Selectively forced redirection of network traffic

US 6,718,390 B1
Filed: 01/05/1999
Issued: 04/06/2004
Est. Priority Date: 01/05/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method of redirecting a request from a client that may be served by a first server which lacks a Secure Sockets Layer (SSL) capability to a second server that has the Secure Sockets Layer (SSL) capability, the method comprising the computer-implemented steps of:

receiving a client request at the second server, wherein the client request requires use of the Secure Sockets Layer (SSL) capability, determining whether the client request requires use of the Secure Sockets Layer (SSL) capability, automatically forwarding the client request to the first server;

receiving a result message from the first server;

identifying, in the result message, references to resources of the first server;

selectively replacing the references to resources of the first server with translated references that reference the second server, only when the client request requires use of the Secure Sockets Layer (SSL) capability, and sending the translated references to the client as a response to the client request.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of redirecting a client request received by a second server to a first server. The client request requires use of a Secure Sockets Layer (SSL) capability. The client request is received at the second serve and automatically forwarded or redirected to the first server, The first server processes the request and generates a result message. The first server sends the result message to the second server. A process at the second server identifies, in the, result message, reference to resources of the first server. The references to resources of the first server are replaced with translated references that reference the second server, and the translated references are sent to the client as a response to the client request. Subsequent client requests that are based on the, response or the result message are always directed to the second server rather than to the first server.

Citations

23 Claims

1. A method of redirecting a request from a client that may be served by a first server which lacks a Secure Sockets Layer (SSL) capability to a second server that has the Secure Sockets Layer (SSL) capability, the method comprising the computer-implemented steps of:
- receiving a client request at the second server, wherein the client request requires use of the Secure Sockets Layer (SSL) capability, determining whether the client request requires use of the Secure Sockets Layer (SSL) capability, automatically forwarding the client request to the first server;
  
  receiving a result message from the first server;
  
  identifying, in the result message, references to resources of the first server;
  
  selectively replacing the references to resources of the first server with translated references that reference the second server, only when the client request requires use of the Secure Sockets Layer (SSL) capability, and sending the translated references to the client as a response to the client request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method recited in claim 1, further comprising the steps of:
3. The method recited in claim 1, wherein the identifying step comprises the steps of:
- parsing the result message to identify one or more tags that are associated with references to resources of the first server; and
  
  matching the tags to attributes that identify resources of the first server.
4. The method recited in claim 3, wherein the selectively replacing step comprises the steps of:
- attaching, to each of the references to resources of the first server, a value that identifies a process of the second server that carries out the identifying step and the selectively replacing step.
5. The method recited in claim 1, wherein the selectively replacing step comprises the steps of:
- attaching, to each of the references to resources of the first server, a value that identifies a process of the second server that carries out the identifying step and the selectively replacing step.
6. The method recited in claim 1,wherein the step of receiving a client request at the second server comprises the steps of receiving a client HTTP request at a second Web server;
- wherein the step of automatically forwarding the client request to the first server comprises the steps of redirecting the client HTTP request to a first Web server, wherein the step of receiving a result message from the first server comprises the steps of receiving an HTTP response message from the first Web server that contains an HTML document.
7. The method recited in claim 6,wherein the step of identifying, in the result message, references to resources of the first server comprises the steps of parsing the HTML document to identify one or more URLs.
8. The method recited in claim 6,wherein the step of identifying, in the result message, references to resources of the first server comprises the steps of parsing the HTML document to identify one or more relative URLs that lack an explicit reference to the first server or one or more URLs that explicitly reference the first server.
9. The method recited in claim 6,wherein the steps of identifying and selectively replacing are carried out using a CGI script that may contain one or more associated software elements, and wherein the step of selectively replacing comprises the steps of attaching, to each of the references to resources of the first server, a value that identifies the CGI script.
10. The method recited in claim 1, wherein the steps of identifying, selectively replacing and sending comprise the steps of:
- stream tokenizing the result message into a plurality of tags, each of the tags having zero or more attributes;
  
  storing in an output message any tags that are not associated with references to resources of the first server;
  
  for each tag that is associated with a reference to a resource of the first server;
  
  identifying a resource attribute associated with the tag that identifies the resource;
  
  prepending a value, which identifies a software element that cries out the steps of identifying and replacing, to the resource attribute; and
  
  storing the tag, value, and resource attribute in the output message.
11. A method as recited in claim 1, wherein the client request is a request to log in to an access server that does not require the Secure Sockets Layer (SSL) capability, and wherein the step of selectively replacing the references is not performed, such that the client request may be serviced directly by the access server.

12. A data communications apparatus that redirects a request received from a client that is communicatively coupled over a network to a first server that hosts a resource that may respond to the request, comprising:
- a second server that has a Secure Sockets Layer (SSL) capability coupled to the first server, which lacks the Secure Sockets Layer (SSL) capability;
  
  means in the second server for receiving the request at the second server, wherein the request requires use of the Secure Sockets Layer (SSL) capability, determining whether the request requires use of the Secure Sockets Layer (SSL) capability, automatically forwarding the request to the first server, receiving a result message from the first server, identifying, in the result message, references to resources of the first server, selectively replacing the references to resources of the first server with translated references that reference the second server only when the request requires use of the Secure Sockets Layer (SSL) capability, and sending the translated references to the client as a response to the request.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The apparatus recited in claim 12, wherein the second server further comprises means for receiving, at the second server, a second client request based on the response, and, for the second client request, for repeating the steps of determining, automatically forwarding, receiving a result message, identifying, selectively replacing, and sending.
  - 14. The apparatus recited in claim 12, wherein the second server further comprises means for parsing the result message to identify one or more tags that are associated with references to resources of the first server, and for matching the tags to attributes that identify resources of the first server.
  - 15. The apparatus recited in claim 14, wherein the second server further comprises means for attaching, to each of the references to resources of the first server, a value that identifies a process of the second server that carries out the identifying step and the selectively replacing step.
  - 16. The apparatus recited in claim 12, wherein the second server further comprises means for attaching, to each of the references to resources of the first server, a value that identifies a process of the second server that carries out the identifying step and the selectively replacing step.
  - 17. The apparatus recited in claim 12, wherein the second server further comprises means for receiving a client HTTP request at a second Web server, redirecting the client HTTP request to a first Web server, and receiving an HTTP response message from the first Web server that contains an HTML document.
  - 18. The apparatus recited in claim 17, wherein the second server further comprises means for parsing the HTML document to identify one or more URLs.
  - 19. The apparatus recited in claim 17, wherein the second server further comprises means for parsing the HTML document to identify one or more relative URLs that lack an explicit reference to the first server or one or more URLs that explicitly reference the first server.
  - 20. The apparatus recited in claim 17, wherein the second server further comprises a CGI script that may contain one or more associated software elements, and wherein the second server further comprises means for attaching, to each of the references to resources of the first server, a value that identifies the CGI script.
  - 21. The apparatus recited in claim 12, wherein the second server further comprises means for stream tokenizing the result message into a plurality of tags, each of the tags having zero or more attributes, for storing in an output message any tags that are not associated with references to resources of the first server, and, for each tag that is associated with a reference to a resource of the first server, for identifying a resource attribute associated with the tag that identifies the resource, prepending a value, which identifies a software-element that carries out the steps of identifying and selectively replacing, to the resource attribute, and storing the tag, value, and resource attribute in the output message.
  - 22. A data communications apparatus as recited in claim 12, wherein the client request is a request to log in to an access server that does not require the Secure Sockets Layer (SSL) capability, and wherein the means of selectively replacing the references is not performed, such that the client request may be serviced directly by the access server.

23. A computer-readable medium carrying one or more sequences of instructions for redirecting a client request of a client that may be serviced by a first server which lacks a Secure Sockets Layer (SSL) capability, to a second server which has the Secure Sockets Layer (SSL) capability, wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform the steps of:
- receiving a client request at the second server, wherein the client requires use of the Secure Sockets Layer (SSL) capability;
  
  determining whether the client request requires use of the Secure Sockets Layer (SSL) capability;
  
  automatically forwarding the client request to the first server;
  
  receiving a result message from the first server;
  
  identifying, in the result message, references to resources of the first server;
  
  selectively replacing the references to resources of the first server with translated references that reference the second server only when the client request requires use of the Secure Sockets Layer (SSL) capability; and
  
  sending the translated references to the client as a response to the client request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Still, David N., Calabrese, John S.
Primary Examiner(s)
Follansbee, John
Assistant Examiner(s)
CAO, DIEM K

Application Number

US09/225,909
Time in Patent Office

1,918 Days
Field of Search

709/201-203, 709/217-218, 709/227-229, 709/246, 709/311, 713/201
US Class Current

709/229
CPC Class Codes

H04L 63/0281   Proxies

H04L 63/0428   wherein the data content is...

H04L 63/166   at the transport layer

H04L 67/02   based on web technology, e....

H04L 67/1001   for accessing one among a p...

H04L 67/563   Data redirection of data ne...

H04L 67/63   Routing a service request d...

H04L 69/329   in the application layer [O...

Selectively forced redirection of network traffic

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Selectively forced redirection of network traffic

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links