CN116886358A - Secure heterogeneous system based on reverse proxy mechanism, resource request method and device - Google Patents
Secure heterogeneous system based on reverse proxy mechanism, resource request method and device Download PDFInfo
- Publication number
- CN116886358A CN116886358A CN202310820358.8A CN202310820358A CN116886358A CN 116886358 A CN116886358 A CN 116886358A CN 202310820358 A CN202310820358 A CN 202310820358A CN 116886358 A CN116886358 A CN 116886358A
- Authority
- CN
- China
- Prior art keywords
- target resource
- server
- client
- access request
- external network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 27
- 230000007246 mechanism Effects 0.000 title claims abstract description 17
- 230000006870 function Effects 0.000 claims description 21
- 238000004590 computer program Methods 0.000 claims description 2
- 238000004891 communication Methods 0.000 description 6
- 238000010276 construction Methods 0.000 description 4
- 230000000694 effects Effects 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/2895—Intermediate processing functionally located close to the data provider application, e.g. reverse proxies
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a security heterogeneous system based on a reverse proxy mechanism, a resource request method, a resource request device, a medium and equipment. The system comprises: the client is used for sending an external network access request to the proxy server; the client is located in an external network; the proxy server is used for determining a target resource server where the target resource of the request is located when the external network access request is received, and sending an internal network access request for acquiring the target resource to the target resource server; the target resource server is used for searching target resources when the intranet access request is received, and feeding the target resources back to the client through the proxy server; the target resource server is located in the internal network and cuts off the access right of the external network. The embodiment of the invention can improve the security of server data access.
Description
Technical Field
The present invention relates to the field of data access technologies, and in particular, to a security heterogeneous system, a resource request method, a resource request device, a medium, and a device based on a reverse proxy mechanism.
Background
With the continuous development of social informatization safety, large enterprises pay more and more attention to the information safety construction of enterprises. The enterprise information security construction is developed to the present, achievements are obtained, and experience is accumulated. With the continuous development and progress of informatization construction, more and more data communication occurs in each system construction process to meet the information security requirement, and various data access exists, wherein a large number of data access operations are included, and in the data access operation process, the primary security problem is data.
Disclosure of Invention
Aiming at least one technical problem, the embodiment of the invention provides a security heterogeneous system based on a reverse proxy mechanism, a resource request method, a resource request device, a medium and equipment.
According to a first aspect, a security heterogeneous system based on a reverse proxy mechanism provided by an embodiment of the present invention includes:
the client is used for sending an external network access request to the proxy server; the client is located in an external network;
the proxy server is used for determining a target resource server where the target resource of the request is located when the external network access request is received, and sending an internal network access request for acquiring the target resource to the target resource server;
the target resource server is used for searching target resources when the intranet access request is received, and feeding the target resources back to the client through the proxy server; the target resource server is located in the internal network and cuts off the access right of the external network.
According to a second aspect, a resource request method based on a reverse proxy mechanism provided by an embodiment of the present invention is performed by a proxy server, and the method includes:
receiving an external network access request sent by a client, wherein the client is positioned in an external network;
determining a target resource server where the requested target resource is located according to the external access request;
generating an intranet access request for acquiring the target resource;
sending the intranet access request to the target resource server so that the target resource server searches the target resource and returns the target resource to the client; the target resource server is positioned in the internal network and cuts off the access right of the external network;
and receiving the target resource fed back by the target resource server, and returning the target resource to the client.
According to a third aspect, a resource request device based on a reverse proxy mechanism provided by an embodiment of the present invention is deployed on a proxy server, where the device includes:
the first receiving module is used for receiving an external network access request sent by a client, wherein the client is positioned in an external network;
the first determining module is used for determining a target resource server where the requested target resource is located according to the external access request;
the first generation module is used for generating an intranet access request for acquiring the target resource;
the first sending module is used for sending the intranet access request to the target resource server so that the target resource server searches target resources and returns the target resources to the client; the target resource server is positioned in the internal network and cuts off the access right of the external network;
and the second receiving module is used for receiving the target resource fed back by the target resource server and returning the target resource to the client.
According to a fourth aspect, embodiments of the present invention provide a computer-readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method provided by the second aspect.
According to a fifth aspect, a computing device provided by an embodiment of the present invention includes a memory and a processor, where the memory stores executable code, and the processor implements the method provided by the second aspect when executing the executable code.
