Systems and methods for secured web application data traffic
First Claim
1. A system for access to an application of a server, the system comprising:
- a device intermediary between a client and a server, the device including at least one hardware processor;
an application manager executable on the device, the application manager configured to provide the client access to an application of the server; and
a service node of the device, the service node configured to;
receive a first request from the client via the application manager, the first request specifying a fully qualified domain name of the server to initiate access to the application, wherein the first request includes a content uniform resource locator (URL) and a prelaunch URL;
send a uniform resource locator (URL) prefix generated by the service node, to a predetermined termination node for secure connection to the server, the URL prefix comprising a key for identifying the predetermined termination node;
receive a client hello message from the client that includes a first field incorporating the URL prefix, and send the client hello message to the predetermined termination node having a wildcard certificate of the server matching a hostname of the first field;
send, responsive to identifying the predetermined termination node using the URL prefix incorporated in the first field, the client hello message to the predetermined termination node to initiate a handshake with the client using the wildcard certificate, for establishing a secure session layer (SSL) channel between the client and the predetermined termination node for a SSL session of the application; and
direct, to the predetermined termination node for decryption, a communication of the SSL session from the client to the predetermined termination node using the established SSL channel, according to the URL prefix incorporated in a server name indication (SNI) field of the communication.
9 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for secured access to cloud-based applications or services include a service node that may receive a request from client including a URL associated with an application manager. The service node may send a URL prefix identifying a termination to the termination node. The service node may receive a client hello message from the client that includes a first field incorporating the URL prefix, and may send the client hello message to the termination node to initiate a handshake with the client using a wildcard certificate of server, for establishing a SSL channel between the client and the termination node for a session of the application. The service node can direct a communication of the session from the client to the predetermined termination node, for decryption, using the established SSL channel, according to the URL prefix incorporated in a server name indication (SNI) field of the communication.
-
Citations
20 Claims
-
1. A system for access to an application of a server, the system comprising:
-
a device intermediary between a client and a server, the device including at least one hardware processor; an application manager executable on the device, the application manager configured to provide the client access to an application of the server; and a service node of the device, the service node configured to; receive a first request from the client via the application manager, the first request specifying a fully qualified domain name of the server to initiate access to the application, wherein the first request includes a content uniform resource locator (URL) and a prelaunch URL; send a uniform resource locator (URL) prefix generated by the service node, to a predetermined termination node for secure connection to the server, the URL prefix comprising a key for identifying the predetermined termination node; receive a client hello message from the client that includes a first field incorporating the URL prefix, and send the client hello message to the predetermined termination node having a wildcard certificate of the server matching a hostname of the first field; send, responsive to identifying the predetermined termination node using the URL prefix incorporated in the first field, the client hello message to the predetermined termination node to initiate a handshake with the client using the wildcard certificate, for establishing a secure session layer (SSL) channel between the client and the predetermined termination node for a SSL session of the application; and direct, to the predetermined termination node for decryption, a communication of the SSL session from the client to the predetermined termination node using the established SSL channel, according to the URL prefix incorporated in a server name indication (SNI) field of the communication. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for accessing an application of a server, the method comprising:
-
providing, by an application manager of a device intermediary between a client and a server, access to the application of the server; receiving, by a service node of the device via the application manager, a first request from the client specifying a fully qualified domain name of the server, wherein the first request includes a content uniform resource locator (URL) and a prelaunch URL; sending, by the service node, a uniform resource locator (URL) prefix generated by the service node, to a predetermined termination node for secure connection to the server, the URL prefix comprising a key for identifying the predetermined termination node; receiving, by the service node, a client hello message from the client that includes a first field, and send the client hello message to the predetermined termination node having a wildcard certificate of the server matching a hostname of the first field; sending, by the service node responsive to identifying the predetermined termination node using the URL prefix incorporated in the first field, the client hello message to the predetermined termination node to initiate a handshake with the client using the wildcard certificate, for establishing a secure session layer (SSL) channel between the client and the predetermined termination node for a SSL session of the application; and directing, by the service node to the predetermined termination node for decryption, a communication of the SSL session from the client to the predetermined termination node using the established SSL channel, according to the URL prefix incorporated in a SNI field of the communication. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification