IP address.
2. A TCP connection is established between your device and the server.
3. An HTTP or HTTPS request is made to the server for the website’s content.
4. If the site is secure, data is encrypted via SSL/TLS.
5. The server responds with the requested content, which is displayed in your
browser.

URL
A URL or Uniform Resource Locator is a Unique identifier that is contained by all the
resources available on the internet. It can help to locate a particular resource due to its
uniqueness. It is also known as the web address. A URL consists of different parts
like protocol, domain name, etc. The users can access the URLs by simply typing
them inside the address bar or by clicking any button or link web page.
Example URL:
https://www.cse.org/
Structure of a URL
A URL starts with a protocol followed by the name of the resource that has to be
accessed. URL uses the protocols as the primary access medium to access the domain
or subdomain specified after that wherever the resource is located. It uses multiple
protocols like HTTP (Hypertext Transfer Protocol), HTTPS Protocol (Secured
HTTP), mailto for emails, FTP (File Transfer Protocol) for files, and TELNET to
access remote computers. Mostly the protocol names are specified using the colons
and the double forward slashes, but the mailto protocol is specified using the colons
only.
Optional Parts after the domain name in a URL:
 A path to a particular page or file can be specified.
 Some extra query parameters can also be specified.
 Network port to make the connection.
 Reference to a particular point in the file or a HTML element on the page.
Different Parts of a URL
A URL consists of mutliple parts that can helps you to visit a particular page on the
internet. Every part of a URL has its own importance. Let us discuss about the
different parts of a URL.
The protocol or scheme:
A URL starts with a protocol that is used to access the resource on the internet. The
resource is accessed through the Domain Name System or DNS. There are multiple
protocols avaiable to use like HTTP, HTTPS, FTP, mailto, TELNET etc. The protocol
used in the above URL is https.
Domain or Host Name:
It is the reference or name of the page that you are going to access on the internet. In
this case, the domain name is: www.cse.org.
Port Name:
It is defined just after the domain name by using the colons between itself and the
domain name. Generally, it is not visible in the URL. The domain name and the port
name combinely can be known as Authority. The default port for web services
is port80 (:80).
Path:
It refers to the path or location of a particular file or page stored on the web server to
access the content of it. The path used here is: array-data-structure.
Query:
A query mainly found in the dynamic pages. It consists of a question
mark(?) followed by the parameters. In above URL query is: ?.
Parameters:
These are the pieces of information inside a query string of URL. Multiple parameters
can be passed to a URL by using the ampersand(&) symbol to separate them. The
query parameter in above URL is: ref=home-articlecards.

Fragments:
The fragments appear at the end of a URL starts with a Hashtag(#) symbol. These are
the internal page references that refers to a specific section within the page. The
fragment in the above URL is: #what-is-array.

Domain Name
Every computer on the Internet has an address which is unique in nature. It is a string
of numbers and is referred to as IP address. To communicate with each other,
computers identify another computer via its IP address. It is represented in either
dotted decimal notation or in binary decimal notation. Example: The address
172.16.122.204 when represented like these in dotted-decimal notation and it can be
converted into binary notation. After conversion, it becomes 10101100 00010000
01111010 11001100.

But it is difficult for humans to remember this IP address. Thus to find the location on
the Internet easily, DNS was invented. DNS stands for Domain Name Server. It
implements a distributed database which translates IP address into a unique
alphanumeric address which is referred to as Domain Names. Basically, a domain
name is the sequence of letters and or numbers separated by one or more period (".").
It is just like a pointer to a unique IP address on the computer network. As an analogy
one can consider Domain name as address and DNS as address book of the
Internet. Example-1: Lets us consider an example for domain name;
www.google.com, www.yahoo.com
In this "yahoo.com" is called domain name. "www." tells the browser to look for
World Wide Web Interface for that domain. As from the above example, it is clear
that domain names are easy to remember than an IP address. Example-2: Assume that
the IP address of www.yahoo.com is 69.147.76.15. It is easy to remember
www.yahoo.com as compared to IP address 69.147.76.15. Thus, we can say like
these; domain name refers to the string of letters associated with an IP address and
DNS is a mechanism used to convert an IP address to the domain name.
Types of Domain Names : DNS has organized all the domain names in a hierarchical
structure. At the top of this hierarchy come various Top-level domains followed by
second and third-level domains and sub-domains. All these types of domain names
are listed as follows - Top Level Domains (TLD) : The Top Level Domains are at
the highest level in DNS structure of the Internet. It is sometimes also referred to as
an extension. It is further categorized into- country code TLDs and generic TLDs
which Country is described as follows -
 Country code Top Level Domain (ccDLDs) : It consists of two-letter domains
that include one entry for every country. Example - .in for India, .au for
Australia, .us for United Nations, .jp for Japan etc. To target the local audience it
is used by companies and organizations . Only the residents of the country are
allowed to is their specified ccTLD but now some countries allowed the users
outside their country to register their corresponding ccTLDs.
 Generic Top Level Domains (gTLDs) : These are open for registration to all the
users regardless of their citizenship, residence or age. Some of the gTLD s
are .com for commercial sites, .net for network companies, .biz for business, .org
for organizations, .edu for education.
There are various other levels which are below TLDs - Second Level : It is just below
the TLD in the DNS hierarchy. It is also named as the label. Example: in .co.in, .co is
the second-level domain under the .in in ccTLD. Third Level : It is directly below
the second level. Example: in yahoo.co.in, .yahoo is the third level domain under the
second level domain .co which is under the .in ccTLD. Sub-domain : It is the part of
a higher domain name in DNS hierarchy. Example: yahoo.com comprises a
subdomain of the .com domain, and login.yahoo.com comprises a subdomain of the
domain .yahoo.com. Advantages of Domain Name :
 User not need to remember the IP address.
 More reliable and secure.
Disadvantages of Domain Name :
 IP address changes due to several reasons, due to this IP address of the computer
get changed but DNS may have cached previous IP which will lead to give us
wrong information.

WebBrowsers and Web Servers

The terms web browser and web server are very common in the field of computer science and
Internet, however people often get confused between the two. The most basic difference between a
web browser and a web server is that a web browser is an application software which is used to
browse and display webpages available over the Internet, whereas a web server is a software hosted
on a dedicated computer which provides these documents when requested by web browsers.

What is a Web Browser?

A web browser is an application software that can process and display a web page on the internet. The
web browser is capable to make a request for web services and documents to web server. It acts an
interface between the server and the client. As web browser is a software, thus it is to be installed on
the client computer and used to surf the internet for websites and web pages. Popular examples of web
browsers include Google Chrome, Microsoft Internet Explorer, Microsoft Edge, Mozilla Firefox,
Opera Mini, etc.

What is a Web Server?

A web server is a dedicated computer that sends web based documents to the client's computer when
request through the web browser. A web server accepts HTTP request from the client's browser,
processes it to find the required document, and then sends a suitable response to client machine.
A web server is a basically a set of hardware and software whose primary function is to serve web-
based material through the internet on demand.

Difference between Web Browser and Web Server

The following table highlights the important differences between a Web Browser and a Web Server ?
Factor Web Browser Web Ser

Web Browser is a software which is used to browse and Web server is a software which provides
Purpose
display pages available over internet. by web browsers.

A web browser sends request to server for web based Web server sees and approves those requ
Function
documents and services. sends the document in response

Web browsers send HTTP Request and receive HTTP

Process Web servers receive HTTP Request and
Response

Processing Web servers follow three major processin

Web browser has no processing model.
Model based or hybrid.

Web browsers stores user data in cookies in local

Data Storage Web servers provide an area to store the
machine.
 Web servers can be installed anywhere b
Installation Web Browser is installed on user's machine.
local computer.

Web browser acts as an interface between the web server

Acts as Web servers act as the sender of web reso
and client.

Web browser is responsible to request for a website or Web server is responsible for hosting we
Responsibility
webpage located on the internet. and sending the demanded document to t

Examples of web browsers include Google Chrome,

Example Apache Server is an example of a web se
Internet explorer, Mozilla Firefox, etc.

Web Development Tools

Web development tools are software applications, frameworks, libraries, and utilities that assist
developers in creating, designing, building, testing, and maintaining websites and web
applications. They are designed to streamline the development process, making it more efficient
 and organized. These tools are distinct from website builders, which focus on direct page creation,
as development tools primarily aid in testing, modification, and debugging.

Here's a breakdown of the different types of web development tools:

1. Integrated development environments (IDEs)

 Provide a comprehensive environment for coding, editing, testing, and debugging.

 Include features like syntax highlighting, code auto-completion, and debugging capabilities.

