Method and apparatus for managing proxy and non-proxy requests in telecommunications network
First Claim
1. A method of processing requests from proxy and non-proxy client session connections in a telecommunications network, comprising the steps of:
- receiving a request from a client session connection, wherein the request is directed to a first service;
determining whether the request is a proxy request from an authenticated user;
in response to determining that the request is a proxy request from an authenticated user and the authenticated user is authorized to access the first service from a particular access point through which the request was made, redirecting the request to a web proxy server;
in response to determining that the request is a proxy request from the authenticated user and that the authenticated user is not authorized to access the first service from the particular access point through which the request was made, redirecting the request to a transparent proxy port on a captive portal;
in response to determining that the request is not a proxy request from the authenticated user, redirecting the request to the transparent proxy port on the captive portal, wherein authorization comprises determining that a user is permitted to obtain the first service from the particular access point and authentication comprises validating an identity of the user;
wherein said redirecting the request further comprises the steps of;
if the request is directed to a service authorized for unauthenticated users, then the captive portal proxying the request received on the transparent proxy port, and if the request is directed to a service that is not authorized for unauthenticated users, then the captive portal redirecting the request to a web portal; and
wherein the method is performed by one or more computing devices comprising a router.
0 Assignments
0 Petitions
Accused Products
Abstract
A method is disclosed for determining a location of a client session in a telecommunications network by comparing attributes of the client session connection to location definition information stored in a configuration file. A method of handling requests from proxy and non-proxy client connections in a telecommunications network by redirecting requests from unauthenticated proxy clients to a transparent proxy port on a captive portal such that the captive portal proxies the requests is also disclosed. The request may be directed to a service, such as a destination IP address and optional port number. A method for a proxy server to identify an edge session through an out-of-band request containing proxy metadata to a web portal for secure (HTTPS) requests is also disclosed. The edge session is identified for the web portal through a hostkey determined by the proxy server.
-
Citations
17 Claims
-
1. A method of processing requests from proxy and non-proxy client session connections in a telecommunications network, comprising the steps of:
-
receiving a request from a client session connection, wherein the request is directed to a first service; determining whether the request is a proxy request from an authenticated user; in response to determining that the request is a proxy request from an authenticated user and the authenticated user is authorized to access the first service from a particular access point through which the request was made, redirecting the request to a web proxy server; in response to determining that the request is a proxy request from the authenticated user and that the authenticated user is not authorized to access the first service from the particular access point through which the request was made, redirecting the request to a transparent proxy port on a captive portal; in response to determining that the request is not a proxy request from the authenticated user, redirecting the request to the transparent proxy port on the captive portal, wherein authorization comprises determining that a user is permitted to obtain the first service from the particular access point and authentication comprises validating an identity of the user; wherein said redirecting the request further comprises the steps of; if the request is directed to a service authorized for unauthenticated users, then the captive portal proxying the request received on the transparent proxy port, and if the request is directed to a service that is not authorized for unauthenticated users, then the captive portal redirecting the request to a web portal; and wherein the method is performed by one or more computing devices comprising a router. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer readable non-transitory storage medium comprising one or more sequences of instructions which, when executed by one or more processors, cause the one or more processors to perform the steps of:
-
receiving a request from a client session connection, wherein the request is directed to a first service; determining whether the request is a proxy request from an authenticated user; in response to determining that the request is a proxy request from the authenticated user and the authenticated user is authorized to access the first service from a particular access point through which the request was made, redirecting the request to a web proxy server; in response to determining that the request is a proxy request from the authenticated user and that the authenticated user is not authorized to access the first service from the particular access point through which the request was made, redirecting the request to a transparent proxy port on a captive portal; in response to determining that the request is not a proxy request from an authenticated user, redirecting the request to the transparent proxy port on the captive portal, wherein authorization comprises determining that a user is permitted to obtain the first service from the particular access point and authentication comprises validating an identity of the user; and wherein the one or more sequences of instructions further comprise instructions which, when executed by one or more processors, cause the one or more processors to perform;
if the request is directed to a service authorized for unauthenticated users, then the captive portal proxying the request received on the transparent proxy port, and if the request is directed to a service that is not authorized for unauthenticated users, then the captive portal redirecting the request to a web portal. - View Dependent Claims (8, 9, 10, 11)
-
-
12. An apparatus, comprising:
-
a network interface that is coupled to the data network for receiving one or more packet flows therefrom; one or more processors; one or more stored sequences of instructions which, when executed by the one or more processors, cause the one or more processors to carry out the steps of; receiving a request from a client session connection, wherein the request is directed to a first service; determining whether the request is a proxy request from an authenticated user; in response to determining that the request is a proxy request from the authenticated user and the authenticated user is authorized to access the first service from a particular access point through which the request was made, redirecting the request to a web proxy server; in response to determining that the request is a proxy request from the authenticated user and the authenticated user is not authorized to access the first service from the particular access point through which the request was made, redirecting the request to a transparent proxy port on a captive portal; in response to determining that the request is not a proxy request from the authenticated user, redirecting the request to the transparent proxy port on the captive portal, wherein authorization comprises determining that a user is permitted to obtain the first service from the particular access point and authentication comprises validating an identity of the user; and wherein the one or more sequences of instructions further comprise instructions which, when executed by one or more processors, cause the one or more processors to perform;
if the request is directed to a service authorized for unauthenticated users, then the captive portal proxying the request received on the transparent proxy port, and if the request is directed to a service that is not authorized for unauthenticated users, then the captive portal redirecting the request to a web portal. - View Dependent Claims (13, 14, 15, 16, 17)
-
Specification