CN107613036A - Realize the method and system of HTTPS Transparent Proxies - Google Patents

Realize the method and system of HTTPS Transparent Proxies Download PDF

Info

Publication number
CN107613036A
CN107613036A CN201710784431.5A CN201710784431A CN107613036A CN 107613036 A CN107613036 A CN 107613036A CN 201710784431 A CN201710784431 A CN 201710784431A CN 107613036 A CN107613036 A CN 107613036A
Authority
CN
China
Prior art keywords
https
network user
user end
agent equipments
domain name
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710784431.5A
Other languages
Chinese (zh)
Other versions
CN107613036B (en
Inventor
周丰杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Wanlian New Network Technology Co Ltd
Original Assignee
Beijing Wanlian New Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Wanlian New Network Technology Co Ltd filed Critical Beijing Wanlian New Network Technology Co Ltd
Priority to CN201710784431.5A priority Critical patent/CN107613036B/en
Publication of CN107613036A publication Critical patent/CN107613036A/en
Application granted granted Critical
Publication of CN107613036B publication Critical patent/CN107613036B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The invention belongs to the technical field of network service, in order to solve to perform the technical problems such as the cycle is long, workload is big due to needing the NAT device by one-to-one mapping to cause in Transparent Proxy technical scheme in the prior art;Present invention offer is a kind of to realize that network service is quick, simply realizes the method and system of HTTPS Transparent Proxies;Methods described includes:S1, the domain name mapping of HTTPS agencies will be done to the IP address of HTTPS agent equipments;S2, network user end obtain the IP address of the HTTPS agent equipments, then initiate handshake request to the HTTPS agent equipments, and the HTTPS agent equipments directly carry out verification of shaking hands with the network user end;S3, the domain name for needing to carry out HTTPS agency for obtaining the network user end request, and carry out back source request to source station corresponding to domain name;S4, the data transfer established by the HTTPS agent equipments between source station corresponding to the network user end and domain name.