 Examples: Visual Studio Code, Sublime Text, WebStorm, Eclipse.

2. Front-end development tools

 Focus on the user-facing elements of a website (the parts users see and interact with).

 Help create the user interface (UI) and ensure responsiveness across devices and screen sizes.

 Examples:

o HTML, CSS, JavaScript: The fundamental languages for front-end development.

o Frameworks/Libraries: React, Angular, Vue.js, Bootstrap, Tailwind CSS, jQuery.

o Design Tools: Figma, Sketch, CodePen.

3. Back-end development tools

 Focus on the server-side logic and database management, the unseen parts of a website.

 Aid in creating servers, databases, APIs, and algorithms that power the frontend.

 Examples:

o Programming Languages: Python, PHP, Ruby, Java, Node.js.

o Frameworks: Django, Ruby on Rails, Laravel, Express.js.

o Database Management Systems: MySQL, PostgreSQL, MongoDB.

o Server Technologies: Apache, Nginx.

 4. Project management and collaboration tools
 Facilitate teamwork and streamline project workflows.

 Provide version control, track progress, and enable communication within teams.

 Examples: GitHub, GitLab, Trello, Slack.

Importance of web development tools

 Streamlined development: Speed up the development process by automating tasks and providing
pre-built solutions.

 Improved code quality: Offer features like syntax highlighting, code analysis, and debugging to
reduce errors and ensure consistency.

 Enhanced collaboration: Version control systems and team-based tools enable efficient
collaboration among developers.

 Faster problem-solving: Debugging tools and profiling features help developers identify and fix
issues quickly.

 Testing and maintenance: Provide functionalities for testing the responsiveness, performance, and
functionality of websites and applications.

Ultimately, web development tools empower developers to create robust, efficient, and user-
friendly web experiences, making the process of building and maintaining online resources
smoother and more manageable
 Web working principles

Every time you open your browsers, type some URLs and press enter, you will see beautiful
web pages appear on your screen. But do you know what is happening behind these simple
actions?

Normally, your browser is a client. After you type a URL, it takes the host part of the URL and
sends it to a Domain Name Server (DNS) in order to get the IP address of the host. Then it
connects to the IP address and asks to setup a TCP connection. The browser sends HTTP
requests through the connection. The server handles them and replies with HTTP responses
containing the content that make up the web page. Finally, the browser renders the body of the
web page and disconnects from the server

server handles them and replies with HTTP responses containing the content that make up the
web page. Finally, the browser renders the body of the web page and disconnects from the
server.

Figure . Processes of users visit a website

 A web server, also known as an HTTP server, uses the HTTP protocol to communicate with
clients. All web browsers can be considered clients.

We can divide the web's working principles into the following steps:

 Client uses TCP/IP protocol to connect to server.

 Client sends HTTP request packages to server.
 Server returns HTTP response packages to client. If the requested resources include dynamic scripts,
server calls script engine first.
 Client disconnects from server, starts rendering HTML.

This is a simple work flow of HTTP affairs -notice that the server closes its connections after it
sends data to the clients, then waits for the next request.

URL and DNS resolution

We always use URLs to access web pages, but do you know how URLs work?

The full name of a URL is Uniform Resource Locator. It's for describing resources on the
internet and its basic form is as follows.
scheme://host[:port#]/path/.../[?query-string][#anchor]
scheme assign underlying protocol (such as HTTP, HTTPS, FTP)
host IP or domain name of HTTP server
port# default port is 80, and it can be omitted in this case.
If you want to use other ports, you must specify which port. For example,
http://www.cnblogs.com:8080/
path resources path
query-string data are sent to server
anchor anchor
DNS is an abbreviation of Domain Name System. It's the naming system for computer network
services, and it converts domain names to actual IP addresses, just like a translator.
 Figure DNS working principles

To understand more about its working principle, let's see the detailed DNS resolution process
as follows.

