CN107135266A - HTTP Proxy framework safety data transmission method - Google Patents
HTTP Proxy framework safety data transmission method Download PDFInfo
- Publication number
- CN107135266A CN107135266A CN201710357410.5A CN201710357410A CN107135266A CN 107135266 A CN107135266 A CN 107135266A CN 201710357410 A CN201710357410 A CN 201710357410A CN 107135266 A CN107135266 A CN 107135266A
- Authority
- CN
- China
- Prior art keywords
- client
- request
- snapshot
- proxy gateway
- http
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 22
- 230000005540 biological transmission Effects 0.000 title claims abstract description 20
- 231100000279 safety data Toxicity 0.000 title claims abstract description 11
- 230000004044 response Effects 0.000 claims abstract description 9
- 230000007246 mechanism Effects 0.000 claims abstract description 7
- 230000008859 change Effects 0.000 claims description 3
- 238000007405 data analysis Methods 0.000 claims description 3
- 238000011156 evaluation Methods 0.000 claims description 3
- 238000012546 transfer Methods 0.000 abstract description 6
- 238000012545 processing Methods 0.000 description 12
- 235000014510 cooky Nutrition 0.000 description 6
- 238000004458 analytical method Methods 0.000 description 5
- 238000012544 monitoring process Methods 0.000 description 5
- 230000011218 segmentation Effects 0.000 description 5
- 238000012795 verification Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 125000004122 cyclic group Chemical group 0.000 description 3
- 238000001914 filtration Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 101000746134 Homo sapiens DNA endonuclease RBBP8 Proteins 0.000 description 1
- 101000969031 Homo sapiens Nuclear protein 1 Proteins 0.000 description 1
- 102100021133 Nuclear protein 1 Human genes 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000003139 buffering effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000004140 cleaning Methods 0.000 description 1
- 238000005314 correlation function Methods 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003760 hair shine Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- PMHURSZHKKJGBM-UHFFFAOYSA-N isoxaben Chemical compound O1N=C(C(C)(CC)CC)C=C1NC(=O)C1=C(OC)C=CC=C1OC PMHURSZHKKJGBM-UHFFFAOYSA-N 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention provides a kind of HTTP Proxy framework safety data transmission method, this method includes:Proxy gateway receives the login of client;Client sends HTTP request message, and proxy gateway judges whether to receive the message request;If refusal, is disconnected with client;If receiving request, judge whether locally there is snapshot in proxy gateway according to the content of request message by proxy gateway;If without snapshot, proxy gateway takes out corresponding content to server;If snapshot, then according to default lookup mechanism, corresponding content is read from local express photograph, and sets up into HTTP response messages it is sent to user.The present invention proposes a kind of HTTP Proxy framework safety data transmission method, realizes the safety and real-time data transfer of the proxy server based on HTTP.
Description
Technical field
The present invention relates to computer network, more particularly to a kind of HTTP Proxy framework safety data transmission method.
Background technology
But the data volume produced with internet also increasingly increases, the thing followed is exactly that network speed is slack-off, network
Abnormal congestion, and the response of the webserver are slow etc..Produced by the part of flow in internet is exactly Web page
Flow, in the current network service of China, data traffic growth rate is very swift and violent in daily network, and its speed is much larger than net
The growth rate of network bandwidth.The response delay that this has been resulted between the request of client and server end is increasing.And then
The overall performance of HTTP service can be influenceed.And the operational capability of the central processing unit of modern PC, the storage capacity of hard disk,
And the performance such as memory size is also being improved constantly.But due to being limited by disk design principle itself, it accesses data
Ability is far smaller than CPU processing operational capability.Moreover the current relative deficiency of disposal ability of server, for instantaneous a large amount of
Data tend not to award processing in time.
The content of the invention
To solve the problems of above-mentioned prior art, the present invention proposes a kind of HTTP Proxy framework secure data and passed
Transmission method, including:
Proxy gateway receives the login of client;
Client sends HTTP request message, and proxy gateway judges whether to receive the message request;
If refusal, is disconnected with client;If receiving request, by proxy gateway according in request message
Appearance judges whether locally there is snapshot in proxy gateway;
If without snapshot, proxy gateway takes out corresponding content to server;
If snapshot, then according to default lookup mechanism, corresponding content is read from local express photograph, and set up into HTTP
Response message is sent to user.
Preferably, the client is received after the data for redirecting unit, assembles them into HTTP request message, further according to
Redirect identified purpose IP address in unit and the HTTP request message is forwarded to the server specified by it.
Preferably, the server specified is received after message, and data are directly handed to memory cell by server;Storage
Unit, which is received, is handed over to client after data, meanwhile, received object is stored in the local express of proxy gateway photograph,
Client is received forwards it to client immediately after packet.
Preferably, the client intercepts the port numbers of user's request, and URL, when client receives user's request
URL and during port numbers, it is asked according to hashing algorithm to carry out evaluation, the key assignments then generated according to hashing algorithm is carried out
Corresponding processing;Search whether object hits according to this key assignments, and responded.
Preferably, when the specific URL of client user accesses content, client generates a port number to HTTP at random
The transmission request of data of the agent address of proxy gateway, that is, send the request for obtaining message, and proxy gateway receives this and obtains message
After request, URL and the data analysis of correlation are carried out, whether snapshot is locally had according to the inquiry mechanism of oneself inquiry;If no
Snapshot, proxy gateway generates port numbers and initiates to ask to Website server at random;Server end receives obtaining for HTTP Proxy gateway
When taking message request, Success Flag is replied, and distribute asked file content to proxy gateway;Proxy gateway receives data
Afterwards, can to client distribute data, while proxy gateway can be judged according to the configuration item of oneself data whether snapshot, if desired soon
According to associated component being called to be stored;
As other client user accesses identical URL of same LAN, proxy gateway receives asking for client
Ask and call whether the content of associated component inquiry request stores, and judge whether it is expired, if without expired, acting on behalf of
Request content is directly distributed to client by gateway;
When the content expiration of HTTP Proxy gateway snapshot, proxy gateway sends request message to server end and is used for judging
Whether the resource of snapshot is changed;Still not whether server end is received after this resource inquiry request, according to its request contrast resource
Modification, sends to HTTP Proxy gateway if unmodified and replys unmodified message;HTTP Proxy gateway receives this Snapshot Resources
It is still after unmodified message, the content of client request is extracted from the snapshot of its own and client is distributed to.
The present invention compared with prior art, with advantages below:
The present invention proposes a kind of HTTP Proxy framework safety data transmission method, realizes the agency service based on HTTP
The safety of device and real-time data transfer.
Brief description of the drawings
Fig. 1 is the flow chart of HTTP Proxy framework safety data transmission method according to embodiments of the present invention.
Embodiment
Retouching in detail to one or more embodiment of the invention is hereafter provided together with illustrating the accompanying drawing of the principle of the invention
State.The present invention is described with reference to such embodiment, but the invention is not restricted to any embodiment.The scope of the present invention is only by right
Claim is limited, and the present invention covers many replacements, modification and equivalent.Illustrate in the following description many details with
Thorough understanding of the present invention is just provided.These details are provided for exemplary purposes, and without in these details
Some or all details can also realize the present invention according to claims.
An aspect of of the present present invention provides a kind of HTTP Proxy framework safety data transmission method.Fig. 1 is according to the present invention
The HTTP Proxy framework safety data transmission method flow chart of embodiment.
The HTTP Proxy gateway of the present invention is built between client and server, logically comprising access control list
Member, redirection unit, authentication unit and memory cell.Client passes through authentication unit login agent gateway.Work as proxy gateway
Client receive from user send HTTP request message when, access control unit proceeds by judgement, be receive this
Message request still refuses request.If receiving request, judged whether by memory cell according to the content of request message in generation
Reason gateway locally has snapshot.If refusal, is disconnected with client.If do not hit, from redirection unit to clothes
Business device takes out corresponding content.If hit, according to default lookup mechanism, corresponding content is read from local express photograph, and
Setting up into HTTP response messages transfers to client to be sent to user.Client receives the data for redirecting unit and assembled them into
HTTP request message.The HTTP request message is forwarded to its meaning further according to identified purpose IP address in unit is redirected
On fixed server.Given server is received after message, and the HTTP response messages of response are sent to server end.Server is direct
Data are handed into memory cell.Memory cell, which is received, is handed over to client after data, meanwhile, received object is deposited
Store up in the local express of proxy gateway shines.Client receives and forwards it to client after packet immediately, so far whole stream
Journey terminates.
Client and proxy gateway both sides are consulted a master key by the authentication unit by certain mode.Therefore originally
Invention establishes master key more new algorithm for shared master key part.It is 128, alphabetical sum by generate at random a length
The random string of word is as first master key, then after a certain time, between client and proxy gateway together with perform
Master key updates, and specifically includes:
The initial character of this master key used is intercepted, Integer n is converted thereof into;By master key ring shift left n;Press
256 bit length carry out order segmentations;Using segmentation result as the eap-message digest of checking, and now carry out hash fortune with master key
Calculate;Hashed result is spliced, the new key with length with existing master key is obtained.Then, client uses new with proxy gateway
Master key regenerate consistent corresponding new key array.By carrying out different switching to master key, make each party's generation only
Vertical key array, the key array of corresponding both sides' generation is identical.Session key generating process is as follows:Based on master
One index value of cipher key calculation;Master key is based on index and carries out ring shift left;Split by 256 bit lengths order, index is mapped to
In the range of [1,256], the even number section key after segmentation carries out ring shift left, and odd number section key rotation is moved to right;After cyclic shift
Per part respectively as the eap-message digest of checking, and the master key used carries out hash operations;The result of computing is spliced, generation
With master key length identical session key.To the bit of above procedure iteration master key for several times after, generate session key array.
Because client and proxy gateway are from identical cipher key number group scheduling same session key, therefore can be close by this
Key is authenticated:It is random to obtain session key.The name-value of incoming key array, randomly selects index value;According to index value and
Name-value obtains the session key in key array;Hash fortune is carried out together with master key using session key as eap-message digest
Calculate, the session key that obtained result is used as this;Client and proxy gateway get and communicated after key.
In proxy gateway and Website server both sides, gateway identical association is performed with the single-sign-on module of server
View.Gateway and server first carry out MD5 algorithm for encryption when interacting, the cipher-text information of communications is reached behind opposite end,
Opposite end obtains key first, then performs MD5 algorithms and is decrypted, then performs certification.Detailed process includes:
(1) gateway that client is accessed in first server, first server intercepts web request, checks for phase
The Cookie answered, without Cookie, is redirected by gateway, into login page, is otherwise turned (7);
(2) client executing identifying algorithm, obtains session key as shared key from key array, performs MD5 algorithms
Username and password is encrypted, server is transferred to;
(3) server obtains index value, and session key is obtained from key array, performs hashing algorithm, then performs MD5 solutions
It is close, user profile is obtained, username and password is verified, is verified, bill is generated, binding corresponding with user name is deposited
Storage;
(4) server performs identifying algorithm, the bit number of random generation master key cyclic shift, from the close of first server
Scheduling obtains master key in key array, it is appended to bill prefix, then carries out md5 encryption to this content.By cyclic shift
Bit number be attached to encryption after character string in, this content is sent to front end;
(5) billing information after encryption is verified, then respectively using the close of first server and second server
Bill is encrypted session key in key array, and encrypted ticket content is sent into each server;
(6) each server parses the data message received first, obtains index value, is obtained from the cipher key number group scheduling of gateway
Key is taken, hashing algorithm is performed, the decryption of MD5 decipherment algorithms is then performed, the session key spliced before bill is then verified, if
Verification passes through, and identifying algorithm is performed again, and from the cipher key number group scheduling key of client, session key and billing information are added
It is close, index value is attached in encrypted characters string, Cookie is written into, user browser is arrived in storage.If verification does not pass through,
Notify user;
(7) first server reads Cookie, and master key is obtained from the key array of client, performs Index Algorithm,
Then decrypted by MD5 algorithms, obtain master key checking, distributing bills when being verified;Obtain after bill, checking in session is
It is no to there is user profile, if not provided, or storage information and Cookie store it is inconsistent, will be led to server
Letter, performs the certification of proxy gateway, after encryption and will addition of the information of index and is sent to server end and is verified, turn (8);
If any session service system context, and storage information is consistent with user profile in Cookie, then client enters server.
(8) server is parsed to the information received, scheduled key and MD5 solutions from the key array of first server
It is close, master key is then verified, inspection does not pass through, and back-checking information notifies user to fail;Verification passes through, then to billing information
Verified, obtain the billing information in snapshot, with the bill contrast received, if unanimously, verification passes through, otherwise verification is lost
Lose, checking information is returned into server.
Client intercepts the port numbers of user's request, and URL, when client receives URL and the end of user's request
During slogan, it is asked according to hashing algorithm to carry out evaluation, the key assignments then generated according to hashing algorithm is handled accordingly.
Search whether object hits according to this key assignments, and responded.When the object hit of request, proxy gateway then calls it to store
The related call function that system is provided will copy out data to client from storage system, and by the corresponding number of client forwarding
According to user;When the object of request is not hit, the server end of proxy gateway is forwarded to the request without hit, its
Proxy user carries out request of data to Website server, when the data of Website server are sent to up to HTTP Proxy gateway, clothes
Business device end is by calling the correlation function that storage system is provided that data are transmitted to the snapshot server in storage system, this server
Corresponding storage and management is carried out when receiving data, and transfers data to client.
When the specific URL of client user accesses content, the interaction of whole message and file includes:
Client generates transmission request of data of a port number to the agent address of HTTP Proxy gateway at random, that is, sends
The request of message is obtained, proxy gateway receives this and obtained after message request, URL and the data analysis of correlation are carried out, according to certainly
Whether there is snapshot in oneself inquiry mechanism inquiry snapshot.If without snapshot, proxy gateway generates port numbers to website service at random
Device initiates request.When server end receives the acquisition message request of HTTP Proxy gateway, Success Flag is replied, and distribute and asked
File content to proxy gateway.Proxy gateway is received after data, can distribute data to client, while proxy gateway can root
According to the configuration item of oneself judge data whether snapshot, if desired snapshot, can call associated component to be stored.
As other client user accesses identical URL of same LAN, proxy gateway receives asking for client
Ask and call whether the content of associated component inquiry request stores, and judge whether it is expired, if without expired, acting on behalf of
Request content is directly distributed to client by gateway.
When the content expiration of HTTP Proxy gateway snapshot, proxy gateway sends request message to server end and is used for judging
Whether the resource of snapshot is changed;Still not whether server end is received after this resource inquiry request, according to its request contrast resource
Modification, sends to HTTP Proxy gateway if unmodified and replys unmodified message.HTTP Proxy gateway receives this Snapshot Resources
It is still after unmodified message, the content of client request will be extracted from the snapshot of its own and client is distributed to
End.
Further, HTTP Proxy gateway also includes message monitoring unit, realizes packet capture analysis filtering, uses mirror
As interchanger mirror image backbone network flow is to monitoring unit, these raw data packets are gathered, to each packet successively protocal analysis,
The solicited message of user is extracted, filtering rule then is matched to user request information, User IP authority is specified, allows asking for snapshot
Method, server domain name, file type are asked, is filtered out for the request for not meeting filtering rule, on the contrary the money that user is asked
Transfer access control unit to and handled in origin url address.
Access control unit carries out traffic scheduling to other units, the information of Snapshot Resources carries out Macro or mass analysis and carried out
Storage, which updates, replaces cleaning.Access control unit receives the user request information that message monitoring unit is transferred, and to same resource
User's request number of times counted, and organize in internal memory these solicited messages in a suitable form.Record has user's request
The snapshot state of file, whenever storing new resource in memory cell, can all update the detailed record of the resource.Access control list
Member is recorded according to user request information inquiry system snapshot, if the file system for inquiring user's request has snapshot, is distributed
Strategy redirects the user to memory cell to unit is redirected to construct response bag.If the Request System does not have snapshot, but this
File is frequently accessed by the user, and access times have reached the threshold value of system intialization, then distributes download policy and enter to memory cell
The download snapshot of this file of row.
Memory cell is also recorded for the important information of user access request resource, often the different URL resources of row record correspondence,
And often the access times of resource, snapshot state, byte-sized information are described row.The data source of memory cell is in being
Unite access control unit, when in access control unit resource object information addition, be deleted or modified when, notify memory cell and its
Content synchronizes renewal.
For the snapshot scheme of proxy gateway:Using leading snapshot and elongated segmentation, the data from server are divided into
The different section of length, snapshot and replacement are decided whether according to each section of accessed number of times and time;Using dynamic snapshot and group
Broadcast and realize persistent service.Proxy gateway leaves snapshot space to new lead data bag.If from server to proxy gateway
Delay in preset range dminTo dmaxIn the range of, act on behalf of and leave disk snapshot space for resource of the part from server, should
Snapshot has space to store at least d from servermax-dminStorage it is interval.Then part resource is stored using proxy gateway
Instant playback is provided to client.For web server, it shows as the multicast transmission to client group;And for generation
Manage for gateway, it is then unicast transmission to client group.In the case of only leading snapshot, it is assumed that to the first of resource i
Individual request is reached at 0 moment, and proxy gateway is leading to client transmission resource;In leading length of time viMoment, afterbody
First message is designed into up to proxy gateway.In the time (0, vi) the interior any request reached, proxy gateway is immediately to new visitor
Family end transmission resource is leading, in vi+ 0 moment transmitted afterbody to client, and afterbody is from server and is stored in dynamic snapshot.It is right
In afterbody snapshot, a leading part is considered as, is still transmitted according to the method described above.To in viWhat is reached after moment please
Ask, restart a service queue.
Increase with the leading snapshot quantity of storage, the present invention manages leading snapshot using hash table, to reach soon
Speed addition and the purpose quickly searched.The mapping node of leading snapshot, referred to as snapmap node, Mei Gejie are set up in internal memory
Put the leading of the own storage of correspondence one.If the new leading snapshot of increase, inserts its snapmap in hash table simultaneously
Node.During lookup, the snapmap node that Check first is looked in hash table can not find and then represent to need to store newly leading, finds
Then corresponding leading snapshot is accessed into disk snapshot according to the message of this snapmap node, delete some leading snapshot
When, it is necessary to delete its snapmap node simultaneously.
When searching some snapmap node, the cluster number of the node is obtained first, reaches the node queue specified by cluster number,
The sequential search node in queue, shows leading if found if the node that given feature string (being got by URI) is consistent
Snapshot, otherwise represents not yet to store the leading of this resource.Proxy gateway is receiving the resource request as caused by Web page URL
Afterwards, first look for whether local express has existed according to the leading snapshot, if in the presence of to client transmission content, if leading fast
According to a certain moment before being not present or being sent, act on behalf of to Web server and send HTTP request, it is desirable to which server sends this
The data of resource.This asks to be therefore, to enter line translation to client request by the resource request change of client
Processing, is converted to Web server by resource request and may be appreciated HTTP request.
In order to ensure service quality, at the time of first message of server is reached and acted on behalf of, it is ensured that needed for oneself is the allocated
The snapshot of length.When it is client service that agency is with the content of snapshot, if the client in head position and tail position
The distance of client diminishes, then should reclaim the space for saving out;If big apart from becoming, snapshot should be extended.When fast
According to length be equal to media first be not snapshotted segmentation when, its length is not further added by, if snapshot length not enough, will
Client in batch processing afterbody is deleted from this batch processing, is that it reopens a service or is added to another
In batch processing.When only remaining next client in batch processing, then stop updating snapshot contents, snapshot contents are using finishing, directly
The data that server is sent are given to client, and discharge snapshot.
The monitoring queue length of the socket in listening state is set to meet requirement;To oneself through being connected to the visitor of agency
Family end represents all connections with a two-way single linked list, is set up from connection to sign off and cancels connection, in HTTP tables
A node is set up for each connection, for maintaining agency and connection and communication between client and agency and server.
Agency receives the request of the connection of client during monitoring, and produces a new socket and the same client in port
Set up connection.Connection foundation finishes client and sends HTTP request to agency, and request is delivered to requirement analysis first after arriving
Part.Requirement analysis part mainly judges that the type of client request is request of data or Web request.
After the type for obtaining the transmitted request of client, next step HTTP processing or data resource processing are gone to.Parsing please
Ask part further to handle obtained client request, therefrom obtain the title and COM1 relevant information of destination server
It is standby to be transmitted to a module, server name is completed to the conversion of server ip address, is obtained after destination server, and target clothes
Business device sets up connection, is successfully established and then sends by the request of client.
The present invention is using orthogonal list come management client, and each sublist represents the queue of a batch processing, and table node has
The status information of client, including data length is received, (reading is leading, reads snapshot, and reading service device is routinely logical for reading state
Road), SNAPSHOT INFO.For the head node of each sublist, the information with server communication is also maintained.
New client is connected to after agency, and agency first looks for snapmap table, if there is snapshot, then by this client
Node is inserted into a queue for asking this snapshot, or newly sets up a queue (this client node is as head node),
To server request data if without snapshot.Determine to also determine the reading state of node while data source.For
Have for the client of snapshot, a certain moment before queue head node leaves snapshot, agency is needed by queue head node
Information is connected to server, and distributes snapshot, it is ensured that at the time of server data reaches snapshot, and first client enters fast
According to or will enter snapshot.Data needed for now the requirement according to the state and client of snapshot to data is read from snapshot,
Unicast is respectively adopted and is sent to each client, multicast is realized;
To the client dropped by the wayside, if general sublist node, then client is directly deleted, adjustment queue is long
Degree, if queue length changes, changes the length of snapshot.If sublist head node, then need retain with buffering area and
The relevant domain of communication, deletes this node, his function is handed to his next node, while adjusting snapshot.If single
Individual head node, then directly delete, and discharges resource.
In summary, the present invention proposes a kind of HTTP Proxy framework safety data transmission method, realizes based on HTTP
Proxy server safety and real-time data transfer.
Obviously, can be with general it should be appreciated by those skilled in the art, above-mentioned each unit of the invention or each step
Computing system realize that they can be concentrated in single computing system, or be distributed in multiple computing systems and constituted
Network on, alternatively, the program code that they can be can perform with computing system be realized, it is thus possible to they are stored
Performed within the storage system by computing system.So, the present invention is not restricted to any specific hardware and software combination.
It should be appreciated that the above-mentioned embodiment of the present invention is used only for exemplary illustration or explains the present invention's
Principle, without being construed as limiting the invention.Therefore, that is done without departing from the spirit and scope of the present invention is any
Modification, equivalent substitution, improvement etc., should be included in the scope of the protection.In addition, appended claims purport of the present invention
Covering the whole changes fallen into scope and border or this scope and the equivalents on border and repairing
Change example.
Claims (5)
1. a kind of HTTP Proxy framework safety data transmission method, it is characterised in that including:
Proxy gateway receives the login of client;
Client sends HTTP request message, and proxy gateway judges whether to receive the message request;
If refusal, is disconnected with client;If receiving request, sentenced by proxy gateway according to the content of request message
It is disconnected whether locally to have snapshot in proxy gateway;
If without snapshot, proxy gateway takes out corresponding content to server;
If snapshot, then according to default lookup mechanism, corresponding content is read from local express photograph, and set up into HTTP responses
Message is sent to user.
2. according to the method described in claim 1, it is characterised in that the client is received after the data for redirecting unit, will
It is assembled into HTTP request message, forwards the HTTP request message further according to identified purpose IP address in unit is redirected
To the server specified by it.
3. method according to claim 2, it is characterised in that the server specified is received after message, and server is straight
Connect and data are handed into memory cell;Memory cell, which is received, is handed over to client after data, meanwhile, by received object
It is stored in the local express of proxy gateway photograph, client is received forwards it to client immediately after packet.
4. according to the method described in claim 1, it is characterised in that the client intercepts the port numbers of user's request, and
URL, when client receives URL and the port numbers of user's request, asks it to carry out evaluation, then according to hashing algorithm
The key assignments generated according to hashing algorithm is handled accordingly;Search whether object hits according to this key assignments, and responded.
5. according to the method described in claim 1, it is characterised in that when the specific URL of client user accesses content, client
Random generation transmission request of data of a port number to the agent address of HTTP Proxy gateway is held, that is, sends and obtains asking for message
Ask, proxy gateway receives this and obtained after message request, URL and the data analysis of correlation are carried out, according to the inquiry mechanism of oneself
Whether inquiry locally has snapshot;If without snapshot, proxy gateway generates port numbers and initiates to ask to Website server at random;Service
When device end receives the acquisition message request of HTTP Proxy gateway, Success Flag is replied, and distribute asked file content to generation
Manage gateway;Proxy gateway is received after data, can distribute data to client, while proxy gateway can be according to the configuration item of oneself
Judge data whether snapshot, if desired snapshot, can call associated component to be stored;
As other client user accesses identical URL of same LAN, proxy gateway receives the request of client simultaneously
Call whether the content of associated component inquiry request stores, and judge whether it is expired, if without expired, proxy gateway
Request content is directly distributed to client;
When the content expiration of HTTP Proxy gateway snapshot, proxy gateway sends request message to server end and is used for judging snapshot
Resource whether change;Whether server end is received after this resource inquiry request, still unmodified according to its request contrast resource,
Sent if unmodified to HTTP Proxy gateway and reply unmodified message;HTTP Proxy gateway receives this Snapshot Resources and is still
After unmodified message, the content of client request is extracted from the snapshot of its own and client is distributed to.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710357410.5A CN107135266B (en) | 2017-05-19 | 2017-05-19 | HTTP proxy framework security data transmission method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710357410.5A CN107135266B (en) | 2017-05-19 | 2017-05-19 | HTTP proxy framework security data transmission method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN107135266A true CN107135266A (en) | 2017-09-05 |
| CN107135266B CN107135266B (en) | 2020-11-13 |
Family
ID=59733242
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710357410.5A Active CN107135266B (en) | 2017-05-19 | 2017-05-19 | HTTP proxy framework security data transmission method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107135266B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108650209A (en) * | 2018-03-06 | 2018-10-12 | 北京信安世纪科技股份有限公司 | A kind of method of single-sign-on, system, device and authentication method |
| CN108833369A (en) * | 2018-05-28 | 2018-11-16 | 郑州云海信息技术有限公司 | Method, device and equipment for accessing file system |
| CN109657493A (en) * | 2018-12-17 | 2019-04-19 | 郑州云海信息技术有限公司 | A kind of information processing method and device |
| CN109857391A (en) * | 2019-01-18 | 2019-06-07 | 山石网科通信技术股份有限公司 | Processing method and processing device, storage medium and the electronic device of data |
| CN112473149A (en) * | 2020-11-26 | 2021-03-12 | 腾讯音乐娱乐科技(深圳)有限公司 | Ranking list processing method |
| CN112615857A (en) * | 2020-12-17 | 2021-04-06 | 杭州迪普科技股份有限公司 | Network data processing method, device and system |
| CN115085983A (en) * | 2022-06-02 | 2022-09-20 | 度小满科技(北京)有限公司 | Data processing method and device, computer readable storage medium and electronic equipment |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102025750A (en) * | 2009-09-15 | 2011-04-20 | 天津七所信息技术有限公司 | Network caching proxy service system |
| CN104283957A (en) * | 2014-10-13 | 2015-01-14 | 无锡云捷科技有限公司 | CDN cache method based on continuous connectionism |
| CN104320410A (en) * | 2014-11-11 | 2015-01-28 | 南京优速网络科技有限公司 | All-service CDN system based on HTTP and working method thereof |
| CN104394227A (en) * | 2014-12-05 | 2015-03-04 | 北京奇虎科技有限公司 | Method and system for transmitting user data of browser and browser |
| CN104468817A (en) * | 2014-12-22 | 2015-03-25 | 北京奇虎科技有限公司 | Realization method and device for downloading resources through CDN, server, client |
| CN104935636A (en) * | 2015-04-29 | 2015-09-23 | 广州杰赛科技股份有限公司 | Network channel acceleration method and system |
| CN105450703A (en) * | 2014-08-28 | 2016-03-30 | 杭州迪普科技有限公司 | Data caching method and data caching device |
-
2017
- 2017-05-19 CN CN201710357410.5A patent/CN107135266B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102025750A (en) * | 2009-09-15 | 2011-04-20 | 天津七所信息技术有限公司 | Network caching proxy service system |
| CN105450703A (en) * | 2014-08-28 | 2016-03-30 | 杭州迪普科技有限公司 | Data caching method and data caching device |
| CN104283957A (en) * | 2014-10-13 | 2015-01-14 | 无锡云捷科技有限公司 | CDN cache method based on continuous connectionism |
| CN104320410A (en) * | 2014-11-11 | 2015-01-28 | 南京优速网络科技有限公司 | All-service CDN system based on HTTP and working method thereof |
| CN104394227A (en) * | 2014-12-05 | 2015-03-04 | 北京奇虎科技有限公司 | Method and system for transmitting user data of browser and browser |
| CN104468817A (en) * | 2014-12-22 | 2015-03-25 | 北京奇虎科技有限公司 | Realization method and device for downloading resources through CDN, server, client |
| CN104935636A (en) * | 2015-04-29 | 2015-09-23 | 广州杰赛科技股份有限公司 | Network channel acceleration method and system |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108650209A (en) * | 2018-03-06 | 2018-10-12 | 北京信安世纪科技股份有限公司 | A kind of method of single-sign-on, system, device and authentication method |
| CN108650209B (en) * | 2018-03-06 | 2021-05-14 | 北京信安世纪科技股份有限公司 | Single sign-on method, system, device and authentication method |
| CN108833369A (en) * | 2018-05-28 | 2018-11-16 | 郑州云海信息技术有限公司 | Method, device and equipment for accessing file system |
| CN109657493A (en) * | 2018-12-17 | 2019-04-19 | 郑州云海信息技术有限公司 | A kind of information processing method and device |
| CN109857391A (en) * | 2019-01-18 | 2019-06-07 | 山石网科通信技术股份有限公司 | Processing method and processing device, storage medium and the electronic device of data |
| CN112473149A (en) * | 2020-11-26 | 2021-03-12 | 腾讯音乐娱乐科技(深圳)有限公司 | Ranking list processing method |
| CN112473149B (en) * | 2020-11-26 | 2022-10-25 | 腾讯音乐娱乐科技(深圳)有限公司 | Ranking list processing method |
| CN112615857A (en) * | 2020-12-17 | 2021-04-06 | 杭州迪普科技股份有限公司 | Network data processing method, device and system |
| CN115085983A (en) * | 2022-06-02 | 2022-09-20 | 度小满科技(北京)有限公司 | Data processing method and device, computer readable storage medium and electronic equipment |
| CN115085983B (en) * | 2022-06-02 | 2024-03-12 | 度小满科技(北京)有限公司 | Data processing method, data processing device, computer readable storage medium and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN107135266B (en) | 2020-11-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107135266A (en) | HTTP Proxy framework safety data transmission method | |
| US7707287B2 (en) | Virtual host acceleration system | |
| US7031314B2 (en) | Systems and methods for providing differentiated services within a network communication system | |
| US7930413B2 (en) | System and method for controlling access to a network resource | |
| US10104041B2 (en) | Controlling the spread of interests and content in a content centric network | |
| US8386622B2 (en) | Method and apparatus for facilitating communication in a content centric network | |
| CA2415888C (en) | Intelligent demand driven recognition of url objects in connection oriented transactions | |
| US6981029B1 (en) | System and method for processing a request for information in a network | |
| CN101471777B (en) | Access control system and method between domains based on domain name | |
| EP2869515A1 (en) | System and method for minimum path mtu discovery in content centric networks | |
| US20030105716A1 (en) | Reducing duplication of files on a network | |
| CN103001964B (en) | Buffer memory accelerated method under a kind of LAN environment | |
| US10104092B2 (en) | System and method for parallel secure content bootstrapping in content-centric networks | |
| WO2017097092A1 (en) | Method and system for processing cache cluster service | |
| JP4356693B2 (en) | Message delivery apparatus and method, system and program thereof | |
| US20110196934A1 (en) | Socket SMTP Load Balancing | |
| KR20020074344A (en) | Method and system for restricting access to specific internet sites and LAN card for the same | |
| US20050091376A1 (en) | Apparatus and method for optimized and secured reflection of network services to remote locations | |
| US20110264802A1 (en) | Optimized mirror for p2p identification | |
| Srinivasan et al. | Mitigating content poisoning in content centric network: A lightweight approach | |
| EP2284721B1 (en) | Apparatus and method for optimized and secured reflection of network services to remote locations | |
| CN108206825B (en) | Method and system for balancing privacy protection and behavioral accountability in a content delivery-based network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20200824 Address after: No. 2-2-1-61, No. 319, Haier Road, Jiangbei District, Chongqing Applicant after: Chongqing Steady Technology Co.,Ltd. Address before: 610041 Sichuan Province, Chengdu hi tech Zone Tianfu street, No. 1, building 1, unit 14, layer 1403, No. Applicant before: CHENGDU JIWAN NETWORK TECHNOLOGY Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| CB03 | Change of inventor or designer information |
Inventor after: Yin Dandan Inventor after: Chen Yunchuan Inventor before: Chen Yunchuan |
|
| CB03 | Change of inventor or designer information | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20201012 Address after: Room 338, building 18, No. 18, Jiuxianqiao Middle Road, Chaoyang District, Beijing 100015 Applicant after: Beijing net Hi Tech Co.,Ltd. Address before: No. 2-2-1-61, No. 319, Haier Road, Jiangbei District, Chongqing Applicant before: Chongqing Steady Technology Co.,Ltd. |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Secure data transmission method of HTTP proxy framework Effective date of registration: 20211125 Granted publication date: 20201113 Pledgee: Bank of Nanjing Limited by Share Ltd. Beijing branch Pledgor: Beijing net Hi Tech Co.,Ltd. Registration number: Y2021110000077 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20230421 Granted publication date: 20201113 Pledgee: Bank of Nanjing Limited by Share Ltd. Beijing branch Pledgor: Beijing net Hi Tech Co.,Ltd. Registration number: Y2021110000077 |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right |