CN105187430A - Reverse proxy server, reverse proxy system and reverse proxy method - Google Patents
Reverse proxy server, reverse proxy system and reverse proxy method Download PDFInfo
- Publication number
- CN105187430A CN105187430A CN201510595368.1A CN201510595368A CN105187430A CN 105187430 A CN105187430 A CN 105187430A CN 201510595368 A CN201510595368 A CN 201510595368A CN 105187430 A CN105187430 A CN 105187430A
- Authority
- CN
- China
- Prior art keywords
- url
- application server
- reverse proxy
- target
- target url
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention provides a reverse proxy server, a reverse proxy system and a reverse proxy method. The reverse proxy server is connected with a peripheral application server and a peripheral client, and comprises a setting unit, an interaction unit and a verification unit, wherein the setting unit is used for setting an intercept rule of a URL; the interaction unit is used for receiving an object access request sent from the peripheral client, and transmitting the object URL in the object access request to the peripheral application server, and receiving the result data returned from the peripheral application server, and then sending the result data to the client when the verification unit verifies the object URL that the object URL is valid; and the verification unit is used for acquiring the object URL in the object access request received by the interaction unit to verify the validity of the object URL so as to reduce the possibility for attacking and destroying the application server according to the intercept rule, set by the setting unit, of the URL.
Description
Technical field
The present invention relates to Computer Applied Technology field, particularly a kind of Reverse Proxy, reverse proxy system and method.
Background technology
Along with the development of Internet technology, the business management software of Enterprise Resources Plan (EnterpriseResourcePlanning, ERP) class is as more and more extensive in enterprises mail service, cooperative office system, financial management system etc. the application in external network.But, due to the opening of Web service self, and the leak of operating system, Web service program and web application itself, website is always also existed and is attacked the possibility destroyed.
At present, the business management software of ERP class is when receiving access request, the application server at business management software place verifies the username and password etc. as authentication-access client by carrying out access request, because client can directly and the application server communication at the business management software place of ERP class, and by sending pseudo-URL request frequently, application server excess load will be caused, such as when lawless person frequently sends the URL request of carrying user name, to make the frequent authentication of users name of application server, so, when this frequent authentication of users name take too much running memory time, the protection capacity of safety protection software running memory in application server may be caused not enough, the protective capacities of protection capacity of safety protection software application server is declined, thus add application server and attacked the possibility of destruction.
Summary of the invention
The invention provides a kind of Reverse Proxy, reverse proxy system and method, thus reduce application server and attacked the possibility of destruction.
A kind of Reverse Proxy, is connected with the client of peripheral hardware with the application server of peripheral hardware respectively, comprises: setting unit, interactive unit and authentication unit, wherein,
Described setting unit, for arranging the interception rule of URL;
Described interactive unit, for the target access request that the client receiving peripheral hardware sends, and when described authentication unit checking target URL is effective, target URL in described target access request is transmitted to the application server of described peripheral hardware, the result data that the application server receiving described peripheral hardware returns, and send to described client;
Described authentication unit, for the interception rule of the URL that arranges according to described setting unit, obtains the target URL in the described target access request that described interactive unit receives, verifies the validity of described target URL.
Preferably, this Reverse Proxy, comprises further: retransmission unit, wherein,
Described setting unit, is further used for the forwarding rule arranging URL;
Described interactive unit, the service request that the client being further used for receiving described peripheral hardware sends, and receive the business objective URL of described retransmission unit transmission, this business objective URL is sent to the application server of described peripheral hardware, the info web that the described business objective URL that the application server receiving described peripheral hardware returns is corresponding, sends to the client of described peripheral hardware by info web corresponding for business objective URL described in this;
Described retransmission unit, for obtaining the business objective URL in described service request that described interactive unit receives, and verify to described authentication unit, whether described business objective URL verifies that effective target URL is relevant, if, the forwarding rule of the URL address then arranged according to described setting unit, sends to described interactive unit by described business objective URL.
Preferably, this Reverse Proxy, comprises further: determining unit, wherein,
Described determining unit, for determine described peripheral hardware application server in all username informations;
Described authentication unit, whether the user name for judging in described target URL is present in all username informations that described determining unit determines, if so, then described target URL is effective.
Preferably, described setting unit, any one or more for what arrange in the variable ServerVariables of application server in the forwarding condition C ondition of pattern URLPattern, URL of URL and URL, wherein,
Described URLPattern comprises: RequestedURL, Using and Pattern; Wherein, described RequestedURL comprises MatchesthePattern or DoesnotMatchesthePattern two options; Described Using comprises RegularExpressions, Wildcards and ExactMatch tri-expression formula options; Described Pattern provides corresponding implementation for any one expression formula in described Using;
Described Condition comprises: Conditioninput, Checkifinputstring and Pattern, wherein, described Conditioninput comprises { QUERY_STRING}, { HTTP_HOST} and { SERVER_PORT} tri-variablees of all URL in application server; Described Checkifinputstring comprises MatchthePattern and DoesNotMatchthePattern two options, and described Pattern comprises URL pattern corresponding in described Checkifinputstring option;
Described ServerVariables comprises: the variable of the application server of described peripheral hardware;
Described authentication unit, during for meeting the pattern URLPattern of URL address that described setting unit arranges as described target URL, then obtain described target URL, and according to the URL expression formula that the forwarding condition C ondition of described URL provides, determine that described target URL meets the forwarding condition C ondition of described URL, then described target URL is effective; And/or described authentication unit, for after execution described acquisition described target URL, determine identical with described ServerVariables of application server variable in described target URL, then described target URL is effective.
Preferably, described setting unit, is further used for the destination address arranging URL, and sets up the corresponding relation of this URL and destination address;
Described interactive unit, for being transmitted to the application server of described peripheral hardware by destination address corresponding for described target URL.
Preferably, this Reverse Proxy has installed ARR assembly, and this ARR assembly comprises RequestRouter, ExternalDiskCache, Rewrite and WebFarm, for providing programming framework for unit in described Reverse Proxy.
A kind of reverse proxy system, comprising: above-mentioned arbitrary described Reverse Proxy, at least one application server and at least one client; Wherein,
At least one application server described, interconnects with described Reverse Proxy, for receiving the target URL that described Reverse Proxy sends, and returns result data corresponding to target URL to described Reverse Proxy;
At least one client described, interconnects with described Reverse Proxy, for sending target access request to described Reverse Proxy, and receives the described result data of described Reverse Proxy transmission.
Preferably, at least one application server described, is further used for:
When the user name that described Reverse Proxy is determined in described target URL is effective, judge that whether password corresponding with user name in described target URL is correct, if so, then result data corresponding to target URL is returned described in execution to described Reverse Proxy.
A method for reverse proxy, is connected with client with application server respectively by Reverse Proxy, and arranges the interception rule of URL; Also comprise:
Reverse Proxy receives the target access request that described client sends;
According to the interception rule of described URL, tackle the target URL in described target access request;
Verify the validity of described target URL, if it is effective to verify described target URL, then described target URL is transmitted to described application server;
Receive the result data that described application server returns, and the result data returned described in sending is to client.
Preferably, said method comprises further: the forwarding rule arranging URL;
Receive the service request that client sends;
Tackle the business objective URL in described service request;
Verify that whether described business objective URL is relevant to described target URL, if so, then according to the forwarding rule of described URL address, forward described business objective URL;
Receive the info web that described business objective URL that described application server returns is corresponding, and send info web corresponding to described business objective URL to client.
Preferably, said method comprises further: determine all username informations in described application server;
The validity of the described target URL of described checking, comprising: judge whether the user name in described target URL is present in all username informations, and if so, then described target URL is effective.
Preferably, the described interception rule arranging URL, comprising: what arrange in the variable ServerVariables of application server in the forwarding condition C ondition of pattern URLPattern, URL of URL and URL is any one or more, wherein,
Described URLPattern comprises: RequestedURL, Using and Pattern; Wherein, described RequestedURL comprises MatchesthePattern or DoesnotMatchesthePattern two options; Described Using comprises RegularExpressions, Wildcards and ExactMatch tri-expression formula options; Described Pattern provides corresponding implementation for any one expression formula in described Using;
Described Condition comprises: Conditioninput, Checkifinputstring and Pattern, wherein, described Conditioninput comprises { QUERY_STRING}, { HTTP_HOST} and { SERVER_PORT} tri-variablees of all URL in application server; Described Checkifinputstring comprises MatchthePattern and DoesNotMatchthePattern two options, and described Pattern comprises URL pattern corresponding in described Checkifinputstring option;
Described ServerVariables comprises: the variable of the application server of described peripheral hardware;
The described rule of the interception according to described URL, tackle the target URL in described target access request, comprise: when described target URL meets the pattern URLPattern of described URL address, then described target URL is tackled, and according to the URL expression formula that the forwarding condition C ondition of described URL provides, determine that described target URL meets the forwarding condition C ondition of described URL, and determine the application server of peripheral hardware; And/or, the described rule of the interception according to described URL, tackle the target URL in described target access request, comprise: after execution is tackled described target URL, determine identical with described ServerVariables of application server variable in described target URL, and according to the variable of application server in described target URL, determine the application server of peripheral hardware.
Preferably, said method comprises further: the destination address arranging URL, and the corresponding relation setting up this URL and destination address;
Described described target URL is transmitted to described application server, comprises: application server destination address corresponding for described target URL being transmitted to described peripheral hardware.
Preferably, described Reverse Proxy installs ARR assembly, and this ARR assembly comprises RequestRouter, ExternalDiskCache, Rewrite and WebFarm.
Embodiments provide a kind of Reverse Proxy, reverse proxy system and method, this proxy server is connected with the client of peripheral hardware with the application server of peripheral hardware respectively, comprise: setting unit, interactive unit, authentication unit, wherein, described setting unit, for arranging the interception rule of URL; Described interactive unit, for the target access request that the client receiving peripheral hardware sends, and when described authentication unit checking target URL is effective, target URL in described target access request is transmitted to the application server of described peripheral hardware, the result data that the application server receiving described peripheral hardware returns, and send to described client; Described authentication unit, interception for the URL arranged according to described setting unit is regular, obtain the target URL in the described target access request that described interactive unit receives, verify the validity of described target URL, by the validity of this Reverse Proxy authentication URL, and then the URL by checking is sent to corresponding application server, client can be avoided by WEB network, also just avoid being communicated with of application server and outer net, thus reduce application server and attacked the possibility of destruction.
Accompanying drawing explanation
The structural representation of a kind of Reverse Proxy that Fig. 1 provides for the embodiment of the present invention;
The structural representation of a kind of reverse proxy system that Fig. 2 provides for the embodiment of the present invention;
The flow chart of a kind of reverse proxy method that Fig. 3 provides for the embodiment of the present invention;
The flow chart of a kind of reverse proxy method that Fig. 4 provides for another embodiment of the present invention;
The sequential chart of reverse proxy method validation username and password of Fig. 5 for providing in the embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described.Obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
As shown in Figure 1, the embodiment of the present invention provides a kind of Reverse Proxy, and this Reverse Proxy is connected with the client of peripheral hardware with the application server of peripheral hardware respectively, comprising: setting unit 101, interactive unit 102 and authentication unit 103, wherein,
Setting unit 101, for arranging the interception rule of URL;
Interactive unit 102, for the target access request that the client receiving peripheral hardware sends, and when authentication unit 103 verifies that target URL is effective, target URL in target access request is transmitted to the application server of peripheral hardware, the result data that the application server receiving peripheral hardware returns, and send to client;
Authentication unit 103, the interception for the URL arranged according to setting unit 101 is regular, the target URL in the target access request that acquisition interactive unit 102 receives, the validity of checking target URL.
In another embodiment, for the service request that the target URL be verified is relevant, then without the need to again verifying, effectively to improve access efficiency, therefore, above-mentioned Reverse Proxy, comprise further: retransmission unit (not shown), wherein
Setting unit 101, is further used for the forwarding rule arranging URL;
Interactive unit 102, the service request that the client being further used for receiving peripheral hardware sends, and receive the business objective URL of retransmission unit transmission, this business objective URL is sent to the application server of peripheral hardware, the info web that the business objective URL that the application server receiving peripheral hardware returns is corresponding, sends to the client of peripheral hardware by info web corresponding for this business objective URL;
Retransmission unit, for obtaining the business objective URL in service request that interactive unit 102 receives, and verify to authentication unit 103, whether business objective URL verifies that effective target URL is relevant, if, then according to the forwarding rule of the URL address of setting unit 101 setting, business objective URL is sent to interactive unit 102.