1. After typing the domain name www.qq.com in the browser, the operating system will check if there are
any mapping relationships in the hosts' files for this domain name. If so, then the domain name
resolution is complete.
2. If no mapping relationships exist in the hosts' files, the operating system will check if any cache exists
in the DNS. If so, then the domain name resolution is complete.
3. If no mapping relationships exist in both the host and DNS cache, the operating system finds the first
DNS resolution server in your TCP/IP settings, which is likely your local DNS server. When the local
DNS server receives the query, if the domain name that you want to query is contained within the local
configuration of its regional resources, it returns the results to the client. This DNS resolution is
authoritative.
4. If the local DNS server doesn't contain the domain name but a mapping relationship exists in the cache,
the local DNS server gives back this result to the client. This DNS resolution is not authoritative.
5. If the local DNS server cannot resolve this domain name either by configuration of regional resources
or cache, it will proceed to the next step, which depends on the local DNS server's settings. -If the local
DNS server doesn't enable forwarding, it routes the request to the root DNS server, then returns the IP
address of a top level DNS server which may know the domain name, .com in this case. If the first top
level DNS server doesn't recognize the domain name, it again reroutes the request to the next top level
DNS server until it reaches one that recognizes the domain name. Then the top level DNS server asks
this next level DNS server for the IP address corresponding to www.qq.com. -If the local DNS server has
forwarding enabled, it sends the request to an upper level DNS server. If the upper level DNS server
also doesn't recognize the domain name, then the request keeps getting rerouted to higher levels until it
finally reaches a DNS server which recognizes the domain name.

Whether or not the local DNS server enables forwarding, the IP address of the domain name
always returns to the local DNS server, and the local DNS server sends it back to the client.

Figure DNS resolution work flow

Recursive query process simply means that the enquirers change in the process. Enquirers do not
change in Iterative query processes.
Now we know clients get IP addresses in the end, so the browsers are communicating with
servers through IP addresses.
HTTP protocol
The HTTP protocol is a core part of web services. It's important to know what the HTTP
protocol is before you understand how the web works.

HTTP is the protocol that is used to facilitate communication between browser and web server.
It is based on the TCP protocol and usually uses port 80 on the side of the web server. It is a
protocol that utilizes the request-response model -clients send requests and servers respond.
According to the HTTP protocol, clients always setup new connections and send HTTP
requests to servers. Servers are not able to connect to clients proactively, or establish callback
connections. The connection between a client and a server can be closed by either side. For
example, you can cancel your download request and HTTP connection and your browser will
disconnect from the server before you finish downloading.

The HTTP protocol is stateless, which means the server has no idea about the relationship
between the two connections even though they are both from same client. To solve this
problem, web applications use cookies to maintain the state of connections.

Because the HTTP protocol is based on the TCP protocol, all TCP attacks will affect HTTP
communications in your server. Examples of such attacks are SYN flooding, DoS and DDoS
attacks.

HTTP request package (browser information)

Request packages all have three parts: request line, request header, and body. There is one
blank line between header and body.
GET /domains/example/ HTTP/1.1 // request line: request method, URL, protocol and its version
Host：www.iana.org // domain name
User-Agent：Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94
Safari/537.4 // browser information
Accept：text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 // mime that clients can accept
Accept-Encoding：gzip,deflate,sdch // stream compression
Accept-Charset：UTF-8,*;q=0.5 // character set in client side
// blank line
// body, request resource arguments (for example, arguments in POST)
We use fiddler to get the following request information.
Figure 3.4 Information of a GET request caught by fiddler

Figure Information of a POST request caught by fiddler

We can see that GET does not have a request body, unlike POST, which does.

There are many methods you can use to communicate with servers in HTTP; GET, POST, PUT
and DELETE are the 4 basic methods that we typically use. A URL represents a resource on a
network, so these 4 methods define the query, change, add and delete operations that can act on
these resources. GET and POST are very commonly used in HTTP. GET can append query
parameters to the URL, using ? to separate the URL and parameters and & between the
arguments, like EditPosts.aspx?name=test1&id=123456 . POST puts data in the request body because
the URL implements a length limitation via the browser. Thus, POST can submit much more
data than GET. Also, when we submit user names and passwords, we don't want this kind of
information to appear in the URL, so we use POST to keep them invisible.
HTTP response package (server information)
Let's see what information is contained in the response packages.
HTTP/1.1 200 OK // status line
Server: nginx/1.0.8 // web server software and its version in the server machine
Date:Date: Tue, 30 Oct 2012 04:14:25 GMT // responded time
Content-Type: text/html // responded data type
Transfer-Encoding: chunked // it means data were sent in fragments
Connection: keep-alive // keep connection
Content-Length: 90 // length of body
// blank line
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"... // message body
The first line is called the status line. It supplies the HTTP version, status code and status
message.

