CN107135266B - HTTP proxy framework security data transmission method - Google Patents
HTTP proxy framework security data transmission method Download PDFInfo
- Publication number
- CN107135266B CN107135266B CN201710357410.5A CN201710357410A CN107135266B CN 107135266 B CN107135266 B CN 107135266B CN 201710357410 A CN201710357410 A CN 201710357410A CN 107135266 B CN107135266 B CN 107135266B
- Authority
- CN
- China
- Prior art keywords
- snapshot
- client
- request
- proxy gateway
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 27
- 230000005540 biological transmission Effects 0.000 title claims abstract description 22
- 230000004044 response Effects 0.000 claims abstract description 9
- 230000007246 mechanism Effects 0.000 claims abstract description 7
- 238000012545 processing Methods 0.000 claims description 15
- 238000013507 mapping Methods 0.000 claims description 12
- 239000002243 precursor Substances 0.000 claims description 4
- 238000012546 transfer Methods 0.000 claims description 4
- 238000007405 data analysis Methods 0.000 claims description 3
- 239000000284 extract Substances 0.000 claims description 3
- 238000012795 verification Methods 0.000 description 11
- 235000014510 cooky Nutrition 0.000 description 7
- 238000004458 analytical method Methods 0.000 description 6
- 238000012544 monitoring process Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 239000003795 chemical substances by application Substances 0.000 description 4
- 238000001914 filtration Methods 0.000 description 4
- 125000004122 cyclic group Chemical group 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000003491 array Methods 0.000 description 2
- 239000000872 buffer Substances 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000004140 cleaning Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000011218 segmentation Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
Abstract
The invention provides a secure data transmission method of an HTTP proxy framework, which comprises the following steps: the proxy gateway receives the login of the client; the client sends out an HTTP request message, and the proxy gateway judges whether to receive the message request; if the client terminal refuses to use, disconnecting the client terminal; if the request is accepted, the proxy gateway judges whether a snapshot exists locally at the proxy gateway or not according to the content of the request message; if the snapshot does not exist, the proxy gateway takes out the corresponding content from the server; and if the snapshot exists, reading corresponding content from the local snapshot according to a preset searching mechanism, and constructing an HTTP response message to be sent to the user. The invention provides a secure data transmission method of an HTTP proxy framework, which realizes secure and real-time data transmission of a proxy server based on HTTP.
Description
Technical Field
The invention relates to a computer network, in particular to a secure data transmission method of an HTTP proxy framework.
Background
However, as the amount of data generated by the internet also increases, the network speed becomes slow, the network is abnormally congested, the response of the network server is slow, and the like. Because the part of the traffic in the internet is the traffic generated by the Web page, in the current network service of China, the data traffic in the network per day is increased rapidly, and the data traffic is much faster than the network bandwidth. This results in an increasing response delay between the client's request and the server. Which in turn may affect the overall performance of the HTTP service. Moreover, the performance of the central processing unit, the storage capacity of the hard disk, the memory capacity and the like of the current PC are continuously improved. But the capacity of accessing data is far smaller than the processing and operation capacity of a CPU (central processing unit) due to the limitation of the design principle of the disk. Moreover, the processing power of the server is relatively insufficient at present, and the instantaneous large amount of data cannot be processed timely.
Disclosure of Invention
In order to solve the problems existing in the prior art, the invention provides a secure data transmission method of an HTTP proxy framework, which comprises the following steps:
the proxy gateway receives the login of the client;
the client sends out an HTTP request message, and the proxy gateway judges whether to receive the message request;
if the client terminal refuses to use, disconnecting the client terminal; if the request is accepted, the proxy gateway judges whether a snapshot exists locally at the proxy gateway or not according to the content of the request message;
if the snapshot does not exist, the proxy gateway takes out the corresponding content from the server;
and if the snapshot exists, reading corresponding content from the local snapshot according to a preset searching mechanism, and constructing an HTTP response message to be sent to the user.
Preferably, the client receives the data of the redirection unit, assembles the data into an HTTP request message, and forwards the HTTP request message to the server specified by the client according to the destination IP address determined in the redirection unit.
Preferably, after the designated server receives the message, the server directly transfers the data to the storage unit; the storage unit receives the data and then delivers the data to the client, meanwhile, the received object is stored in the local snapshot of the proxy gateway, and the client immediately forwards the data packet to the client after receiving the data packet.
Preferably, the client monitors the port number and the URL of the user request, evaluates the request according to a hash algorithm when the client receives the URL and the port number of the user request, and then performs corresponding processing according to a key value generated by the hash algorithm; and searching whether the object is hit according to the key value, and responding.
Preferably, when a client user accesses the content of the specific URL, the client randomly generates a data sending request from a port number to a proxy address of the HTTP proxy gateway, that is, sends a request for obtaining a message, and after receiving the request for obtaining the message, the proxy gateway performs related URL and data analysis, and queries whether a snapshot exists locally according to its own query mechanism; if the snapshot does not exist, the proxy gateway randomly generates a port number and sends a request to the website server; when receiving a message acquisition request of the HTTP proxy gateway, the server side replies a success mark and distributes the requested file content to the proxy gateway; after receiving the data, the proxy gateway distributes the data to the client, judges whether the data is snapshot or not according to the configuration items of the proxy gateway, and calls related components for storage if the data is snapshot;
when other client users of the same local area network access the same URL, the proxy gateway receives the request of the client and calls a related component to inquire whether the content of the request is stored or not, and judges whether the content is overdue or not, if not, the proxy gateway directly distributes the request content to the client;
when the content of the HTTP proxy gateway snapshot is expired, the proxy gateway sends a request message to a server end to judge whether the resource of the snapshot is modified; after receiving the resource query request, the server compares whether the resource is still unmodified according to the request, and sends a reply unmodified message to the HTTP proxy gateway if the resource is unmodified; after receiving the message that the snapshot resource is still unmodified, the HTTP proxy gateway extracts the content requested by the client from the snapshot of the HTTP proxy gateway and distributes the content to the client.
Compared with the prior art, the invention has the following advantages:
the invention provides a secure data transmission method of an HTTP proxy framework, which realizes secure and real-time data transmission of a proxy server based on HTTP.
Drawings
Fig. 1 is a flowchart of an HTTP proxy framework secure data transmission method according to an embodiment of the present invention.
Detailed Description
A detailed description of one or more embodiments of the invention is provided below along with accompanying figures that illustrate the principles of the invention. The invention is described in connection with such embodiments, but the invention is not limited to any embodiment. The scope of the invention is limited only by the claims and the invention encompasses numerous alternatives, modifications and equivalents. In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention. These details are provided for the purpose of example and the invention may be practiced according to the claims without some or all of these specific details.
One aspect of the present invention provides a secure data transmission method for an HTTP proxy framework. Fig. 1 is a flowchart of a HTTP proxy framework secure data transmission method according to an embodiment of the present invention.
The HTTP proxy gateway is built between a client and a server and logically comprises an access control unit, a redirection unit, an authentication unit and a storage unit. The client logs in the proxy gateway through the authentication unit. When the client of the proxy gateway receives the HTTP request message from the user, the access control unit starts to judge whether the message request is received or refused. If the request is accepted, the storage unit judges whether the proxy gateway has a snapshot locally according to the content of the request message. If not, the connection is disconnected with the client. If there is no hit, the corresponding content is fetched to the server by the redirection unit. And if the local snapshot is hit, reading corresponding content from the local snapshot according to a preset searching mechanism, and constructing an HTTP response message to be delivered to the client side to be sent to the user. The client receives the data of the redirection unit and assembles the data into an HTTP request message. And then the HTTP request message is forwarded to the appointed server according to the destination IP address determined in the redirection unit. And after receiving the message, the appointed server sends a response HTTP response message to the server side. The server directly transfers the data to the storage unit. The storage unit receives the data and then delivers the data to the client, and meanwhile, the received object is stored in the local snapshot of the proxy gateway. And the client side immediately forwards the data packet to the client side after receiving the data packet, and the whole process is ended.
The authentication unit enables the client and the proxy gateway to negotiate a master key in a certain mode. The present invention therefore establishes a master key update algorithm for the shared master key portion. Taking a randomly generated random character string with the length of 128 and letters and numbers as a first master key, and then after a certain time, performing master key update between the client and the proxy gateway together, wherein the method specifically comprises the following steps:
intercepting the first character of the main key used at this time, and converting the first character into an integer n; circularly left-shifting the master key by n bits; sequentially dividing according to 256 bit length; respectively taking the segmentation result as a verified message digest and carrying out hash operation on the verified message digest and the current master key; and splicing the hash results to obtain a new key with the same length as the existing master key. Then, the client and the proxy gateway regenerate a corresponding new key array by using the new master key. By differently converting the master key, each party generates an independent key array, and the key arrays generated by the corresponding two parties are completely the same. The session key generation process is as follows: calculating an index value based on the master key; the master key is circularly moved left based on the index; dividing according to the 256-bit length sequence, mapping the index into the range of [1, 256], circularly moving the even-numbered section of key left, and circularly moving the odd-numbered section of key right; each part after cyclic shift is respectively used as a verified message digest and is subjected to hash operation with a used master key; and splicing the operation results to generate a session key with the same length as the master key. And after the process is iterated for the bits of the master key for several times, a session key array is generated.
Since the client and proxy gateway schedule the same session key from the same key array, authentication can be performed by this key: a session key is randomly acquired. The name value of the key array is transmitted, and an index value is randomly selected; acquiring a session key in a key array according to the index value and the name value; taking the session key as a message digest to perform hash operation together with the master key, and taking the obtained result as the session key used at this time; and the client and the proxy gateway communicate after acquiring the key.
In both proxy gateway and web server, the single sign-on module in the gateway and the server execute the same protocol. When the gateway and the server interact, MD5 algorithm encryption is executed first, after ciphertext information transmitted in communication reaches the opposite terminal, the opposite terminal firstly acquires a secret key, then MD5 algorithm decryption is executed, and authentication is executed. The specific process comprises the following steps:
(1) the client accesses the first server, a gateway in the first server intercepts the web request, checks whether a corresponding Cookie exists or not, does not have the Cookie, is redirected by the gateway and enters a login page, otherwise, the step (7) is carried out;
(2) the client executes an authentication algorithm, acquires a session key from the key array as a shared key, executes an MD5 algorithm to encrypt a user name and a password, and transmits the encrypted user name and the encrypted password to the server;
(3) the server obtains an index value, obtains a session key from the key array, executes a hash algorithm, then executes MD5 decryption, obtains user information, verifies a user name and a password, generates a bill after passing the verification, and binds and stores the bill corresponding to the user name;
(4) the server executes an authentication algorithm, randomly generates the number of bits of the cyclic shift of the master key, schedules the acquisition of the master key from the key array of the first server, appends the master key to the ticket prefix, and then performs MD5 encryption on the content. Adding the bit number of the cyclic shift to the encrypted character string, and transmitting the content to the front end;
(5) verifying the encrypted bill information, encrypting the bill by using session keys in the key arrays of the first server and the second server respectively, and transmitting the encrypted bill contents to each server;
(6) each server firstly analyzes received data information, acquires an index value, schedules and acquires a key from a key array of a gateway, executes a hash algorithm, then executes an MD5 decryption algorithm for decryption, then verifies a session key spliced before a bill, executes an authentication algorithm again if verification is passed, schedules the key from the key array of a client, encrypts the session key and the bill information, appends the index value to an encryption character string, writes the index value into a Cookie, and stores the Cookie in a user browser. If the verification is not passed, notifying the user;
(7) the first server reads Cookie, acquires a master key from a key array of the client, executes an index algorithm, decrypts through an MD5 algorithm, acquires master key verification, and distributes a bill when the verification passes; after the bill is obtained, checking whether user information exists in the session, if the user information does not exist or the stored information is inconsistent with Cookie storage, communicating with the server, executing authentication of the proxy gateway, sending the encrypted information added with the index to the server for verification, and turning to (8); and if the session service system context exists and the storage information is consistent with the user information in the Cookie, the client enters the server.
(8) The server analyzes the received information, dispatches a key from the key array of the first server and decrypts the key by the MD5, then verifies the master key, checks the master key, returns verification information and notifies the user of failure; and if the verification is passed, verifying the bill information, acquiring the bill information in the snapshot, comparing the bill information with the received bill, if the bill information is consistent with the received bill information, passing the verification, otherwise, failing the verification, and returning the verification information to the server.
The client monitors the port number and the URL of the user request, evaluates the request according to a hash algorithm when the client receives the URL and the port number of the user request, and then performs corresponding processing according to a key value generated by the hash algorithm. And searching whether the object is hit according to the key value, and responding. When the requested object is hit, the proxy gateway calls a related calling function provided by a storage system of the proxy gateway to copy data from the storage system to the client, and the client forwards corresponding data to the user; when the object of the request is not hit, the server side of the proxy gateway forwards the request which is not hit, the proxy user of the proxy gateway makes a data request to the website server, when the data transmission of the website server reaches the HTTP proxy gateway, the server side transmits the data to a snapshot server in the storage system by calling a related function provided by the storage system, and the server performs corresponding storage and management when receiving the data and transmits the data to the client side.
