Network access using reverse proxy

US 20050262357A1
Filed: 03/11/2005
Published: 11/24/2005
Est. Priority Date: 03/11/2004
Status: Abandoned Application

First Claim

Patent Images

1. A method for accessing a network comprising:

receiving at a proxy server a request from a user at a client for accessing a server on a private network;

authenticating the user, to determine whether the user is authorized to make the request;

validating the request, to determine whether the request is permitted; and

if the user is authorized and the request is permitted;

translating the request into a request from the proxy server to the server, and forwarding the translated request to the server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security platform connected to a private network permits access to the private network from a public network (such as the Internet) through a variety of mechanisms. A reverse proxy system operating as part of the security platform provides access to web-enabled applications from a browser connected to the public network. The reverse proxy rewrites requests and responses so that the browser directs requests to the reverse proxy, from which the requests can be directed to the appropriate server on the public network or the private network. Responses come back to the reverse proxy, and are then forwarded to the browser. An SSL tunneling system permits fat clients to access the private network through an SSL connection. The SSL tunneling system employs a server component operating on the security platform and components downloaded to the client computer from the security platform. The client components include a control component operating in a browser window, a server-proxy component that sets up secure communications with the private network, and an adapter component between the server-proxy and the fat client. The adapter component operates in kernel space. Data is directed from the fat client to the adapter, and then forwarded to the server-proxy; data from the server-proxy is directed to the adapter, and then forwarded to the fat client. Security is provided through the use of multiple authentication realms, each of which provides a set of authentication stages for authenticating users and providing client integrity validation.

140 Citations

26 Claims

1. A method for accessing a network comprising:
- receiving at a proxy server a request from a user at a client for accessing a server on a private network;
  
  authenticating the user, to determine whether the user is authorized to make the request;
  
  validating the request, to determine whether the request is permitted; and
  
  if the user is authorized and the request is permitted;
  
  translating the request into a request from the proxy server to the server, and forwarding the translated request to the server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 2. The method according to claim 1, further comprising:
    - receiving a response from the server;
      
      translating the response into a response from the proxy server; and
      
      forwarding the translated response to the client.
  - 3. The method according to claim 2, wherein translating the response includes disabling translation of a portion of the response from the proxy server.
  - 4. The method according to claim 3, wherein disabling translation of a portion of the response includes removing a portion of the response, and wherein forwarding the translated response to the client includes omitting the removed portion from the translated response forwarded to the client.
  - 5. The method according to claim 4, wherein removing a portion of the response includes removing JavaScript code.
  - 6. The method according to claim 4, wherein removing a portion of the response includes removing identification information about the server.
  - 7. The method according to claim 4, wherein removing a portion of the response includes removing header information.
  - 8. The method according to claim 4, wherein removing a portion of the response includes removing a cookie from the response.
  - 9. The method according to claim 8, further comprising storing the removed cookie at the proxy server.
  - 10. The method according to claim 2, wherein translating the response includes translating parameters that are recognized, and not translating parameters that are not recognized, and wherein forwarding the translated response to the client includes forwarding the parameters that are translated and the parameters that are not translated with the translated response.
  - 11. The method according to claim 2, wherein translating the response includes translating a references to a URL to point to the proxy server, and including with the translated reference to the URL a reference to the original server to which the URL pointed.
  - 12. The method according to claim 2, wherein translating the response includes rewriting a PARAM value.
  - 13. The method according to claim 2, further comprising sending to the client a translation module to be executed along with the translated response.
  - 14. The method according to claim 13, wherein sending to the client a translation module includes sending to the client a translation module that executes JavaScript included in the translated response.
  - 15. The method according to claim 2, further comprising configuring the extent of translation of the response, and wherein translating the response includes analyzing the response for translation according to the configuration of the extent of translation.
  - 16. The method according to claim 2, wherein translating the response includes analyzing content within the response to determine a MIME type for the content.
  - 17. The method according to claim 2, wherein forwarding the translated response includes sending cookie information to the client in a JavaScript variable.
  - 18. The method according to claim 1, wherein validating the request includes determining whether the user is authorized to access the server.
  - 19. The method according to claim 1, wherein validating the request includes determining whether the IP address of the client is authorized to access the server.
  - 20. The method according to claim 1, wherein validating the request includes determining the security of the connection between the client and the proxy server.
  - 21. The method according to claim 1, further comprising caching a set of user credentials, and sending the user credentials to the server in response to an authentication request from the server.
  - 22. The method according to claim 1, wherein translating the request into a request from the proxy server to the server includes using the referrer variable to translate the request.
  - 23. The method according to claim 1, wherein translating the request into a request from the proxy server to the server includes translating a reference to a specific page at the proxy server to a reference to the specific page at the server.
  - 24. The method according to claim 23, further comprising maintaining a set of references to specific pages at the proxy server that each should be translated to a corresponding specific page at a particular server.

25. A computer program product, residing on a computer-readable medium, for use in accessing a network, the computer program product comprising instructions for causing a computer to:
- receive at a proxy server a request from a user at a client for accessing a server on a private network;
  
  authenticate the user, to determine whether the user is authorized to make the request;
  
  validate the request, to determine whether the request is permitted; and
  
  if the user is authorized and the request is permitted;
  
  translate the request into a request from the proxy server to the server, and forward the translated request to the server.
- View Dependent Claims (26)
- - 26. The computer program product according to claim 25, further comprising instructions for causing the computer to:
    - receive a response from the server;
      
      translate the response into a response from the proxy server; and
      
      forward the translated response to the client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AEP Networks, Inc. (AEP Networks Ltd.)
Original Assignee
AEP Networks, Inc. (AEP Networks Ltd.)
Inventors
Tikhonov, Dmitri, Araujo, Kenneth, Best, Reginald P., Heitmueller, Devin

Application Number

US11/078,001
Publication Number

US 20050262357A1
Time in Patent Office

Days
Field of Search
US Class Current

713/182
CPC Class Codes

H04L 63/0227   Filtering policies mail mes...

H04L 63/0272   Virtual private networks

H04L 63/0823   using certificates cryptogr...

H04L 63/166   at the transport layer

Network access using reverse proxy

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

140 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Network access using reverse proxy

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

140 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links