URL structure

What is a URL address?

The URL stands for Uniform Resource Locator and is one of the cornerstones of the HTTP protocol. In essence, a URL address refers to a specific resource on a website, which can be, for example, an HTML page, a resource used by an HTML page, or even a plain text file.

Different types of URLs:

http://hakatemia.fi/
http://hakatemia.fi/index.html
http://hakatemia.fi/robots.txt
https://hakatemia.fi/kuva.png
https://hakatemia.fi/kansio/fydoto.txt
https://hakatemia.fi/rekisteroidy?nimi=aku&sposti=aku.ankka@gmail.com

Parts of URL address

The URL address consists of different components, some of which are mandatory while others are optional. The components used in the URL address are partially defined by the application developers, although the user is able to modify them themselves.

The application may, for example, include a link where the application defines the desired URL address and its components, but nothing prevents the user from changing this address.

Schema

The first component of the URL address is the scheme. The scheme tells the browser which protocol the request is made with. The protocol is usually either unsecured HTTP or secured HTTPS protocol.

Authority or domain

The part that comes after the scheme is the name of the authority maintaining the resource, which is the domain. As mentioned in the section on computer networks, a domain is just an easier-to-remember name for an IP address, so you can also use the IP address directly instead of the domain name.

Authority tells the browser where to fetch a specific resource from the server. For example, www.google.com tells the browser to fetch the resource from Google's server, so the browser naturally tries to communicate with Google over the network.

Port

After the authority, it is possible to give additional instructions to the browser about which port the HTTP request wants to be redirected to. If the port is not specified, the browser will use the default port according to the protocol of the schema. By default, if the schema is http://, the browser sends the request to port 80 (standard port for HTTP protocol), whereas in the case of the schema https://, the request is sent to port 443 (standard port for HTTPS protocol).

The image URL would inform the browser to send the request to port 8080.

Resource Path

After the authority and port, it is possible to specify a resource path to which the HTTP request is targeted. The resource path can be thought of, for example, as the file path of a web server.

However, this is not as simple in modern times, as resource paths are usually abstractions, where different resource paths or "routes" of a website and the requests directed to them are handled in the code and the paths are not concrete files.

Parameters

Parameters are alternative key-value combinations that come after the question mark, separated by the &-symbol. A webpage can use the values defined in these parameters if desired. The use and handling of parameters is entirely up to the creators of the webpage and their use varies widely.

Parameters are a significant way to convey detailed information between the browser and the application. Therefore, the parameters in use are also of interest from a cybersecurity testing perspective. Many vulnerabilities occur as a result of applications not correctly handling the values contained in the parameters.

Anchor

An anchor is the last piece of a URL, which is also entirely optional. The anchor tells the browser which specific part of the requested resource should be displayed to the user. So, if the requested resource were, for example, a recipe, the anchor could be #measurements, and the browser would automatically scroll to that specific section once the resource is loaded in the browser.