CN113179323A - HTTPS request processing method, device and system for load balancing equipment - Google Patents
HTTPS request processing method, device and system for load balancing equipment Download PDFInfo
- Publication number
- CN113179323A CN113179323A CN202110471768.7A CN202110471768A CN113179323A CN 113179323 A CN113179323 A CN 113179323A CN 202110471768 A CN202110471768 A CN 202110471768A CN 113179323 A CN113179323 A CN 113179323A
- Authority
- CN
- China
- Prior art keywords
- https request
- certificate
- https
- client
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1001—Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
The disclosure relates to a method, a device and a system for processing an HTTPS request of load balancing equipment. The method comprises the following steps: acquiring an HTTPS request from a client based on the HTTPS connection; determining a target server from the server cluster based on a scheduling algorithm; establishing an HTTP connection with the target server; attaching the client's certificate in the HTTPS request; forwarding the HTTPS request to the target server for processing based on an HTTP connection. According to the HTTPS request processing method, the HTTPS request processing device, the HTTPS request processing system, the electronic equipment and the computer readable medium, the pressure of the server can be reduced, and meanwhile the server can provide personalized services for the client side according to the acquired certificate information.
Description
Technical Field
The present disclosure relates to the field of computer information processing, and in particular, to a method, an apparatus, a system, an electronic device, and a computer-readable medium for processing an HTTPS request.
Background
With the continuous improvement of network security, more and more websites start to provide services based on HTTPS, especially the financial industry has basically used the HTTPS technology, and in order to provide stable network services, a load balancing product is usually used to provide uniform network services to the outside through a load balancer. When a 7-layer server load device of the OSI model is adopted to provide network services, an encryption and decryption process is involved due to communication based on the HTTPS protocol, and the process needs to occupy a large amount of server resources. In the prior art, HTTPS communication is usually adopted between a client and a load balancing device, and ordinary HTTP communication is adopted between the load balancing device and a real server, so that the pressure of the server can be greatly reduced,
however, in some environments where network security requirements are high, such as the financial industry described above, HTTPS mutual authentication is required to secure data. In the HTTPS two-way authentication mode, the server needs to verify the client's certificate and provide different clients with customized and personalized services based on the certificate. In this mode, if the existing load balancing device communication framework is followed: HTTPS communication is adopted between the load balancing device and the client, and HTTP communication is still used by the load balancing device and the server, which results in that the server cannot know credential information used by the client and cannot provide personalized services.
Therefore, there is a need for a new HTTPS request processing method, apparatus, system, electronic device, and computer readable medium.
The above information disclosed in this background section is only for enhancement of understanding of the background of the disclosure and therefore it may contain information that does not constitute prior art that is already known to a person of ordinary skill in the art.
Disclosure of Invention
In view of this, the present disclosure provides an HTTPS request processing method, an HTTPS request processing apparatus, an HTTPS request processing system, an electronic device, and a computer readable medium, which can reduce the pressure on a server and provide a personalized service for a client according to acquired certificate information.
Additional features and advantages of the disclosure will be set forth in the detailed description which follows, or in part will be obvious from the description, or may be learned by practice of the disclosure.
According to an aspect of the present disclosure, an HTTPS request processing method is provided, which may be used for a load balancing device, and the method includes: acquiring an HTTPS request from a client based on the HTTPS connection; determining a target server from the server cluster based on a scheduling algorithm; establishing an HTTP connection with the target server; attaching the client's certificate in the HTTPS request; forwarding the HTTPS request to the target server for processing based on an HTTP connection.
In an exemplary embodiment of the present disclosure, before acquiring an HTTPS request from a client based on an HTTPS connection, the method further includes: acquiring an HTTPS connection request from a client; acquiring a certificate of the client based on the HTTPS connection request; verifying whether the client is valid based on the certificate; and when the client is valid, recording the certificate and establishing HTTPS connection with the client.
In an exemplary embodiment of the present disclosure, further comprising: enabling a client authentication function in the load balancing equipment; and enabling a function of transmitting the client certificate in the load balancing equipment.
In an exemplary embodiment of the present disclosure, further comprising: and generating a preset secure socket layer strategy based on the attribute information of the hypertext transfer protocol.
In an exemplary embodiment of the present disclosure, attaching the certificate of the client to the HTTPS request includes: comparing the attribute of the HTTPS request with the preset interface layer strategy of the condom; and when the preset security socket layer strategy is met, encrypting the certificate and attaching the encrypted certificate to the HTTPS request.
In an exemplary embodiment of the present disclosure, attaching the encrypted certificate to the HTTPS request includes: and encrypting the certificate based on a base64 mode and then attaching the certificate to the HTTPS request.
According to an aspect of the present disclosure, an HTTPS request processing method is provided, which is applicable to a server in a server cluster, and includes: receiving an HTTPS request from a load balancing device; decrypting the HTTPS request to obtain a certificate; processing the HTTPS request based on the certificate.
In an exemplary embodiment of the disclosure, processing the HTTPS request based on the certificate includes: determining a processing mode based on the certificate; and processing the HTTPS request according to the processing mode.
According to an aspect of the present disclosure, an HTTPS request processing apparatus is provided, which may be used for a load balancing device, the apparatus including: the request module is used for acquiring an HTTPS request from a client based on the HTTPS connection; the scheduling module is used for determining a target server from the server cluster based on a scheduling algorithm; the connection module is used for establishing HTTP connection with the target server; an append module to append the client's certificate to the HTTPS request; and the forwarding module is used for forwarding the HTTPS request to the target server for processing based on HTTP connection.
According to an aspect of the present disclosure, an HTTPS request processing apparatus, which is usable for a server in a server cluster, is provided, the apparatus including: the receiving module is used for receiving an HTTPS request from the load balancing equipment; the decryption module is used for decrypting the HTTPS request to obtain a certificate; and the processing module is used for processing the HTTPS request based on the certificate.
According to an aspect of the present disclosure, an HTTPS request processing system is provided, the system including: the load balancing equipment is used for acquiring an HTTPS request from the client based on the HTTPS connection; determining a target server from the server cluster based on a scheduling algorithm; establishing an HTTP connection with the target server; attaching the client's certificate in the HTTPS request; forwarding the HTTPS request to the target server for processing based on an HTTP connection; the server cluster receives an HTTPS request from the load balancing equipment; decrypting the HTTPS request to obtain a certificate; processing the HTTPS request based on the certificate.
According to an aspect of the present disclosure, an electronic device is provided, the electronic device including: one or more processors; storage means for storing one or more programs; when executed by one or more processors, cause the one or more processors to implement a method as above.
According to an aspect of the disclosure, a computer-readable medium is proposed, on which a computer program is stored, which program, when being executed by a processor, carries out the method as above.
According to the HTTPS request processing method, the device, the system, the electronic equipment and the computer readable medium, the HTTPS request from the client is obtained based on the HTTPS connection; determining a target server from the server cluster based on a scheduling algorithm; establishing an HTTP connection with the target server; attaching the client's certificate in the HTTPS request; and forwarding the HTTPS request to the target server for processing based on HTTP connection, so that the pressure of the server can be reduced, and meanwhile, the server can provide personalized service for the client according to the acquired certificate information.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The above and other objects, features and advantages of the present disclosure will become more apparent by describing in detail exemplary embodiments thereof with reference to the attached drawings. The drawings described below are merely some embodiments of the present disclosure, and other drawings may be derived from those drawings by those of ordinary skill in the art without inventive effort.
Fig. 1 is a schematic diagram illustrating an HTTPS request processing system in accordance with an exemplary embodiment.
Fig. 2 is a flow diagram illustrating a method of HTTPS request processing in accordance with an exemplary embodiment.
Fig. 3 is a flowchart illustrating a method of HTTPS request processing, according to another example embodiment.
Fig. 4 is a flowchart illustrating a method of HTTPS request processing, according to another example embodiment.
Fig. 5 is a block diagram illustrating an HTTPS request processing device according to an example embodiment.
Fig. 6 is a block diagram illustrating an HTTPS request processing device according to another example embodiment.
FIG. 7 is a block diagram illustrating an electronic device in accordance with an example embodiment.
FIG. 8 is a block diagram illustrating a computer-readable medium in accordance with an example embodiment.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The same reference numerals denote the same or similar parts in the drawings, and thus, a repetitive description thereof will be omitted.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the disclosure. One skilled in the relevant art will recognize, however, that the subject matter of the present disclosure can be practiced without one or more of the specific details, or with other methods, components, devices, steps, and so forth. In other instances, well-known methods, devices, systems, implementations, or operations have not been shown or described in detail to avoid obscuring aspects of the disclosure.
The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.
The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
It will be understood that, although the terms first, second, third, etc. may be used herein to describe various components, these components should not be limited by these terms. These terms are used to distinguish one element from another. Thus, a first component discussed below may be termed a second component without departing from the teachings of the disclosed concept. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.
It is to be understood by those skilled in the art that the drawings are merely schematic representations of exemplary embodiments, and that the blocks or processes shown in the drawings are not necessarily required to practice the present disclosure and are, therefore, not intended to limit the scope of the present disclosure.
The technical abbreviations involved in this disclosure are explained as follows:
load balancing: the load balancing is that a plurality of servers form a server set, each server can independently provide the same service, an external request is distributed to one server set through a certain load algorithm, the server provides service for a request device, the load balancing can provide high-reliability and high-stability service to the outside, and meanwhile, the pressure of a single server is reduced.
Real service group, a plurality of servers are gathered to provide the same service, the service which can be provided by each server is the same, and a server cluster is formed by the devices.
Virtual address: the load balancing device provides an IP address to the outside, and the address does not have a fixed server and does not correspond to a certain server which really exists.
SSL, Security Socket Layer interface Layer, a standard for secure data transmission used on the Internet. It uses encryption technology to transmit data on the internet, ensuring that the data is not intercepted and not modified.
HTTPS: the Hyper Text Transfer Protocol over secure HTTP Layer is an HTTP channel with a target of security, and the security of a transmission process is ensured through transmission encryption and identity authentication on the basis of HTTP. HTTPS adds SSL layer under HTTP, and the safety base of HTTPS is SSL.
Because the server needs to perform SSL encryption and decryption when establishing the HTTPS connection, in the prior art, the client and the load balancing device, and the load balancing device and the server are all connected by using an HTTPS protocol, and the server may increase the burden of the server by directly acquiring SSL certificate information through the HTTPS protocol. When the HTTPS bidirectional authentication is adopted, the load balancing equipment can transmit the client certificate to the server, the HTTPS connection does not need to be established between the load balancing equipment and the server, and the server can obtain the certificate information used by the current client in a convenient mode only by inserting the related certificate information into the HTTP header. The following is a detailed description with the aid of specific examples.
Fig. 1 is a system block diagram illustrating a HTTPS request processing method, apparatus, system, electronic device, and computer-readable medium in accordance with an example embodiment.
As shown in FIG. 1, system architecture 10 may include a server cluster, which may include: servers 101, 102, 103, system architecture 10 may further include: a network 104, a load balancing device 105 and a client 106. The network 104 is used to provide a medium for communication links between the servers 101, 102, 103 and the load balancing device 105, and between the load balancing device 105 and the client 106. Network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
A user may use a client 106 to interact with the servers 101, 102, 103 via the network 104, the load balancing device 105, to receive or send messages, etc. Various messaging client applications, such as shopping applications, web browser applications, search applications, instant messaging tools, mailbox clients, social platform software, etc., may be installed on the client 106.
The client 106 may be a variety of electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablets, laptop portable computers, desktop computers, and the like.
The load balancing device 105 may provide a load balancing service, and the load balancing device 105 may provide support for a website browsed by a user using the client 106. The load balancing device 105 may obtain the HTTPS request from the client 106, and the load balancing device 105 may determine a target server ( server 101 or 102 or 103) from the cluster of servers and forward the HTTPS request to the target server.
The load balancing device 105 may obtain HTTPS requests from clients, e.g., based on HTTPS connections; the load balancing device 105 may determine a target server from the server cluster, e.g., based on a scheduling algorithm; the load balancing device 105 may, for example, establish an HTTP connection with the target server; the load balancing device 105 may, for example, append the client's certificate in the HTTPS request; the load balancing device 105 may forward the HTTPs request to the target server for processing, e.g., based on an HTTP connection.
The servers 101, 102, 103 may provide request processing services, and the servers 101, 102, 103 may provide request processing services and may provide support for websites browsed by users using the client 106. The servers 101, 102, and 103 may analyze and process the received data such as the product information query request, and feed back the processing result to the terminal device.
The server 101 (or 102 or 103) may, for example, receive an HTTPS request from a load balancing device; the server 101 may, for example, decrypt the HTTPS request to obtain a certificate; the server 101 may process the HTTPS request, for example, based on the certificate.
It should be noted that the HTTPS request processing method provided in the embodiment of the present disclosure may be executed by the load balancing device 105 and the servers 101, 102, and 103, and accordingly, the HTTPS request processing apparatus may be disposed in the load balancing device 105 and the servers 101, 102, and 103.
Fig. 2 is a flow diagram illustrating a method of HTTPS request processing in accordance with an exemplary embodiment. The HTTPS request processing method 20 may be applied to a load balancing device and includes at least steps S202 to S210.
As shown in fig. 2, in S202, an HTTPS request from a client is acquired based on the HTTPS connection. After the load balancing device and the client establish connection based on the HTTPS protocol, the HTTPS request from the client can be received. After the connection is established, after the load balancing equipment receives a first HTTP request sent by the client, the load balancing equipment selects a certain server according to a scheduling algorithm and establishes the connection by adopting an HTTP protocol.
Before acquiring an HTTPS request from a client based on an HTTPS connection, the method further includes: acquiring an HTTPS connection request from a client; acquiring a certificate of the client based on the HTTPS connection request; verifying whether the client is valid based on the certificate; and when the client is valid, recording the certificate and establishing HTTPS connection with the client.
In S204, a target server is determined from the server cluster based on a scheduling algorithm. In the disclosed embodiment, the load Balancing device may provide many scheduling methods, which may include Round Robin (Round Robin), Weighted Round Robin (Weighted Round Robin), Least number of connections (Least Connection), Least number of connections Slow Start Time (Least Connection Slow Start Time), Weighted Least Connection (Weighted Least Connection), Agent-Based Adaptive load Balancing (Agent Based Adaptive Balancing), Fixed weight (Fixed Weighted), Weighted Response (Weighted Response), Source IP Hash (Source IP Hash), and so on.
In S206, an HTTP connection is established with the target server. The load balancing device may establish an HTTP connection with the target server, the HTTP communicating data based on the TCP/IP communication protocol. The HTTP protocol works on a client-server architecture. The browser serves as an HTTP client to send all requests to an HTTP server, namely a WEB server, through the URL.
In S208, the client' S certificate is appended to the HTTPS request.
In one embodiment, further comprising: enabling a client authentication function in the load balancing equipment; client Authentication (CA) is an Authentication mechanism based on the IP address of a user's Client host, which allows a system administrator to customize access rights for authorized users having a particular IP address. The CA is associated with an IP address and does not impose a direct restriction on the protocol accessed. The server and the client do not need to add or modify any software. The system administrator may decide the authorization of each user, the server resources allowed to be accessed, the applications, the access time, and the number of sessions allowed to be established, etc. In the application, by starting the client authentication function, the client must be set to send a certificate option, and a corresponding trusted issuer is selected for judging whether the SSL certificate of the client is trusted in the subsequent process.
In one embodiment, further comprising: and generating a preset secure socket layer strategy based on the attribute information of the hypertext transfer protocol. The condom interface layer policy may specify which terms are met for the HTTP protocol to transport. Wherein attaching the client's certificate to the HTTPS request comprises: comparing the attribute of the HTTPS request with the preset interface layer strategy of the condom; and when the preset security socket layer strategy is met, encrypting the certificate and attaching the encrypted certificate to the HTTPS request. More specifically, the certificate may be encrypted based on base64 and then appended to the HTTPS request.
After a client initiates a request for accessing virtual service, at the moment, the load balancing equipment plays the role of a server, after the client verifies a certificate of the server, the client sends the certificate of the client used by the client because the client is started and must send a certificate option, the load balancing equipment verifies whether the client is a valid user, and if the client passes the verification, connection can be established and certificate information can be recorded.
In S210, the HTTPs request is forwarded to the target server for processing based on an HTTP connection.
In one embodiment, further comprising: and enabling a function of transmitting the client certificate in the load balancing equipment. The method comprises the steps of enabling a pass-through client certificate function in load balancing equipment, configuring an HTTP header name of an inserted certificate, selecting and matching attributes in HTTP requests by the inserted client function, such as Host, Cookie, url and the like, passing-through SSL certificate information only when the attributes are met, or not passing-through, and unconditionally passing-through if the relevant matched attributes are not configured.
According to the HTTPS request processing method, an HTTPS request from a client is obtained based on HTTPS connection; determining a target server from the server cluster based on a scheduling algorithm; establishing an HTTP connection with the target server; attaching the client's certificate in the HTTPS request; and forwarding the HTTPS request to the target server for processing based on HTTP connection, so that the pressure of the server can be reduced, and meanwhile, the server can provide personalized service for the client according to the acquired certificate information.
It should be clearly understood that this disclosure describes how to make and use particular examples, but the principles of this disclosure are not limited to any details of these examples. Rather, these principles can be applied to many other embodiments based on the teachings of the present disclosure.
Fig. 3 is a flowchart illustrating a method of HTTPS request processing, according to another example embodiment. The HTTPS request processing method 30 may be applied to a server in a server cluster, and includes at least steps S302 to S306.
As shown in fig. 3, in S302, an HTTPS request is received from a load balancing device. After one of the servers in the server cluster and the load balancing device establish HTTP connection, an HTTPS request from a client is received.
In S304, the HTTPS request is decrypted to obtain a certificate. Decryption can be performed based on Base64, Base64 is one of the most common encoding modes for transmitting 8-Bit byte codes on a network, and Base64 is a method for representing binary data based on 64 printable characters. RFCs 2045-2049 can be viewed, above which is the detailed specification of MIME. Base64 encoding is a binary to character process that may be used to convey longer identification information in the HTTP environment. Encoding using Base64 is not readable and requires decoding before reading. Modified Base64 encoding of URLs may be used, which fills in the' ═ at the end and changes "+" and "/" in standard Base64 to "-" and "_", respectively, thus eliminating the conversions to be made at URL codec and database storage, avoiding the increase in length of encoded information in the process, and unifying the format of object identifiers at databases, forms, etc.
In S306, the HTTPS request is processed based on the certificate. The manner of processing may be determined, for example, based on the certificate; and processing the HTTPS request according to the processing mode. The certificate information used by the current client can be known through decryption by the base64, and different services can be provided through the certificate information.
Fig. 4 is a flowchart illustrating a method of HTTPS request processing, according to another example embodiment. The flow 40 shown in fig. 4 is a detailed description of the processing of the HTTPS request processing system.
As shown in fig. 4, in S401, the load balancing apparatus performs initial setting, and may, for example, enable a client authentication function in the load balancing apparatus; the transparent client certificate function can be started in the load balancing equipment, and a preset secure socket layer policy can be generated based on the attribute information of the hypertext transfer protocol.
In S402, the client requests and the load balancing device to establish an HTTPS connection.
In S403, the load balancing device obtains the client certificate and performs verification.
In S404, after the verification passes, an HTTPS connection is established.
In S405, the client transmits an HTTPS request based on the HTTPS connection.
In S406, a target server is determined and an HTTP connection is established with the target server.
In S407, the client' S certificate is attached to the HTTPS request.
In S408, the HTTPs request is forwarded to the target server based on an HTTP connection.
In S409, the HTTPS request is decrypted to obtain a certificate and processed.
The method comprises the steps that a connection is established between a client and a load balancing device based on an HTTPS protocol, the connection is established between the load balancing device and a server based on the HTTP protocol, the load balancing device records SSL certificate information used by the client, when an HTTP request initiated by the client reaches the load balancing device, the load balancing device inserts the certificate information used by the client into the HTTP request sent by the client at first and then forwards the information to the server, and the server can obtain a certificate used by the client and provide different services according to the certificate.
After the load balancing equipment establishes connection with the server, the load balancing equipment starts to forward the HTTP request of the client, judges whether a function of inserting a client certificate is started or not when the HTTP request is forwarded, judges whether the attribute in the HTTP request initiated by the client is consistent with the value of the attribute in the configured HTTP request or not if the function of inserting the client certificate is started, encrypts SSL certificate information (including but not limited to a certificate issuer, a certificate user and the like) used by the client through base64 and then attaches the SSL certificate information to the HTTP request if the attribute is consistent, and after the server receives the certificate information, the server can know the certificate information used by the client through decryption of base64 and can provide different services through the certificate information.
The HTTPS request processing system can be used for load balancing equipment which enables bidirectional HTTPS authentication, and has the following advantages:
1. and an HTTP (hyper text transport protocol) is adopted between the load balancing equipment and the server, so that the pressure of the server is relieved.
2. The server may obtain credential information for use by the client.
Those skilled in the art will appreciate that all or part of the steps implementing the above embodiments are implemented as computer programs executed by a CPU. When executed by the CPU, performs the functions defined by the above-described methods provided by the present disclosure. The program may be stored in a computer readable storage medium, which may be a read-only memory, a magnetic or optical disk, or the like.
Furthermore, it should be noted that the above-mentioned figures are only schematic illustrations of the processes involved in the methods according to exemplary embodiments of the present disclosure, and are not intended to be limiting. It will be readily understood that the processes shown in the above figures are not intended to indicate or limit the chronological order of the processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, e.g., in multiple modules.
The following are embodiments of the disclosed apparatus that may be used to perform embodiments of the disclosed methods. For details not disclosed in the embodiments of the apparatus of the present disclosure, refer to the embodiments of the method of the present disclosure.
Fig. 5 is a block diagram illustrating an HTTPS request processing device according to an example embodiment. As shown in fig. 5, the HTTPS request processing apparatus 50 may be used for a load balancing device, and includes: a request module 502, a scheduling module 504, a connection module 506, an attachment module 508, and a forwarding module 510.
The request module 502 is configured to obtain an HTTPS request from a client based on an HTTPS connection;
the scheduling module 504 is configured to determine a target server from the server cluster based on a scheduling algorithm;
the connection module 506 is configured to establish an HTTP connection with the target server;
an append module 508 to append the client's certificate to the HTTPS request; the add-in module 508 is further configured to compare the attributes of the HTTPS request with the preset condom interface layer policy; and when the preset security socket layer strategy is met, encrypting the certificate and attaching the encrypted certificate to the HTTPS request. More specifically, the certificate may be encrypted based on base64 and then appended to the HTTPS request.
The forwarding module 510 is configured to forward the HTTPs request to the target server for processing based on an HTTP connection.
Fig. 6 is a block diagram illustrating an HTTPS request processing device according to another example embodiment. As shown in fig. 6, the HTTPS request processing device 60 may be used for a server in a server cluster, and includes: a receiving module 602, a decrypting module 604 and a processing module 606.
The receiving module 602 is configured to receive an HTTPS request from a load balancing device;
the decryption module 604 is configured to decrypt the HTTPS request to obtain a certificate;
the processing module 606 is configured to process the HTTPS request based on the certificate. The processing module 606 is further configured to determine a processing manner based on the certificate; processing the HTTPS request according to the processing mode
According to the HTTPS request processing device disclosed by the invention, an HTTPS request from a client is obtained based on HTTPS connection; determining a target server from the server cluster based on a scheduling algorithm; establishing an HTTP connection with the target server; attaching the client's certificate in the HTTPS request; and forwarding the HTTPS request to the target server for processing based on HTTP connection, so that the pressure of the server can be reduced, and meanwhile, the server can provide personalized service for the client according to the acquired certificate information.
FIG. 7 is a block diagram illustrating an electronic device in accordance with an example embodiment.
An electronic device 700 according to this embodiment of the disclosure is described below with reference to fig. 7. The electronic device 700 shown in fig. 7 is only an example and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure.
As shown in fig. 7, electronic device 700 is embodied in the form of a general purpose computing device. The components of the electronic device 700 may include, but are not limited to: at least one processing unit 710, at least one memory unit 720, a bus 730 that connects the various system components (including the memory unit 720 and the processing unit 710), a display unit 740, and the like.
Wherein the storage unit stores program code that can be executed by the processing unit 710 to cause the processing unit 710 to perform the steps according to various exemplary embodiments of the present disclosure described in this specification. For example, the processing unit 710 may perform the steps as shown in fig. 2, 3, 4.
The memory unit 720 may include readable media in the form of volatile memory units, such as a random access memory unit (RAM)7201 and/or a cache memory unit 7202, and may further include a read only memory unit (ROM) 7203.
The memory unit 720 may also include a program/utility 7204 having a set (at least one) of program modules 7205, such program modules 7205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
The electronic device 700 may also communicate with one or more external devices 700' (e.g., keyboard, pointing device, bluetooth device, etc.), such that a user can communicate with devices with which the electronic device 700 interacts, and/or any devices (e.g., router, modem, etc.) with which the electronic device 700 can communicate with one or more other computing devices. Such communication may occur via an input/output (I/O) interface 750. Also, the electronic device 700 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the internet) via the network adapter 760. The network adapter 760 may communicate with other modules of the electronic device 700 via the bus 730. It should be appreciated that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the electronic device 700, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, as shown in fig. 8, the technical solution according to the embodiment of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, or a network device, etc.) to execute the above method according to the embodiment of the present disclosure.
The software product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable storage medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable storage medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations for the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
The computer readable medium carries one or more programs which, when executed by a device, cause the computer readable medium to perform the functions of: acquiring an HTTPS request from a client based on the HTTPS connection; determining a target server from the server cluster based on a scheduling algorithm; establishing an HTTP connection with the target server; attaching the client's certificate in the HTTPS request; forwarding the HTTPS request to the target server for processing based on an HTTP connection. The computer readable medium may also perform the following functions: receiving an HTTPS request from a load balancing device; decrypting the HTTPS request to obtain a certificate; processing the HTTPS request based on the certificate.
Those skilled in the art will appreciate that the modules described above may be distributed in the apparatus according to the description of the embodiments, or may be modified accordingly in one or more apparatuses unique from the embodiments. The modules of the above embodiments may be combined into one module, or further split into multiple sub-modules.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a mobile terminal, or a network device, etc.) to execute the method according to the embodiments of the present disclosure.
Exemplary embodiments of the present disclosure are specifically illustrated and described above. It is to be understood that the present disclosure is not limited to the precise arrangements, instrumentalities, or instrumentalities described herein; on the contrary, the disclosure is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.
Claims (11)
1. An HTTPS request processing method for load balancing equipment comprises the following steps:
acquiring an HTTPS request from a client based on the HTTPS connection;
determining a target server from the server cluster based on a scheduling algorithm;
establishing an HTTP connection with the target server;
attaching the client's certificate in the HTTPS request;
forwarding the HTTPS request to the target server for processing based on an HTTP connection.
2. The method of claim 1, wherein prior to obtaining the HTTPS request from the client over the HTTPS connection, further comprising:
acquiring an HTTPS connection request from a client;
acquiring a certificate of the client based on the HTTPS connection request;
verifying whether the client is valid based on the certificate;
and when the client is valid, recording the certificate and establishing HTTPS connection with the client.
3. The method of claim 1, further comprising:
enabling a client authentication function in the load balancing equipment;
and enabling a function of transmitting the client certificate in the load balancing equipment.
4. The method of claim 1, further comprising:
and generating a preset secure socket layer strategy based on the attribute information of the hypertext transfer protocol.
5. The method of claim 4, wherein appending the client's certificate in the HTTPS request comprises:
comparing the attribute of the HTTPS request with the preset interface layer strategy of the condom;
and when the preset security socket layer strategy is met, encrypting the certificate and attaching the encrypted certificate to the HTTPS request.
6. The method of claim 5, wherein attaching the certificate encrypted in the HTTPS request comprises:
and encrypting the certificate based on a base64 mode and then attaching the certificate to the HTTPS request.
7. An HTTPS request handling apparatus for a load balancing device, comprising:
receiving an HTTPS request from a load balancing device;
decrypting the HTTPS request to obtain a certificate;
processing the HTTPS request based on the certificate.
8. The apparatus of claim 7, wherein processing the HTTPS request based on the certificate comprises:
determining a processing mode based on the certificate;
and processing the HTTPS request according to the processing mode.
9. An HTTPS request handling apparatus for a load balancing device, comprising:
the request module is used for acquiring an HTTPS request from a client based on the HTTPS connection;
the scheduling module is used for determining a target server from the server cluster based on a scheduling algorithm;
the connection module is used for establishing HTTP connection with the target server;
an append module to append the client's certificate to the HTTPS request;
and the forwarding module is used for forwarding the HTTPS request to the target server for processing based on HTTP connection.
10. An HTTPS request handling apparatus for a load balancing device, comprising:
the receiving module is used for receiving an HTTPS request from the load balancing equipment;
the decryption module is used for decrypting the HTTPS request to obtain a certificate;
and the processing module is used for processing the HTTPS request based on the certificate.
11. An HTTPS request handling system for a load balancing device, comprising:
the load balancing equipment is used for acquiring an HTTPS request from the client based on the HTTPS connection; determining a target server from the server cluster based on a scheduling algorithm; establishing an HTTP connection with the target server; attaching the client's certificate in the HTTPS request; forwarding the HTTPS request to the target server for processing based on an HTTP connection;
the server cluster receives an HTTPS request from the load balancing equipment; decrypting the HTTPS request to obtain a certificate; processing the HTTPS request based on the certificate.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110471768.7A CN113179323B (en) | 2021-04-29 | 2021-04-29 | HTTPS request processing method, device and system for load balancing equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110471768.7A CN113179323B (en) | 2021-04-29 | 2021-04-29 | HTTPS request processing method, device and system for load balancing equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113179323A true CN113179323A (en) | 2021-07-27 |
| CN113179323B CN113179323B (en) | 2023-07-04 |
Family
ID=76925160
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110471768.7A Active CN113179323B (en) | 2021-04-29 | 2021-04-29 | HTTPS request processing method, device and system for load balancing equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113179323B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113596149A (en) * | 2021-07-28 | 2021-11-02 | 马上消费金融股份有限公司 | Flow control method, device, equipment and storage medium |
| CN114448898A (en) * | 2022-01-04 | 2022-05-06 | 上海弘积信息科技有限公司 | Method for transmitting client certificate in load balancing system |
| CN114666315A (en) * | 2022-03-24 | 2022-06-24 | 杭州迪普科技股份有限公司 | HTTP request processing method and device of load balancing equipment |
| CN115296863A (en) * | 2022-07-15 | 2022-11-04 | 天翼云科技有限公司 | Method, device and storage medium for ensuring user safety |
| CN115334160A (en) * | 2022-08-03 | 2022-11-11 | 中国平安财产保险股份有限公司 | HTTPS certificate issuing method and related equipment thereof |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1820481A (en) * | 2003-07-11 | 2006-08-16 | 国际商业机器公司 | System and method for authenticating clients in a client-server environment |
| US20080060055A1 (en) * | 2006-08-29 | 2008-03-06 | Netli, Inc. | System and method for client-side authenticaton for secure internet communications |
| CN103428583A (en) * | 2013-08-12 | 2013-12-04 | 深圳市同洲电子股份有限公司 | Stream media file protection method and digital television terminal |
| WO2018121249A1 (en) * | 2016-12-30 | 2018-07-05 | 中国银联股份有限公司 | Ssl protocol-based access control method and device |
| CN109067803A (en) * | 2018-10-10 | 2018-12-21 | 深信服科技股份有限公司 | A kind of SSL/TLS encryption and decryption communication means, device and equipment |
| CN110519239A (en) * | 2019-08-09 | 2019-11-29 | 苏州浪潮智能科技有限公司 | A kind of protocol configuration method, device, equipment and readable storage medium storing program for executing |
| CN110730189A (en) * | 2019-10-23 | 2020-01-24 | 深信服科技股份有限公司 | Communication authentication method, device, equipment and storage medium |
-
2021
- 2021-04-29 CN CN202110471768.7A patent/CN113179323B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1820481A (en) * | 2003-07-11 | 2006-08-16 | 国际商业机器公司 | System and method for authenticating clients in a client-server environment |
| US20080060055A1 (en) * | 2006-08-29 | 2008-03-06 | Netli, Inc. | System and method for client-side authenticaton for secure internet communications |
| CN103428583A (en) * | 2013-08-12 | 2013-12-04 | 深圳市同洲电子股份有限公司 | Stream media file protection method and digital television terminal |
| WO2018121249A1 (en) * | 2016-12-30 | 2018-07-05 | 中国银联股份有限公司 | Ssl protocol-based access control method and device |
| CN109067803A (en) * | 2018-10-10 | 2018-12-21 | 深信服科技股份有限公司 | A kind of SSL/TLS encryption and decryption communication means, device and equipment |
| CN110519239A (en) * | 2019-08-09 | 2019-11-29 | 苏州浪潮智能科技有限公司 | A kind of protocol configuration method, device, equipment and readable storage medium storing program for executing |
| CN110730189A (en) * | 2019-10-23 | 2020-01-24 | 深信服科技股份有限公司 | Communication authentication method, device, equipment and storage medium |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113596149A (en) * | 2021-07-28 | 2021-11-02 | 马上消费金融股份有限公司 | Flow control method, device, equipment and storage medium |
| CN114448898A (en) * | 2022-01-04 | 2022-05-06 | 上海弘积信息科技有限公司 | Method for transmitting client certificate in load balancing system |
| CN114666315A (en) * | 2022-03-24 | 2022-06-24 | 杭州迪普科技股份有限公司 | HTTP request processing method and device of load balancing equipment |
| CN114666315B (en) * | 2022-03-24 | 2023-09-12 | 杭州迪普科技股份有限公司 | HTTP request processing method and device of load balancing equipment |
| CN115296863A (en) * | 2022-07-15 | 2022-11-04 | 天翼云科技有限公司 | Method, device and storage medium for ensuring user safety |
| CN115334160A (en) * | 2022-08-03 | 2022-11-11 | 中国平安财产保险股份有限公司 | HTTPS certificate issuing method and related equipment thereof |
| CN115334160B (en) * | 2022-08-03 | 2024-03-29 | 中国平安财产保险股份有限公司 | HTTPS certificate issuing method and related equipment thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113179323B (en) | 2023-07-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP7175550B2 (en) | resource locator with key | |
| CN113179323B (en) | HTTPS request processing method, device and system for load balancing equipment | |
| US10122692B2 (en) | Handshake offload | |
| CN108540459B (en) | Data storage method, device, system, electronic equipment and computer readable medium | |
| US8825999B2 (en) | Extending encrypting web service | |
| JP2018160919A (en) | Data security using request-supplied keys | |
| CN109347855B (en) | Data access method, device, system, electronic design and computer readable medium | |
| US10122689B2 (en) | Load balancing with handshake offload | |
| CN109218368B (en) | Method, device, electronic equipment and readable medium for realizing Http reverse proxy | |
| US11159498B1 (en) | Information security proxy service | |
| US20230216925A1 (en) | Leveraging web cookies for carrying messages across cloud application communications | |
| US11870902B2 (en) | Authenticating a messaging program session | |
| CN111177735A (en) | Identity authentication method, device, system and equipment and storage medium | |
| US10972580B1 (en) | Dynamic metadata encryption | |
| US8640185B2 (en) | Personal-information managing apparatus and personal-information handling apparatus | |
| CN116941215A (en) | High availability cryptographic key | |
| US20180225479A1 (en) | Personal data providing system, personal data providing method, and information processing apparatus | |
| CN116383867A (en) | Data query method, device, electronic equipment and computer readable medium | |
| CN114584381A (en) | Security authentication method and device based on gateway, electronic equipment and storage medium | |
| US8520840B2 (en) | System, method and computer product for PKI (public key infrastructure) enabled data transactions in wireless devices connected to the internet | |
| CN114598549B (en) | Customer SSL certificate verification method and device | |
| TW201121275A (en) | Cookie processing device, cookie processing method, cookie processing program, cookie processing system and information communication system | |
| US10608997B1 (en) | Context-based data access control | |
| US20040267870A1 (en) | Method of single sign-on emphasizing privacy and minimal user maintenance | |
| CN111625850A (en) | Access control method, device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |