613 results about "Reverse proxy" patented technology

A security platform connected to a private network permits access to the private network from a public network (such as the Internet) through a variety of mechanisms. A reverse proxy system operating as part of the security platform provides access to web-enabled applications from a browser connected to the public network. The reverse proxy rewrites requests and responses so that the browser directs requests to the reverse proxy, from which the requests can be directed to the appropriate server on the public network or the private network. Responses come back to the reverse proxy, and are then forwarded to the browser. An SSL tunneling system permits fat clients to access the private network through an SSL connection. The SSL tunneling system employs a server component operating on the security platform and components downloaded to the client computer from the security platform. The client components include a control component operating in a browser window, a server-proxy component that sets up secure communications with the private network, and an adapter component between the server-proxy and the fat client. The adapter component operates in kernel space. Data is directed from the fat client to the adapter, and then forwarded to the server-proxy; data from the server-proxy is directed to the adapter, and then forwarded to the fat client. Security is provided through the use of multiple authentication realms, each of which provides a set of authentication stages for authenticating users and providing client integrity validation.

The invention is a method and system for testing variations of website content useful to optimize website visitor conversions. The invention includes integrating test variations of website content with web analytics platforms so that website variations can be tracking and analyzed within web analytics reporting systems. The invention helps website operators create content variations, and then scientifically test and measure the impact of those variations on conversion rates. The invention includes a method of using a reverse proxy server to introduce page variations on existing website content without needing to modify the existing web server. Using the reverse proxy server, the invention automatically injects values, associated with website variations, into web page tags used with web analytics platforms. The invention makes it possible to test any number of website variations and access such data from within web analytics platforms. The invention also provides a method to automatically transform web page tags of a first web analytics platform to web page tags of a second web analytics platform to easily try new third party web analytics solutions.

The invention includes a method and system for optimizing web visitor conversion—the science of measuring, testing, and improving the rate at which website visitors respond to website content. The system helps website operators create content variations, and then scientifically test and measure the impact of those variations on conversion rates. The invention includes a method of using a reverse proxy server to introduce page variations on existing website content without needing to modify the existing target server. The invention makes it possible to test any number of variations—in any combination—on a target server's visitors. Website operators learn how content variations impact visitor behavior and conversion rates.

Network services are provided by a network coupled back-end server that is accessed by an intermediary server such as a reverse proxy server. A service request is received at the back-end server via the intermediary server. The back-end server forms a first document in response to the service request. The first document contains a data generation directive targeted for the intermediary server. The first document is sent to the intermediary server. Additional data is generated at the intermediary server using the data generation directive and a second document is formed using the first document and the additional data. The second document is then sent from the intermediary server to an originator of the service request.

A Security Assertion Markup Language (SAML) conversation is intercepted in an enhanced Reverse Proxy server computer located in the path between a user and a server computer that provide cloud application services to the user. During authentication, the SAML assertion signature is modified in the enhanced Reverse Proxy such that the enhanced Reverse Proxy and the user can share an encryption key. The modified assertion signature permits a common session key to be shared by the enhanced Reverse Proxy and a targeted application in the server, thus enabling the user to be authenticated, and subsequently to communicate via the enhanced Reverse Proxy in a secure session with an application in the server.

A method, system, and computer program product is presented for providing access to a set of resources in a distributed data processing system. A reverse proxy server receives a resource request from a client and determines whether or not it is managing a session identifier that was previously associated with the client by the reverse proxy server; if so, it retrieves the session identifier, otherwise it obtains a session identifier and associates the session identifier with the client using information that is managed by the reverse proxy server. The reverse proxy server then modifies the resource request to include the session identifier and forwards the modified resource request to an application server.

A method, system and apparatus for managing an interposed reverse proxy. The method can include comparing within a markup language document, a host address for the markup language document and a codebase address for a code base supporting logic disposed within the markup language document. If the host address and the codebase address differ, it can be concluded that a reverse proxy has obscured from view a server source of the markup language document. The method of the invention further can include retrieving a server affinity identifier for the server source from the configuration tags for the logic. Responsive to concluding that a reverse proxy has obscured from view a server source of the markup language document, a tunneled connection to the server source can be attempted through the reverse proxy by inserting the server affinity identifier in an address specified in the attempt.

A recommendation appliance, system and method are provided for generating and deploying additional web page content or functionality (e.g., retail recommendations) to an existing web page server system. For example, the present invention may be embodied as a reverse proxy server that is inserted as an intermediate network node between a web server and the end users accessing the web server. In this position, the recommendation appliance can introduce recommendation messages to web pages generated by the web server without requiring any modification to the code or architecture of the web server. In addition, the appliance may separately track the transaction activities of end users who receive recommendation messages and the transaction activities of end users who do not receive recommendation messages, so that a comparison of the effectiveness of the recommendations may efficiently be demonstrated without requiring any modification to the code or architecture of the web server.

A method and apparatus for processing requests for delivery of electronic content is provided. According to one aspect of the invention, a request for delivery of first electronic content is received, where (1) the request is for delivery of the first electronic content to a destination client that is not on a local network, and (2) the first electronic content includes one or more links that are only resolvable within the local network. In response to the request, the first electronic content is retrieved, and first updated content is generated by modifying the one or more links associated with the first electronic content to include information identifying a server that can be addressed outside the local network. The first updated content is then delivered to the destination client.

The invention discloses a malicious URL detection intervention system. The system comprises a DNS proxy device, a credit evaluation device and a traffic intervention device, wherein the DNS proxy device is suitable for receiving a domain name resolution request, requesting a domain name credit evaluation device for the credit of a domain name, and returning back an IP address of the traffic intervention device to a user if the credit indicates that the domain name has security risks; the credit evaluation device comprises a domain name credit library, and is suitable for returning back the credit of the domain name in response to the request of the credit of the domain name; and the traffic intervention device is suitable for receiving an access request from the user and performing protocol identification for the access request, and is also suitable for extracting a URL from the access request which is identified as a request of a HTTP or HTTPS protocol, matching the URL with a malicious RUL library, and if matching is failed, being used as a reverse proxy to realize communication of the user and a destination server. The invention also discloses a corresponding domain name credit determining apparatus, a corresponding domain name credit library establishing apparatus and methods.

Managing microservice function requests is provided. A request originating from a browser of the computer to execute a function corresponding to a microservice locally deployed on the computer is received using a software development kit operating in the computer. The request to execute the function is routed to the microservice using a local reverse proxy running in the software development kit. Other requests originating from the browser of the computer to execute one or more other functions corresponding to one or more microservices in a remotely deployed microservice architecture that interact with the function corresponding to the microservice are received using the software development kit. The other requests to execute the one or more other functions corresponding to the one or more microservices in the remotely deployed microservice architecture are routed, via a single uniform resource locator corresponding to a remote reverse proxy, using the local reverse proxy.

The invention provides a method for realizing WEB reverse proxy. After the user side inputs a first WEB reverse proxy processing request in the bookmark bar or the interface input box of a browser, the method comprises the following steps: the client transmits HTTP (Hyper Text Transport Protocol) / HTTPS request, the Uniform Resource Locator (URL) of the request includes an address of reverse proxy server SSLVPN (Secure Socket Layer Virtual Private Network), an address of an accessed background server and a resource route of the accessed background server; the reverse proxy server SSLNPN extracts the address and the resource route of the accessed background server and forwards the request normally after intercepting the request. In the invention, a response header processes the HTTP request without any replacement in the HTML (Hyper Text Markup Language) page, a relative URL process and an absolute URL format process based on the redirection can be efficiently finished on the Web server by a formative URL.

A method for establishing and maintaining a Single Sign-on between a reverse proxy and a back-end server can include instigating an authentication process through a browser for a user to obtain access to the back-end server, intercepting a login page from the back-end server at the reverse proxy and adding a routine thereto, thereby loading an asynchronous engine on the browser executing a login process with an authentication profiling service, in order to retrieve the login information for the back-end server, and completing the authentication process with the back-end to allow the user access the back-end server through the asynchronous engine.

A reliable and secure data-center. The data center includes a first data-center tier that is adapted to connect to an external network and an internal portion of the data center. A first firewall instance interfaces the first tier and the external network. A second firewall instance interfaces the first tier and the internal portion of the data center. In a more specific embodiment, the first firewall instance and the second firewall instance accommodate Internet Protocol SECurity (IPSEC) terminations using one or more VPNSMs. In this embodiment, the first data-center tier implements a core tier that includes one or more core switches that facilitate implementing the first firewall instance and the second firewall instance. The interior portion of the network represents a DeMilitarized Zone (DMZ) that includes a second tier that is connected between the first data-center tier and a third tier. The second tier implements an aggregation tier that includes one or more aggregation switches that facilitate implementing reverse-proxy caching. Overall Layer-3 design methodology is used within each tier and across tiers for optimized packet switching. The aggregation tier includes one or more aggregation-tier service modules for implementing load balancing, Secure Socket Layer (SSL) offloading, and/or the reverse-proxy caching.

Cloud service providers provide resources on a plurality of hosts some of which furthermore reside in different domains. An enhanced Reverse Proxy server is described which is configured to access hosts of multiple domains, handling client requests transparently. A request from a client to any of the supported service provider target hosts is addressed to a path in the domain of the reverse proxy server, and is formatted to include the target host domain coded as a short form name which is inserted in the path component of the request. Arguments in JavaScript calls of the response from the target host to the client are modified to ensure that future JavaScript operations generate similarly formatted requests. The enhanced Reverse Proxy translates Universal Resource Locators (URLs) of traffic between hosts of the service provider and the client in both directions accordingly.

The invention discloses a high concurrency load balancing system based on Nginx and Redis. The Nginx is taken as a reverse proxy server to conduct reverse proxy on high concurrency requests from multiple clients to distribute the high concurrency requests to different Tomcat servers, the Redis is used as a cache database to be used for saving a real-time calculated cache queue and accelerating thequery efficiency of the database, and MySQL is used as a structuralized database to be used for storing processed data. According to the structure of the system, high concurrency access reverse proxies can be distributed to different servers to achieve the load balancing purpose, and the Redis cache database can meet the real-time processing and storing requirements of high concurrency data, increase the processing speed and reduce the performance influences brought by high concurrency and has the very good practical value.