HTTP
Definition
HTTP (Hypertext Transfer Protocol) is an application-layer protocol used for transmitting hypermedia documents, such as HTML, across the internet. It is the foundation of data communication on the World Wide Web, enabling the retrieval of linked resources. HTTP is stateless, meaning each request from a client to server is independent, and it typically operates over TCP/IP. While HTTP itself does not provide encryption, it can be secured using HTTPS, which incorporates TLS/SSL to protect data in transit.
Secure Settings Example
# Example of a secure Nginx server configuration for HTTPS
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/ssl/certs/example.com.crt;
ssl_certificate_key /etc/ssl/private/example.com.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
}
Insecure Settings Example
# Example of an insecure Nginx server configuration
server {
listen 80;
server_name example.com;
# No SSL/TLS configuration, allowing unencrypted HTTP traffic
# Missing HSTS header, exposing to downgrade attacks
}