Description

Realize the method and system of HTTPS Transparent Proxies
Technical field
The present invention relates to the technical field of network service, more particularly to a kind of method for realizing HTTPS Transparent Proxies and it is System.
Background technology
With the development of firewall technology, safe, easy to operate, friendly interface fire wall is increasingly becoming market heat Point;How to simplify fire wall sets, improves the transparent mode of security performance and Transparent Proxy just to turn into the weight for weighing properties of product Want index;Transparent mode, as its name suggests, it is primary the characteristics of be exactly be transparent (Transparent) to user, i.e., user realize Less than the presence of fire wall;Want to realize transparent mode, fire wall must work in the case of no IP address, it is not necessary to right It sets IP address, and user does not know the IP address of fire wall yet.
As shown in figure 1, solve the method for the HTTPS source stations in netizen access Fei Ben operators, the party for a kind of operator Method includes:
1st, quality of the website to be accelerated in each interconnection outlet is analyzed, then analyzes and comes source station corresponding to this outlet IP address, it is 1.1.1.1 in the analysis result of UNICOM here by taking www.baidu.com as an example;
2nd, domain name mapping is controlled, www.baidu.com analysis results are arranged to 2.2.2.2;
3rd, one-to-one NAT (English full name network Address Translation, network address translation) is carried out to reflect Penetrate, set 2.2.2.2 to do DNAT (English full name Destination Network Address Translation, destination address Change) into 1.1.1.1;
4th, user, which accesses www.baidu.com, can have access to 2.2.2.2, be mapped by DNAT, message has just had access to source Stand 1.1.1.1.
Inventor has found that the technical scheme in Fig. 1 has the following disadvantages during the present invention is realized:Whole process is held The row cycle is grown, and domain name analysis workload is big, IP address expends more (needs a domain name with using a point-to-point NAT Location), and adjust dumb, user can be caused can not to access website bring throwing once change occurs in the IP address of source station server Tell.
The content of the invention
In order to solve in Transparent Proxy technical scheme in the prior art due to needing the NAT device by one-to-one mapping to make Into the technical problem that performs that the cycle is long, workload is big etc.;The present invention provides one kind and realizes that network service is quick, simply realizes The method and system of HTTPS Transparent Proxies.
To achieve these goals, technical scheme provided by the invention includes:
One aspect of the present invention provides a kind of method for realizing HTTPS Transparent Proxies, it is characterised in that including:
S1, the domain name mapping of HTTPS agencies will be done to the IP address of HTTPS agent equipments;
S2, network user end obtain the IP address of the HTTPS agent equipments, are then sent out to the HTTPS agent equipments Handshake request is played, the HTTPS agent equipments directly carry out verification of shaking hands with the network user end;
S3, the domain name for needing to carry out HTTPS agency for obtaining the network user end request, and to corresponding to domain name Source station carries out back source request;
S4, established between source station corresponding to the network user end and domain name by the HTTPS agent equipments Data transfer.
Preferably, the step S1 includes the embodiment of the present invention:All domain names that be HTTPS agencies are all parsed into The IP address of the HTTPS agent equipments, the IP address of the HTTPS agent equipments is then back to the network user End, prepared subsequently to be shaken hands with the network user end.
Preferably, the step S3 includes the embodiment of the present invention:When the network user end and the HTTPS agent equipments After shaking hands successfully, the network user end can initiate Client hello packet to HTTPS agent equipments, and described The main frame host titles that Client hello packet carries;When the HTTPS agent equipments first parse the main frame host titles Corresponding source station IP address, then carry out back source request to source station corresponding to domain name.
Preferably, the step S4 includes the embodiment of the present invention:Source station corresponding to the network user end and domain name Between data transmission procedure in, data transfer mode all uses pendulum clock pattern, receives one message of a message transmissions.
Preferably, methods described also includes the embodiment of the present invention:When source corresponding to the network user end and domain name Data transfer between standing finishes, and the network user end tears chain, source station corresponding to domain name open with the HTTPS agent equipments Also chain is torn open with the HTTPS agent equipments.
Another aspect of the present invention provides a kind of system for realizing HTTPS Transparent Proxies, it is characterised in that including:
For sending the network user end of source station address to be visited, for acting on behalf of the network user end network access link HTTPS agent equipments, the source station accessed for the network user, positioned at the network user end and the HTTPS agent equipments it Between LDNS, and the mandate DNS between the HTTPS agent equipments and the source station;
The LDNS is arranged to do the domain name mapping of HTTPS agencies to the IP address of HTTPS agent equipments;
And after the network user end obtains the IP address of the HTTPS agent equipments, acted on behalf of to the HTTPS Equipment initiates handshake request, and the HTTPS agent equipments directly carry out verification of shaking hands with the network user end;
The HTTPS agent equipments be also configured to obtain the network user end request need carry out HTTPS agency's Domain name, and domain name access link is gone out by the mandate dns resolution, then please to the source station source of carrying out back corresponding to domain name Ask;
The HTTPS agent equipments are additionally operable to the number established between source station corresponding to the network user end and domain name According to transmission.