Can realize directly forwarding the service URL relevant to the target URL be verified by this retransmission unit, such as: for financial management, after checking target URL and user login successfully, user processes in business procedure, every business all needs just can be completed by Reverse Proxy and application server communication, if every business all needs to verify validity, to greatly increase the workload of Reverse Proxy, make Business Processing efficiency lower, and the retransmission unit that the embodiment of the present invention proposes can avoid the process of repeated authentication, to reduce the workload of Reverse Proxy, improve Business Processing efficiency.
In still another embodiment of the process, Reverse Proxy can the validity of authentication of users name, avoids disabled user to attack application server by invalid user name, then, above-mentioned Reverse Proxy, comprises further: determining unit (not shown), wherein
Determining unit, for determine peripheral hardware application server in all username informations;
Authentication unit 103, whether the user name for judging in target URL is present in all username informations that determining unit determines, if so, then target URL is effective.
At the business management software of ERP class as enterprises mail service, cooperative office system, in financial management system etc., generally need to be verified by username and password, just login can be completed, if and user name is pushed to application server checking, many invalid user name application servers are all needed to verify one by one, this adds the load capacity of application server internal memory undoubtedly, so, authentication of users name in Reverse Proxy is can be implemented in by this inventive embodiments, such Reverse Proxy is by user name invalid for interception, only effective user name is sent to application server, reduce the internal memory load of application server, further increase the fail safe of application server simultaneously.
In another embodiment, in order to the interception rule that setting unit is arranged can be realized, setting unit 101, any one or more for what arrange in the variable ServerVariables of application server in the forwarding condition C ondition of pattern URLPattern, URL of URL and URL, wherein
URLPattern comprises: RequestedURL, Using and Pattern; Wherein, RequestedURL comprises MatchesthePattern or DoesnotMatchesthePattern two options; Using comprises RegularExpressions, Wildcards and ExactMatch tri-expression formula options; Pattern provides corresponding implementation for any one expression formula in described Using;
Condition comprises: Conditioninput, Checkifinputstring and Pattern, and wherein, Conditioninput comprises { QUERY_STRING}, { HTTP_HOST} and { SERVER_PORT} tri-variablees of all URL in application server; Checkifinputstring comprises MatchthePattern and DoesNotMatchthePattern two options, and Pattern comprises URL pattern corresponding in described Checkifinputstring option;
ServerVariables comprises: the variable of the application server of peripheral hardware;
Conditioninput comprises { QUERY_STRING}, { HTTP_HOST} and { SERVER_PORT} tri-variablees of all URL in application server, as: for this network address, http://www.mysite.com/content/default.aspx? tabid=2 & subtabid=3, QUERY_STRING are tabid=2 & subtabid=3; HTTP_HOST is www.mysite.com; SERVER_PORT is 80; The interface of the application server that this 80 expression is corresponding, accurately can navigate to application server by this interface.For Pattern, such as: write according to the pattern of regular expression, if for thinking that filter suffix is tabid=2 & subtabid=3, then Pattern then can be written as ^ (.*) tabid=2 & subtabid=3.
For the variable of the application server of peripheral hardware, all application server variablees can be collected by the mode of enumerated value, such as undefined URL address, http://www.mysite.com/content/default.aspx? tabid=2 & subtabid=3, enumerated value can be the 0andHTTPScontainsOFF of SERVER_PORT_SECURE and corresponding above-mentioned URL address, can enumerated value be the content/default.aspx of REQUEST_URI and corresponding above-mentioned URL address? tabid=2 & subtabid=3.
Authentication unit 103, during for meeting the pattern URLPattern of URL address that setting unit 101 arranges as target URL, then obtain described target URL, and according to the URL expression formula that the forwarding condition C ondition of described URL provides, determine that described target URL meets the forwarding condition C ondition of described URL, then described target URL is effective; And/or authentication unit 103, for after execution described acquisition described target URL, determine identical with ServerVariables of application server variable in target URL, then target URL is effective.
In proof procedure, characterize meet just tackling of the URL pattern of setting, for then the neglecting of URL pattern not meeting setting if the URLPattern of setting is MatchesthePattern; Characterize do not meet just tackling of the URL pattern of setting if the URLPattern of setting is DoesnotMatchesthePattern, for then the neglecting of URL pattern meeting setting, the checking to some inessential URL can be avoided.
What deserves to be explained is, can also arrange at authentication unit is the forwarding condition C ondition that MatchAll all meets URL, just determines that target URL is effective; As long as or MatchAny any of meeting in Condition just can determine that target URL effectively, concrete arranging can be arranged according to user's request.
In another embodiment, in order to avoid access request or service request are sending in the process of Reverse Proxy by client, in access request or service request, URL is caused information such as user name or business datum to be revealed by intercepting and capturing.
Setting unit 101, is further used for the destination address arranging URL, and sets up the corresponding relation of this URL and destination address;
Interactive unit, for being transmitted to the application server of described peripheral hardware by destination address corresponding for described target URL.
This process mainly, avoid directly carrying target information in URL, such as: only have by this destination address http://www.mysite.com/content/default.aspx? tabid=2 & subtabid=3 just can get the information in application server, if client directly sends this destination address, by the words intercepted and captured, the information of application server can be obtained from this information, if and setting unit to set out the dummy address http://www.mysite.com/content/abc that client sends corresponding with destination address above, even if then dummy address http://www.mysite.com/content/abc is by the words intercepted and captured, also Application Server information can not be caused to reveal.
What deserves to be explained is, not only for the URL in access request, also pseudo-business objective URL and actual business objective URL corresponding relation can be set up out for the URL in service request, after direction proxy server receives this pseudo-business objective URL, the business objective URL of the reality of its correspondence can be determined, and the business objective URL of reality is sent to application server, such user profile can be avoided by the danger revealed, such as: user handles storage 100,000 yuans in bank, then in pseudo-URL, 100,000 yuans can be replaced with A, even if intercepted and captured by URL information like this, also real information cannot be resolved out.
In an alternative embodiment of the invention, this Reverse Proxy has installed ARR assembly, this ARR assembly comprises RequestRouter, ExternalDiskCache, Rewrite and WebFarm, for providing programming framework for unit in described Reverse Proxy.
As shown in Figure 2, the embodiment of the present invention provides a kind of reverse proxy system, and this system comprises: any one Reverse Proxy 201 above-mentioned, application server 202 and client 203; Wherein,
At least one application server 202, interconnects with Reverse Proxy 201, for receiving the target URL that Reverse Proxy 202 sends, and returns result data corresponding to target URL to Reverse Proxy 202;
At least one client 203, interconnects with Reverse Proxy 201, for sending target access request to Reverse Proxy 201, and receives the described result data of Reverse Proxy 201 transmission.
In still another embodiment of the process, at least one application server 202, be further used for: when the user name that Reverse Proxy 201 is determined in target URL is effective, judge that whether password corresponding with user name in target URL is correct, if so, then execution returns result data corresponding to target URL to Reverse Proxy 201.This process can avoid application server to the checking of invalid user name, reduces the unnecessary expenditures of application server of knowing clearly.
What deserves to be explained is, also can be connected with Reverse Proxy by Intranet by outer net between client with Reverse Proxy, and application server is connected with Reverse Proxy by means of only Intranet, can ensure the safety of application server like this.
As shown in Figure 3, the embodiment of the present invention provides a kind of method of reverse proxy, and being connected with client with application server respectively by Reverse Proxy is the basis realizing the method, and the method can comprise the steps:
Step 301: the interception rule that URL is set;
Step 302: Reverse Proxy receives the target access request that client sends;
Step 303: according to the interception rule of URL, the target URL in interception target access request;
Step 304: the validity of checking target URL, if it is effective to verify target URL, is then transmitted to application server by described target URL;
Step 305: receive the result data that application server returns, and send this result data to client.
In an embodiment of the invention, in order to reduce the proof load of Reverse Proxy, thus accelerate the speed of the forwarding URL of Reverse Proxy, the method comprises further: the forwarding rule arranging URL; Receive the service request that client sends; Business objective URL in interception service request; Whether business objective URL is relevant to described target URL in checking, if so, then according to the forwarding rule of described URL address, and forwarding service target URL; Receive and send info web corresponding to business objective URL that application server returns, and sending info web corresponding to this business objective URL to client.
In an embodiment of the invention, for the URL carrying username and password, the method comprises further: determine all username informations in the application server of described peripheral hardware; The embodiment of step 304: whether the user name judging in target URL is present in all username informations that determining unit determines, if so, then target URL is effective.
In an embodiment of the invention, in order to tackle URL targetedly, the embodiment of step 301: what arrange in the variable ServerVariables of application server in the forwarding condition C ondition of pattern URLPattern, URL of URL and URL is any one or more, wherein, URLPattern comprises: RequestedURL, Using and Pattern; Wherein, RequestedURL comprises MatchesthePattern or DoesnotMatchesthePattern two options; Using comprises RegularExpressions, Wildcards and ExactMatch tri-expression formula options; Pattern provides corresponding implementation for any one expression formula in described Using; Condition comprises: Conditioninput, Checkifinputstring and Pattern, and wherein, Conditioninput comprises { QUERY_STRING}, { HTTP_HOST} and { SERVER_PORT} tri-variablees of all URL in application server; Checkifinputstring comprises MatchthePattern and DoesNotMatchthePattern two options, and Pattern comprises URL pattern corresponding in Checkifinputstring option; ServerVariables comprises: the variable of the application server of peripheral hardware; The embodiment of step 303: when described target URL meets the pattern URLPattern of described URL address, then described target URL is tackled, and according to the URL expression formula that the forwarding condition C ondition of described URL provides, determine that described target URL meets the forwarding condition C ondition of described URL, and according to the variable of application server in described target URL, determine the application server of peripheral hardware; And/or, after execution is tackled described target URL, determine identical with described ServerVariables of application server variable in described target URL, and according to the variable of application server in described target URL, determine the application server of peripheral hardware.
In an embodiment of the invention, the real URL directly sent in order to avoid client is intercepted and captured, the URL that can arrange client transmission directly can not have access to application server, but by the URL correspondence that client sends being gone out destination address in Reverse Proxy, by this destination address access application server, therefore, the method, comprise further: the destination address that URL is set, and the corresponding relation setting up this URL and destination address; In step 304, described target URL is transmitted to the embodiment of described application server: application server destination address corresponding for described target URL being transmitted to described peripheral hardware.
In an embodiment of the invention, in order to make programming process more simple, apply more extensive, in Reverse Proxy, install ARR assembly, this ARR assembly comprises RequestRouter, ExternalDiskCache, Rewrite and WebFarm, and these assemblies provide framework for programming.
As shown in Figure 4, another embodiment of the present invention sends the access request carrying username and password for client, launch reverse proxy method is described, wherein, being connected with client with application server respectively by Reverse Proxy is the basis realizing the method, and the method can comprise the steps:
Step 400: determine all username informations in application server, the destination address of URL is set, and set up the corresponding relation of URL and destination address;
The object of this step is mainly in order to make user name verify in Reverse Proxy, and after the URL carried in the access request avoiding client to send intercepted and captured, user name or password is caused to be revealed, and by setting up the corresponding relation of URL and destination address, can make again Reverse Proxy after receiving URL, can have access to application server according to this URL, the URL directly sent by client then cannot access application server.
Step 401: the interception rule of URL is set and forwards rule;
In this step, interception rule is set mainly through any one or more realization thed arrange in the variable ServerVariables of application server in the forwarding condition C ondition of pattern URLPattern, URL of URL and URL, wherein,
URLPattern comprises: RequestedURL, Using and Pattern; Wherein, RequestedURL comprises MatchesthePattern or DoesnotMatchesthePattern two options; Using comprises RegularExpressions, Wildcards and ExactMatch tri-expression formula options; Pattern provides corresponding implementation for any one expression formula in described Using;
Condition comprises: Conditioninput, Checkifinputstring and Pattern, and wherein, Conditioninput comprises { QUERY_STRING}, { HTTP_HOST} and { SERVER_PORT} tri-variablees of all URL in application server; Checkifinputstring comprises MatchthePattern and DoesNotMatchthePattern two options, and Pattern comprises URL pattern corresponding in described Checkifinputstring option;
Conditioninput comprises { QUERY_STRING}, { HTTP_HOST} and { SERVER_PORT} tri-variablees of all URL in application server, as: for this network address, http://www.mysite.com/content/default.aspx? tabid=2 & subtabid=3
QUERY_STRING is tabid=2 & subtabid=3; HTTP_HOST is www.mysite.com; SERVER_PORT is 80; The interface of the application server that this 80 expression is corresponding, accurately can navigate to application server by this interface.For Pattern, such as: write according to the pattern of regular expression, if for thinking that filter suffix is tabid=2 & subtabid=3, then Pattern then can be written as ^ (.*) tabid=2 & subtabid=3.
ServerVariables comprises: the variable of application server; For the variable of application server, all application server variablees can be collected by the mode of enumerated value, such as undefined URL address, http://www.mysite.com/content/default.aspx? tabid=2 & subtabid=3, enumerated value can be the 0andHTTPScontainsOFF of SERVER_PORT_SECURE and corresponding above-mentioned URL address, can enumerated value be the content/default.aspx of REQUEST_URI and corresponding above-mentioned URL address? tabid=2 & subtabid=3.
For the access request needing authentication of users name and password, arrange in interception rule, can also comprise the form that user name exists in URL, be also the pattern of URL in fact.
Step 402: Reverse Proxy receives the target access request that client sends;
In this process, Reverse Proxy can provide the login interface of input username and password to client, when client receives the username and password of user's input and triggers login, Reverse Proxy can receive the target access request that client sends.
Step 403: judge whether the target URL in target access request meets the requirement arranging the pattern URLPattern of URL address in rule, if so, then performs step 404; Otherwise, perform step 405;
Such as: when require user name can only for letter time, the pattern URLPattern of URL address has certain rule, and so, the then user name not meeting this rule does not certainly exist, and also without the need to proof procedure, can directly these undesirablely to be ignored.In addition, when requiring that user name can not comprise Chinese character, so, the pattern URLPattern comprising URL corresponding to the user name of Chinese character has certain rule, so, just can specify, ignore the URL meeting this rule, that is, the user name meeting this rule does not exist certainly, also without the need to proof procedure, can directly these undesirablely be ignored.In the rule of logging request, the Pattern of definition is: ^ (.*), ConditionInput:{QUERY_STRING}, ConditionPattern:^ (.*) request=loginspi, select Rewrite in Action, RewriteURL is http://localhost:8083/checkUser.ashx.
Step 404: tackle target URL, judges whether the user name in target URL exists, and if so, then target URL is effective, performs step 406; Otherwise target URL is invalid, perform step 407;
This judgement user name is the process existed, the URL expression formula provided according to the forwarding condition C ondition of URL is provided, determine that target URL meets the forwarding condition C ondition of URL, and determine the application server of peripheral hardware, can also arrange in this forwarding condition and meet all conditions and just send to application server, also can arrange and only need meet a condition and can send to application server.In addition, in the process of validity of checking target URL, can also by determining identical with ServerVariables of application server variable in target URL, and according to the variable of application server in target URL, determine the application server of peripheral hardware.
Step 405: ignore this target URL, and terminate current process;
Step 406: destination address corresponding for target URL is transmitted to application server, and performs step 408;
Such as: the target URL that client sends is A, and when Reverse Proxy receives A, real destination address corresponding for A can be sent to application server by it, could realize access application server.And if directly send to application server will can not get any return data A.
Step 407: return user name authentication error information to client, and terminate current process;
After user name authentication error, destination address corresponding for target URL corresponding for wrong username is no longer sent to application server by Reverse Proxy, decreases the workload of application server.
Step 408: receive the result data that application server returns, and send this result data returned to client;
When application server receives the access request that user name is proved to be successful, this application server will be verified password, if password authentification success, then the result data returned is the information of webpage corresponding to this access request; If password authentification failure, then return results the information that data are password authentification failure.
Step 409: receive the service request that client sends;
For the business event software of ERP class, the request logged in is the basis that business is carried out, after logining successfully, when carrying out Business Processing, client also will send service request, so, if all carry out username and password checking to all service request, the workload of Reverse Proxy and application server is increased undoubtedly.In embodiments of the present invention, for the processing procedure of service request as shown in step 409 to step 412.
Step 410: the business objective URL in interception service request;
Step 411: whether business objective URL is relevant to target URL in checking, if so, then performs step 412; Otherwise, perform step 413;
Whether in this course, first ensure that business objective URL meets the pattern requirement of URL, it is relevant to target URL just to carry out checking business objective URL.
Step 412: according to the forwarding rule of URL address, forwarding service target URL, performs step 414;
The forwarding rule at this place refers to be changed business objective URL, to meet the requirement of application server.
Step 413: ignore this business objective URL, and terminate current process;
Step 414: the info web that the business objective URL that reception application server returns is corresponding, and send info web corresponding to business objective URL to client.
What deserves to be explained is, in the forwarding rule mentioned by the embodiment of the present invention, also comprise: amendment URL, alter mode can be divided into: Rewrite, None, Redirect, CustomResponse and AbortRequest five type, wherein, Rewrite is for after receiving URL, rewrite this URL, this Rewrite provides two kinds of variablees { C:N} and { R:N}, wherein N represents 0-9, such as www.foo.com/index.aspx, if what select in the MatchedURL of definition is regular expression, when Pattern is defined as ^ (www .) (.*), the variable implication of its definition is as follows: { C:0}-www.foo.com, { C:1} – www, { C:2}-foo.com, { R:1}-index.aspx.
What deserves to be explained is, for Reverse Proxy installs ARR assembly, this ARR assembly comprises RequestRouter, ExternalDiskCache, Rewrite and WebFarm, and using these assemblies as framework, makes the method for this reverse proxy have reliability.Because ARR is based on application layer, therefore can based on HOSTNAME when definition URL, or based on information such as HTTPHEADER, better can strengthen availability and the autgmentability of ERR system like this, and better utilize the resource of server, make application deployment more quick, reduce the management cost of whole ERP simultaneously, make the deployment of shared host become possibility.
In order to process and the order of the method validation username and password of reverse proxy can be made, more clear, as shown in Figure 5, providing Reverse Proxy is applied in ERP application server, the sequential chart of authentication of users name and password, can find out intuitively from figure, client sends logging request to Reverse Proxy (representing with proxy server in figure), this logging request is sent by the mode of HTTPS, in this process, the fire compartment wall in Reverse Proxy will intercept the known malicious attack object of a part, Reverse Proxy provides login interface for client, when client is after login interface input username and password, this access request can be sent to Reverse Proxy by clicking to log in, the URL in access request intercepted by proxy server, and legitimate verification (legitimacy mainly refers to whether meet the requirements herein) is carried out to user name, if authentication of users name does not conform to rule return to client user's name authentication failed, if user name checking is legal, then send to ERP application server, this ERP application server is verified password, if the verification passes then, system homepage in ERP application server is returned to client by Reverse Proxy, client is after receiving homepage, service request is sent by homepage, Reverse Proxy is tackled further and is verified that whether this service request is relevant to the system homepage logged in, if relevant, then service request is sent to ERP application server, ERP application server is according to service request process business, and return result to client by Reverse Proxy, namely the whole business procedure from signing in Business Processing is completed.In this whole process, except being provided with fire compartment wall directly to isolate except known danger object in Reverse Proxy, be also provided with fire compartment wall at ERP application server, to strengthen the fail safe of ERP application server further.
The scheme that the embodiment of the present invention provides, at least can reach following beneficial effect:
1. proxy server is connected with the client of peripheral hardware with the application server of peripheral hardware respectively, comprising: setting unit, interactive unit, authentication unit, and wherein, described setting unit, for arranging the interception rule of URL; Described interactive unit, for the target access request that the client receiving peripheral hardware sends, and when described authentication unit checking target URL is effective, target URL in described target access request is transmitted to the application server of described peripheral hardware, the result data that the application server receiving described peripheral hardware returns, and send to described client; Described authentication unit, interception for the URL arranged according to described setting unit is regular, obtain the target URL in the described target access request that described interactive unit receives, verify the validity of described target URL, by the validity of this Reverse Proxy authentication URL, and then the URL by checking is sent to corresponding application server, client can be avoided by WEB network, also just avoid being communicated with of application server and outer net, thus reduce application server and attacked the possibility of destruction.
2. in embodiments of the present invention, Reverse Proxy does not preserve the True Data of any webpage, and all static Web pages or dynamic network application program are all kept on the application server in internal network.Therefore info web can't be made to be destroyed the attack of Reverse Proxy, which enhances the fail safe of internal applications server.
3. the Reverse Proxy that the embodiment of the present invention provides has installed ARR assembly, because ARR is based on application layer, therefore, based on HOSTNAME, or based on information such as HTTPHEADER, availability and the autgmentability of ERR system can better can be strengthened like this when definition URL, and better utilize the resource of server, make application deployment more quick, reduce the management cost of whole application server simultaneously, make the deployment of shared host become possibility.
4. in embodiments of the present invention, the service request that Reverse Proxy is correlated with for the target URL be verified, only need checking business objective URL whether relevant to the effective target URL of checking, then without the need to authentication of users name and password again, effectively improve access efficiency.
5. in embodiments of the present invention, the URL that client sends can be that client is fabricated for Reverse Proxy, only have Reverse Proxy can parse corresponding destination address according to this URL, and this destination address is sent to application server, avoid client sending in the process of Reverse Proxy by access request or service request, in access request or service request, URL is caused information such as user name or business datum to be revealed by intercepting and capturing.
It should be noted that, in this article, the relational terms of such as first and second and so on is only used for an entity or operation to separate with another entity or operating space, and not necessarily requires or imply the relation that there is any this reality between these entities or operation or sequentially.And, term " comprises ", " comprising " or its any other variant are intended to contain comprising of nonexcludability, thus make to comprise the process of a series of key element, method, article or equipment and not only comprise those key elements, but also comprise other key elements clearly do not listed, or also comprise by the intrinsic key element of this process, method, article or equipment.When not more restrictions, the key element limited by statement " comprising ... ", and be not precluded within process, method, article or the equipment comprising described key element and also there is other identical factor.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, within the spirit and principles in the present invention all, any amendment made, equivalent replacement, improvement etc., all should be included within the scope of protection of the invention.
Claims (10)
1. a Reverse Proxy, is characterized in that, is connected respectively, comprises with the application server of peripheral hardware with the client of peripheral hardware: setting unit, interactive unit and authentication unit, wherein,
Described setting unit, for arranging the interception rule of URL;
Described interactive unit, for the target access request that the client receiving peripheral hardware sends, and when described authentication unit checking target URL is effective, target URL in described target access request is transmitted to the application server of described peripheral hardware, the result data that the application server receiving described peripheral hardware returns, and the client sending to described peripheral hardware;
Described authentication unit, for the interception rule of the URL that arranges according to described setting unit, obtains the target URL in the described target access request that described interactive unit receives, verifies the validity of described target URL.
2. Reverse Proxy according to claim 1, is characterized in that, comprises further: retransmission unit, wherein,
Described setting unit, is further used for the forwarding rule arranging URL;
Described interactive unit, the service request that the client being further used for receiving described peripheral hardware sends, and receive the business objective URL of described retransmission unit transmission, this business objective URL is sent to the application server of described peripheral hardware, the info web that the described business objective URL that the application server receiving described peripheral hardware returns is corresponding, sends to the client of described peripheral hardware by info web corresponding for described business objective URL;
Described retransmission unit, for obtaining the business objective URL in described service request that described interactive unit receives, and verify to described authentication unit, whether described business objective URL verifies that effective target URL is relevant, if, the forwarding rule of the URL address then arranged according to described setting unit, sends to described interactive unit by described business objective URL.
3. Reverse Proxy according to claim 1, is characterized in that, comprises further: determining unit, wherein,
Described determining unit, for determine described peripheral hardware application server in all username informations;
Described authentication unit, whether the user name for judging in described target URL is present in all username informations that described determining unit determines, if so, then described target URL is effective.
4. Reverse Proxy according to claim 1, is characterized in that,
Described setting unit, any one or more for what arrange in the variable ServerVariables of application server in the forwarding condition C ondition of pattern URLPattern, URL of URL and URL, wherein,
Described URLPattern comprises: RequestedURL, Using and Pattern; Wherein, described RequestedURL comprises MatchesthePattern or DoesnotMatchesthePattern two options; Described Using comprises RegularExpressions, Wildcards and ExactMatch tri-expression formula options; Described Pattern provides corresponding implementation for any one expression formula in described Using;
Described Condition comprises: Conditioninput, Checkifinputstring and Pattern, wherein, described Conditioninput comprises { QUERY_STRING}, { HTTP_HOST} and { SERVER_PORT} tri-variablees of all URL in application server; Described Checkifinputstring comprises MatchthePattern and DoesNotMatchthePattern two options, and described Pattern comprises URL pattern corresponding in described Checkifinputstring option;
Described ServerVariables comprises: the variable of the application server of described peripheral hardware;
Described authentication unit, during for meeting the pattern URLPattern of URL address that described setting unit arranges as described target URL, then obtain described target URL, and according to the URL expression formula that the forwarding condition C ondition of described URL provides, determine that described target URL meets the forwarding condition C ondition of described URL, then described target URL is effective; And/or described authentication unit, for after execution described acquisition described target URL, determine identical with described ServerVariables of application server variable in described target URL, then described target URL is effective.
5., according to the arbitrary described Reverse Proxy of Claims 1-4, it is characterized in that,
Described setting unit, is further used for the destination address arranging URL, and sets up the corresponding relation of this URL and destination address;
Described interactive unit, for being transmitted to the application server of described peripheral hardware by destination address corresponding for described target URL;
And/or,
This Reverse Proxy has installed ARR assembly, and this ARR assembly comprises RequestRouter, ExternalDiskCache, Rewrite and WebFarm, for providing programming framework for unit in described Reverse Proxy.
6. a reverse proxy system, is characterized in that, comprising: claim 1 to 5 arbitrary described Reverse Proxy, at least one application server and at least one client; Wherein,
At least one application server described, interconnects with described Reverse Proxy, for receiving the target URL that described Reverse Proxy sends, and returns result data corresponding to target URL to described Reverse Proxy;
At least one client described, interconnects with described Reverse Proxy, for sending target access request to described Reverse Proxy, and receives the described result data of described Reverse Proxy transmission.
7. reverse proxy system according to claim 6, is characterized in that, at least one application server described, is further used for:
When the user name that described Reverse Proxy is determined in described target URL is effective, judge that whether password corresponding with user name in described target URL is correct, if so, then result data corresponding to target URL is returned described in execution to described Reverse Proxy.
8. a method for reverse proxy, is characterized in that, is connected respectively by Reverse Proxy with application server with client, and arranges the interception rule of URL; Also comprise:
Reverse Proxy receives the target access request that described client sends;
According to the interception rule of described URL, tackle the target URL in described target access request;
Verify the validity of described target URL, if it is effective to verify described target URL, then described target URL is transmitted to described application server;
Receive the result data that described application server returns, and the result data returned described in sending is to client.
9. method according to claim 8, is characterized in that,
Comprise further: the forwarding rule that URL is set;
Receive the service request that client sends;
Tackle the business objective URL in described service request;
Verify that whether described business objective URL is relevant to described target URL, if so, then according to the forwarding rule of described URL address, forward described business objective URL;
Receive the info web that described business objective URL that described application server returns is corresponding, and send info web corresponding to described business objective URL to client;
And/or,
Comprise further: determine all username informations in described application server;
The validity of the described target URL of described checking, comprising: judge whether the user name in described target URL is present in all username informations, and if so, then described target URL is effective;
And/or,
The described interception rule arranging URL, comprising: what arrange in the variable ServerVariables of application server in the forwarding condition C ondition of pattern URLPattern, URL of URL and URL is any one or more, wherein,
Described URLPattern comprises: RequestedURL, Using and Pattern; Wherein, described RequestedURL comprises MatchesthePattern or DoesnotMatchesthePattern two options; Described Using comprises RegularExpressions, Wildcards and ExactMatch tri-expression formula options; Described Pattern provides corresponding implementation for any one expression formula in described Using;
Described Condition comprises: Conditioninput, Checkifinputstring and Pattern, wherein, described Conditioninput comprises { QUERY_STRING}, { HTTP_HOST} and { SERVER_PORT} tri-variablees of all URL in application server; Described Checkifinputstring comprises MatchthePattern and DoesNotMatchthePattern two options, and described Pattern comprises URL pattern corresponding in described Checkifinputstring option;
Described ServerVariables comprises: the variable of the application server of described peripheral hardware;
The described rule of the interception according to described URL, tackle the target URL in described target access request, comprise: when described target URL meets the pattern URLPattern of described URL address, then described target URL is tackled, and according to the URL expression formula that the forwarding condition C ondition of described URL provides, determine that described target URL meets the forwarding condition C ondition of described URL, and determine the application server of peripheral hardware; And/or, the described rule of the interception according to described URL, tackle the target URL in described target access request, comprise: after execution is tackled described target URL, determine identical with described ServerVariables of application server variable in described target URL, and according to the variable of application server in described target URL, determine the application server of peripheral hardware.
10. according to Claim 8 or 9 arbitrary described methods, is characterized in that,
Comprise further: the destination address that URL is set, and the corresponding relation setting up this URL and destination address;
Described described target URL is transmitted to described application server, comprises: application server destination address corresponding for described target URL being transmitted to described peripheral hardware;
And/or,
Described Reverse Proxy installs ARR assembly, and this ARR assembly comprises RequestRouter, ExternalDiskCache, Rewrite and WebFarm.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510595368.1A CN105187430A (en) | 2015-09-18 | 2015-09-18 | Reverse proxy server, reverse proxy system and reverse proxy method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510595368.1A CN105187430A (en) | 2015-09-18 | 2015-09-18 | Reverse proxy server, reverse proxy system and reverse proxy method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105187430A true CN105187430A (en) | 2015-12-23 |
Family
ID=54909274
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510595368.1A Pending CN105187430A (en) | 2015-09-18 | 2015-09-18 | Reverse proxy server, reverse proxy system and reverse proxy method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105187430A (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106161451A (en) * | 2016-07-19 | 2016-11-23 | 青松智慧(北京)科技有限公司 | The method of defence CC attack, Apparatus and system |
| CN106161617A (en) * | 2016-07-04 | 2016-11-23 | 微梦创科网络科技(中国)有限公司 | Reverse proxy method based on NODEJS, Reverse Proxy and system |
| CN107277026A (en) * | 2017-06-29 | 2017-10-20 | 福建天泉教育科技有限公司 | A kind of Intranet access method and terminal |
| CN107454055A (en) * | 2017-05-17 | 2017-12-08 | 中云网安科技(北京)有限公司 | A kind of methods, devices and systems by learning guarding website safely |
| CN107454050A (en) * | 2016-06-01 | 2017-12-08 | 腾讯科技(深圳)有限公司 | A kind of method and device for accessing Internet resources |
| CN107770189A (en) * | 2017-10-30 | 2018-03-06 | 湖北三新文化传媒有限公司 | Reverse proxy method, system, proxy server and storage medium |
| CN107911219A (en) * | 2017-11-09 | 2018-04-13 | 成都知道创宇信息技术有限公司 | A kind of anti-CC methods of API based on key signature |
| CN110049119A (en) * | 2019-04-12 | 2019-07-23 | 苏州浪潮智能科技有限公司 | A kind of service request processing method, device and relevant device |
| CN111460460A (en) * | 2020-04-02 | 2020-07-28 | 北京金山云网络技术有限公司 | Task access method, device, proxy server and machine-readable storage medium |
| CN112073374A (en) * | 2020-08-05 | 2020-12-11 | 长沙市到家悠享网络科技有限公司 | Information interception method, device and equipment |
| CN112995180A (en) * | 2021-03-02 | 2021-06-18 | 吕静贤 | Enterprise WeChat application proxy system for reducing unauthorized vulnerability risk |
| CN115065726A (en) * | 2022-06-10 | 2022-09-16 | 北京天融信网络安全技术有限公司 | Protocol format control method, device, controller, server and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030065711A1 (en) * | 2001-10-01 | 2003-04-03 | International Business Machines Corporation | Method and apparatus for content-aware web switching |
| CN102487376A (en) * | 2010-12-01 | 2012-06-06 | 金蝶软件(中国)有限公司 | Enterprise resource planning system login method, device and system |
| CN104184774A (en) * | 2013-05-24 | 2014-12-03 | 阿里巴巴集团控股有限公司 | Information processing method based on sandbox environment and system thereof |
-
2015
- 2015-09-18 CN CN201510595368.1A patent/CN105187430A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030065711A1 (en) * | 2001-10-01 | 2003-04-03 | International Business Machines Corporation | Method and apparatus for content-aware web switching |
| CN102487376A (en) * | 2010-12-01 | 2012-06-06 | 金蝶软件(中国)有限公司 | Enterprise resource planning system login method, device and system |
| CN104184774A (en) * | 2013-05-24 | 2014-12-03 | 阿里巴巴集团控股有限公司 | Information processing method based on sandbox environment and system thereof |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107454050A (en) * | 2016-06-01 | 2017-12-08 | 腾讯科技(深圳)有限公司 | A kind of method and device for accessing Internet resources |
| CN107454050B (en) * | 2016-06-01 | 2020-03-03 | 腾讯科技(深圳)有限公司 | Method and device for accessing network resources |
| CN106161617A (en) * | 2016-07-04 | 2016-11-23 | 微梦创科网络科技(中国)有限公司 | Reverse proxy method based on NODEJS, Reverse Proxy and system |
| CN106161451B (en) * | 2016-07-19 | 2019-09-17 | 青松智慧(北京)科技有限公司 | Defend the method, apparatus and system of CC attack |
| CN106161451A (en) * | 2016-07-19 | 2016-11-23 | 青松智慧(北京)科技有限公司 | The method of defence CC attack, Apparatus and system |
| CN107454055A (en) * | 2017-05-17 | 2017-12-08 | 中云网安科技(北京)有限公司 | A kind of methods, devices and systems by learning guarding website safely |
| CN107454055B (en) * | 2017-05-17 | 2020-08-28 | 中云网安科技(北京)有限公司 | Method, device and system for protecting website through safe learning |
| CN107277026A (en) * | 2017-06-29 | 2017-10-20 | 福建天泉教育科技有限公司 | A kind of Intranet access method and terminal |
| CN107770189A (en) * | 2017-10-30 | 2018-03-06 | 湖北三新文化传媒有限公司 | Reverse proxy method, system, proxy server and storage medium |
| CN107911219A (en) * | 2017-11-09 | 2018-04-13 | 成都知道创宇信息技术有限公司 | A kind of anti-CC methods of API based on key signature |
| CN110049119A (en) * | 2019-04-12 | 2019-07-23 | 苏州浪潮智能科技有限公司 | A kind of service request processing method, device and relevant device |
| CN111460460A (en) * | 2020-04-02 | 2020-07-28 | 北京金山云网络技术有限公司 | Task access method, device, proxy server and machine-readable storage medium |
| CN111460460B (en) * | 2020-04-02 | 2023-12-05 | 北京金山云网络技术有限公司 | Task access method, device, proxy server and machine-readable storage medium |
| CN112073374A (en) * | 2020-08-05 | 2020-12-11 | 长沙市到家悠享网络科技有限公司 | Information interception method, device and equipment |
| CN112995180A (en) * | 2021-03-02 | 2021-06-18 | 吕静贤 | Enterprise WeChat application proxy system for reducing unauthorized vulnerability risk |
| CN115065726A (en) * | 2022-06-10 | 2022-09-16 | 北京天融信网络安全技术有限公司 | Protocol format control method, device, controller, server and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105187430A (en) | Reverse proxy server, reverse proxy system and reverse proxy method | |
| US11695800B2 (en) | Deceiving attackers accessing network data | |
| US10574698B1 (en) | Configuration and deployment of decoy content over a network | |
| CN112597472B (en) | Single sign-on method, device and storage medium | |
| US8756697B2 (en) | Systems and methods for determining vulnerability to session stealing | |
| US20180205747A1 (en) | Deterministic reproduction of client/server computer state or output sent to one or more client computers | |
| EP3557843B1 (en) | Content delivery network (cdn) bot detection using compound feature sets | |
| CN108989355B (en) | Vulnerability detection method and device | |
| US20170026401A1 (en) | System and method for threat visualization and risk correlation of connected software applications | |
| US11616812B2 (en) | Deceiving attackers accessing active directory data | |
| CN104301316A (en) | Single sign-on system and implementation method thereof | |
| Setiawan et al. | Web vulnerability analysis and implementation | |
| CN103634786A (en) | Method and system for security detection and repair of wireless network | |
| CN111262881B (en) | Method for hiding DNS domain name of server accessed by mobile phone APP | |
| CN104168339A (en) | Method and device for preventing domain name from being intercepted | |
| US20110289575A1 (en) | Directory authentication method for policy driven web filtering | |
| CN109617917A (en) | Address virtual Web application security firewall methods, devices and systems | |
| CN110099129A (en) | A kind of data transmission method and equipment | |
| CN103701816A (en) | Scanning method and scanning device of server executing DOS (Denial Of service) | |
| CN110602134B (en) | Method, device and system for identifying illegal terminal access based on session label | |
| CN109088884A (en) | Network address access method, device, server and the storage medium of identity-based verifying | |
| CN112929388B (en) | Network identity cross-device application rapid authentication method and system, and user agent device | |
| CN114745145A (en) | Business data access method, device and equipment and computer storage medium | |
| Han et al. | Using a smart phone to strengthen password-based authentication | |
| Rafiee et al. | A flexible framework for detecting ipv6 vulnerabilities |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20151223 |
|
| WD01 | Invention patent application deemed withdrawn after publication |