CN111698334A - Network service method and system of dual reverse proxy between intranet and extranet - Google Patents
Network service method and system of dual reverse proxy between intranet and extranet Download PDFInfo
- Publication number
- CN111698334A CN111698334A CN202010589247.7A CN202010589247A CN111698334A CN 111698334 A CN111698334 A CN 111698334A CN 202010589247 A CN202010589247 A CN 202010589247A CN 111698334 A CN111698334 A CN 111698334A
- Authority
- CN
- China
- Prior art keywords
- data packet
- intranet
- extranet
- component
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/2895—Intermediate processing functionally located close to the data provider application, e.g. reverse proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention belongs to the technical field of computer software, and particularly relates to a network service method and a system of dual reverse proxy between an intranet and an extranet, wherein the method comprises the following steps: respectively deploying an internal network component and an external network component which communicate through a unique interface protocol in the internal network and the external network; the external network component compresses the HTTP request of the user into a request data packet and sends the request data packet to the internal network component; the intranet component decompresses the request data packet to obtain an original HTTP request and sends the original HTTP request to the target server; the intranet component compresses response information fed back by the target server into a response data packet and sends the response data packet to the extranet component; and the external network component decompresses the response data packet to obtain original response information and feeds the response information back to the user. According to the invention, the internal network component and the external network component which can communicate according to the unique interface protocol are respectively deployed in the internal network and the external network, and the internal network and the external network communicate through one interface protocol, so that a large number of communication interfaces do not need to be developed, and the development and deployment cost and the maintenance cost are reduced.
Description
Technical Field
The invention belongs to the technical field of computer software, and particularly relates to a network service method and a system of dual reverse proxy between an intranet and an extranet.
Background
Under the current environment, the internet often suffers from huge network security threats, large-scale companies and organizations have own network topology structures, the network is generally divided into an internal network and an external network in a physical isolation form, the internal network places core confidential service resources, and the external network is in butt joint with the internet and places some service resources which have low security requirements and cannot constitute threats. However, with the rise of mobile office, people do not need to be fixed in their own intranet environment for office work, and the demand for intranet service resources in different places is higher and higher.
Generally, a VPN server is accessed to an intranet, or a security interaction firewall developed independently is used for accessing resources, but the disadvantage of VPN access is obvious, the access right of the whole network is accessed to the VPN, the granularity of network authority control after access is too coarse, accurate authority control cannot be achieved, and an independently developed security interaction firewall (such as an SOA) often has the characteristics of high load capacity and low stability, if interaction of service resources is needed, a large amount of interface development and maintenance cost is needed, so that the cost is increased, and meanwhile, the throughput is limited by the firewall.
In the prior art, in order to protect the security of resource service in a network environment, the network environment is often divided into an internal network topology structure and an external network topology structure, and a network firewall based on a soap protocol exists between the external network topology structure and the internal network topology structure.
Disclosure of Invention
Aiming at the defects in the prior art, the invention provides a network service method and a system of double reverse proxy between an internal network and an external network.
In a first aspect, the present invention provides a network service method for dual reverse proxy between an intranet and an extranet, which is characterized by comprising the following steps:
arranging an outer network component in the outer network system, arranging an inner network component in the inner network system, and establishing a communication tunnel by the outer network component and the inner network component through a unique interface protocol;
the external network component receives an HTTP request of a user, compresses the HTTP request into a request data packet with a fixed format and sends the request data packet to the internal network system;
after receiving the request data packet, the intranet component decompresses the request data packet to obtain an original HTTP request and sends the HTTP request to a corresponding target server;
the intranet component receives response information fed back by the target server, compresses the response information into a response data packet with a fixed format, and sends the response data packet to the extranet system;
and after receiving the response data packet, the external network component decompresses the response data packet to obtain original response information and feeds the response information back to the user.
Preferably, the interface protocol is a transmission protocol between the intranet system and the extranet system customized by a user by calling a specific transmission module.
Preferably, the interface protocol comprises a Soap protocol or Restful protocol or other protocol.
Preferably, the fixed format is a binary request data format.
Preferably, the extranet component receives an HTTP request from a user, compresses the HTTP request into a request data packet of a fixed format, and sends the request data packet to the intranet system, specifically:
the extranet component receives an HTTP request sent by a user;
converting the HTTP request and the target server address into binary request data;
the binary request data is encrypted and compressed to obtain a request data packet,
and sending the request data packet to an intranet component of the intranet system through an interface protocol.
Preferably, after receiving the request data packet, the intranet component decompresses the request data packet to obtain an original HTTP request, and sends the HTTP request to a corresponding target server, and the specific steps are as follows:
the intranet component receives a request data packet through an interface protocol;
decompressing and decrypting the request data packet to obtain binary request data;
converting the binary request data into an original HTTP request and a target server address;
and sending the HTTP request to a corresponding target server according to the address of the target server.
Preferably, the intranet component receives response information fed back by the target server, compresses the response information into a response data packet with a fixed format, and sends the response data packet to the extranet system, specifically:
the intranet component receives response information fed back by the target server;
converting the response information into binary response data;
carrying out encryption compression on binary response data to obtain a response data packet;
and sending the response data packet to the extranet component of the extranet system through the interface protocol.
Preferably, after receiving the response data packet, the extranet component decompresses the response data packet to obtain original response information, and feeds back the response information to the user, specifically:
the extranet component receives a response data packet through an interface protocol;
decompressing and decrypting the response data packet to obtain binary response data;
converting the binary response data into original response information;
and feeding back the response information to the user.
Preferably, the target server address is set by a user through a configuration file of the extranet component, and the target server address comprises one or more.
In a second aspect, the present invention provides a network service system of dual reverse proxy between an intranet and an extranet, which is suitable for the network service method of dual reverse proxy between an intranet and an extranet in the first aspect, and includes an extranet component arranged in the extranet system and an intranet component arranged in the intranet system, wherein the extranet component and the intranet component establish a communication tunnel through an interface protocol;
the external network component receives an HTTP request of a user, compresses the HTTP request into a request data packet with a fixed format and sends the request data packet to the internal network system;
after receiving the request data packet, the intranet component decompresses the request data packet to obtain an original HTTP request and sends the HTTP request to a corresponding target server;
the intranet component receives response information fed back by the target server, compresses the response information into a response data packet with a fixed format, and sends the response data packet to the extranet system;
and after receiving the response data packet, the external network component decompresses the response data packet to obtain original response information and feeds the response information back to the user.
According to the technical scheme, the intranet component and the extranet component which can communicate according to the unique interface protocol are respectively deployed in the intranet and the extranet, the intranet and the extranet are communicated through one interface protocol, a large number of communication interfaces do not need to be developed, and development deployment cost and maintenance cost are reduced.
Drawings
In order to more clearly illustrate the detailed description of the invention or the technical solutions in the prior art, the drawings that are needed in the detailed description of the invention or the prior art will be briefly described below. Throughout the drawings, like elements or portions are generally identified by like reference numerals. In the drawings, elements or portions are not necessarily drawn to scale.
Fig. 1 is a flowchart of a network service method of dual reverse proxy between an intranet and an extranet in this embodiment;
fig. 2 is a structural diagram of a network service system of dual reverse proxy between an intranet and an extranet in this embodiment.
FIG. 3 is a first exemplary diagram of a network service system according to the present embodiment;
fig. 4 is a schematic diagram illustrating a second exemplary network service system in the present embodiment.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in the specification of the present invention and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be further understood that the term "and/or" as used in this specification and the appended claims refers to and includes any and all possible combinations of one or more of the associated listed items.
As used in this specification and the appended claims, the term "if" may be interpreted contextually as "when", "upon" or "in response to a determination" or "in response to a detection". Similarly, the phrase "if it is determined" or "if a [ described condition or event ] is detected" may be interpreted contextually to mean "upon determining" or "in response to determining" or "upon detecting [ described condition or event ]" or "in response to detecting [ described condition or event ]".
The first embodiment is as follows:
the embodiment provides a network service method of dual reverse proxy between an intranet and an extranet, as shown in fig. 1, including the following steps:
s1, arranging an outer network component in the outer network system, arranging an inner network component in the inner network system, and establishing a communication tunnel by the outer network component and the inner network component through a unique interface protocol;
s2, the outer network component receives the HTTP request of the user, compresses the HTTP request into a request data packet with a fixed format, and sends the request data packet to the inner network system;
s3, after receiving the request data packet, the intranet component decompresses the request data packet to obtain an original HTTP request, and sends the HTTP request to a corresponding target server;
s4, the internal network component receives the response information fed back by the target server, compresses the response information into a response data packet with a fixed format, and sends the response data packet to the external network system;
and S5, after receiving the response data packet, the external network component decompresses the response data packet to obtain original response information and feeds the response information back to the user.
In the embodiment, a technical scheme of multiple reverse proxies is adopted, and a dual reverse proxy service, namely an intranet component, is deployed in an intranet; the same double reverse proxy service, namely an extranet component, is deployed in the extranet; the two internal and external network proxy services realize the required interface data in a self-defined mode and establish a communication tunnel. The intranet component and the extranet component are communicated through a unique interface protocol, in order to save deployment cost, the service component with the server is installed and used instantly, and configuration items are arranged externally, so that deployment and maintenance cost is reduced.
In this embodiment, the interface protocol is a transmission protocol between the intranet system and the extranet system that is customized by a user by calling a specific transmission module. The specific transmission module is a specific interface call developed for a user to customize and realize the intermediate interaction process. The interface protocol comprises a Soap protocol or a Restful protocol or other protocols, and a user can set the interface protocol according to implementation requirements.
In step S2, the extranet component receives an HTTP request from a user, compresses the HTTP request into a request data packet in a fixed format, and sends the request data packet to the intranet system, specifically:
the extranet component receives an HTTP request sent by a user;
converting the HTTP request and the target server address into binary request data;
the binary request data is encrypted and compressed to obtain a request data packet,
and sending the request data packet to an intranet component of the intranet system through an interface protocol.
In step S3, after receiving the request data packet, the intranet component decompresses the request data packet to obtain an original HTTP request, and sends the HTTP request to a corresponding target server, which specifically is:
the intranet component receives a request data packet through an interface protocol;
decompressing and decrypting the request data packet to obtain binary request data;
converting the binary request data into an original HTTP request and a target server address;
and sending the HTTP request to a corresponding target server according to the address of the target server.
In a traditional internal and external network data transmission mode, in order to meet various access requests, a plurality of interfaces are required to be deployed in the internal and external networks, and communication between the internal and external networks is realized through the plurality of interfaces, so that the deployed system is complex and the development difficulty is high. In the embodiment, only one simple service component needs to be respectively deployed in the internal network and the external network, the fixed format of the embodiment is a binary request data format, and the internal network and the external network are transmitted through binary data, so that only one interface is needed to realize the communication between the internal network and the external network.
In this embodiment, no matter what type of request the user sends, the request is converted into binary request data, in order to prevent the binary request data and the address of the target server from being stolen in the data transmission process, in order to ensure data security, the binary request data and the address of the target server are encrypted, in order to improve the data transmission rate, the encrypted data are compressed, so that a converted, encrypted and compressed request data packet is obtained, and then the data packet is sent to an intranet component of an intranet system through an interface protocol customized by the user. And the intranet component decompresses, decrypts and converts the data to obtain an original HTTP request and a target server address, and then sends the HTTP request to a corresponding target server according to the target server address. Therefore, the purpose that the outer net user accesses the inner net server is achieved.
The target server address of the embodiment is set by a user through a configuration file of an extranet component, and the target server address comprises one or more addresses. For example, the target server address set by the configuration file is: 127.0.0.1:1234, 127.0.0.1:1235, so the destination server of the subsequent access is the server to which the two addresses correspond.
In step S4, the intranet component receives response information fed back by the target server, compresses the response information into a response data packet with a fixed format, and sends the response data packet to the extranet system, specifically:
the intranet component receives response information fed back by the target server;
converting the response information into binary response data;
carrying out encryption compression on binary response data to obtain a response data packet;
and sending the response data packet to the extranet component of the extranet system through the interface protocol.
In step S5, after receiving the response packet, the extranet component decompresses the response packet to obtain original response information, and feeds back the response information to the user, where the specific steps are as follows:
the extranet component receives a response data packet through an interface protocol;
decompressing and decrypting the response data packet to obtain binary response data;
converting the binary response data into original response information;
and feeding back the response information to the user.
In this embodiment, the target server may feed back response information to the intranet component according to the HTTP request, the intranet component converts the response information into binary response data, encrypts and compresses the data to obtain a response data packet, and then sends the response data packet to the extranet component of the extranet system according to an interface protocol defined by a user. And the external network component decompresses, decrypts and converts the response data packet to obtain original response information, and feeds the response information back to the user. Therefore, the aim of feeding back response information to the outer network user by the inner network server is fulfilled.
According to the technical scheme of the embodiment, the internal network component and the external network component which can communicate according to the unique interface protocol are respectively deployed in the internal network and the external network, the internal network and the external network communicate through one interface protocol, a large number of communication interfaces do not need to be developed, and development and deployment cost and maintenance cost are reduced. The technical scheme of the embodiment has good universality, the universality supports a user-defined protocol, and a user can define the required protocol.
According to the technical scheme, network transmission load is not increased, safety and high efficiency are achieved, the transmission process is all HTTP, and the internal network component and the external network component do not comprise any database or other functional or business interfaces, so that the only required function is encryption and decryption under the condition that resource consumption is minimum for a server or a network, the encryption and decryption process is negligible, encryption is performed by adopting an encryption algorithm, compression is performed by adopting a dynamic optimization algorithm, the transmission rate is further improved in the transmission process, and the safety of data transmission is also improved. The technical scheme of the embodiment adopts the protocol specified by the user network topology for transmission, so that the security mechanism is not changed or bypassed, but the strategy of the security mechanism is strictly followed, and the security is ensured.
The technical scheme of the embodiment is flexible in application scene, not only a layer of firewall protocol is supported between the internal network component and the external network component (as shown in fig. 3), but also multiple sets of firewall protocols can be deployed to form a part of multi-level jump, and the part becomes a chain (as shown in fig. 4).
Example two:
the embodiment provides a network service system of a dual reverse proxy between an intranet and an extranet, which is suitable for the network service method of the dual reverse proxy between the intranet and the extranet described in the first embodiment, as shown in fig. 2, the network service system includes an extranet component arranged in the extranet system and an intranet component arranged in the intranet system, and the extranet component and the intranet component establish a communication tunnel through an interface protocol;
the external network component receives an HTTP request of a user, compresses the HTTP request into a request data packet with a fixed format and sends the request data packet to the internal network system;
after receiving the request data packet, the intranet component decompresses the request data packet to obtain an original HTTP request and sends the HTTP request to a corresponding target server;
the intranet component receives response information fed back by the target server, compresses the response information into a response data packet with a fixed format, and sends the response data packet to the extranet system;
and after receiving the response data packet, the external network component decompresses the response data packet to obtain original response information and feeds the response information back to the user.
In the embodiment, a technical scheme of multiple reverse proxies is adopted, and a dual reverse proxy service, namely an intranet component, is deployed in an intranet; the same double reverse proxy service, namely an extranet component, is deployed in the extranet; the two internal and external network proxy services realize the required interface data in a self-defined mode and establish a communication tunnel. The intranet component and the extranet component are communicated through a unique interface protocol, in order to save deployment cost, the service component with the server is installed and used instantly, and configuration items are arranged externally, so that deployment and maintenance cost is reduced.
In this embodiment, the interface protocol is a transmission protocol between the intranet system and the extranet system that is customized by a user by calling a specific transmission module. The specific transmission module is a specific interface call developed for a user to customize and realize the intermediate interaction process. The interface protocol comprises a Soap protocol or a Restful protocol or other protocols, and a user can set the interface protocol according to implementation requirements.
The external network component receives an HTTP request of a user, compresses the HTTP request into a request data packet with a fixed format, and sends the request data packet to the internal network system, and specifically comprises the following steps:
the extranet component receives an HTTP request sent by a user;
converting the HTTP request and the target server address into binary request data;
the binary request data is encrypted and compressed to obtain a request data packet,
and sending the request data packet to an intranet component of the intranet system through an interface protocol.
After receiving the request data packet, the intranet component decompresses the request data packet to obtain an original HTTP request, and sends the HTTP request to a corresponding target server, which specifically includes:
the intranet component receives a request data packet through an interface protocol;
decompressing and decrypting the request data packet to obtain binary request data;
converting the binary request data into an original HTTP request and a target server address;
and sending the HTTP request to a corresponding target server according to the address of the target server.
In a traditional internal and external network data transmission mode, in order to meet various access requests, a plurality of interfaces are required to be deployed in the internal and external networks, and communication between the internal and external networks is realized through the plurality of interfaces, so that the deployed system is complex and the development difficulty is high. In the embodiment, only one simple service component needs to be respectively deployed in the internal network and the external network, the fixed format of the embodiment is a binary request data format, and the internal network and the external network are transmitted through binary data, so that only one interface is needed to realize the communication between the internal network and the external network.
In this embodiment, no matter what type of request the user sends, the request is converted into binary request data, in order to prevent the binary request data and the address of the target server from being stolen in the data transmission process, in order to ensure data security, the binary request data and the address of the target server are encrypted, in order to improve the data transmission rate, the encrypted data are compressed, so that a converted, encrypted and compressed request data packet is obtained, and then the data packet is sent to an intranet component of an intranet system through an interface protocol customized by the user. And the intranet component decompresses, decrypts and converts the data to obtain an original HTTP request and a target server address, and then sends the HTTP request to a corresponding target server according to the target server address. Therefore, the purpose that the outer net user accesses the inner net server is achieved.
The target server address of the embodiment is set by a user through a configuration file of an extranet component, and the target server address comprises one or more addresses. For example, the target server address set by the configuration file is: 127.0.0.1:1234, 127.0.0.1:1235, so the destination server of the subsequent access is the server to which the two addresses correspond.
The intranet component receives response information fed back by the target server, compresses the response information into a response data packet in a fixed format, and sends the response data packet to the extranet system, and the intranet component specifically comprises:
the intranet component receives response information fed back by the target server;
converting the response information into binary response data;
carrying out encryption compression on binary response data to obtain a response data packet;
and sending the response data packet to the extranet component of the extranet system through the interface protocol.
After receiving the response data packet, the extranet component decompresses the response data packet to obtain original response information, and feeds back the response information to the user, and the extranet component specifically comprises:
the extranet component receives a response data packet through an interface protocol;
decompressing and decrypting the response data packet to obtain binary response data;
converting the binary response data into original response information;
and feeding back the response information to the user.
In this embodiment, the target server may feed back response information to the intranet component according to the HTTP request, the intranet component converts the response information into binary response data, encrypts and compresses the data to obtain a response data packet, and then sends the response data packet to the extranet component of the extranet system according to an interface protocol defined by a user. And the external network component decompresses, decrypts and converts the response data packet to obtain original response information, and feeds the response information back to the user. Therefore, the aim of feeding back response information to the outer network user by the inner network server is fulfilled.
According to the technical scheme of the embodiment, the internal network component and the external network component which can communicate according to the unique interface protocol are respectively deployed in the internal network and the external network, the internal network and the external network communicate through one interface protocol, a large number of communication interfaces do not need to be developed, and development and deployment cost and maintenance cost are reduced. The technical scheme of the embodiment has good universality, the universality supports a user-defined protocol, and a user can define the required protocol.