Preferably, all domain names that be HTTPS agencies are all parsed into described the embodiment of the present invention by the LDNS The IP address of HTTPS agent equipments, the IP address is then back to the network user end, subsequently to be used with the network Family end, which is shaken hands, prepares.
The embodiment of the present invention preferably, after the network user end and the HTTPS agent equipments are shaken hands successfully, institute Client hello packet can be initiated to HTTPS agent equipments by stating network user end, and the Client hello packet is taken The main frame host titles of band;When the HTTPS agent equipments first parse source station IP address corresponding to the main frame host titles, so Source station corresponding to backward domain name carries out back source request.
The embodiment of the present invention preferably, the data transfer mistake between source station corresponding to the network user end and domain name Cheng Zhong, data transfer mode all use pendulum clock pattern, receive one message of a message transmissions.
Preferably, the HTTPS agent equipments are also configured to the embodiment of the present invention:When the network user end and the domain Data transfer between source station corresponding to name finishes, and the network user end tears chain, domain name open with the HTTPS agent equipments Also chain is torn open with the HTTPS agent equipments in corresponding source station.
The above-mentioned technical proposal provided using the application, can at least obtain one kind in following beneficial effect:
1st, request is got by HTTPS agent equipments, then establishes the Handshake Protocol with network user end (netizen), enter After one step obtains the source station to be visited of network user end (netizen) request, real source station is obtained by iterative resolution and enters line number The proxy access of HTTPS data messages is realized according to the data transfer of message;And even in source station analysis result ip more alternatively Afterwards, can timely be updated, real-time is high.
2nd, without as prior art, setting substantial amounts of IP resources, the use of ip addresses is saved, while reduce substantial amounts of Workload.
3rd, data transfer mode all uses pendulum clock pattern, may further ensure that data transfer will not lose, and transmits Speed is fast.
4th, when the data transfer between source station corresponding to the network user end and domain name finishes, the network user End tears chain open with the HTTPS agent equipments, and source station corresponding to domain name also tears chain open with the HTTPS agent equipments;Avoid HTTPS agent equipments take its internal resource by unnecessary network link for a long time.
The further feature and advantage of invention will illustrate in the following description, also, partly become aobvious from specification And be clear to, or understood by implementing technical scheme.The purpose of the present invention and other advantages can be by illustrating Specifically noted structure and/or flow are realized and obtained in book, claims and accompanying drawing.
Brief description of the drawings
Fig. 1 is the flow chart that a kind of network user end accesses the HTTPS source stations in Fei Ben operators in the prior art.
Fig. 2 is a kind of flow chart for realizing HTTPS transparent proxy methods that one embodiment of the invention provides.
Fig. 3 is a kind of flow chart for realizing HTTPS transparent proxy methods that another embodiment of the present invention provides.
Fig. 4 is the HTTPS source stations in a kind of network user end access Fei Ben operators that yet another embodiment of the invention provides Flow chart.
Fig. 5 is a kind of schematic diagram for realizing HTTPS Transparent Proxy systems that one embodiment of the invention provides.
Embodiment
Embodiments of the present invention are described in detail below with reference to drawings and Examples, and how the present invention is applied whereby Technological means solves technical problem, and the implementation process for reaching technique effect can fully understand and implement according to this.Need to illustrate , these specific descriptions are to allow those of ordinary skill in the art to be more prone to, clearly understand the present invention, rather than to this hair Bright limited explanation;And if conflict is not formed, each embodiment in the present invention and each spy in each embodiment Sign can be combined with each other, and the technical scheme formed is within protection scope of the present invention.
In addition, can be in the control system of a such as group controller executable instruction the flow of accompanying drawing illustrates the step of Middle execution, although also, show logical order in flow charts, in some cases, can be with different from herein Order performs shown or described step.
Below by the drawings and specific embodiments, technical scheme is described in detail:
As shown in Fig. 2 the present embodiment, which provides one kind, realizes HTTPS (full name Hyper Text Transfer Protocol Over Secure Socket Layer) Transparent Proxy method, this method includes:
S1, the domain name mapping of HTTPS agencies will be done to the IP address of HTTPS agent equipments;I.e. when network user end (for Readily appreciate, also referred to as netizen is, it is necessary to ask the client where the user that external network links), sent to Virtual network operator When network linking is asked, network linking request is wished to be acted on behalf of by HTTPS agent equipments, LDNS (Local Domain Name System, home domain name resolution system, both our upper network operation business distribute to we be used for surf the Net the DNS ground that parses Location) domain name mapping of HTTPS agencies will be done automatically to the IP address of HTTPS agent equipments.
S2, network user end obtain the IP address of HTTPS agent equipments, then initiate to shake hands to HTTPS agent equipments and ask Ask, HTTPS agent equipments directly carry out verification of shaking hands with network user end;
What S3, acquisition network user end were asked needs to carry out the domain name of HTTPS agency, and is carried out to source station corresponding to domain name The source of returning request;
S4, the data transfer established by HTTPS agent equipments between source station corresponding to network user end and domain name.
Wherein, the process on LDNS parsing IP address, is illustrated exemplified by accessing Baidu, including:
1), netizen initiates DNS name resolution request to LDNS, and DNS feeds back to one temporary IP for doing transparent transmission of user Address (specifically treat the present embodiment, just entirely the IP address of HTTPS agent equipments);(S1)
2nd, on the network address translation device, user initiates HTTPS request service to the configuration of this IP address to this IP address; (S2)
3), network address translation apparatus is converted to the destination address of the request of netizen www.baidu.com real IP Address, and carry out transmission of shaking hands with the server of real Baidu;(S2)
4) after, message is replied to NAT device by real www.baidu.com server, NAT device returns content Back to netizen;(S3)
5), the like, netizen initiates request, and NAT servers are just transmitted to source station, and reply message when source station takes to NAT Business device, NAT servers just say that message is transmitted to netizen, form pendulum clock formula transparent agent service.(S4)
It should be noted that the present embodiment provide above-mentioned HTTPS transparent proxy methods be particularly suitable for use in ssl3.0, (ssl3.0, tls1.0, tls1.1, tls1.2 are ssl version numbers, in ssl1 and ssl2 versions by tls1.0, tls1.1, tls1.2 This does not support sni to extend, and since ssl3, version below all starts to support sni extensions;Since ssl3, ssl below (SSL) version number is started with tls) Transparent Proxy transmission;Therefore, request is got by HTTPS agent equipments, Then the Handshake Protocol with network user end (netizen) is established, further obtains the source to be visited of network user end (netizen) request After standing, real source station is obtained by iterative resolution carry out the data transfer of data message and realize generations of HTTPS data messages Reason accesses;And after the analysis result ip of source station is changed, can timely it be updated, real-time is high.
Preferably, step S1 includes the present embodiment:All domain names that be HTTPS agencies are all parsed into HTTPS generations The IP address of equipment is managed, the IP address of HTTPS agent equipments is then back to network user end, for subsequently and network user end Shake hands and prepare.
Preferably, step S3 includes the present embodiment:After network user end and HTTPS agent equipments are shaken hands successfully, net Network user terminal can initiate Client hello packet, and the main frame that Client hello packet carries to HTTPS agent equipments Host titles;It is then corresponding to domain name when HTTPS agent equipments first parse source station IP address corresponding to the main frame host titles Source station carry out back source request.For example, Client Hello carry be main frame host name (such as: Www.baidu.com), when HTTPS agent equipments really go to source station, this domain name of www.baidu.com can first be parsed Take the ip addresses of real source station;Then the ip addresses again with source station interact;In addition, would generally be on proxy server The DNS service software for building a set of iterative resolution is used for the iterative resolution for doing domain name.
Preferably, step S4 includes the present embodiment:Data transfer mistake between source station corresponding to network user end and domain name Cheng Zhong, data transfer mode all use pendulum clock pattern, receive one message of a message transmissions;I.e. similar to pendulum clock, along first Direction receives a message transmissions one, further along other direction, receives a response message, returns to a response message.
As shown in figure 3, another embodiment of the present invention is preferably, method also includes:S5, when network user end and domain name it is corresponding Source station between data transfer finish, network user end and HTTPS agent equipments tear chain open, source station corresponding to domain name also with HTTPS agent equipments tear chain open.
As shown in figure 4, still being illustrated exemplified by accessing Baidu, the kind network user end that the present embodiment provides accesses non- HTTPS source stations in this operator include:
The first step, scheduling domain name to HTTPS agent equipments
Operator or enterprise by modes such as similar DNS zone (region), will do the DNS request of netizen The domain name mapping of HTTPS agencies need not do a domain name with corresponding to an IP here to the ip addresses of HTTPS agent equipments Location, all domain names are all resolved to the IP of our HTTPS agent equipments, specifically included:
1), netizen sends the access request in a manner of HTTPS agencies browser, and LDNS parses the ground to access request Location www.baidu.com;
2), LDNS returns to the IP address 2.2.2.2 of HTTPS agent equipments;
Second step:User carries out interaction of shaking hands with HTTPS proxy servers
After user takes the ip addresses of HTTPS agent equipments, handshake request is initiated to HTTPS agent equipments, we HTTPS agent equipments can direct calcaneus rete China Association for Promoting Democracy row shake hands verification;Specifically include:
3), the SYN of from netizen to 2.2.2.2 access www.baidu.com shake hands;
4), HTTPS agent equipments respond SYN/ACK (being that TCP/IP establishes the handshake used during connection);
5), netizen accesses www.baidu.com ACK to 2.2.2.2 and confirmed;
6), netizen accesses www.baidu.com, HTTPS Client hello (client hello) to 2.2.2.2;
3rd step:The domain name for needing to carry out HTTPS agency for obtaining user's request carries out back source request, including:
I, after user shakes hands successfully, user can initiate Client hello packet to HTTPS servers, in this message In can carry Extension scaling option server_name, carry the main frame host titles www.baidu.com of request;Specifically Perform as follows:
After II, HTTPS Agent get the domain name of requirement agency of user's request, to mandate this generation of dns resolution Manage the ip addresses of source station server optimal under server network environment;
III, HTTPS proxy server initiate tcp handshake requests to source station, and the client hello for initiating https please Ask;Specifically include:
7) DNS stations parsing www.baidu.com, is authorized;
8), authorize DNS to stand and return to 1.1.1.1 to HTTPS agent equipments;
9), HTTPS agent equipments send SYN to source station (1.1.1.1);
10), source station returns to SYN/ACK to HTTPS agent equipments;
11), HTTPS agent equipments carry out ACK confirmations to source station;
12), HTTPS agent equipments send Client hello to source station;
13), source station returns to ACK to HTTPS agent equipments;
14), Client hello are replied in source station to HTTPS agent equipments;
15), Server hello are responded in source station by HTTPS agent equipments to netizen.
4th step:Data transfer
During follow-up user data transmission and server back messages, all it is to use pendulum clock pattern, receives one One message of message transmissions.
5th step:Data transfer finishes, and user tears chain open with HTTPS agent equipments, and HTTPS agencies tear chain open with source station.
As shown in figure 5, the present embodiment also provides a kind of system for realizing HTTPS Transparent Proxies, the system includes:
For sending the network user end of source station address to be visited, for agency network user terminal network access link HTTPS agent equipments, the source station accessed for the network user, the LDNS between network user end and HTTPS agent equipments, with And the mandate DNS between HTTPS agent equipments and source station;
LDNS is arranged to do the domain name mapping of HTTPS agencies to the IP address of HTTPS agent equipments;I.e. when network is used Family end (in order to make it easy to understand, also referred to as netizen is, it is necessary to ask the client where the user of external network link), to network operation When business sends network linking request, network linking request is wished to be acted on behalf of by HTTPS agent equipments, LDNS (Local Domain Name System, home domain name resolution system, both our upper network operation business distribute to we be used for surf the Net parse DNS address) domain name mapping of HTTPS agencies will be done automatically to the IP address of HTTPS agent equipments;
And after network user end obtains the IP address of HTTPS agent equipments, initiate to shake hands to HTTPS agent equipments Request, HTTPS agent equipments directly carry out verification of shaking hands with network user end;
HTTPS agent equipments are also configured to obtain the domain name for needing to carry out HTTPS agency of network user end request, and lead to Cross mandate dns resolution and go out domain name access link, then carry out back source request to source station corresponding to domain name;
HTTPS agent equipments are additionally operable to the data transfer established between source station corresponding to network user end and domain name.
Preferably, all domain names that be HTTPS agencies are all parsed into HTTPS agencies and set the embodiment of the present invention by LDNS Standby IP address, is then back to network user end by IP address, is prepared subsequently to be shaken hands with network user end.
The embodiment of the present invention preferably, after network user end and HTTPS agent equipments are shaken hands successfully, network user end Client hello packet, and the main frame host titles that Client hello packet carries can be initiated to HTTPS agent equipments; Source station IP address corresponding to first parsing the main frame host titles when HTTPS agent equipments, then enters to source station corresponding to domain name Go back source request.For example, Client Hello carry be main frame host name (such as:), www.baidu.com in HTTPS When agent equipment really goes to source station, the ip addresses that first this domain name of parsing www.baidu.com takes real source station are understood; Then the ip addresses again with source station interact;In addition, the DNS clothes of a set of iterative resolution would generally be built on proxy server Business software is used for the iterative resolution for doing domain name.
The embodiment of the present invention preferably, in the data transmission procedure between source station corresponding to network user end and domain name, counts Pendulum clock pattern is all used according to transmission means, receives one message of a message transmissions.
Preferably, HTTPS agent equipments are also configured to the embodiment of the present invention:When source station corresponding to network user end and domain name Between data transfer finish, network user end and HTTPS agent equipments tear chain open, and source station corresponding to domain name is also acted on behalf of with HTTPS Equipment tears chain open.
The above-mentioned technical proposal provided using the application, can at least obtain one kind in following beneficial effect:
1st, get network user end (netizen) by HTTPS agent equipments to ask, then establish and network user end (net The people) Handshake Protocol, further obtain network user end (netizen) request source station to be visited after, obtained by iterative resolution The data transfer that real source station carries out data message realizes the proxy access of HTTPS data messages;And even in source station After analysis result ip is changed, can timely it be updated, real-time is high.
2nd, without as prior art, setting substantial amounts of IP resources, the use of ip addresses is saved, while reduce substantial amounts of Workload.
3rd, data transfer mode all uses pendulum clock pattern, may further ensure that data transfer will not lose, and transmits Speed is fast.
4th, when the data transfer between source station corresponding to network user end and domain name finishes, network user end and HTTPS generations Reason equipment tears chain open, and source station also tears chain open with HTTPS agent equipments corresponding to domain name;Avoid HTTPS agent equipments unnecessary for a long time Network link take its internal resource.
The further feature and advantage of invention will illustrate in the following description, also, partly become aobvious from specification And be clear to, or understood by implementing technical scheme.The purpose of the present invention and other advantages can be by illustrating Specifically noted structure and/or flow are realized and obtained in book, claims and accompanying drawing.
Finally it should be noted that described above is only highly preferred embodiment of the present invention, not the present invention is appointed What formal limitation.Any those skilled in the art, it is without departing from the scope of the present invention, all available The way and technology contents of the disclosure above make many possible variations and simple replacement etc. to technical solution of the present invention, these Belong to the scope of technical solution of the present invention protection.

Claims (10)

  1. A kind of 1. method for realizing HTTPS Transparent Proxies, it is characterised in that including:
    S1, the domain name mapping of HTTPS agencies will be done to the IP address of HTTPS agent equipments;
    S2, network user end obtain the IP address of the HTTPS agent equipments, then initiate to hold to the HTTPS agent equipments Hand is asked, and the HTTPS agent equipments directly carry out verification of shaking hands with the network user end;
    S3, the domain name for needing to carry out HTTPS agency for obtaining network user end request, and to source station corresponding to domain name Carry out back source request;
    S4, the data established by the HTTPS agent equipments between source station corresponding to the network user end and domain name Transmission.
  2. 2. according to the method for claim 1, it is characterised in that the step S1 includes:To be HTTPS agencies' by all Domain name is all parsed into the IP address of the HTTPS agent equipments, is then back to the IP address of the HTTPS agent equipments The network user end, prepared subsequently to be shaken hands with the network user end.
  3. 3. according to the method for claim 1, it is characterised in that the step S3 includes:When the network user end and institute State after HTTPS agent equipments shake hands successfully, the network user end can initiate Client Hello reports to HTTPS agent equipments Text, and the main frame host titles that the Client hello packet carries;When the HTTPS agent equipments first parse the master Source station IP address corresponding to machine host titles, then carry out back source request to source station corresponding to domain name.
  4. 4. according to the method for claim 1, it is characterised in that the step S4 includes:The network user end and described In data transmission procedure between source station corresponding to domain name, data transfer mode all uses pendulum clock pattern, receives a message and passes A defeated message.
  5. 5. according to the method described in any one in claim 1-4, it is characterised in that methods described also includes:When the net Data transfer between source station corresponding to network user terminal and domain name is finished, and the network user end is acted on behalf of with the HTTPS Equipment tears chain open, and source station corresponding to domain name also tears chain open with the HTTPS agent equipments.
  6. A kind of 6. system for realizing HTTPS Transparent Proxies, it is characterised in that including:
    For sending the network user end of source station address to be visited, for acting on behalf of the network user end network access link HTTPS agent equipments, the source station accessed for the network user, between the network user end and the HTTPS agent equipments LDNS, and the mandate DNS between the HTTPS agent equipments and the source station;
    The LDNS is arranged to do the domain name mapping of HTTPS agencies to the IP address of HTTPS agent equipments;
    And after the network user end obtains the IP address of the HTTPS agent equipments, to the HTTPS agent equipments Handshake request is initiated, the HTTPS agent equipments directly carry out verification of shaking hands with the network user end;
    The HTTPS agent equipments are also configured to obtain the domain name for needing to carry out HTTPS agency of the network user end request, And domain name access link is gone out by the mandate dns resolution, then carry out back source request to source station corresponding to domain name;
    The data that the HTTPS agent equipments are additionally operable to establish between source station corresponding to the network user end and domain name pass It is defeated.
  7. 7. system according to claim 6, it is characterised in that the LDNS is complete by all domain names that be HTTPS agencies Portion is parsed into the IP address of the HTTPS agent equipments, and the IP address then is back into the network user end, is follow-up Shake hands and prepare with the network user end.
  8. 8. system according to claim 6, it is characterised in that when the network user end and the HTTPS agent equipments After shaking hands successfully, the network user end can initiate Client hello packet to HTTPS agent equipments, and described The main frame host titles that Client hello packet carries;When the HTTPS agent equipments first parse the main frame host titles Corresponding source station IP address, then carry out back source request to source station corresponding to domain name.
  9. 9. system according to claim 6, it is characterised in that source station corresponding to the network user end and domain name it Between data transmission procedure in, data transfer mode all uses pendulum clock pattern, receives one message of a message transmissions.
  10. 10. according to the system described in any one in claim 6-9, it is characterised in that the HTTPS agent equipments are also set up Into:When the data transfer between source station corresponding to the network user end and domain name finishes, the network user end and institute State HTTPS agent equipments and tear chain open, source station corresponding to domain name also tears chain open with the HTTPS agent equipments.
CN201710784431.5A 2017-09-04 2017-09-04 Method and system for realizing HTTPS transparent proxy Active CN107613036B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710784431.5A CN107613036B (en) 2017-09-04 2017-09-04 Method and system for realizing HTTPS transparent proxy

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710784431.5A CN107613036B (en) 2017-09-04 2017-09-04 Method and system for realizing HTTPS transparent proxy

Publications (2)

Publication Number Publication Date
CN107613036A true CN107613036A (en) 2018-01-19
CN107613036B CN107613036B (en) 2021-07-23

Family

ID=61057071

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710784431.5A Active CN107613036B (en) 2017-09-04 2017-09-04 Method and system for realizing HTTPS transparent proxy

Country Status (1)

Country Link
CN (1) CN107613036B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109450945A (en) * 2018-12-26 2019-03-08 成都西维数码科技有限公司 A kind of web page access method for safety monitoring based on SNI
CN109787951A (en) * 2018-11-22 2019-05-21 北京奇艺世纪科技有限公司 A kind of network data access method, device and electronic equipment
CN110049022A (en) * 2019-03-27 2019-07-23 深圳市腾讯计算机系统有限公司 A kind of domain name access control method, device and computer readable storage medium
CN112714197A (en) * 2021-03-29 2021-04-27 杭州优云科技有限公司 Method, device and network equipment for realizing HTTPS proxy with zero configuration
CN112954001A (en) * 2021-01-18 2021-06-11 武汉绿色网络信息服务有限责任公司 Method and device for HTTP-to-HTTPS bidirectional transparent proxy
CN113709176A (en) * 2021-09-06 2021-11-26 北京华清信安科技有限公司 Threat detection and response method and system based on secure cloud platform
CN115396531A (en) * 2022-08-23 2022-11-25 臻乐尔科技服务(上海)有限公司 IP multiplexing method and system for TCP/UDP proxy

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102301682A (en) * 2011-04-29 2011-12-28 华为技术有限公司 Method and system for network caching, domain name system redirection sub-system thereof
CN104270379A (en) * 2014-10-14 2015-01-07 北京蓝汛通信技术有限责任公司 HTTPS proxy forwarding method and device based on transmission control protocol
WO2016025827A1 (en) * 2014-08-15 2016-02-18 Interdigital Patent Holdings, Inc. Edge caching of https content via certificate delegation
CN106331215A (en) * 2016-08-30 2017-01-11 常州化龙网络科技股份有限公司 Data request processing system and processing method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102301682A (en) * 2011-04-29 2011-12-28 华为技术有限公司 Method and system for network caching, domain name system redirection sub-system thereof
WO2016025827A1 (en) * 2014-08-15 2016-02-18 Interdigital Patent Holdings, Inc. Edge caching of https content via certificate delegation
CN104270379A (en) * 2014-10-14 2015-01-07 北京蓝汛通信技术有限责任公司 HTTPS proxy forwarding method and device based on transmission control protocol
CN106331215A (en) * 2016-08-30 2017-01-11 常州化龙网络科技股份有限公司 Data request processing system and processing method

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109787951A (en) * 2018-11-22 2019-05-21 北京奇艺世纪科技有限公司 A kind of network data access method, device and electronic equipment
CN109787951B (en) * 2018-11-22 2022-09-02 北京奇艺世纪科技有限公司 Network data access method and device and electronic equipment
CN109450945A (en) * 2018-12-26 2019-03-08 成都西维数码科技有限公司 A kind of web page access method for safety monitoring based on SNI
CN110049022A (en) * 2019-03-27 2019-07-23 深圳市腾讯计算机系统有限公司 A kind of domain name access control method, device and computer readable storage medium
CN110049022B (en) * 2019-03-27 2021-10-08 深圳市腾讯计算机系统有限公司 Domain name access control method and device and computer readable storage medium
CN112954001A (en) * 2021-01-18 2021-06-11 武汉绿色网络信息服务有限责任公司 Method and device for HTTP-to-HTTPS bidirectional transparent proxy
WO2022151867A1 (en) * 2021-01-18 2022-07-21 武汉绿色网络信息服务有限责任公司 Method and apparatus for converting http into https bidirectional transparent proxy
CN112714197A (en) * 2021-03-29 2021-04-27 杭州优云科技有限公司 Method, device and network equipment for realizing HTTPS proxy with zero configuration
CN113709176A (en) * 2021-09-06 2021-11-26 北京华清信安科技有限公司 Threat detection and response method and system based on secure cloud platform
CN115396531A (en) * 2022-08-23 2022-11-25 臻乐尔科技服务(上海)有限公司 IP multiplexing method and system for TCP/UDP proxy
CN115396531B (en) * 2022-08-23 2023-10-17 臻乐尔科技服务(上海)有限公司 IP multiplexing method and system of TCP/UDP proxy

Also Published As

Publication number Publication date
CN107613036B (en) 2021-07-23

Similar Documents

Publication Publication Date Title
CN107613036A (en) Realize the method and system of HTTPS Transparent Proxies
CN104580192B (en) The treating method and apparatus of the network access request of application program
CN104270379B (en) HTTPS agency retransmission methods and device based on transmission control protocol
CN103825881B (en) The reorientation method and device of WLAN user are realized based on wireless access controller AC
US8949369B2 (en) Two-tier architecture for remote access service
CN101277306B (en) Method, system and equipment for processing DNS service
EP3125502A1 (en) Method for providing access to a web server
CN105743670B (en) Access control method, system and access point
CN104243267B (en) Data transmission method and device
JP5112806B2 (en) Wireless LAN communication method and communication system
CN104836863B (en) The system and method for realizing the mapping of TCP reverse ports
CN102143177B (en) Portal authentication method, Portal authentication device,Portal authentication equipment and Portal authentication system
CN103701928B (en) It is applied to the method that load equalizer improves server and SSL gateway operational efficiency
CN101138219A (en) Application of communication method between client computer
CN103368809A (en) Internet reverse penetration tunnel implementation method
CN104010001B (en) In mobile terminal, the method and system connecting communication is carried out in similar networking request
US20160057105A1 (en) Relay device, method for selecting communication method, and program
CN105338072A (en) HTTP (hyper text transport protocol) redirecting method and routing equipment
CN110661858A (en) Websocket-based intranet penetration method and system
CN108762893A (en) A kind of method, apparatus and storage medium of browser connection Docker containers
CN109561010B (en) Message processing method, electronic equipment and readable storage medium
US9413590B2 (en) Method for management of a secured transfer session through an address translation device, corresponding server and computer program
JP2011100207A (en) Remote access device, program, method and system
CN109067729B (en) Authentication method and device
CN112039888B (en) Domain name access control access method, device, equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant