JAKARTAPROJECT
JAKARTA TIPJSP TIPJSP Áú¹®&´äº¯DATABASE TIPJAVASCRIPT TIPWEBHACKING TIP±âŸ TIP
JSP ÆÁ
JSP ÆÁ
JSP ÆÁ °Ô½ÃÆÇ ÀÔ´Ï´Ù
Çì´õÁ¤º¸ º¸±â
GoodBug
À̹ÌÁö ½½¶óÀÌ´õ º¸±â

Çì´õÁ¤º¸ º¸±â

 

<%@ page contentType="text/html; charset=euc-kr" %>

 

<%
    java.util.Enumeration enum = request.getHeaderNames();


    while (enum.hasMoreElements()) {
        String name = (String)enum.nextElement();
        out.println(name + " : "+ request.getHeader(name)+"<br>");
}
%>

 

·ÎÄÿ¡¼­ µ¹·Áº¸´Ï ´ÙÀ½°ú °°Àº °á°ú°¡ ³ª¿É´Ï´Ù

accept : */*
accept-language : ko
accept-encoding : gzip, deflate
user-agent : Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; i-NavFourF)
host : localhost
connection : Keep-Alive
cookie : UID=XXXL; JSESSIONID=303D0453D1C1B2A8C94CD5909XXXXX

 

 

10. Header Field Definitions

This section defines the syntax and semantics of all commonly used HTTP/1.0 header fields. For general and entity header fields, both sender and recipient refer to either the client or the server, depending on who sends and who receives the message.

10.1 Allow

The Allow entity-header field lists the set of methods supported by the resource identified by the Request-URI. The purpose of this field is strictly to inform the recipient of valid methods associated with the resource. The Allow header field is not permitted in a request using the POST method, and thus should be ignored if it is received as part of a POST entity. 

       Allow          = "Allow" ":" 1#method
Example of use: 

       Allow: GET, HEAD
This field cannot prevent a client from trying other methods. However, the indications given by the Allow header field value should be followed. The actual set of allowed methods is defined by the origin server at the time of each request.

A proxy must not modify the Allow header field even if it does not understand all the methods specified, since the user agent may have other means of communicating with the origin server.

The Allow header field does not indicate what methods are implemented by the server.

10.2 Authorization

A user agent that wishes to authenticate itself with a server--usually, but not necessarily, after receiving a 401 response--may do so by including an Authorization request-header field with the request. The Authorization field value consists of credentials containing the authentication information of the user agent for the realm of the resource being requested. 

       Authorization  = "Authorization" ":" credentials
HTTP access authentication is described in Section 11. If a request is authenticated and a realm specified, the same credentials should be valid for all other requests within this realm.

Responses to requests containing an Authorization field are not cachable.

10.3 Content-Encoding

The Content-Encoding entity-header field is used as a modifier to the media-type. When present, its value indicates what additional content coding has been applied to the resource, and thus what decoding mechanism must be applied in order to obtain the media-type referenced by the Content-Type header field. The Content-Encoding is primarily used to allow a document to be compressed without losing the identity of its underlying media type. 

       Content-Encoding = "Content-Encoding" ":" content-coding
Content codings are defined in Section 3.5. An example of its use is 

       Content-Encoding: x-gzip
The Content-Encoding is a characteristic of the resource identified by the Request-URI. Typically, the resource is stored with this encoding and is only decoded before rendering or analogous usage.

10.4 Content-Length

The Content-Length entity-header field indicates the size of the Entity-Body, in decimal number of octets, sent to the recipient or, in the case of the HEAD method, the size of the Entity-Body that would have been sent had the request been a GET. 

       Content-Length = "Content-Length" ":" 1*DIGIT
An example is 

       Content-Length: 3495
Applications should use this field to indicate the size of the Entity-Body to be transferred, regardless of the media type of the entity. A valid Content-Length field value is required on all HTTP/1.0 request messages containing an entity body.

Any Content-Length greater than or equal to zero is a valid value. Section 7.2.2 describes how to determine the length of a response entity body if a Content-Length is not given.

Note: The meaning of this field is significantly different from the corresponding definition in MIME, where it is an optional field used within the "message/external-body" content-type. In HTTP, it should be used whenever the entity's length can be determined prior to being transferred.

10.5 Content-Type

The Content-Type entity-header field indicates the media type of the Entity-Body sent to the recipient or, in the case of the HEAD method, the media type that would have been sent had the request been a GET. 

       Content-Type   = "Content-Type" ":" media-type
Media types are defined in Section 3.6. An example of the field is 

       Content-Type: text/html
Further discussion of methods for identifying the media type of an entity is provided in Section 7.2.1.

10.6 Date

The Date general-header field represents the date and time at which the message was originated, having the same semantics as orig-date in RFC 822. The field value is an HTTP-date, as described in Section 3.3. 

       Date           = "Date" ":" HTTP-date
An example is 

       Date: Tue, 15 Nov 1994 08:12:31 GMT
If a message is received via direct connection with the user agent (in the case of requests) or the origin server (in the case of responses), then the date can be assumed to be the current date at the receiving end. However, since the date--as it is believed by the origin--is important for evaluating cached responses, origin servers should always include a Date header. Clients should only send a Date header field in messages that include an entity body, as in the case of the POST request, and even then it is optional. A received message which does not have a Date header field should be assigned one by the recipient if the message will be cached by that recipient or gatewayed via a protocol which requires a Date.

In theory, the date should represent the moment just before the entity is generated. In practice, the date can be generated at any time during the message origination without affecting its semantic value.

Note: An earlier version of this document incorrectly specified that this field should contain the creation date of the enclosed Entity-Body. This has been changed to reflect actual (and proper) usage.

10.7 Expires

The Expires entity-header field gives the date/time after which the entity should be considered stale. This allows information providers to suggest the volatility of the resource, or a date after which the information may no longer be valid. Applications must not cache this entity beyond the date given. The presence of an Expires field does not imply that the original resource will change or cease to exist at, before, or after that time. However, information providers that know or even suspect that a resource will change by a certain date should include an Expires header with that date. The format is an absolute date and time as defined by HTTP-date in Section 3.3. 

       Expires        = "Expires" ":" HTTP-date
An example of its use is 

       Expires: Thu, 01 Dec 1994 16:00:00 GMT
If the date given is equal to or earlier than the value of the Date header, the recipient must not cache the enclosed entity. If a resource is dynamic by nature, as is the case with many data-producing processes, entities from that resource should be given an appropriate Expires value which reflects that dynamism.

The Expires field cannot be used to force a user agent to refresh its display or reload a resource; its semantics apply only to caching mechanisms, and such mechanisms need only check a resource's expiration status when a new request for that resource is initiated.

User agents often have history mechanisms, such as "Back" buttons and history lists, which can be used to redisplay an entity retrieved earlier in a session. By default, the Expires field does not apply to history mechanisms. If the entity is still in storage, a history mechanism should display it even if the entity has expired, unless the user has specifically configured the agent to refresh expired history documents.

Note: Applications are encouraged to be tolerant of bad or misinformed implementations of the Expires header. A value of zero (0) or an invalid date format should be considered equivalent to an "expires immediately." Although these values are not legitimate for HTTP/1.0, a robust implementation is always desirable.

10.8 From

The From request-header field, if given, should contain an Internet e-mail address for the human user who controls the requesting user agent. The address should be machine-usable, as defined by mailbox in RFC 822 [7] (as updated by RFC 1123 [6]): 

       From           = "From" ":" mailbox
An example is: 

       From: webmaster@w3.org
This header field may be used for logging purposes and as a means for identifying the source of invalid or unwanted requests. It should not be used as an insecure form of access protection. The interpretation of this field is that the request is being performed on behalf of the person given, who accepts responsibility for the method performed. In particular, robot agents should include this header so that the person responsible for running the robot can be contacted if problems occur on the receiving end.

The Internet e-mail address in this field may be separate from the Internet host which issued the request. For example, when a request is passed through a proxy, the original issuer's address should be used.

Note: The client should not send the From header field without the user's approval, as it may conflict with the user's privacy interests or their site's security policy. It is strongly recommended that the user be able to disable, enable, and modify the value of this field at any time prior to a request.

10.9 If-Modified-Since

The If-Modified-Since request-header field is used with the GET method to make it conditional: if the requested resource has not been modified since the time specified in this field, a copy of the resource will not be returned from the server; instead, a 304 (not modified) response will be returned without any Entity-Body. 

       If-Modified-Since = "If-Modified-Since" ":" HTTP-date
An example of the field is: 
       If-Modified-Since: Sat, 29 Oct 1994 19:43:31 GMT
A conditional GET method requests that the identified resource be transferred only if it has been modified since the date given by the If-Modified-Since header. The algorithm for determining this includes the following cases:

a)
If the request would normally result in anything other than a 200 (ok) status, or if the passed If-Modified-Since date is invalid, the response is exactly the same as for a normal GET. A date which is later than the server's current time is invalid.
b)
If the resource has been modified since the If-Modified-Since date, the response is exactly the same as for a normal GET.
c)
If the resource has not been modified since a valid If-Modified-Since date, the server shall return a 304 (not modified) response.
The purpose of this feature is to allow efficient updates of cached information with a minimum amount of transaction overhead.

