martial mathers martial mathers - 3 years ago 67
HTTP Question

does HTTP Header tell us if a file was downloaded, uploaded, or accessed?

I am working with HTTP Headers as shown below.

GET /success.txt HTTP/1.1
Host: detectportal.firefox.com
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:54.0)
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cache-Control: no-cache
Pragma: no-cache
Connection: keep-alive

HTTP/1.1 200 OK
Content-Type: text/plain
Content-Length: 8
Last-Modified: Mon, 15 May 2017 18:04:40 GMT
ETag: "ae780585fb7d28906123"
Accept-Ranges: bytes
Server: AmazonS3
X-Amz-Cf-Id: iMjet-5hLAEAf8HyvtHWnotG4mkD7VeN7A==
Cache-Control: no-cache, no-store, must-revalidate
Date: Mon, 24 Jul 2017 18:24:08 GMT
Connection: keep-alive


as we can see from the above handshake, we can see that it was a successful 2-ways handshake. I am just wondering if this types of handshakes can tell us if a file was downloaded, uploaded, or accessed? if not how do we know which of this actions has taken place from the Header file?
thanks!

Answer Source

is there anyways to know that the pdf file was downloaded from [captured network packets containing these] HTTP header[s]?

No. The headers describe a resource, and optionally that resource's content that will follow.

Nobody stops you from closing the connection after reading the headers, causing the content not to be downloaded.

So just seeing these headers fly by on the network is no proof someone actually viewed that response's content, even if there was any.

But in general, if a request has a payload, you can say "something" was uploaded, and if a response has a payload, you can say "something" was downloaded. What exactly was uploaded can be obtained by inspecting the request's content-type headers. Do note that the concept of a "file" becomes blurry when transmitting them over a network. A web server responding to a request may generate a PDF document in-memory, and serve that with a header that prompts a Save As... window in your browser. Can you then say a "file" was downloaded? What if a site serves a CSS file which your browser renders, but doesn't store on disk (barring caching)?

See HTTP response headers valid with no Transfer-Encoding and Content-Length? how to determine a message's length.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download