According to the technical scheme, network transmission load is not increased, safety and high efficiency are achieved, the transmission process is all HTTP, and the internal network component and the external network component do not comprise any database or other functional or business interfaces, so that the only required function is encryption and decryption under the condition that resource consumption is minimum for a server or a network, the encryption and decryption process is negligible, encryption is performed by adopting an encryption algorithm, compression is performed by adopting a dynamic optimization algorithm, the transmission rate is further improved in the transmission process, and the safety of data transmission is also improved. The technical scheme of the embodiment adopts the protocol specified by the user network topology for transmission, so that the security mechanism is not changed or bypassed, but the strategy of the security mechanism is strictly followed, and the security is ensured.
The technical scheme of the embodiment is flexible in application scene, not only a layer of firewall protocol is supported between the internal network component and the external network component (as shown in fig. 3), but also multiple sets of firewall protocols can be deployed to form a part of multi-level jump, and the part becomes a chain (as shown in fig. 4).
Furthermore, those of ordinary skill in the art will appreciate that the elements or steps of the various examples described in connection with the embodiments disclosed herein may be embodied as electronic hardware, computer software, or combinations of both, and that the components and steps of the various examples have been described above generally in terms of their functionality in order to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the embodiments provided in the present application, it should be understood that the division of the steps is only one logical functional division, and there may be other division ways in actual implementation, for example, multiple steps may be combined into one step, one step may be split into multiple steps, or some features may be omitted.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit and scope of the present invention, and they should be construed as being included in the following claims and description.
Claims (10)
1. A network service method of dual reverse proxy between an intranet and an extranet is characterized by comprising the following steps:
arranging an outer network component in the outer network system, arranging an inner network component in the inner network system, and establishing a communication tunnel by the outer network component and the inner network component through a unique interface protocol;
the external network component receives an HTTP request of a user, compresses the HTTP request into a request data packet with a fixed format and sends the request data packet to the internal network system;
after receiving the request data packet, the intranet component decompresses the request data packet to obtain an original HTTP request and sends the HTTP request to a corresponding target server;
the intranet component receives response information fed back by the target server, compresses the response information into a response data packet with a fixed format, and sends the response data packet to the extranet system;
and after receiving the response data packet, the external network component decompresses the response data packet to obtain original response information and feeds the response information back to the user.
2. The network service method of dual reverse proxy between intranet and extranet according to claim 1, wherein the interface protocol is a transmission protocol between intranet system and extranet system customized by a user by calling a specific transmission module.
3. The network service method of dual reverse proxy between intranet and extranet according to claim 2, wherein the interface protocol comprises Soap protocol or Restful protocol or other protocol.
4. The network service method of dual reverse proxy between intranet and extranet according to claim 3, wherein the fixed format is binary request data format.
5. The network service method of dual reverse proxy between intranet and extranet according to claim 4, wherein the extranet component receives HTTP request of user, compresses HTTP request into request data packet with fixed format, and sends the request data packet to intranet system, specifically:
the extranet component receives an HTTP request sent by a user;
converting the HTTP request and the target server address into binary request data;
the binary request data is encrypted and compressed to obtain a request data packet,
and sending the request data packet to an intranet component of the intranet system through an interface protocol.
6. The network service method of dual reverse proxy between intranet and extranet according to claim 5, wherein the intranet component decompresses the request data packet to obtain an original HTTP request after receiving the request data packet, and sends the HTTP request to a corresponding target server, specifically:
the intranet component receives a request data packet through an interface protocol;
decompressing and decrypting the request data packet to obtain binary request data;
converting the binary request data into an original HTTP request and a target server address;
and sending the HTTP request to a corresponding target server according to the address of the target server.
7. The network service method of dual reverse proxy between intranet and extranet according to claim 4, wherein the intranet component receives response information fed back by the target server, compresses the response information into a response data packet with a fixed format, and sends the response data packet to the extranet system, specifically:
the intranet component receives response information fed back by the target server;
converting the response information into binary response data;
carrying out encryption compression on binary response data to obtain a response data packet;
and sending the response data packet to the extranet component of the extranet system through the interface protocol.
8. The network service method of a dual reverse proxy between an intranet and an extranet according to claim 7, wherein the extranet component decompresses the response data packet to obtain original response information after receiving the response data packet, and feeds back the response information to a user, specifically:
the extranet component receives a response data packet through an interface protocol;
decompressing and decrypting the response data packet to obtain binary response data;
converting the binary response data into original response information;
and feeding back the response information to the user.
9. The network service method of dual reverse proxy between intranet and extranet according to claim 4, wherein the target server address is set by user through configuration file of extranet component, the target server address includes one or more.
10. A network service system of dual reverse proxy between an intranet and an extranet, which is adapted to the network service method of dual reverse proxy between an intranet and an extranet according to any one of claims 1 to 9, and which includes an extranet component provided in the extranet system and an intranet component provided in the intranet system, wherein the extranet component and the intranet component establish a communication tunnel through a unique interface protocol;
the external network component receives an HTTP request of a user, compresses the HTTP request into a request data packet with a fixed format and sends the request data packet to the internal network system;
after receiving the request data packet, the intranet component decompresses the request data packet to obtain an original HTTP request and sends the HTTP request to a corresponding target server;
the intranet component receives response information fed back by the target server, compresses the response information into a response data packet with a fixed format, and sends the response data packet to the extranet system;
and after receiving the response data packet, the external network component decompresses the response data packet to obtain original response information and feeds the response information back to the user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010589247.7A CN111698334B (en) | 2020-06-24 | 2020-06-24 | Network service method and system of dual reverse proxy between intranet and extranet |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010589247.7A CN111698334B (en) | 2020-06-24 | 2020-06-24 | Network service method and system of dual reverse proxy between intranet and extranet |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111698334A true CN111698334A (en) | 2020-09-22 |
| CN111698334B CN111698334B (en) | 2023-04-07 |
Family
ID=72483816
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010589247.7A Active CN111698334B (en) | 2020-06-24 | 2020-06-24 | Network service method and system of dual reverse proxy between intranet and extranet |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111698334B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113364842A (en) * | 2021-05-31 | 2021-09-07 | 河南光悦网络科技有限公司 | Network data transmission method |
| CN114363312A (en) * | 2022-01-06 | 2022-04-15 | 四川金信石信息技术有限公司 | Method for realizing communication between Internet and local area network based on Http protocol |
| CN114826754A (en) * | 2022-05-06 | 2022-07-29 | 中国光大银行股份有限公司 | Communication method and system among different networks, storage medium and electronic device |
| CN114844693A (en) * | 2022-04-27 | 2022-08-02 | 深圳云创数安科技有限公司 | Lightweight communication data encryption method, device, equipment and storage medium |
| CN116112294A (en) * | 2023-04-12 | 2023-05-12 | 鹏城实验室 | Network target range protection method, device, equipment and readable storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6567857B1 (en) * | 1999-07-29 | 2003-05-20 | Sun Microsystems, Inc. | Method and apparatus for dynamic proxy insertion in network traffic flow |
| CN108600204A (en) * | 2018-04-11 | 2018-09-28 | 浙江大学 | A kind of corporate intranet access method based on Opposite direction connection and application layer tunnel |
| CN110661858A (en) * | 2019-09-12 | 2020-01-07 | 南京博联智能科技有限公司 | Websocket-based intranet penetration method and system |
-
2020
- 2020-06-24 CN CN202010589247.7A patent/CN111698334B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6567857B1 (en) * | 1999-07-29 | 2003-05-20 | Sun Microsystems, Inc. | Method and apparatus for dynamic proxy insertion in network traffic flow |
| CN108600204A (en) * | 2018-04-11 | 2018-09-28 | 浙江大学 | A kind of corporate intranet access method based on Opposite direction connection and application layer tunnel |
| CN110661858A (en) * | 2019-09-12 | 2020-01-07 | 南京博联智能科技有限公司 | Websocket-based intranet penetration method and system |
Non-Patent Citations (3)
| Title |
|---|
| 张仁等: "基于Web浏览器的SSL VPN网关系统的设计和实现", 《计算机工程与设计》 * |
| 张颖江等: "网络隧道代理模型的研究", 《计算机工程》 * |
| 陈萍等: "SSL VPN中HTTP代理服务器的实现", 《计算机与信息技术》 * |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113364842A (en) * | 2021-05-31 | 2021-09-07 | 河南光悦网络科技有限公司 | Network data transmission method |
| CN113364842B (en) * | 2021-05-31 | 2022-12-16 | 深圳市光网世纪科技有限公司 | Network data transmission method |
| CN114363312A (en) * | 2022-01-06 | 2022-04-15 | 四川金信石信息技术有限公司 | Method for realizing communication between Internet and local area network based on Http protocol |
| CN114844693A (en) * | 2022-04-27 | 2022-08-02 | 深圳云创数安科技有限公司 | Lightweight communication data encryption method, device, equipment and storage medium |
| CN114844693B (en) * | 2022-04-27 | 2024-03-26 | 深圳云创数安科技有限公司 | Lightweight communication data encryption method, device, equipment and storage medium |
| CN114826754A (en) * | 2022-05-06 | 2022-07-29 | 中国光大银行股份有限公司 | Communication method and system among different networks, storage medium and electronic device |
| CN114826754B (en) * | 2022-05-06 | 2024-06-11 | 中国光大银行股份有限公司 | Communication method and system between different networks, storage medium and electronic device |
| CN116112294A (en) * | 2023-04-12 | 2023-05-12 | 鹏城实验室 | Network target range protection method, device, equipment and readable storage medium |
| CN116112294B (en) * | 2023-04-12 | 2023-07-18 | 鹏城实验室 | Network target range protection method, device, equipment and readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111698334B (en) | 2023-04-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111698334B (en) | Network service method and system of dual reverse proxy between intranet and extranet | |
| CN100508517C (en) | Selecting a security format conversion for wired and wireless devices | |
| US10027556B2 (en) | Delegated network management services | |
| US7000121B2 (en) | Computer systems, in particular virtual private networks | |
| US20200236048A1 (en) | Method and apparatus for traffic optimization in virtual private networks (vpns) | |
| CA2604926C (en) | System topology for secure end-to-end communications between wireless device and application data source | |
| EP1315349B1 (en) | A method for integrating with load balancers in a client and server system | |
| CN106789526B (en) | method and device for connecting multiple system networks | |
| EP2781049B1 (en) | Distributing overlay network ingress information | |
| US20030229674A1 (en) | Internet scaling in a PUB/SUB ENS | |
| CN111245699B (en) | Remote communication service control method, server and client | |
| US7734907B2 (en) | Methods and systems for redirecting data | |
| Chen et al. | iMobile EE–An Enterprise Mobile Service Platform | |
| KR20130112038A (en) | Method, gateway, proxy and system for implementing mobile internet services | |
| CN108737471B (en) | Network access method and device | |
| KR20060064503A (en) | Terminal, server system, and method for supporting contents adaptation | |
| CN110505074B (en) | Application modularization integration method and device | |
| CN112968965B (en) | Metadata service method, server and storage medium for NFV network node | |
| CN104753774B (en) | A kind of distributed enterprise comprehensive access gate | |
| CN112953932B (en) | Identity authentication gateway integration design method and system based on CA certificate | |
| CN111581673B (en) | SAP electronic signature method and system | |
| CN100411384C (en) | Method for long-distance using local area network resource utilizing mobile equipment | |
| CN116781764A (en) | Long-connection task execution method and device and related equipment | |
| KR100486081B1 (en) | Cluster-type Relay System for Electronic Financial Service and Electronic Financial Service Providing Method using the same | |
| Cook et al. | COMAN: a multiple-language active network architecture enabled via middleware |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: A network service method and system for dual reverse proxy between internal and external networks Effective date of registration: 20230913 Granted publication date: 20230407 Pledgee: Kunming Branch of China Minsheng Bank Co.,Ltd. Pledgor: KUNMING DONGDIAN TECHNOLOGY Co.,Ltd. Registration number: Y2023530000058 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right |