JP2006129138A - Proxy server program and proxy server method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a proxy server program and proxy server method which dispense with prior setting about a server of a connection destination when a communication method is changed in a proxy server device. <P>SOLUTION: A communication means 2a receives contents 1a. The communication means 2a decodes the contents 1a when the contents 1a are received by cipher communication. A position information changing means 2b rewrites cipher communication to non-cipher communication when a hyperlink to other contents 1c exists in the contents 1a and cipher communication is designated as a communication method to the hyperlink. A client side transmitting means 2d transmits the contents 1a. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a proxy server program and a proxy server method for executing communication relay, and more particularly, to a proxy server program and a proxy server method for executing communication relay by changing the designation of a communication method.

  Currently, in communication between a client and a server, a proxy server device is used to restrict a connection from an internal network to an external network or to protect an internal network from an external network. Here, in the communication between the client and the server, the communication method used in the service request from the client to the server is the communication method specified in the hyperlink. Communication methods include encryption communication (for example, HTTPS) and non-encryption communication (for example, HTTP).

  Here, when the designated communication method is encryption communication, encryption communication is directly executed in communication between the client and the server via the proxy server device. Then, when the content filter server and the virus check server provide the service, the communication content cannot be referred to, so the service cannot be provided.

  In order for the content filter server and virus check server to provide services by referring to the communication content, communication between the server and the proxy server device may be encrypted communication, and communication between the proxy server device and the client may be non-encrypted communication. If possible, services can be provided by referring to the communication contents between the proxy server device and the client. For example, there is a technique for changing a communication method specified in a hyperlink using a proxy server device called a reverse proxy (see Non-Patent Document 1). Then, the content filter server and the virus check server can provide various services such as filtering, access control, content conversion, and virus check by referring to the communication content.

Here, the reverse proxy is not transparent to the client, that is, the existence of the reverse proxy is apparent from the client, and the reverse proxy operates as a server to which the client is connected. Therefore, when changing the communication method, the client designates the reverse proxy instead of the original connection destination server as the connection destination server. Therefore, the information of the original connection destination server is not transmitted from the client to the reverse proxy. As a countermeasure, when the communication method is changed, it is necessary to set in advance the information of the original connection destination server for the reverse proxy.
Fujitsu Limited, “Security Director”, [online], [October 10, 2004 search], Internet <URL: http: //interstage.fujifuji.com/jp/v6/sd/>

However, in the prior art, it is difficult to perform advance setting in advance for all original connection destination servers that may be used.
The present invention has been made in view of the above points, and provides a proxy server program and a proxy server method that eliminate the need for prior settings regarding a connection destination server when a communication method is changed in a proxy server device. For the purpose.

  In the present invention, in order to solve the above problem, as shown in FIG. 1, the communication means 2 a receives the content 1 a addressed to the client 4 from the server 1. Then, when the content 1a is received by encrypted communication, the communication unit 2a decrypts the content 1a. When the location information changing unit 2b has a hyperlink to another content 1c in the content 1a received by the communication unit 2a and the encryption communication is designated as the hyperlink communication method, the communication method is changed. Rewrite the specified description to non-encrypted communication. The client side transmission means 2d transmits the content 1a to the client 4. The client side receiving means 2e receives the content acquisition request 4b from the client 4. The protocol changing unit 2g specifies the communication method of the content acquisition request 4b when the content acquisition request 4b is a content acquisition request corresponding to the hyperlink in which the description specifying the communication method is rewritten by the position information changing unit 2b. Rewrite the description to encrypted communication. The communication unit 2 a transmits a content acquisition request 1 b to the server 1.

  If it does in this way, the content 1a addressed to the client 4 will be received from the server 1 by the communication means 2a. When the content 1a is received by encrypted communication by the communication unit 2a, the content 1a is decrypted. When there is a hyperlink to another content 1c in the content 1a received by the communication unit 2a by the position information changing unit 2b and encryption communication is designated as the hyperlink communication method, the communication method is changed. The specified description is rewritten to non-encrypted communication. The content 1a is transmitted to the client 4 by the client side transmission means 2d. The client side receiving means 2e receives the content acquisition request 4b from the client 4. When the content acquisition request 4b is a content acquisition request corresponding to a hyperlink in which the description specifying the communication method by the location information changing unit 2b is rewritten by the protocol changing unit 2g, the communication method of the content acquisition request 4b is specified. The description is rewritten to encrypted communication. A content acquisition request 1b is transmitted to the server 1 by the communication means 2a.

  In the present invention, when a hyperlink to other content exists in the content received by the server-side receiving means and encryption communication is designated as the hyperlink communication method, the communication method is automatically designated. The description to be changed was changed to non-encrypted communication.

  In this way, since the information of the original connection destination server is transmitted from the client to the proxy server device, when the communication method is changed in the proxy server device, prior setting for the connection destination server becomes unnecessary.

Hereinafter, embodiments of the present invention will be described with reference to the drawings.
First, the concept of the present invention will be described, and then the specific contents of the embodiment will be described.

FIG. 1 is a conceptual diagram of the present invention.
A computer system using the proxy server device 2 of the present invention includes a server 1, a proxy server device 2, and a client 4. The server 1 makes a service response to the service request from the client 4. The proxy server device 2 controls information flowing between an intranet (not shown) on the client 4 side and the Internet (not shown) on the server 1 side. The server 1 and the proxy server device 2 communicate with each other via the Internet. Further, the proxy server device 2 and the client 4 communicate with each other via an intranet.

The proxy server device 2 includes a communication unit 2a, a position information change unit 2b, a client side transmission unit 2d, a client side reception unit 2e, and a protocol change unit 2g.
The communication unit 2a receives the content 1a addressed to the client 4 from the server 1 through a URL (Uniform Resource Locator) indicating the location of the content. For example, the communication unit 2 a receives the content 1 a whose URL is “https: // BBB” from the server 1. Then, when the content 1a is received by encrypted communication, the communication unit 2a decrypts the content 1a. For example, the communication unit 2a decrypts the content 1a whose URL is “https: // BBB” into the content 4a whose URL is “http: // BBB”. Next, the position information changing unit 2b determines that the communication method is used when there is a hyperlink to other content in the content received by the communication unit 2a and the encryption communication is designated as the hyperlink communication method. Rewrite the description to specify as non-encrypted communication. For example, since the location information changing unit 2b has a case where a hyperlink to the content 1c exists in the content 1a and encryption communication by “https” is designated, “https: // AAA” is changed to “http: Rewrite as // AAA ".

  The client side transmission unit 2 d transmits the content 4 a to the client 4. For example, the client-side transmission unit 2 d transmits the content 4 a whose URL is “http: // BBB” to the client 4.

  The client side receiving means 2e receives the content acquisition request 4b from the client 4. For example, the client-side receiving unit 2 e receives a content acquisition request 4 b indicated by a URL “http: // AAA” from the client 4.

  When the content acquisition request 4b is a content acquisition request corresponding to a hyperlink in which the description specifying the communication method is rewritten by the location information changing unit 2b, the protocol changing unit 2g specifies the communication method of the content acquisition request 4b. Rewrite the description to encrypted communication. For example, the protocol changing unit 2g rewrites the content acquisition request 4b indicated by the URL "http: // AAA" into the content acquisition request 1b indicated by the URL "https: // AAA". Then, the communication unit 2 a transmits a content acquisition request 1 b to the server 1. For example, the communication unit 2 a transmits a content acquisition request 1 b indicated by a URL “https: // AAA” to the server 1.

  Thereafter, the communication unit 2a receives again the content 1c addressed to the client 4 from the server 1 by the URL indicating the position of the content. For example, the communication unit 2 a receives the content 1 c whose URL is “https: // AAA” from the server 1. Then, when the content 1c is received by encrypted communication, the communication unit 2a decrypts the content 1c. For example, the communication unit 2a decrypts the content 1c whose URL is “https: // AAA” into the content 4c whose URL is “http: // AAA”. Next, the position information changing unit 2b performs communication when there is a hyperlink to another content in the content 1c received by the communication unit 2a and encryption communication is designated as the hyperlink communication method. Rewrite the description that specifies the method to non-encrypted communication. For example, the location information changing unit 2b does not rewrite anything because there is no hyperlink to other content in the content 4c.

  The client side transmission unit 2 d transmits the content 4 c to the client 4. For example, the client side transmission unit 2 d transmits the content 4 c whose URL is “http: // AAA” to the client 4.

The communication unit 2a, the position information changing unit 2b, the client side transmitting unit 2d, the client side receiving unit 2e, and the protocol changing unit 2g communicate with each other.
Next, the operation of the conceptual diagram of FIG. 1 will be described.

  First, there is a service response to the client 4. The content 1a whose URL is “https: // BBB” is received from the server 1 by the communication means 2a. The content 1a whose URL is “https: // BBB” is decrypted into the content 4a whose URL is “http: // BBB” by the communication means 2a. Since the hyperlink to the content 1c exists in the content 1a and the encrypted communication by “https” is designated by the position information changing unit 2b, “https: // AAA” is changed to “http: // Rewritten as “AAA”. The content 4a whose URL is “http: // BBB” is transmitted to the client 4 by the client side transmission means 2d.

  Then, there is a service request for the server 1. The client side receiving means 2e receives the content acquisition request 4b indicated by the URL "http: // AAA" from the client 4. The protocol changing unit 2g rewrites the content acquisition request 4b indicated by the URL "http: // AAA" into the content acquisition request 1b indicated by the URL "https: // AAA". The content acquisition request 1b indicated by the URL “https: // AAA” is transmitted to the server 1 by the communication means 2a.

  Finally, there is a service response to the client 4 again. The content 1c whose URL is “https: // AAA” is received from the server 1 by the communication means 2a. The content 1c whose URL is “https: // AAA” is decrypted into the content 4c whose URL is “http: // AAA” by the communication means 2a. Since there is no hyperlink to another content in the content 1c, nothing is rewritten by the position information changing means 2b. The content 4c whose URL is “http: // AAA” is transmitted to the client 4 by the client side transmission means 2d.

  In this way, since the communication method is transparently changed between the client 4 and the server 1, the proxy server device 2 does not require prior settings regarding the server 1, and the server existing in an external network such as the Internet. No need to consider 1.

And the service response from all the servers can be decoded by providing the proxy server device 2 which does not depend on the existing server 1.
Hereinafter, specific contents of the embodiment will be described.

[First Embodiment]
FIG. 2 is a system configuration diagram of the first and second embodiments.
The computer system using the proxy server device 15 according to the first embodiment includes servers 10, 11, 12, and 13, the Internet 14, the proxy server device 15, the intranet 16, clients 17, 18, 19, and 20, a content filter server. 21 and a virus check server 22.

  The servers 10, 11, 12, and 13 respond to the service requests from the clients 17, 18, 19, and 20. The Internet 14 is a communication service for sharing information on a public network. The proxy server device 15 controls information that flows between the intranet 16 and the Internet 14. The intranet 16 is a private network and is a communication service for sharing information within a company or the like. The content filter server 21 prevents browsing of predetermined content. The virus check server 22 protects the intranet 16 from viruses that enter from the Internet 14.

  The servers 10, 11, 12, 13 and the proxy server device 15 communicate with each other via the Internet 14. Further, the proxy server device 15 and the clients 17, 18, 19, 20 communicate with each other via the intranet 16 and further via the content filter server 21 and the virus check server 22.

The function of the proxy server device according to the first embodiment will be described below. FIG. 3 is a block diagram illustrating functions of the proxy server device according to the first embodiment.
The computer system using the proxy server device 15 according to the first embodiment includes a server 10, a proxy server device 15, a content filter server 21, a virus check server 22, and a client 17. The server 10 makes a service response to the service request from the client 17. The proxy server device 15 controls information flowing between an intranet (not shown) and the Internet (not shown). The content filter server 21 prevents browsing of predetermined content. The virus check server 22 protects the intranet from viruses that enter from the Internet. The server 10 and the proxy server device 15 communicate with each other via the Internet. Further, the proxy server device 15 and the client 17 communicate with each other via the intranet, and further via the content filter server 21 and the virus check server 22.

  The proxy server device 15 includes a server side receiving unit 15a, a position information changing unit 15b, a client side transmitting unit 15c, a client side receiving unit 15d, a protocol changing unit 15e, and a server side transmitting unit 15f.

  The server-side receiving unit 15a receives content addressed to the client 17 from the server 10 by using a URL indicating the position of the content. And the server side receiving part 15a decodes a content, when a content is received by encryption communication.

  The location information changing unit 15b determines the communication method when there is a hyperlink to other content in the content received by the server-side receiving unit 15a and encryption communication is designated as the hyperlink communication method. Rewrite the specified description to non-encrypted communication. Then, the client side transmission unit 15 c transmits the content to the client 17.

The client side receiving unit 15 d receives a content acquisition request from the client 17.
When the content acquisition request is a content acquisition request corresponding to a hyperlink in which the description specifying the communication method is rewritten by the position information changing unit 15b, the protocol change unit 15e describes a description specifying the communication method of the content acquisition request. Rewrite to encrypted communication. Then, the server-side transmission unit 15 f transmits a content acquisition request to the server 10. Here, when encryption communication is designated, the server-side transmission unit 15f establishes a link to the server 10 and uses the established link for encryption communication.

  The server-side receiving unit 15a, the position information changing unit 15b, the client-side transmitting unit 15c, the client-side receiving unit 15d, the protocol changing unit 15e, and the server-side transmitting unit 15f communicate with each other.

Next, the operation of the block diagram of FIG. 3 will be described.
The server-side receiving unit 15a receives content addressed to the client 17 from the server 10 using a URL indicating the position of the content. When the content is received by encrypted communication by the server side receiving unit 15a, the content is decrypted.

  When the location information changing unit 15b includes a hyperlink to other content in the content received by the server-side receiving unit 15a and encryption communication is designated as the hyperlink communication method, the communication method is changed. The specified description is rewritten to non-encrypted communication. Then, the content is transmitted to the client 17 by the client side transmission unit 15c.

  Here, communication contents are referred to by the content filter server 21 and the virus check server 22. Specifically, the content filter server 21 prevents browsing of predetermined content, and the virus check server 22 protects the intranet from viruses that enter from the Internet.

The client side receiving unit 15d receives a content acquisition request from the client 17.
When the content acquisition request is a content acquisition request corresponding to a hyperlink in which the description specifying the communication method by the location information changing unit 15b is rewritten by the protocol changing unit 15e, a description specifying the communication method of the content acquisition request is provided. Rewritten to encrypted communication. Then, a content acquisition request is transmitted to the server 10 by the server side transmission unit 15f.

  In this way, since the communication method is transparently changed between the client 17 and the server 10, the proxy server device 15 does not require prior settings regarding the server 10, and the server existing in an external network such as the Internet. No need to consider 10.

  By providing the proxy server device 15 that does not depend on the existing server 10, the service responses from all the servers can be decrypted, and the services by the content filter server 21, the virus check server 22, and the like can be provided.

The protocol is not limited to the “http” communication method and the “https” communication method.
In the following, an example of processing executed in the first embodiment will be described with reference to FIGS. 4 and 5. 4 is executed when a service response exists from the server 10 to the client 17. 5 is executed when there is a service request from the client 17 to the server 10. When the flowcharts of FIGS. 4 and 5 are executed, the following steps are executed.

FIG. 4 is a flowchart illustrating processing of the position information changing unit according to the first embodiment.
[S11] The position information changing unit 15b determines whether the content responding to the client 17 is hypertext content. If the content is hypertext content, the process proceeds to S12. If the content is not hypertext content, the process ends.

[S12] The position information changing unit 15b searches for hyperlinks in the hypertext content.
[S13] The position information changing unit 15b determines whether all hyperlinks have been searched. If a search is made, the process ends. If not, the process proceeds to S14.

  [S14] The position information changing unit 15b determines whether the schema of the hyperlink is “https”. If it is “https”, the process proceeds to S15. If it is not “https”, the process proceeds to S11.

[S15] The location information changing unit 15b changes the URL from “https” to “http”.
[S16] The location information changing unit 15b adds “.https” to the host name. The location information changing unit 15b can also add “.https” to the path name. Further, the position information changing unit 15b can prepare a plurality of URL changing methods and use the URL changing method selected by the user.

FIG. 5 is a flowchart illustrating processing of the protocol changing unit according to the first embodiment.
[S21] The protocol change unit 15e determines whether “.https” exists in the host name in the service request from the client 17. If it exists, the process proceeds to S22. If it does not exist, the process ends.

[S22] The protocol changing unit 15e deletes the existing “.https”.
[S23] The protocol changing unit 15e changes the designation of the communication method between the proxy server device 15 and the server 10 from “http” to “https”.

[S24] The server-side transmission unit 15f uses “https”, which is the communication method of the changed hyperlink.
Hereinafter, an example of the processing of S15 and S16 in FIG. 4 will be described. FIG. 6 is a diagram illustrating an example of changing a hyperlink.

  The hyperlink change example 200 includes a number, a URL indicated by the hyperlink before the change, and a URL indicated by the hyperlink after the change. The number is a number representative of a hyperlink change example. The URL indicated by the hyperlink before the change is a URL applied between the proxy server device 15 and the server 10. The URL indicated by the changed hyperlink is a URL applied between the client 17 and the proxy server device 15. In the hyperlink modification example 200, the items arranged in the horizontal direction are associated with each other.

  For example, when the number is “0001”, “http://www.fujifuji.com/index.html” is not encrypted, so it is not changed, and the URL indicated by the hyperlink before change and the changed hyperlink are not changed. The URL indicated by the link is the same. When the number is “0002”, “ftp://www.fujifuji.com/pub/” is not encrypted, so it is not changed, and the URL indicated by the hyperlink before the change and the hyperlink after the change are changed. Is the same URL. However, when the number is “0003”, since “https://www.fujifuji.com/index.html” is encrypted, the URL indicated by the hyperlink before the change and the URL indicated by the hyperlink after the change Is not the same. Therefore, the original URL “https://www.fujifuji.com/index.html” is changed to the URL “http: //www.fujifuji.com.https/index.html” by the proxy server device 15. Has been.

[Second Embodiment]
In the first embodiment, the proxy server device 15 does not store the hyperlink rewrite result, but the second embodiment stores it. In the URL indicated by the hyperlink after rewriting, the first embodiment does not generate a unique URL, but the second embodiment generates a unique URL.

The function of the proxy server device according to the second embodiment will be described below. FIG. 7 is a block diagram illustrating functions of the proxy server device according to the second embodiment.
In the computer system using the proxy server device 23 of the second embodiment, when the block diagram of FIG. 3 is compared with the block diagram of FIG. 7, only the function of the proxy server device 23 is changed. In addition, description is abbreviate | omitted when it has the same function by the same name.

  Compared with the proxy server device 15 of FIG. 3, the proxy server device 23 is only added with the hyperlink table 23g, and the functions of the position information changing unit 23b and the protocol changing unit 23e are changed accordingly. In addition, description is abbreviate | omitted when it has the same function by the same name.

  The location information changing unit 23b determines the communication method when there is a hyperlink to other content in the content received by the server-side receiving unit 23a and encryption communication is designated as the hyperlink communication method. The description to be specified is rewritten to non-encrypted communication, and the rewrite result is stored in the hyperlink table 23g.

  When the content acquisition request is a content acquisition request stored in the hyperlink table 23g, the protocol change unit 23e rewrites the description specifying the communication method of the content acquisition request into encrypted communication based on the hyperlink table 23g.

  The server-side receiving unit 23a, the position information changing unit 23b, the client-side transmitting unit 23c, the client-side receiving unit 23d, the protocol changing unit 23e, the server-side transmitting unit 23f, and the hyperlink table 23g communicate with each other.

Next, the operation of the block diagram of FIG. 7 will be described.
The server-side receiving unit 23a receives the content addressed to the client 17 from the server 10 by the URL indicating the content position. When the content is received by encrypted communication by the server side receiving unit 15a, the content is decrypted.

  When the location information changing unit 23b includes a hyperlink to other content in the content received by the server-side receiving unit 23a and encryption communication is designated as the hyperlink communication method, the communication method is changed. The specified description is rewritten to non-encrypted communication, and the rewrite result is stored in the hyperlink table 23g. Then, the content is transmitted to the client 17 by the client side transmission unit 23c.

  Here, communication contents are referred to by the content filter server 21 and the virus check server 22. Specifically, the content filter server 21 prevents browsing of predetermined content, and the virus check server 22 protects the intranet from viruses that enter from the Internet.

The client-side receiving unit 23d receives a content acquisition request from the client 17.
When the content acquisition request is a content acquisition request stored in the hyperlink table 23g, the protocol changing unit 23e rewrites the description specifying the communication method of the content acquisition request into encrypted communication based on the hyperlink table 23g. . Then, the server side transmission unit 23f transmits a content acquisition request to the server.

  In this way, since the communication method is transparently changed between the client 17 and the server 10, the proxy server device 23 does not require prior settings regarding the server 10, and the server existing in an external network such as the Internet. No need to consider 10.

  By providing the proxy server device 23 that does not depend on the existing server 10, the service responses from all the servers can be decoded, and the services by the content filter server 21, the virus check server 22, and the like can be provided.

Furthermore, since the hyperlink table 23g is used, a unique name can be freely set, and the degree of freedom of the computer system is improved.
The protocol is not limited to the “http” communication method and the “https” communication method.

The database used in the second embodiment will be described below. FIG. 8 is a diagram illustrating an example of a hyperlink table.
The hyperlink table 23g includes a number, a URL indicated by the hyperlink before change, and a URL indicated by the hyperlink after change. The number is a number representative of a hyperlink change example. The URL indicated by the hyperlink before the change is a URL applied between the proxy server device 23 and the server 10. The URL indicated by the changed hyperlink is a URL applied between the client 17 and the proxy server device 23. In the hyperlink table 23g, the items arranged in the horizontal direction are associated with each other.

  For example, when the number is “0001”, the URL “http://www.fujifuji.com/index.html” is changed to a unique URL “http: //proxy/1.html”. When the number is “0002”, the URL “ftp://www.fujifuji.com/pub/” is changed to a unique URL “http: // proxy / 2 /”. Further, when the number is “0003”, the URL “https://www.fujifuji.com/index.html” is changed to a unique URL “http: //proxy/3.html”.

  Note that the hyperlink may be changed only for a specific communication method. In this case, the hyperlink table 23g is created only for the specific communication method.

  Hereinafter, an example of processing executed in the second embodiment will be described with reference to FIGS. 9 and 10. The process of FIG. 9 is executed when a service response exists from the server 10 to the client 17. 10 is executed when a service request exists from the client 17 to the server 10. When the flowcharts of FIGS. 9 and 10 are executed, the following steps are executed.

FIG. 9 is a flowchart illustrating processing of the position information changing unit according to the second embodiment.
[S31] The position information changing unit 23b determines whether the content responding to the client 17 is hypertext content. If the content is hypertext content, the process proceeds to S32. If the content is not hypertext content, the process ends.

[S32] The position information changing unit 23b searches the hypertext content for a hyperlink.
[S33] The position information changing unit 23b determines whether all hyperlinks have been searched. If a search is made, the process ends. If not, the process proceeds to S34.

  [S34] The position information changing unit 23b changes the URL indicated by the hyperlink to the URL indicated by the unique hyperlink. For example, the host name is the host name of the proxy server device 23 and the path name is the sequence number. Then, the position information changing unit 23b stores the URL before change and the URL after change in the hyperlink table 23g.

FIG. 10 is a flowchart illustrating processing of the protocol changing unit according to the second embodiment.
[S41] The protocol changing unit 23e refers to the hyperlink table 23g to determine whether or not there is a hyperlink related to the service request from the client 17. If it exists, the process proceeds to S42. If it does not exist, the process ends.

[S42] The protocol change unit 23e changes the hyperlink to be used.
[S43] The server-side transmission unit 23f uses the changed hyperlink communication method.
[Third Embodiment]
In the first embodiment, the content filter server 21 and the virus check server 22 refer to the communication contents from between the client 17 and the proxy server device 15. In the third embodiment, the content is transmitted from the proxy server device 30 to the content. The filter server 31 and the virus check server 32 refer to the communication contents.

FIG. 11 is a system configuration diagram of the third and fourth embodiments.
The computer system using the proxy server device 30 of the third embodiment includes servers 25, 26, 27, 28, the Internet 29, a proxy server device 30, a content filter server 31, a virus check server 32, an intranet 33, and a client 34. 35, 36, 37.

  The servers 25, 26, 27, 28 respond to the service request from the clients 34, 35, 36, 37. The Internet 29 is a communication service for sharing information on a public network. The proxy server device 30 controls information that flows between the intranet 33 and the Internet 29. The content filter server 31 prevents browsing of predetermined content. The virus check server 32 protects the intranet 33 from viruses that enter from the Internet 29. The intranet 33 is a private network and is a communication service for sharing information within a company or the like.

  The servers 25, 26, 27, 28 and the proxy server device 30 communicate with each other via the Internet 29. Further, the proxy server device 30 and the clients 34, 35, 36 and 37 communicate with each other via the intranet 33. The proxy server device 30, the content filter server 31, and the virus check server 32 communicate with each other.

The function of the proxy server device according to the third embodiment will be described below. FIG. 12 is a block diagram illustrating functions of the proxy server device according to the third embodiment.
In the computer system using the proxy server device 30 according to the third embodiment, the function of the proxy server device 30 is changed by comparing the block diagram of FIG. 3 with the block diagram of FIG. Only the communication destination of the check server 32 is changed. The server 25 and the proxy server device 30 communicate with each other via the Internet (not shown). The proxy server device 30 and the client 34 communicate with each other via an intranet (not shown). Further, the content filter server 31, the virus check server 32, and the proxy server device 30 communicate with each other. In addition, description is abbreviate | omitted when it has the same function by the same name.

  Compared with the proxy server device 15 of FIG. 3, the proxy server device 30 is simply provided with a content interface unit 30c and a protocol interface unit 30f. In addition, description is abbreviate | omitted when it has the same function by the same name.

  The content interface unit 30c enables the content filter server 31 and the virus check server 32 to refer to the communication content between the position information change unit 30b and the client side transmission unit 30d. Then, the content interface unit 30 c receives service provision from the content filter server 31 and the virus check server 32.

  The protocol interface unit 30f enables the content filter server 31 and the virus check server 32 to refer to the communication contents between the client side receiving unit 30e and the protocol changing unit 30g. Then, the protocol interface unit 30 f receives service provision from the content filter server 31 and the virus check server 32.

  The server side receiving unit 30a, the location information changing unit 30b, the client side transmitting unit 30d, the client side receiving unit 30e, the protocol changing unit 30g, the server side transmitting unit 30h, the content interface unit 30c, and the protocol interface unit 30f communicate with each other. Yes.

Next, the operation of the block diagram of FIG. 12 will be described.
The server-side receiving unit 30a receives content addressed to the client 34 from the server 25 by a URL indicating the position of the content. Then, when the content is received by encrypted communication by the server-side receiving unit 30a, the content is decrypted.

  When the location information changing unit 30b includes a hyperlink to other content in the content received by the server-side receiving unit 30a and the encryption communication is designated as the hyperlink communication method, the communication method is changed. The specified description is rewritten to non-encrypted communication. Thereafter, the content interface server 30c enables the content filter server 31 and the virus check server 32 to refer to the communication content. The content interface unit 30c provides services from the content filter server 31 and the virus check server 32. For example, the content filter server 31 prevents predetermined content from being browsed, and the virus check server 32 protects the intranet from viruses entering from the Internet.

The content is transmitted to the client 34 by the client side transmitting unit 30d.
The client side receiving unit 30e receives a content acquisition request from the client 34. Thereafter, the protocol interface unit 30f allows the content filter server 31 and the virus check server 32 to refer to the communication content. Then, a service is provided from the content filter server 31 and the virus check server 32 by the protocol interface unit 30f. For example, the content filter server 31 prevents predetermined content from being browsed, and the virus check server 32 protects the intranet from viruses entering from the Internet.

  When the content change request by the protocol changing unit 30g is a content acquisition request corresponding to a hyperlink in which the description specifying the communication method by the position information changing unit 30b is rewritten, a description specifying the communication method of the content acquisition request is provided. Rewritten to encrypted communication.

The server side transmission unit 30h transmits a content acquisition request to the server 25.
In this way, since the communication method is transparently changed between the client 34 and the server 25, the proxy server device 30 does not require prior settings relating to the server 25, and the server existing in an external network such as the Internet. No need to consider 25.

  By providing the proxy server device 30 that does not depend on the existing server 25, the service responses from all the servers can be decoded, and the services by the content filter server 31, the virus check server 32, etc. can be provided.

  Furthermore, since the content filter server 31, the virus check server 32, and the proxy server device 30 communicate directly with each other, it is based on processing based on service request filtering and access control, and on virus check and content conversion of service response content. Services can be easily provided.

Note that the proxy server device 30, the content filter server 31, and the virus check server 32 may be configured by one device instead of three devices.
In some cases, the content interface unit 30c is included and the protocol interface unit 30f is not included. In some cases, the protocol interface unit 30f is included and the content interface unit 30c is not included.

Further, the protocol is not limited to the “http” communication method and the “https” communication method.
[Fourth Embodiment]
In the third embodiment, the proxy server device 30 does not store the hyperlink rewrite result, but the fourth embodiment stores the result. In the URL indicated by the hyperlink after rewriting, a unique URL is not generated in the third embodiment, but a unique URL is generated in the third embodiment.

The function of the proxy server device according to the fourth embodiment will be described below. FIG. 13 is a block diagram illustrating functions of the proxy server device according to the fourth embodiment.
In the computer system using the proxy server device 38 of the fourth embodiment, the function of the proxy server device 38 is changed as compared with the block diagram of FIG. In addition, description is abbreviate | omitted when it has the same function by the same name.

  Compared with the proxy server device 30 of FIG. 12, the proxy server device 38 is only added with the hyperlink table 38i, and the functions of the position information changing unit 38b and the protocol changing unit 38g are changed accordingly. In addition, description is abbreviate | omitted when it has the same function by the same name.

  The server side receiving unit 38a, the position information changing unit 38b, the client side transmitting unit 38d, the client side receiving unit 38e, the protocol changing unit 38g, the server side transmitting unit 38h, the content interface unit 38c, the protocol interface unit 38f and the hyperlink table 38i Communicate with each other.

Next, the operation of the block diagram of FIG. 13 will be described.
The server-side receiving unit 38a receives content addressed to the client 34 from the server 25 by a URL indicating the position of the content. Then, when the content is received by encrypted communication by the server-side receiving unit 38a, the content is decrypted.

  When the location information changing unit 38b includes a hyperlink to other content in the content received by the server-side receiving unit 38a, and encryption communication is designated as the hyperlink communication method, the communication method is changed. The description to be specified is rewritten to non-encrypted communication, and the rewrite result is stored in the hyperlink table 38i. Thereafter, the content interface server 38c enables the content filter server 31 and the virus check server 32 to refer to the communication content. A service is provided from the content filter server 31 and the virus check server 32 by the content interface unit 38c. For example, the content filter server 31 prevents predetermined content from being browsed, and the virus check server 32 protects the intranet from viruses entering from the Internet.

The content is transmitted to the client 34 by the client side transmission unit 38d.
The client side receiving unit 38e receives a content acquisition request from the client 34. Thereafter, the protocol interface unit 38f enables the content filter server 31 and the virus check server 32 to refer to the communication content. The protocol interface unit 38f provides services from the content filter server 31 and the virus check server 32. For example, the content filter server 31 prevents predetermined content from being browsed, and the virus check server 32 protects the intranet from viruses entering from the Internet.

  When the content acquisition request is a content acquisition request stored in the hyperlink table 38i, the protocol changing unit 38g rewrites the description specifying the communication method of the content acquisition request into the encrypted communication based on the hyperlink table 38i. .

The server side transmission unit 38h transmits a content acquisition request to the server 25.
In this way, since the communication method is transparently changed between the client 34 and the server 25, the proxy server device 38 does not require prior settings relating to the server 25, and the server existing in an external network such as the Internet. No need to consider 25.

  By providing the proxy server device 38 that does not depend on the existing server 25, service responses from all the servers can be decrypted, and services by the content filter server 31, the virus check server 32, and the like can be provided.

  Further, since the content filter server 31, the virus check server 32, and the proxy server device 38 communicate directly with each other, it is based on processing based on service request filtering and access control, and virus check and content conversion of service response content. Services can be easily provided.

Further, since the hyperlink table 38i is used, a unique name can be freely set, and the degree of freedom of the computer system is improved.
The proxy server device 38, the content filter server 31, and the virus check server 32 may be configured by one device instead of three devices.

  In some cases, the content interface unit 38c is included and the protocol interface unit 38f is not included. In some cases, the protocol interface unit 38f is included and the content interface unit 38c is not included.

Further, the protocol is not limited to the “http” communication method and the “https” communication method.
FIG. 14 is a diagram illustrating an example of a hardware configuration of a computer. The entire computer 300 is controlled by a CPU (Central Processing Unit) 301. A random access memory (RAM) 302, a hard disk drive (HDD) 303, a graphic processing device 304, an input interface 305, and a communication interface 306 are connected to the CPU 301 via a bus 307.

  The RAM 302 temporarily stores at least part of an OS (Operating System) program and application programs to be executed by the CPU 301. The RAM 302 stores various data necessary for processing by the CPU 301. The HDD 303 stores an OS and application programs.

  A monitor 310 is connected to the graphic processing device 304. The graphic processing device 304 displays an image on the screen of the monitor 310 in accordance with a command from the CPU 301. A keyboard 320 and a mouse 330 are connected to the input interface 305. The input interface 305 transmits a signal transmitted from the keyboard 320 or the mouse 330 to the CPU 301 via the bus 307.

  The communication interface 306 is connected to the network 340. The communication interface 306 transmits / receives data to / from other computers via the network 340.

With the hardware configuration as described above, the processing functions of the present embodiment can be realized.
The above processing functions can be realized by a server computer of a client server system. In that case, a server program describing the processing contents of the functions that the proxy server device should have is provided. The server computer executes the server program in response to a request from the client computer. As a result, the processing function is realized on the server computer, and the processing result is provided to the client computer.

  The server program describing the processing contents can be recorded on a recording medium readable by the server computer. Examples of the recording medium readable by the server computer include a magnetic recording device, an optical disk, a magneto-optical recording medium, and a semiconductor memory. Examples of the magnetic recording device include a hard disk device (HDD), a flexible disk (FD), and a magnetic tape. Optical disks include DVD (Digital Versatile Disc), DVD-RAM, CD-ROM (Compact Disc Read Only Memory), CD-R (Recordable) / RW (ReWritable), and the like. Magneto-optical recording media include MO (Magneto-Optical disk).

When distributing the server program, for example, a portable recording medium such as a DVD or a CD-ROM in which the server program is recorded is sold.
The server computer that executes the server program stores, for example, the server program recorded on a portable recording medium in its own storage device. Then, the server computer reads the server program from its own storage device and executes processing according to the server program. The server computer can also read the server program directly from the portable recording medium and execute processing according to the server program.

(Supplementary note 1) In a proxy server program that executes communication relay by changing the specification of a communication method,
On the computer,
A communication means receives content addressed to a client from a server and decrypts the content when the content is received by encrypted communication;
The location information changing unit specifies a communication method when a hyperlink to another content exists in the content received by the communication unit and encryption communication is specified as the communication method of the hyperlink. Rewriting the description to non-encrypted communication;
A client-side transmitting means transmitting the content to the client;
A client-side receiving unit receiving a content acquisition request from the client;
The protocol changing means, when the content acquisition request is a content acquisition request corresponding to a hyperlink in which the description specifying the communication method by the position information changing means is rewritten, a description specifying the communication method of the content acquisition request Rewriting to encrypted communication,
The communication means transmitting the content acquisition request to the server;
A proxy server program that executes a process including:

(Supplementary Note 2) When the location information changing unit includes a hyperlink to other content in the content received by the server-side receiving unit, and encryption communication is designated as the hyperlink communication method , Rewrite the description that specifies the communication method to non-encrypted communication, store the rewrite result in the hyperlink table,
When the content acquisition request is a content acquisition request stored in the hyperlink table, the protocol changing unit rewrites a description specifying a communication method of the content acquisition request into encrypted communication based on the hyperlink table. ,
The proxy server program according to supplementary note 1, characterized in that:

(Supplementary note 3)
A step of providing a communication content between the location information changing unit and the client-side transmission unit to other devices;
Protocol interface means providing other devices with the communication content between the client side receiving means and the protocol changing means;
The proxy server program according to appendix 1, further comprising executing a process including:

(Supplementary Note 4) The location information changing unit includes a hyperlink to another content in the content received by the server-side receiving unit, and encryption communication is designated as the hyperlink communication method. In this case, the description specifying the communication method is rewritten to non-encrypted communication, and the description specifying the original communication method is added to the information specifying the location of the content of the hyperlink,
The protocol changing means rewrites the description specifying the communication method of the content acquisition request into encrypted communication when there is a description specifying the original communication method in the information specifying the location of the content of the content acquisition request. ,
The proxy server program according to supplementary note 1, characterized in that:

(Additional remark 5) In the proxy server apparatus which performs communication relay by changing the designation of the communication method,
Communication means for receiving content addressed to the client from the server and decrypting the content when the content is received by encrypted communication;
If there is a hyperlink to other content in the content received by the communication means and encryption communication is specified as the communication method of the hyperlink, the description specifying the communication method is changed to non-encrypted communication. Rewriting location information changing means;
Client-side transmission means for transmitting the content to the client;
Client-side receiving means for receiving a content acquisition request from the client;
When the content acquisition request is a content acquisition request corresponding to a hyperlink in which the description specifying the communication method is rewritten by the location information changing unit, the description specifying the communication method of the content acquisition request is rewritten to encrypted communication. A protocol change means;
The communication means for transmitting the content acquisition request to the server;
A proxy server device characterized by comprising:

(Supplementary note 6) In a computer-readable storage medium in which a proxy server program for executing communication relay by changing the designation of a communication method is recorded,
On the computer,
A communication means receives content addressed to a client from a server and decrypts the content when the content is received by encrypted communication;
The location information changing unit specifies a communication method when a hyperlink to another content exists in the content received by the communication unit and encryption communication is specified as the communication method of the hyperlink. Rewriting the description to non-encrypted communication;
A client-side transmitting means transmitting the content to the client;
A client-side receiving unit receiving a content acquisition request from the client;
The protocol changing means, when the content acquisition request is a content acquisition request corresponding to a hyperlink in which the description specifying the communication method by the position information changing means is rewritten, a description specifying the communication method of the content acquisition request Rewriting to encrypted communication,
The communication means transmitting the content acquisition request to the server;
A computer-readable storage medium storing a proxy server program characterized in that the process includes:

(Supplementary note 7) In a proxy server control method for executing communication relay by changing designation of a communication method by a computer,
A communication means receives content addressed to a client from a server and decrypts the content when the content is received by encrypted communication;
The location information changing unit specifies a communication method when a hyperlink to another content exists in the content received by the communication unit and encryption communication is specified as the communication method of the hyperlink. Rewriting the description to non-encrypted communication;
A client-side transmitting means transmitting the content to the client;
A client-side receiving unit receiving a content acquisition request from the client;
The protocol changing means, when the content acquisition request is a content acquisition request corresponding to a hyperlink in which the description specifying the communication method by the position information changing means is rewritten, a description specifying the communication method of the content acquisition request Rewriting to encrypted communication,
The communication means transmitting the content acquisition request to the server;
A proxy server control method comprising:

It is a conceptual diagram of this invention. It is a system configuration figure of a 1st and 2nd embodiment. It is a block diagram which shows the function of the proxy server apparatus of 1st Embodiment. It is a flowchart which shows the process of the positional information change part of 1st Embodiment. It is a flowchart which shows the process of the protocol change part of 1st Embodiment. It is a figure which shows the example of a change of a hyperlink. It is a block diagram which shows the function of the proxy server apparatus of 2nd Embodiment. It is a figure which shows the example of a hyperlink table. It is a flowchart which shows the process of the positional information change part of 2nd Embodiment. It is a flowchart which shows the process of the protocol change part of 2nd Embodiment. It is a system configuration figure of the 3rd and 4th embodiment. It is a block diagram which shows the function of the proxy server apparatus of 3rd Embodiment. It is a block diagram which shows the function of the proxy server apparatus of 4th Embodiment. It is a figure which shows the example of the hardware constitutions of a computer.

Explanation of symbols

1 server 1a, 1c content 1b protocol 2 proxy server device 2a communication means 2b location information changing means 2d client side transmitting means 2e client side receiving means 2g protocol changing means 4 client 4a, 4c contents 4b protocol

Claims (5)

In a proxy server program that executes communication relay by changing the communication method specification,
On the computer,
A communication means receives content addressed to a client from a server and decrypts the content when the content is received by encrypted communication;
The location information changing unit specifies a communication method when a hyperlink to another content exists in the content received by the communication unit and encryption communication is specified as the communication method of the hyperlink. Rewriting the description to non-encrypted communication;
A client-side transmitting means transmitting the content to the client;
A client-side receiving unit receiving a content acquisition request from the client;
The protocol changing means, when the content acquisition request is a content acquisition request corresponding to a hyperlink in which the description specifying the communication method by the position information changing means is rewritten, a description specifying the communication method of the content acquisition request Rewriting to encrypted communication,
The communication means transmitting the content acquisition request to the server;
A proxy server program that executes a process including: When the location information changing unit includes a hyperlink to other content in the content received by the server-side receiving unit and encryption communication is designated as the communication method of the hyperlink, the communication method is changed. Rewrite the specified description to non-encrypted communication, store the rewrite result in the hyperlink table,
When the content acquisition request is a content acquisition request stored in the hyperlink table, the protocol changing unit rewrites a description specifying a communication method of the content acquisition request into encrypted communication based on the hyperlink table. ,
The proxy server program according to claim 1, wherein: In the computer,
A step of providing a communication content between the location information changing unit and the client-side transmission unit to other devices;
Protocol interface means providing other devices with the communication content between the client side receiving means and the protocol changing means;
The proxy server program according to claim 1, further comprising a process including: The location information changing unit is a communication method when there is a hyperlink to other content in the content received by the server-side receiving unit, and encryption communication is designated as the communication method of the hyperlink. Rewrite the description specifying the non-encrypted communication, add the description specifying the original communication method in the information specifying the location of the content of the hyperlink,
The protocol changing means rewrites the description specifying the communication method of the content acquisition request into encrypted communication when there is a description specifying the original communication method in the information specifying the location of the content of the content acquisition request. ,
The proxy server program according to claim 1, wherein: In the proxy server device that executes communication relay by changing the specification of the communication method,
Communication means for receiving content addressed to the client from the server and decrypting the content when the content is received by encrypted communication;
If there is a hyperlink to other content in the content received by the communication means and encryption communication is specified as the communication method of the hyperlink, the description specifying the communication method is changed to non-encrypted communication. Rewriting location information changing means;
Client-side transmission means for transmitting the content to the client;
Client-side receiving means for receiving a content acquisition request from the client;
When the content acquisition request is a content acquisition request corresponding to a hyperlink in which the description specifying the communication method is rewritten by the location information changing unit, the description specifying the communication method of the content acquisition request is rewritten to encrypted communication. A protocol change means;
The communication means for transmitting the content acquisition request to the server;
A proxy server device characterized by comprising:

Images