The embodiment of the invention provides a secure heterogeneous system based on a reverse proxy mechanism, a resource request method, a resource request device, a medium and equipment, wherein a client firstly sends an external network access request to a proxy server, and the external network access request comprises information such as a URL of a required target resource, an address of the proxy server and the like. After receiving the external network access request, the proxy client determines a target resource server according to the URL of the target resource, generates an internal network access request, and then sends the internal network access request to the target resource server. After receiving the intranet access request, the target resource server searches for the target resource, then sends the target resource to the proxy server, and the proxy server feeds back the target resource to the client, so that the client obtains the target resource. The proxy server can achieve the effect of protecting and hiding the real resource server information, so that the proxy server in the embodiment of the invention can improve the security of server data access.
Drawings
FIG. 1 is a schematic diagram of a security heterogeneous system based on a reverse proxy mechanism according to an embodiment of the present invention;
fig. 2 is a data flow diagram of a secure heterogeneous system according to an embodiment of the invention.
Detailed Description
In a first aspect, an embodiment of the present invention provides a secure heterogeneous system based on a reverse proxy mechanism, referring to fig. 1 and fig. 2, the system includes:
the client is used for sending an external network access request to the proxy server; the client is located in an external network;
the proxy server is used for determining a target resource server where the target resource of the request is located when the external network access request is received, and sending an internal network access request for acquiring the target resource to the target resource server;
the target resource server is used for searching target resources when the intranet access request is received, and feeding the target resources back to the client through the proxy server; the target resource server is located in the internal network and cuts off the access right of the external network.
That is, clients, proxy servers, and resource servers are included in the secure heterogeneous system. The resource server where the target resource requested by the client is located is the target resource server.
The client is located in an external network, and communication between the client and the proxy server is external network communication. The resource server is located in the internal network, and the communication between the proxy server and the resource server is intranet communication. The resource server is unable to receive the external network access request.
The resource server is an internal server in practice, cuts off the access right of the external network, but opens up the resources accessible through the internal network to the proxy server.
The client first sends an external network access request to the proxy server, and the external network access request includes information such as URL of the required target resource, address of the proxy server, and the like. After receiving the external network access request, the proxy client determines a target resource server according to the URL of the target resource, generates an internal network access request, and then sends the internal network access request to the target resource server. After receiving the intranet access request, the target resource server searches for the target resource, then sends the target resource to the proxy server, and the proxy server feeds back the target resource to the client, so that the client obtains the target resource.
It can be seen that the proxy server acts as an intermediary between the client and the resource server.
Wherein the client does not send a request directly to the target resource server, but sends an extranet access request carrying the URL of the target resource to the proxy server. The proxy server also returns the target resource sent by the target resource server to the client. The proxy server can better protect the target resource server between the client and the target resource server, namely, the real server information is protected through a reverse proxy mechanism. For the condition that the current user directly accesses the resource server, the effect of protecting and hiding the real information of the resource server can be achieved through the proxy server. For requests sent by clients to the resource server, the proxy server acts as an intermediary mediator. Therefore, the proxy server in the embodiment of the invention can improve the security of server data access.
Of course, the proxy server also serves as a load balancer of the resource server, sharing the load of the resource server and improving the network access efficiency.
In one embodiment, the first function of the proxy server is a function of requesting a target resource through an internal network, and the first function is developed through a JAVA development tool.
Among them, JAVA development tools, for example, intelliJ IDEA.
That is, a function capable of accessing a target resource through an intranet is developed on the Java development tool IntelliJ IDEA.
In one embodiment, the second function of the proxy server is a function for receiving an external access request, and the second function is developed by a JAVA development tool.
Among them, JAVA development tools, for example, intelliJ IDEA.
That is, a function that can realize that an external access request accesses an intranet service resource through a proxy server is developed on the Java development tool IntelliJ IDEA.
In one embodiment, the client is further configured to: and displaying the target resource.
This allows the user to directly view the target resource.
Compared with the prior art, the dynamic proxy intranet server is realized by utilizing the java development function, and the target resource can be acquired under the condition that the intranet can be accessed, so that the safety of the intranet server is ensured. Specifically, this has the following outstanding effects:
1. the development is simple and quick;
2. the functional practical effect is good;
3. the resource server has good safety;
4. the address of the proxy server may be dynamically processed.
Therefore, the embodiment of the invention can better protect the resource server, and only the data needing to be put outside is displayed under the condition of not opening the outside, so that the safety of the data server is greatly improved.
In a second aspect, an embodiment of the present invention provides a resource request method based on a reverse proxy mechanism, where the method is performed by a proxy server, and the method includes:
receiving an external network access request sent by a client, wherein the client is positioned in an external network;
determining a target resource server where the requested target resource is located according to the external access request;
generating an intranet access request for acquiring the target resource;
sending the intranet access request to the target resource server so that the target resource server searches the target resource and returns the target resource to the client; the target resource server is positioned in the internal network and cuts off the access right of the external network;
and receiving the target resource fed back by the target resource server, and returning the target resource to the client.
In a third aspect, an embodiment of the present invention provides a resource request device based on a reverse proxy mechanism, where the device is deployed on a proxy server, and the device includes:
the first receiving module is used for receiving an external network access request sent by a client, wherein the client is positioned in an external network;
the first determining module is used for determining a target resource server where the requested target resource is located according to the external access request;
the first generation module is used for generating an intranet access request for acquiring the target resource;
the first sending module is used for sending the intranet access request to the target resource server so that the target resource server searches target resources and returns the target resources to the client; the target resource server is positioned in the internal network and cuts off the access right of the external network;
and the second receiving module is used for receiving the target resource fed back by the target resource server and returning the target resource to the client.
It may be understood that, for explanation, specific implementation, beneficial effects, examples, etc. of the content in the apparatus provided by the embodiment of the present invention, reference may be made to corresponding parts in the method provided in the first aspect, which are not repeated herein.
In a fourth aspect, embodiments of the present invention provide a computer readable medium having stored thereon computer instructions which, when executed by a processor, cause the processor to perform the method provided in the second aspect.
Specifically, a system or apparatus provided with a storage medium on which a software program code realizing the functions of any of the above embodiments is stored, and a computer (or CPU or MPU) of the system or apparatus may be caused to read out and execute the program code stored in the storage medium.
In this case, the program code itself read from the storage medium may realize the functions of any of the above-described embodiments, and thus the program code and the storage medium storing the program code form part of the present invention.
Examples of the storage medium for providing the program code include a floppy disk, a hard disk, a magneto-optical disk, an optical disk (e.g., CD-ROM, CD-R, CD-RW, DVD-ROM, DVD-RAM, DVD-RW, DVD+RW), a magnetic tape, a nonvolatile memory card, and a ROM. Alternatively, the program code may be downloaded from a server computer by a communication network.
Further, it should be apparent that the functions of any of the above-described embodiments may be implemented not only by executing the program code read out by the computer, but also by causing an operating system or the like operating on the computer to perform part or all of the actual operations based on the instructions of the program code.
Further, it is understood that the program code read out by the storage medium is written into a memory provided in an expansion board inserted into a computer or into a memory provided in an expansion module connected to the computer, and then a CPU or the like mounted on the expansion board or the expansion module is caused to perform part and all of actual operations based on instructions of the program code, thereby realizing the functions of any of the above embodiments.
It may be appreciated that, for explanation, specific implementation, beneficial effects, examples, etc. of the content in the computer readable medium provided by the embodiment of the present invention, reference may be made to corresponding parts in the method provided in the second aspect, and details are not repeated herein.
In a fifth aspect, one embodiment of the present specification provides a computing device comprising a memory having executable code stored therein and a processor that, when executing the executable code, performs the method of any one of the embodiments of the present specification.
It may be appreciated that, for explanation, specific implementation, beneficial effects, examples, etc. of the content in the computing device provided by the embodiment of the present invention, reference may be made to corresponding parts in the method provided in the second aspect, which are not repeated herein.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for the device embodiments, since they are substantially similar to the method embodiments, the description is relatively simple, and reference is made to the description of the method embodiments in part.
Those skilled in the art will appreciate that in one or more of the examples described above, the functions described in the present invention may be implemented in hardware, software, a pendant, or any combination thereof. When implemented in software, these functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium.
The foregoing embodiments have been provided for the purpose of illustrating the general principles of the present invention in further detail, and are not to be construed as limiting the scope of the invention, but are merely intended to cover any modifications, equivalents, improvements, etc. based on the teachings of the invention.
Claims (9)
1. A reverse proxy mechanism-based secure heterogeneous system, comprising:
the client is used for sending an external network access request to the proxy server; the client is located in an external network;
the proxy server is used for determining a target resource server where the target resource of the request is located when the external network access request is received, and sending an internal network access request for acquiring the target resource to the target resource server;
the target resource server is used for searching target resources when the intranet access request is received, and feeding the target resources back to the client through the proxy server; the target resource server is located in the internal network and cuts off the access right of the external network.
2. The system of claim 1, wherein the first function of the proxy server is a function that requests a target resource through an internal network, and wherein the first function is developed through a JAVA development tool.
3. The system of claim 1, wherein the second function of the proxy server is a function that receives an external access request, and wherein the second function is developed by a JAVA development tool.
4. A system according to claim 2 or 3, wherein the JAVA development tool is IntelliJ IDEA.
5. The system of claim 1, wherein the system further comprises a controller configured to control the controller,
the client is further configured to: and displaying the target resource.
6. A resource request method based on a reverse proxy mechanism, the method being performed by a proxy server, the method comprising:
receiving an external network access request sent by a client, wherein the client is positioned in an external network;
determining a target resource server where the requested target resource is located according to the external access request;
generating an intranet access request for acquiring the target resource;
sending the intranet access request to the target resource server so that the target resource server searches the target resource and returns the target resource to the client; the target resource server is positioned in the internal network and cuts off the access right of the external network;
and receiving the target resource fed back by the target resource server, and returning the target resource to the client.
7. A resource requesting device based on a reverse proxy mechanism, the device deployed on a proxy server, the device comprising:
the first receiving module is used for receiving an external network access request sent by a client, wherein the client is positioned in an external network;
the first determining module is used for determining a target resource server where the requested target resource is located according to the external access request;
the first generation module is used for generating an intranet access request for acquiring the target resource;
the first sending module is used for sending the intranet access request to the target resource server so that the target resource server searches target resources and returns the target resources to the client; the target resource server is positioned in the internal network and cuts off the access right of the external network;
and the second receiving module is used for receiving the target resource fed back by the target resource server and returning the target resource to the client.
8. A computer readable storage medium, having stored thereon a computer program which, when executed in a computer, causes the computer to perform a method implementing any of the claims 6.
9. A computing device comprising a memory having executable code stored therein and a processor that, when executing the executable code, implements the method of any of claims 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310820358.8A CN116886358A (en) | 2023-07-06 | 2023-07-06 | Secure heterogeneous system based on reverse proxy mechanism, resource request method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310820358.8A CN116886358A (en) | 2023-07-06 | 2023-07-06 | Secure heterogeneous system based on reverse proxy mechanism, resource request method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116886358A true CN116886358A (en) | 2023-10-13 |
Family
ID=88263665
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310820358.8A Pending CN116886358A (en) | 2023-07-06 | 2023-07-06 | Secure heterogeneous system based on reverse proxy mechanism, resource request method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116886358A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117319481A (en) * | 2023-11-29 | 2023-12-29 | 长沙普洛电气设备有限公司 | Port resource reverse proxy method, system and storage medium |
| CN119814883A (en) * | 2024-12-04 | 2025-04-11 | 天翼云科技有限公司 | Request processing method, device, electronic device and readable medium |
-
2023
- 2023-07-06 CN CN202310820358.8A patent/CN116886358A/en active Pending
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117319481A (en) * | 2023-11-29 | 2023-12-29 | 长沙普洛电气设备有限公司 | Port resource reverse proxy method, system and storage medium |
| CN117319481B (en) * | 2023-11-29 | 2024-02-27 | 长沙普洛电气设备有限公司 | Port resource reverse proxy method, system and storage medium |
| CN119814883A (en) * | 2024-12-04 | 2025-04-11 | 天翼云科技有限公司 | Request processing method, device, electronic device and readable medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110049022B (en) | Domain name access control method and device and computer readable storage medium | |
| US7536458B2 (en) | Distribution of binary executables and content from peer locations/machines | |
| EP1872216B1 (en) | System and method for detecting peer-to-peer network software | |
| US20100017853A1 (en) | System and method for selecting a web service from a service registry based on audit and compliance qualities | |
| US8825703B2 (en) | Control device, control method, and storage medium | |
| CN116886358A (en) | Secure heterogeneous system based on reverse proxy mechanism, resource request method and device | |
| US20120017094A1 (en) | Managing user accounts | |
| US10182126B2 (en) | Multilevel redirection in a virtual desktop infrastructure environment | |
| CN111404921B (en) | Webpage application access method, device, equipment, system and storage medium | |
| US20210092134A1 (en) | Threat intelligence information access via a DNS protocol | |
| CN104094554A (en) | Implicit SSL certificate management without server name indication (SNI) | |
| CN109995881A (en) | The load-balancing method and device of cache server | |
| US7818575B2 (en) | Efficient retrieval of cryptographic evidence | |
| CN109542862B (en) | Method, device and system for controlling mounting of file system | |
| CN103152391A (en) | Journal output method and device | |
| US8843915B2 (en) | Signature-based update management | |
| US8914436B2 (en) | Data processing device and data retriever | |
| CN106161519B (en) | A kind of information acquisition method and device | |
| EP4066459A1 (en) | Security service | |
| CN112988385B (en) | Request processing method, device, system, storage medium and electronic device | |
| US20080028082A1 (en) | Sip message delivery program | |
| CN113452778A (en) | Session keeping method, device, equipment, system and storage medium | |
| EP4272417B1 (en) | Recommendation and implementation systems and methods for edge computing | |
| US7383265B2 (en) | System and method for regulating an extensibility point's access to a message | |
| CN107733907A (en) | Dynamic protection method and apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |