Systems and methods for securely and transparently proxying SAAS applications through a cloud-hosted or on-premise network gateway for enhanced security and visibility
First Claim
1. A method for providing access to an application, the method comprising:
- providing, by a device intermediary between a client and a server, access to an application hosted by the server, the access provided to the client via a link that generates a first hypertext transfer protocol (HTTP) request for the application;
receiving, by the device from the client, the first HTTP request generated via the provided link;
rewriting, by the device, an absolute uniform resource locator (URL) of the application indicated in the first HTTP request by replacing a server hostname of the server included in the absolute URL with a URL segment to obfuscate the server hostname in the rewritten absolute URL and hide the server hostname from at least the client, the URL segment generated by prefixing a unique string assigned to the obfuscated server hostname to a device hostname of the device; and
redirecting, by the device, the client to the rewritten absolute URL with the server hostname obfuscated, wherein a domain name system (DNS) server for the client is configured with a DNS entry comprising an expression, the expression of the DNS entry including a wildcard prefixed to the device hostname, to cause the DNS server to resolve the rewritten absolute URL to an internet protocol (IP) address of the device.
7 Assignments
0 Petitions
Accused Products
Abstract
Disclosed embodiments provide access to an application. An intermediary device may provide access to an application hosted by the server. The access may be provided to the client via a link that generates a first HTTP request for the application. The device may receive, from the client, the first HTTP request generated via the provided link. The device may rewrite an absolute URL of the application indicated in the first HTTP request, by replacing a first hostname of the server included in the absolute URL, with a URL segment generated by combining a unique string assigned to the first hostname with a second hostname of the device. The device may redirect the client to the rewritten absolute URL of the application.
47 Citations
20 Claims
-
1. A method for providing access to an application, the method comprising:
-
providing, by a device intermediary between a client and a server, access to an application hosted by the server, the access provided to the client via a link that generates a first hypertext transfer protocol (HTTP) request for the application; receiving, by the device from the client, the first HTTP request generated via the provided link; rewriting, by the device, an absolute uniform resource locator (URL) of the application indicated in the first HTTP request by replacing a server hostname of the server included in the absolute URL with a URL segment to obfuscate the server hostname in the rewritten absolute URL and hide the server hostname from at least the client, the URL segment generated by prefixing a unique string assigned to the obfuscated server hostname to a device hostname of the device; and redirecting, by the device, the client to the rewritten absolute URL with the server hostname obfuscated, wherein a domain name system (DNS) server for the client is configured with a DNS entry comprising an expression, the expression of the DNS entry including a wildcard prefixed to the device hostname, to cause the DNS server to resolve the rewritten absolute URL to an internet protocol (IP) address of the device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for providing access to an application, the system comprising:
a device that is intermediary between a client and a server, the device having a memory and at least one processor configured to; provide access to an application hosted by the server, the access provided to the client via a link that generates a first hypertext transfer protocol (HTTP) request for the application;
receive from the client the first HTTP request generated via the provided link;rewrite an absolute uniform resource locator (URL) of the application indicated in the first HTTP request by replacing a server hostname of the server included in the absolute URL with a URL segment to obfuscate the server hostname in the rewritten absolute URL and hide the server hostname from at least the client, the URL segment generated by prefixing a unique string assigned to the obfuscated server hostname to a device hostname of the device; and redirect the client to the rewritten absolute URL with the server hostname obfuscated, wherein a domain name system (DNS) server for the client is configured with a DNS entry comprising an expression, the expression of the DNS entry including a wildcard prefixed to the device hostname, to cause the DNS server to resolve the rewritten absolute URL to an internet protocol (IP) address of the device. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
Specification