The status code informs the client of the status of the HTTP server's response. In HTTP/1.1, 5
kinds of status codes were defined:
- 1xx Informational
- 2xx Success
- 3xx Redirection
- 4xx Client Error
- 5xx Server Error
Let's see more examples about response packages. 200 means server responded correctly, 302
means redirection.
Figure Full information for visiting a website

HTTP is stateless and Connection: keep-alive

The term stateless doesn't mean that the server has no ability to keep a connection. It simply
means that the server doesn't recognize any relationships between any two requests.

In HTTP/1.1, Keep-alive is used by default. If clients have additional requests, they will use the
same connection for them.

Notice that Keep-alive cannot maintain one connection forever; the application running in the
server determines the limit with which to keep the connection alive for, and in most cases you
can configure this limit.
Request instance

Figure 3.7 All packages for opening one web page

We can see the entire communication process between client and server from the above picture.
You may notice that there are many resource files in the list; these are called static files, and Go
has specialized processing methods for these files.

This is the most important function of browsers: to request for a URL and retrieve data from
web servers, then render the HTML. If it finds some files in the DOM such as CSS or JS files,
browsers will request these resources from the server again until all the resources finish
rendering on your screen.

Reducing HTTP request times is one way of improving the loading speed of web pages. By
reducing the number of CSS and JS files that need to be loaded, both request latencies and
pressure on your web servers can be reduced at the same time.

Web hosting
Web hosting is a cloud service in which a service provider stores all the files
that comprise a website on a server and makes the website accessible on the
internet.

Websites are built by using files, code, images and applications, all of which needed to be stored
on servers. Web hosts provide, configure and maintain the physical or virtual servers that store all
the resources needed to build and run a website, in addition to other features.

Individuals, small businesses, startups, large enterprises and government organizations all use web
hosting platforms. Web hosting providers generally offer features such as scalable storage,
compute and bandwidth, security protocols, backups, technical support and other customizable
options to meet user needs. Some providers also offer services such as DNS registration and
configuration or access to a content distribution network (CDN).

It is common for web hosting platforms to offer various types of hosting packages with different
levels of service based on customer needs. Overall cost is determined by several factors, including:

 The amount of storage space and computing capacity allocated to the organization

 The degree to which the site shares computing resources with other sites or is isolated from
the impact of other sites sharing the same resources

 The additional capabilities and services offered (for example, the number of email inboxes
included with the domain name and blogging capabilities)

 The degree of control and flexibility offered (for example, which operating system (OS)
and content management system is used, or whether support for special web applications is
 included)

 The extent to which the organization manages the website or has the service provider
manage it
For example, an organization can choose a full do-it-yourself approach and keep the building,
configuration management and maintenance of their websites in-house, only renting the server
space needed to host website files and applications. Such organizations might choose to request
root access, giving them the ability to make system-level and configuration changes. Or an
organization can choose a full-service approach that includes building, designing and managing
the digital marketing, email server, search engine optimization (SEO) and security of a site, in
addition to hosting.

How web hosting works

Web hosting plans are offered by internet service providers (ISP), specialized web hosting service
providers and cloud service providers. A web hosting provider creates space on a server, or
provides a dedicated server, to host a client’s website or web applications. The hosting provider
provides a dashboard where the client can manage their websites and applications. The provider
also provides access to resources such as CPU, RAM, bandwidth, security features, email
management and more. The service level of the organization’s hosting plan generally dictates the
type and amount of resources that the organization can access.

Hosting options vary depending on workloads, the technical requirements of a business or website
and business objectives. When choosing a web hosting solution, enterprises can decide between
several hosting options including shared hosting, dedicated hosting and virtual private server
(VPS) hosting. In deciding, organizations consider whether internal IT operations (ITOps) teams
will manage a website or if they expect the service provider to manage it.
Some web hosting companies provide domain registration—reserving the URL address that the
organization plans to use—if the organization has not already done so. Some also offer domain
name system (DNS) registration, hosting and configuration. DNS, the “phonebook of the
internet,” converts human-friendly domain names into internet protocol addresses. DNS makes it
possible for users to type a domain name into a web browser and connect with the website and
content they are looking for. DNS hosting provides the authoritative name server for a website.
This server makes the website available over the internet and connects users to the website.
Types of web hosting

Types of web hosting include:

  Shared hosting
 Virtual private server (VPS) hosting
 Dedicated hosting

Shared hosting

In shared hosting plans, a service provider hosts the website along with others on a shared server.
Server resources such as CPU, RAM, storage space and web server software are shared and
allocated across several sites. Each of these components factor into the speed and quality users
experience when using a website. Shared hosting plans tend to be less expensive since resources
are shared with other website owners.

The downside of shared hosting is that spikes in traffic to one website can cause other sites on the
server to experience higher latency, which can slow site performance. Generally, shared hosting
does not offer many opportunities for customizing server configurations.

For personal websites and blog pages, businesses with a relatively low volume of transactions and
sites with few security and compliance requirements, shared hosting is often an efficient and cost-
effective option. Businesses with higher or more precise demands, e-commerce sites with high
traffic volumes and other online businesses might need to explore hosting options that offer
greater capabilities.
Virtual private server (VPS) hosting
VPS hosting takes advantage of the partitioning capabilities of virtual servers to divide the
computing power of a physical server. Like in shared hosting, multiple virtual servers share the
resources of the same physical server. However, virtual servers have the unique ability to run on
an independent operating system and reserve resources such as computing power, storage and
memory for a specific function. This means that the activity of other virtual servers is far less
likely to impact the performance of a website with a dedicated virtual server.
Virtual private servers, like shared servers, are a type of multitenant cloud hosting that offers
virtualized server resources through the internet via a cloud or hosting provider. VPS hosting
offers more configurable system options and controls than shared hosting without the high costs
associated with dedicated hosting.
Dedicated hosting

Dedicated hosting provides exclusive access to a physical server. Enterprises get full control over
system and application software, can customize setup to meet organizational requirements and
partition the server to host multiple domains. Because resources are not shared, the demands of
problems more quickly.
While dedicated hosting provides greater reliability and more customization and optimization
capabilities, it is the most expensive model for website hosting. For one, in a dedicated hosting
model, one organization is footing the bill for the whole server. In addition, the organization must
maintain the server, and possess the in-house technical skill to do so—also costly. Enterprises
should be conscious that scaling a dedicated server requires more planning, time and resources
that scaling cloud resources in virtual servers. Because of these factors, this arrangement is usually
most appropriate for large, established enterprises.

WebSecurity
Web security refers to the protection of data as it travels across the internet or within
a network. It plays a vital role in safeguarding websites, web applications, and the
servers they run on from malicious attacks, data breaches, and unauthorized access.
With cyberattacks becoming more sophisticated and frequent, ensuring strong web
security is more critical than ever.
According to recent studies, over 85% of websites are vulnerable to at least one
form of attack, highlighting the urgent need for robust security measures.

What is Web Security?

Web security is about keeping websites, servers, users, and devices safe
from cyberattacks that come through the internet. These attacks can include things
like viruses, fake emails (phishing), and other harmful activities that can steal or leak
important information.
To stay protected, web security uses different tools and methods, such as firewalls,
systems that block suspicious activity, filters that block dangerous websites, and
antivirus software. It also covers the security of Web Apps, APIs, and cloud systems
to keep everything running safely online.
For example- when you are transferring data between client and web server and you
have to protect that data, that security of data is your web security.
Best Practices for Securing Your Website
 Keep Software Updated: Regularly update all software to fix known
vulnerabilities and prevent exploits by hackers.

 Beware of SQL Injection: Prevent attackers from injecting malicious queries into
your database by using parameterized queries and input validation.

 Prevent Cross-Site Scripting (XSS): Sanitize user input to block scripts that
could run in users’ browsers and steal sensitive data.

 Limit Error Messages: Avoid exposing system details in error messages. Keep
messages generic to prevent attackers from gaining insight.

 Validate User Input: Perform input validation on both client and server sides to
block malformed or malicious data.

 Use Strong Passwords: Enforce complex password policies to protect

against brute-force attacks —include uppercase, lowercase, numbers, and symbols.

 Implement HTTPS: Secure your website with HTTPS to encrypt data during
transmission and prevent interception.

 Enable Two-Factor Authentication (2FA): Add an extra layer of security by

requiring a second form of verification beyond a password.

 Access Control: Restrict access based on user roles and use the principle of least
privilege to minimize risk.

 Monitor and Log Activity: Keep logs of access and actions on your site to detect
suspicious behavior and audit breaches.

 Use Modern and Secure Tech Stacks: Build websites using updated and secure
frameworks like the MEAN stack (MongoDB, Express.js, Angular,Node.js) for
better performance, scalability, and built-in security features.