10.10 Last-Modified

The Last-Modified entity-header field indicates the date and time at which the sender believes the resource was last modified. The exact semantics of this field are defined in terms of how the recipient should interpret it: if the recipient has a copy of this resource which is older than the date given by the Last-Modified field, that copy should be considered stale. 

       Last-Modified  = "Last-Modified" ":" HTTP-date
An example of its use is 

       Last-Modified: Tue, 15 Nov 1994 12:45:26 GMT
The exact meaning of this header field depends on the implementation of the sender and the nature of the original resource. For files, it may be just the file system last-modified time. For entities with dynamically included parts, it may be the most recent of the set of last-modify times for its component parts. For database gateways, it may be the last-update timestamp of the record. For virtual objects, it may be the last time the internal state changed.

An origin server must not send a Last-Modified date which is later than the server's time of message origination. In such cases, where the resource's last modification would indicate some time in the future, the server must replace that date with the message origination date.

10.11 Location

The Location response-header field defines the exact location of the resource that was identified by the Request-URI. For 3xx responses, the location must indicate the server's preferred URL for automatic redirection to the resource. Only one absolute URL is allowed. 

       Location       = "Location" ":" absoluteURI
An example is 

       Location: http://www.w3.org/hypertext/WWW/NewLocation.html

10.12 Pragma

The Pragma general-header field is used to include implementation-specific directives that may apply to any recipient along the request/response chain. All pragma directives specify optional behavior from the viewpoint of the protocol; however, some systems may require that behavior be consistent with the directives. 

       Pragma           = "Pragma" ":" 1#pragma-directive

       pragma-directive = "no-cache" | extension-pragma
       extension-pragma = token [ "=" word ]
When the "no-cache" directive is present in a request message, an application should forward the request toward the origin server even if it has a cached copy of what is being requested. This allows a client to insist upon receiving an authoritative response to its request. It also allows a client to refresh a cached copy which is known to be corrupted or stale.

Pragma directives must be passed through by a proxy or gateway application, regardless of their significance to that application, since the directives may be applicable to all recipients along the request/response chain. It is not possible to specify a pragma for a specific recipient; however, any pragma directive not relevant to a recipient should be ignored by that recipient.

10.13 Referer

The Referer request-header field allows the client to specify, for the server's benefit, the address (URI) of the resource from which the Request-URI was obtained. This allows a server to generate lists of back-links to resources for interest, logging, optimized caching, etc. It also allows obsolete or mistyped links to be traced for maintenance. The Referer field must not be sent if the Request-URI was obtained from a source that does not have its own URI, such as input from the user keyboard. 

       Referer        = "Referer" ":" ( absoluteURI | relativeURI )
Example: 

       Referer: http://www.w3.org/hypertext/DataSources/Overview.html
If a partial URI is given, it should be interpreted relative to the Request-URI. The URI must not include a fragment.

Note: Because the source of a link may be private information or may reveal an otherwise private information source, it is strongly recommended that the user be able to select whether or not the Referer field is sent. For example, a browser client could have a toggle switch for browsing openly/anonymously, which would respectively enable/disable the sending of Referer and From information.

10.14 Server

The Server response-header field contains information about the software used by the origin server to handle the request. The field can contain multiple product tokens (Section 3.7) and comments identifying the server and any significant subproducts. By convention, the product tokens are listed in order of their significance for identifying the application. 

       Server         = "Server" ":" 1*( product | comment )
Example: 

       Server: CERN/3.0 libwww/2.17
If the response is being forwarded through a proxy, the proxy application must not add its data to the product list.

Note: Revealing the specific software version of the server may allow the server machine to become more vulnerable to attacks against software that is known to contain security holes. Server implementors are encouraged to make this field a configurable option.
Note: Some existing servers fail to restrict themselves to the product token syntax within the Server field.

10.15 User-Agent

The User-Agent request-header field contains information about the user agent originating the request. This is for statistical purposes, the tracing of protocol violations, and automated recognition of user agents for the sake of tailoring responses to avoid particular user agent limitations. Although it is not required, user agents should include this field with requests. The field can contain multiple product tokens (Section 3.7) and comments identifying the agent and any subproducts which form a significant part of the user agent. By convention, the product tokens are listed in order of their significance for identifying the application. 

       User-Agent     = "User-Agent" ":" 1*( product | comment )
Example: 

       User-Agent: CERN-LineMode/2.15 libwww/2.17b3
Note: Some current proxy applications append their product information to the list in the User-Agent field. This is not recommended, since it makes machine interpretation of these fields ambiguous.
Note: Some existing clients fail to restrict themselves to the product token syntax within the User-Agent field.

