| Security is most important in E-commerce and E-government network.Public Key Infrastructure (PKI) provides services for guaranteeing the authenticity, integrity, confidentiality and non-repudiation of the information in network. However, corresponding PKI middleware provision is necessary for different development environment in the combination of PKI and Web application, which brings additional complexity in system development. Hence, to provide integrated PKI middleware service becomes an urgent issue for diverse applications.A scheme of reverse proxy with SSL hardware acceleration module is proposed in this paper, which solves the issue on PKI service integration in combination of PKI and web application. The SSL Security Tunnel, SSL Acceleration, Authentication, Access Control and Log Audit are provided for applications. A security proxy model based on SSL is designed. The session retransmitation module and resource mapping module are implemented.The advantage and shortage of proxy model and middleware model are analyzed. The proxy model is more portable independent and convenient. The internal architecture of security proxy is designed, and session maintenance technology is studied in depth. An approach by filtering, modifying and cashing cookies is proposed to maintain the session between client and server. A mechanism of web resources mapping based on URL rewriting technology is implemented by all-sided analysis on web resource mapping. An approach to accurately absorb URL in HTML document, CSS and Javascirpt is presented by analyzing the probable field for URL in HTML, CSS and Javascript. The sercurity of proxy is analyzed.the result of security analyzing is considered in design of proxy. The security proxy scheme can provide much better security services for different web applications. |
PDF Full Text Request