Systems and methods for configuration driven rewrite of SSL VPN clientless sessions
First Claim
1. A method for rewriting by an intermediary content transmitted via a clientless secure socket layer virtual private network (SSL VPN) session between a client and a server, the method comprising:
- a) identifying, by an intermediary, an access profile for a request from a client to access content from a server if a clientless SSL VPN session is established between the client and the server, the access profile identified from a plurality of access profiles based on a rule applied on content of the request, the access profile comprising (i) a first rewrite policy for rewriting uniform resource locators (URLs) based on a type of the content transmitted by the server via the clientless SSL VPN session, the transmitted content comprising one or more types of content from a plurality of types of content accessible from the server, and (ii) one or more regular expressions to detect one or more URLs in the type of content served by the server via the clientless SSL VPN session, the intermediary bypassing the access profile for rewriting the URLs if a client based SSL VPN session is established between the client and the server;
b) detecting, by the intermediary responsive to the one or more regular expressions of the identified access profile, one or more URLs in content served by the server in response to the request if the clientless SSL VPN session is established; and
c) rewriting, by the intermediary responsive to the detection, the one or more detected URLs in accordance with a URL transformation specified by the first rewrite policy if the clientless SSL VPN session is established.
8 Assignments
0 Petitions
Accused Products
Abstract
The present disclosure provides solutions for an enterprise providing services to a variety of clients to enable the client to use the resources provided by the enterprise by modifying URLs received and the URLs from the responses from the servers to the client'"'"'s requests before forwarding the requests and the responses to the intended destinations. An intermediary may identify an access profile for a clients'"'"' request to access a server via a clientless SSL VPN session. The intermediary may detect one or more URLs in content served by the server in response to the request using one or more regular expressions of the access profile. The intermediary may rewrite or modify, responsive to detecting, the one or more detected URLs in accordance with a URL transformation specified by one or more rewrite policies of the access profile. The response with modified URLs may be forwarded to the client.
32 Citations
20 Claims
-
1. A method for rewriting by an intermediary content transmitted via a clientless secure socket layer virtual private network (SSL VPN) session between a client and a server, the method comprising:
-
a) identifying, by an intermediary, an access profile for a request from a client to access content from a server if a clientless SSL VPN session is established between the client and the server, the access profile identified from a plurality of access profiles based on a rule applied on content of the request, the access profile comprising (i) a first rewrite policy for rewriting uniform resource locators (URLs) based on a type of the content transmitted by the server via the clientless SSL VPN session, the transmitted content comprising one or more types of content from a plurality of types of content accessible from the server, and (ii) one or more regular expressions to detect one or more URLs in the type of content served by the server via the clientless SSL VPN session, the intermediary bypassing the access profile for rewriting the URLs if a client based SSL VPN session is established between the client and the server; b) detecting, by the intermediary responsive to the one or more regular expressions of the identified access profile, one or more URLs in content served by the server in response to the request if the clientless SSL VPN session is established; and c) rewriting, by the intermediary responsive to the detection, the one or more detected URLs in accordance with a URL transformation specified by the first rewrite policy if the clientless SSL VPN session is established. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An intermediary for rewriting content transmitted via a clientless secure socket layer virtual private network (SSL VPN) session between a client and a server, the intermediary comprising:
-
a policy engine executing on a hardware processor, for identifying an access profile for a request from a client to access content from a server if a clientless SSL VPN session is established between the client and the server, the access profile identified from a plurality of access profiles based on a rule applied on content of the request, the access profile comprising (i) a first rewrite policy for rewriting uniform resource locators (URLs) based on a type of the content transmitted by the server via the clientless SSL VPN session, the transmitted content comprising one or more types of content from a plurality of types of content accessible from the server, and (ii) one or more regular expressions to detect one or more URLs in the type of content served by the server via the clientless SSL VPN session, the intermediary bypassing the access profile for rewriting the URLs if a client based SSL VPN session is established between the client and the server; a detector for detecting responsive to the one or more regular expressions of the identified access profile, one or more URLs in content served by the server in response to the request if the clientless SSL VPN session is established; and a rewriter for rewriting responsive to the detector the one or more detected URLs in accordance with a URL transformation specified by the first rewrite policy if the clientless SSL VPN session is established. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method for rewriting by an intermediary content transmitted via a clientless secure socket layer virtual private network (SSL VPN) session between a client and a server, the method comprising:
-
a) identifying, by an intermediary, an access profile for a request from a client to access content from a server if a clientless SSL VPN session established between the client and the server, the access profile identified from a plurality of access profiles based on a rule applied on content of a request from the client, the access profile comprising a plurality of rewrite policies and a plurality of regular expressions, each of the plurality of rewrite policies specifying a transformation for a type of content transmitted by the server via the clientless SSL VPN session, the transmitted content comprising one or more types of content from a plurality of types of content accessible from the server, and each of the plurality of regular expressions specify a regular expression to detect uniform resource locators (URLs) in each of the plurality of types of content, the intermediary bypassing the access profile for transformation of the URLs if a client based SSL VPN session is established between the client and the server; b) determining, by the intermediary, the type of content served by the server in response to the request if the clientless SSL VPN session is established; c) detecting, by the intermediary, one or more URLs in the content based on the regular expression specified for the determined type of content via the identified access profile if the clientless SSL VPN session is established; and d) rewriting, by the intermediary, a portion of the content based on the type of content and a rewrite policy from the plurality of rewrite policies for the type of content if the clientless SSL VPN session is established.
-
Specification