When a client user accesses the content of a specific URL, the interaction process of the whole message and the file comprises the following steps:
the client randomly generates a data sending request of a port number to the proxy address of the HTTP proxy gateway, namely, sends a request for acquiring a message, and after receiving the request for acquiring the message, the proxy gateway performs related URL and data analysis and inquires whether a snapshot exists in the snapshots according to a self inquiry mechanism. If the snapshot does not exist, the proxy gateway randomly generates a port number and sends a request to the website server. And when receiving the message acquisition request of the HTTP proxy gateway, the server side replies a success mark and distributes the requested file content to the proxy gateway. After receiving the data, the proxy gateway distributes the data to the client, meanwhile, the proxy gateway judges whether the data is snapshot or not according to the configuration items of the proxy gateway, and if the data needs to be snapshot, relevant components are called to be stored.
When other client users of the same local area network access the same URL, the proxy gateway receives the request of the client and calls the related components to inquire whether the content of the request is stored or not, and judges whether the content is overdue or not, if not, the proxy gateway directly distributes the request content to the client.
When the content of the HTTP proxy gateway snapshot is expired, the proxy gateway sends a request message to a server end to judge whether the resource of the snapshot is modified; after receiving the resource inquiry request, the server compares whether the resource is still unmodified according to the request, and sends a reply unmodified message to the HTTP proxy gateway if the resource is unmodified. After receiving the message that the snapshot resource is still unmodified, the HTTP proxy gateway extracts the content requested by the client from its own snapshot and distributes the content to the client.
The HTTP proxy gateway further comprises a message monitoring unit, which is used for realizing the collection, analysis and filtration of data packets, mirroring the backbone network flow to the monitoring unit by using a mirroring switch, collecting the original data packets, carrying out protocol analysis on each data packet layer by layer, extracting the request information of a user, matching the request information of the user with a filtering rule, specifying the IP authority of the user, a request method for allowing snapshot, a server domain name and a file type, filtering out the request which does not accord with the filtering rule, and otherwise transferring the resource URL address requested by the user to an access control unit for processing.
And the access control unit performs service scheduling on other units, performs summary analysis on the information of the snapshot resources and performs storage, updating, replacement and cleaning. The access control unit receives the user request information handed over by the message monitoring unit, counts the user request times of the same resource, and organizes the request information in a proper form in the memory. The snapshot state of the file requested by the user is recorded, and the detailed record of the resource is updated every time a new resource is stored in the storage unit. The access control unit inquires the system snapshot record according to the user request information, and if the file system which is requested by the user has a snapshot, the access control unit distributes a strategy to the redirection unit to construct a response packet to redirect the user to the storage unit. If the request system has no snapshot, but the file is frequently accessed by the user, and the access times reach a threshold value preset by the system, a downloading strategy is distributed to the storage unit to carry out downloading snapshot of the file.
The storage unit also records important information of the user access request resource, each line records corresponding different URL resources, and each line describes the access times, snapshot state and byte size information of the resource. The data of the storage unit is sourced from the system access control unit, and when the resource object information in the access control unit is added, deleted or modified, the storage unit is informed to synchronously update the content of the storage unit.
For the proxy gateway snapshot scheme: adopting a leading snapshot and a variable length segment to divide data from a server into segments with different lengths, and determining whether to snapshot and replace according to the number of times and time of accessing each segment; and realizing uninterrupted service by adopting dynamic snapshot and multicast. The proxy gateway leaves a snapshot space for the new leading data packet. If the delay from the server to the proxy gateway is within the preset range dminTo dmaxInsofar, the proxy leaves disk snapshot space for a portion of the resources from the server, the snapshot having space to store at least d from the servermax-dminThe storage interval of (2). And then the instant playback is provided to the client by utilizing the storage part resource of the proxy gateway. To the web server, it appears as a multicast transmission to the client group; for a proxy gateway, it is a unicast transmission to the client group. Under the condition that only the precursor snapshot exists, assuming that the first request for the resource i arrives at the time 0, the proxy gateway transmits the resource precursor to the client; in the length of the preamble for a time viAt that moment, the first message at the tail is designed to reach the proxy gateway. At time (0, v)i) Upon any request arriving in, the proxy gateway immediately forwards the resource preamble to the new client, at viAnd transmitting the tail to the client at the time of +0, wherein the tail comes from the server and is stored in the dynamic snapshot. For the tail snapshot, which may be considered part of the preamble, transmission is still performed as described above. For in viRequests arriving after the time restart a service queue.
With the increase of the number of the stored leading snapshots, the invention uses the hash table to manage the leading snapshots so as to achieve the purposes of quick addition and quick search. The mapping nodes for establishing the leader snapshot in the memory are called snapshot mapping nodes, and each node corresponds to one stored leader. If a new leading snapshot is added, its snapshot-mapped node is inserted in the hash table at the same time. When searching, firstly, the snapshot mapping node in the hash table is checked, if not, it indicates that a new preamble needs to be stored, if found, the corresponding preamble snapshot is accessed to the disk snapshot according to the information of the snapshot mapping node, and when deleting a certain preamble snapshot, the snapshot mapping node needs to be deleted at the same time.
When searching a snapshot mapping node, firstly obtaining the cluster number of the node, arriving at the node queue appointed by the cluster number, searching the nodes in the queue in sequence, if finding the node which is consistent with the given characteristic string (obtained by URI), indicating that the snapshot is existed in advance, otherwise, indicating that the preamble of the resource is not stored. After receiving a resource request caused by a Web page URL, the proxy gateway firstly searches whether the local snapshot is existed or not, if yes, the proxy gateway sends content to the client, and if not, or at a certain moment before the sending is finished, the proxy sends an HTTP request to the Web server to request the server to send the data of the resource. This request is changed from a resource request of the client, and therefore, the client request is transformed to an HTTP request understood by the Web server.
In order to guarantee the quality of service, at the moment when the first message of the server arrives at the proxy, it is guaranteed that a snapshot of the required length has been allocated. When the proxy uses the content of the snapshot to serve the client, if the distance between the client at the head position and the client at the tail position is reduced, the saved space is recovered; if the distance becomes large, the snapshot should be extended. When the length of the snapshot is equal to the length of the first section of the media which is not snapshot, the length of the snapshot is not increased any more, and if the length of the snapshot is not enough, the client at the tail of the batch processing is deleted from the batch processing, and a service is opened again or the client is added into another batch processing. When only one client is left in batch processing, the snapshot content is stopped from being updated, the data sent by the server is directly transferred to the client after the snapshot content is used, and the snapshot is released.
Setting the length of a monitoring queue of a socket in a monitoring state to meet the requirement; all connections are represented by a doubly linked list for the client that has been connected to the proxy, the connection is dropped from connection establishment to the end of the communication, and a node is established in the HTTP table for each connection for maintaining the connection and communication between the proxy and the client and between the proxy and the server.
The agent receives the connection request of the client during the monitoring period, and generates a new socket and a port to establish connection with the client. After the connection is established, the client sends an HTTP request to the proxy, and the HTTP request is transmitted to the request analysis part after coming. The request analysis part mainly judges whether the type of the client request is a data request or a Web request.
And after the type of the request sent by the client is obtained, the next HTTP processing or data resource processing is carried out. The analysis request part further processes the obtained client request, obtains the name of the target server and the related information of the communication port from the client request, transmits the name and the related information of the communication port to a module for standby, completes the conversion from the server name to the IP address of the server, establishes connection with the target server after obtaining the target server, and sends the request of the client if the establishment is successful.
The invention adopts the cross chain table to manage the client, each sub-table represents a batch queue, and the table nodes have the state information of the client, including the length of received data, the reading state (reading leading, reading snapshot, reading server conventional channel) and the snapshot information. Information communicated with the server is also maintained for the head node of each sub-table.
After a new client is connected to the agent, the agent firstly searches the snapshot mapping table, if the snapshot exists, the client node is inserted into a queue requesting the snapshot, or a queue is newly established (the client node is used as a head node), and if the snapshot does not exist, the data is requested from the server. The data source is determined and the reading state of the node is also determined. For a client with a snapshot, at a certain time before a queue head node leaves the snapshot, an agent needs to connect to a server through information of the queue head node and distribute the snapshot, so that the first client enters the snapshot or is about to enter the snapshot when server data reaches the snapshot. Reading required data from the snapshot according to the state of the snapshot and the requirement of the client on the data, and respectively sending the required data to each client by adopting unicast to realize multicast;
and (3) directly deleting the client which logs out in the middle if the client is a common child table node, adjusting the length of the queue, and changing the length of the snapshot if the length of the queue changes. In the case of a sub-header node, it is necessary to reserve the fields associated with the buffers and traffic, delete this node, transfer his functions to his next node, and adjust the snapshot. If the node is a single head node, the node is directly deleted, and the resource is released.
In summary, the present invention provides a secure data transmission method for an HTTP proxy framework, which realizes secure and real-time data transmission for a proxy server based on HTTP.
It will be apparent to those skilled in the art that the elements or steps of the invention described above may be implemented in a general purpose computing system, centralized on a single computing system, or distributed across a network of computing systems, and optionally implemented in program code that is executable by the computing system, such that the program code is stored in a storage system and executed by the computing system. Thus, the present invention is not limited to any specific combination of hardware and software.
It is to be understood that the above-described embodiments of the present invention are merely illustrative of or explaining the principles of the invention and are not to be construed as limiting the invention. Therefore, any modification, equivalent replacement, improvement and the like made without departing from the spirit and scope of the present invention should be included in the protection scope of the present invention. Further, it is intended that the appended claims cover all such variations and modifications as fall within the scope and boundaries of the appended claims or the equivalents of such scope and boundaries.
Claims (7)
1. A secure data transmission method of an HTTP proxy framework is characterized by comprising the following steps:
the proxy gateway receives the login of the client;
the client sends out an HTTP request message, and the proxy gateway judges whether to receive the message request;
if the client terminal refuses to use, disconnecting the client terminal; if the request is accepted, the proxy gateway judges whether a snapshot exists locally at the proxy gateway or not according to the content of the request message;
if the snapshot does not exist, the proxy gateway takes out the corresponding content from the server;
if the snapshot exists, reading corresponding content from the local snapshot according to a preset searching mechanism, and constructing an HTTP response message to be sent to the user;
the client and the proxy gateway negotiate a master key in a preset mode; randomly generating a random character string of letters and numbers as a first master key for the shared master key part, and after a certain time, performing master key updating between the client and the proxy gateway;
after receiving the data of the redirection unit, the client side assembles the data into an HTTP request message, and then forwards the HTTP request message to a server appointed by the client side according to the determined destination IP address in the redirection unit;
the client monitors the port number and the URL of the user request, evaluates the request according to a hash algorithm when receiving the URL and the port number of the user request, and then performs corresponding processing according to a key value generated by the hash algorithm; searching whether the object is hit according to the key value, and responding;
adopting a leading snapshot and a variable length segment to divide data from a server into segments with different lengths, and determining whether to snapshot and replace according to the number of times and time of accessing each segment; the uninterrupted service is realized by adopting dynamic snapshot and multicast;
the proxy gateway leaves a snapshot space for the new leading data packet; if the delay from the server to the proxy gateway is within the preset range dminTo dmaxInsofar, the proxy leaves disk snapshot space for a portion of the resources from the server, the snapshot having space to store at least d from the servermax-dminThe storage interval of (1); then, the instant playback is provided for the client by using partial resources stored by the proxy gateway; to the web server, it appears as a multicast transmission to the client group; for the proxy gateway, the proxy gateway is unicast transmission to the client group; under the condition that only the precursor snapshot exists, assuming that the first request for the resource i arrives at the time 0, the proxy gateway transmits the resource precursor to the client; in the length of the preamble for a time viAt the moment, the first message at the tail part is designed to reach the proxy gateway; at time (0, v)i) Upon any request arriving in, the proxy gateway immediately forwards the resource preamble to the new client, at viTransmitting the tail to the client at the moment of +0, wherein the tail comes from the server and is stored in the dynamic snapshot; for the tail snapshot, it can be regarded as a part of the leader and still transmit according to the above method; for in viRestarting a service queue for a request arriving after the moment;
using a hash table to manage the leading snapshot so as to achieve the purposes of quick addition and quick search; establishing mapping nodes of the leader snapshot in the memory, wherein each mapping node is called a snapshot mapping node, and each node corresponds to one stored leader; if a new leading snapshot is added, its snapshot-mapped node is inserted in the hash table at the same time.
2. The method of claim 1, further comprising:
when searching a snapshot mapping node, firstly obtaining the cluster number of the node, arriving at the node queue appointed by the cluster number, searching the nodes in the queue in sequence, if finding the node corresponding to the given characteristic string, indicating that the leader snapshot exists, otherwise, indicating that the leader of the resource is not stored.
3. The method according to claim 2, wherein the proxy gateway, after receiving the resource request caused by the Web page URL, first searches whether the local snapshot is already existed in the preceding snapshot, if yes, sends the content to the client, if not, or at a certain time before the sending is completed, transforms the client request, converts the resource request into an HTTP request understandable by the Web server, and sends the HTTP request to the Web server by the proxy.
4. The method of claim 1, wherein:
when the first message of the server reaches the proxy, the snapshot with the required length is ensured to be distributed; when the proxy uses the content of the snapshot to serve the client, if the distance between the client at the head position and the client at the tail position is reduced, the saved space is recovered; if the distance becomes large, the snapshot is extended.
5. The method according to claim 1, characterized in that when the length of the snapshot is equal to the first un-snaped segment of the media, the length is not increased any more, if the snapshot length is not enough, the client at the end of the batch is deleted from the batch, a service is opened again for the client or the client is added to another batch; when only one client is left in batch processing, the snapshot content is stopped from being updated, the data sent by the server is directly transferred to the client after the snapshot content is used, and the snapshot is released.
6. The method according to claim 1, wherein after the designated server receives the message, the server directly transfers the data to the storage unit; the storage unit receives the data and then delivers the data to the client, meanwhile, the received object is stored in the local snapshot of the proxy gateway, and the client immediately forwards the data packet to the client after receiving the data packet.
7. The method according to claim 1, wherein when the client user accesses the content of the specific URL, the client randomly generates a data transmission request of a port number to the proxy address of the HTTP proxy gateway, that is, a request for obtaining a message is transmitted, and after receiving the message acquisition request, the proxy gateway performs related URL and data analysis, and queries whether there is a snapshot locally according to its query mechanism; if the snapshot does not exist, the proxy gateway randomly generates a port number and sends a request to the website server; when receiving a message acquisition request of the HTTP proxy gateway, the server side replies a success mark and distributes the requested file content to the proxy gateway; after receiving the data, the proxy gateway distributes the data to the client, judges whether the data is snapshot or not according to the configuration items of the proxy gateway, and calls related components for storage if the data is snapshot;
when other client users of the same local area network access the same URL, the proxy gateway receives the request of the client and calls a related component to inquire whether the content of the request is stored or not, and judges whether the content is overdue or not, if not, the proxy gateway directly distributes the request content to the client;
when the content of the HTTP proxy gateway snapshot is expired, the proxy gateway sends a request message to a server end to judge whether the resource of the snapshot is modified; after receiving the resource query request, the server compares whether the resource is still unmodified according to the request, and sends a reply unmodified message to the HTTP proxy gateway if the resource is unmodified; after receiving the message that the snapshot resource is still unmodified, the HTTP proxy gateway extracts the content requested by the client from the snapshot of the HTTP proxy gateway and distributes the content to the client.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710357410.5A CN107135266B (en) | 2017-05-19 | 2017-05-19 | HTTP proxy framework security data transmission method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710357410.5A CN107135266B (en) | 2017-05-19 | 2017-05-19 | HTTP proxy framework security data transmission method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107135266A CN107135266A (en) | 2017-09-05 |
| CN107135266B true CN107135266B (en) | 2020-11-13 |
Family
ID=59733242
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710357410.5A Active CN107135266B (en) | 2017-05-19 | 2017-05-19 | HTTP proxy framework security data transmission method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107135266B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108650209B (en) * | 2018-03-06 | 2021-05-14 | 北京信安世纪科技股份有限公司 | Single sign-on method, system, device and authentication method |
| CN108833369B (en) * | 2018-05-28 | 2021-06-29 | 郑州云海信息技术有限公司 | Method, device and equipment for accessing file system |
| CN109657493A (en) * | 2018-12-17 | 2019-04-19 | 郑州云海信息技术有限公司 | A kind of information processing method and device |
| CN109857391A (en) * | 2019-01-18 | 2019-06-07 | 山石网科通信技术股份有限公司 | Processing method and processing device, storage medium and the electronic device of data |
| CN112473149B (en) * | 2020-11-26 | 2022-10-25 | 腾讯音乐娱乐科技(深圳)有限公司 | Ranking list processing method |
| CN112615857B (en) * | 2020-12-17 | 2023-02-17 | 杭州迪普科技股份有限公司 | Network data processing method, device and system |
| CN115085983B (en) * | 2022-06-02 | 2024-03-12 | 度小满科技(北京)有限公司 | Data processing method, data processing device, computer readable storage medium and electronic equipment |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102025750A (en) * | 2009-09-15 | 2011-04-20 | 天津七所信息技术有限公司 | Network caching proxy service system |
| CN104283957A (en) * | 2014-10-13 | 2015-01-14 | 无锡云捷科技有限公司 | CDN cache method based on continuous connectionism |
| CN104320410A (en) * | 2014-11-11 | 2015-01-28 | 南京优速网络科技有限公司 | All-service CDN system based on HTTP and working method thereof |
| CN104394227A (en) * | 2014-12-05 | 2015-03-04 | 北京奇虎科技有限公司 | Method and system for transmitting user data of browser and browser |
| CN104468817A (en) * | 2014-12-22 | 2015-03-25 | 北京奇虎科技有限公司 | Method and device for achieving resource download through CDN, server and client side |
| CN104935636A (en) * | 2015-04-29 | 2015-09-23 | 广州杰赛科技股份有限公司 | Network channel acceleration method and system |
| CN105450703A (en) * | 2014-08-28 | 2016-03-30 | 杭州迪普科技有限公司 | Data caching method and data caching device |
-
2017
- 2017-05-19 CN CN201710357410.5A patent/CN107135266B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102025750A (en) * | 2009-09-15 | 2011-04-20 | 天津七所信息技术有限公司 | Network caching proxy service system |
| CN105450703A (en) * | 2014-08-28 | 2016-03-30 | 杭州迪普科技有限公司 | Data caching method and data caching device |
| CN104283957A (en) * | 2014-10-13 | 2015-01-14 | 无锡云捷科技有限公司 | CDN cache method based on continuous connectionism |
| CN104320410A (en) * | 2014-11-11 | 2015-01-28 | 南京优速网络科技有限公司 | All-service CDN system based on HTTP and working method thereof |
| CN104394227A (en) * | 2014-12-05 | 2015-03-04 | 北京奇虎科技有限公司 | Method and system for transmitting user data of browser and browser |
| CN104468817A (en) * | 2014-12-22 | 2015-03-25 | 北京奇虎科技有限公司 | Method and device for achieving resource download through CDN, server and client side |
| CN104935636A (en) * | 2015-04-29 | 2015-09-23 | 广州杰赛科技股份有限公司 | Network channel acceleration method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107135266A (en) | 2017-09-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107135266B (en) | HTTP proxy framework security data transmission method | |
| US10681127B2 (en) | File upload method and system | |
| US20230027856A1 (en) | Preemptive caching of content in a content-centric network | |
| Leung et al. | Content Distribution Network Interconnection (CDNI) Requirements | |
| KR101882347B1 (en) | block chain-based decentralized contents distribution system for IP network and method for the same | |
| US7062570B2 (en) | High performance server farm with tagging and pipelining | |
| Jacobson et al. | Networking named content | |
| US9172682B2 (en) | Local authentication in proxy SSL tunnels using a client-side proxy agent | |
| US11088940B2 (en) | Cooperative multipath | |
| EP2634991B1 (en) | Content-centric networking | |
| JP2001526814A (en) | Distributed cache, prefetch, copy method and system | |
| US20070136209A1 (en) | Digital object title authentication | |
| EP2308216A2 (en) | Method and system of using a local hosted cache and cryptographic hash functions to reduce network traffic | |
| US20060002388A1 (en) | System and method for supporting secured communication by an aliased cluster | |
| US10104092B2 (en) | System and method for parallel secure content bootstrapping in content-centric networks | |
| JP2016053950A (en) | System and method for reliable content exchange of ccn pipeline stream | |
| US8055897B2 (en) | Digital object title and transmission information | |
| EP2975819B1 (en) | Reconstructable content objects | |
| CN106027555B (en) | A kind of method and system improving content distributing network safety using SDN technology | |
| JP5620999B2 (en) | System and method for accessing private digital content | |
| Leung et al. | RFC 7337: Content Distribution Network Interconnection (CDNI) Requirements | |
| Arnedo-Moreno et al. | Split message-based anonymity for jxta applications |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20200824 Address after: No. 2-2-1-61, No. 319, Haier Road, Jiangbei District, Chongqing Applicant after: Chongqing Steady Technology Co.,Ltd. Address before: 610041 Sichuan Province, Chengdu hi tech Zone Tianfu street, No. 1, building 1, unit 14, layer 1403, No. Applicant before: CHENGDU JIWAN NETWORK TECHNOLOGY Co.,Ltd. |
|
| CB03 | Change of inventor or designer information | ||
| CB03 | Change of inventor or designer information |
Inventor after: Yin Dandan Inventor after: Chen Yunchuan Inventor before: Chen Yunchuan |
|
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20201012 Address after: Room 338, building 18, No. 18, Jiuxianqiao Middle Road, Chaoyang District, Beijing 100015 Applicant after: Beijing net Hi Tech Co.,Ltd. Address before: No. 2-2-1-61, No. 319, Haier Road, Jiangbei District, Chongqing Applicant before: Chongqing Steady Technology Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Secure data transmission method of HTTP proxy framework Effective date of registration: 20211125 Granted publication date: 20201113 Pledgee: Bank of Nanjing Limited by Share Ltd. Beijing branch Pledgor: Beijing net Hi Tech Co.,Ltd. Registration number: Y2021110000077 |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right | ||
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20230421 Granted publication date: 20201113 Pledgee: Bank of Nanjing Limited by Share Ltd. Beijing branch Pledgor: Beijing net Hi Tech Co.,Ltd. Registration number: Y2021110000077 |