10.16 WWW-Authenticate

The WWW-Authenticate response-header field must be included in 401 (unauthorized) response messages. The field value consists of at least one challenge that indicates the authentication scheme(s) and parameters applicable to the Request-URI. 

       WWW-Authenticate = "WWW-Authenticate" ":" 1#challenge

The HTTP access authentication process is described in Section 11. User agents must take special care in parsing the WWW-Authenticate field value if it contains more than one challenge, or if more than one WWW-Authenticate header field is provided, since the contents of a challenge may itself contain a comma-separated list of authentication parameters.

 

http://www.w3.org/Protocols/HTTP/1.0/draft-ietf-http-spec.html

2006-02-23 23:04:52
220.70.88.***

 

ÁÁÀº»ý°¢ ^^

0Á¡ (0¸í)
Çì´õÁ¤º¸ º¸±â GoodBug 2006-02-23
WhiteCanvas ½ºÅ² v2.1 1 GoodBug 2006-01-05
µ¡±Û 0°³ | ÅÂ±× 0°³ | °ü·Ã±Ûº¸±â
ű×ÀÔ·Â
½±Ç¥(,)±¸ºÐÀ¸·Î Çѹø¿¡ ¿©·¯ ű׸¦ ÀÔ·ÂÇÒ¼ö ÀÖ½À´Ï´Ù
À̸§ ºñ¹Ð¹øÈ£
JSP ÆÁ
JSP ÆÁ °Ô½ÃÆÇ ÀÔ´Ï´Ù
! ¹øÈ£ Á¦¸ñ ±Û¾´ÀÌ ÀÏÀÚ Á¶È¸
114 STS Spring MVC on STS 2.8, 2.9 ¹öÀü¿¡¼­ ÇÁ·ÎÁ§Æ® »ý¼º½Ã ¿¡·¯¹ß»ý ÇÒ °æ¿ì 1 GoodBug 2012-03-08 8,112
113 dbcp DBCP »ç¿ë½Ã DBÁ¤º¸ ¾Ïȣȭ 1 GoodBug 2012-02-08 5,617
112 ½ºÆ®·µÃ÷ action alert ¸Þ½ÃÁö Ãâ·Â ÈÄ ÆäÀÌÁö À̵¿ & µÚ·Î°¡±â ¿¹¹æ ÇູÇѱ¤´ë 2009-01-14 11,643
111 spring spring ÀÚµ¿¹­±â 1 kaiser 2007-03-12 11,853
110 spring Spring ºó¹­±â- »ý¼ºÀÚ¸¦ ÅëÇÑ ÀÇÁ¸¼º ÁÖÀÔ 2 1 kaiser 2007-02-21 21,611
109 spring Spring ºó¹­±â-¼¼Å͸޼ҵ带 ÅëÇÑ ÀÇÁ¸¼º ÁÖÀÔ 1 kaiser 2007-02-21 11,909
108 spring Spring - xml·Î ¹­±â 1 kaiser 2007-02-07 12,406
107 spring Spring ºó¹­±â-±âº»¹­±â 1 kaiser 2007-02-05 8,817
106 spring spring ºó¹­±â-2 1 kaiser 2007-01-29 9,683
105 spring Spring ºó¹­±â-1 1 kaiser 2007-01-29 9,748
104 spring Spring 1Â÷ ¿ä¾à 1 kaiser 2007-01-23 10,869
103 spring spring ½ÃÀÛÇϱâ-2 1 1 kaiser 2007-01-22 9,970
102 spring Spring ½ÃÀÛÇϱâ-1 4 1 kaiser 2007-01-22 11,687
101 spring Spring ¼­·Ð - spring ¼³Ä¡ 1 1 kaiser 2007-01-19 13,361
100 clob »ç¿ëÇϱâ kaiser 2008-08-21 7,679
99 span ±Û¾²±â ÈÄ »ç¿ëÇÒ protoload 1 1 °í°í½Ì 2008-05-09 7,185
98 log4sql log4sql 1 1 Aki 2008-04-30 8,403
97 ¼ýÀÚ ¼¼ÀÚ¸®¸¶´Ù ÄÞ¸¶ Âï±â 1 °ö½½´ë¸¶¿Õ 2008-03-21 8,527
96 iBatis iBatis ¿¡¼­ SQL ·Î±ë½Ã ÀÌ»Ñ°Ô º¸À̱â 6 1 GoodBug 2007-10-26 22,610
95 log4sql¿äÁò ¸¹ÀÌ ¾²´Â°Í °°´øµ¥.... ¿µÀ̳²Ç¦ 2008-10-17 8,132
copyright 2005-2024 by Unicorn