Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

System that transparently supports multiple revere proxies

IP.com Disclosure Number: IPCOM000198177D
Publication Date: 2010-Jul-29

Publishing Venue

The IP.com Prior Art Database

Abstract

Reverse proxies are commonly used in enterprise environments. In some cases, it is required to configure multiple reverse proxies on the web application for both intranet and internet, or for different departments, to separate different user group and provide different levels of access control. However there are several difficulties with this requirement, such as support for unstructured data used in Web 2.0, performance hits in content filtering and access controls. This invention is proposing a system which leverage the VIA header in HTTP/1.1 specification to transparently support multiple reverse proxies and address the difficulties mentioned above.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 35% of the total text.

Page 1 of 10

System that transparently supports multiple revere proxies

BRIEF


Reverse proxies are commonly used in enterprise environments. In some cases, it is required to configure multiple reverse proxies on the web application for both intranet and internet, or for different departments, to separate different user group and provide different levels of access control. However there are several difficulties with this requirement, such as support for unstructured data used in Web 2.0, performance hits in content filtering and access controls. This invention is proposing a system which leverage the VIA header in HTTP/1.1 specification to transparently support multiple reverse proxies and address the difficulties mentioned above.

BACKGROUD


Reverse proxies are commonly used in enterprise environments. In some cases, it is required to configure multiple reverse proxies on the web application for both intranet and internet, or for different departments, to separate different user group and provide different levels of access control. However there are several difficulties with this requirement
1. The common approach relies on the content filtering function in reverse proxy where an absolute URL is required. However the content filter function for URL replace is far from perfect. They cannot handle arbitrary content type, such as JSON which is commonly used in Web2.0 applications
2. The web application itself is not able to tell from which reverse proxy this web application is accessed nor the protocol scheme, so that it has to treat all requests equally, the support of multiple reverse proxies need extra request attributes and special handling in web application for these attributes.
3.

No additional access control based on reverse proxy can be applied

                                        . The user might have different privileges when he logs in to internal website or external website. It is difficult to achieve that with existing web applications.

Figure 1 describes the typical deployment of multiple reverse proxy and the HTTP traffic within the deployment

1

Page 2 of 10

Figure.1 Deployment Diagram

2

[This page contains 1 picture or other non-text object]

Page 3 of 10

ADVANTAGES
1. The web application can easily tell the user requested host with the imitated HTTP request transparently without knowing anything about the front-end configurations and no extra development efforts.
2. By generating URLs at response time with the user requested host, applications can always generate the correct URL in arbitrary content, which avoids content filtering issues on reverse proxies and also improves the throughput of proxies.
3. Finer grained access controls can be applied easily based on request routing, in addition to URL patterns provided by reverse proxies and user/groups role mapping in application server.

METHOD AND SYSTEM OVERVIEW

Our proposed system
1. Utilizes the VIA header in HTTP request to retrieve request routing information. This header is part of HTTP specification and supported by a...