Isolation proxy server system

摘要

An isolation proxy server system separates a typical proxy server or reverse proxy server into two physical computing platforms. A first physical platform, a front end proxy server, receives requests from clients on an external network, but is unable to relay requests by originating corresponding requests on an internal network. A second physical platform, a back end proxy client, originates distinct work requests to the front end proxy server. The front end proxy server forwards client requests to the back end proxy client in responses to the distinct work requests it receives from the back proxy client. The back end proxy client relays the client requests to a target server. Thus, the front end proxy server may not originate new requests to the server(s) in the protected zone, and the back end proxy client may not receive new requests from clients or from the front end proxy server.

主权项

1. A computer, comprising:
a processor configured to control operations of the computer; a memory; and a front end proxy server program in the memory comprising:
an internal server program object;an external server program object; anda connection swapper program object, wherein:
execution of the front end proxy server internal server program object by the processor of the computer configures the computer to implement functions, including functions to:
(I) establish first threads of execution, wherein:
each first thread of execution is in response to a respective request for work from a back end proxy client internal client program object executing on a computer platform configured as a back end proxy client; andeach first thread of execution sleeps while waiting to receive a request for a service provided by a target server from a user client to the front end proxy server external server program object;(II) receive, by one of the first threads of execution and from the front end proxy server connection swapper program object, the request for the service received from the user client;(III) forward, by the one of the first threads of execution and contained in a response to the respective request for work from the back end proxy client internal client program object, the request for the service received from the user client; and(IV) send, by another one of the first threads of execution and to the front end proxy server connection swapper program object, a response from the target server to the request for the service received from the user client upon receipt of the response from the target server to the request for the service received from the user client contained in another request for work from the back end proxy client internal client program object;execution of the front end proxy server external server program object by the processor of the computer configures the computer to implement functions, including functions to:
(A) establish a second thread of execution in response to receipt of the request for the service from the user client;(B) send, by the second thread of execution, the request for the service received from the user client to the front end proxy server connection swapper program object;(C) receive, by the second thread of execution, the response from the target server to the request for the service received from the user client from the front end proxy server connection swapper program object; and(D) forward, by the second thread of execution and to the user client, the response from the target server to the request for the service received from the user client; andexecution of the front end proxy server connection swapper program object by the processor of the computer configures the computer to implement functions, including functions to:
(i) associate the second thread of execution established by the front end proxy server external server program object with the one of the first threads of execution in receipt of the request for the service received from the user client and the other one of the first threads of execution sending the response from the target server to the request for the service received from the user client;(ii) receive, from the second thread of execution established by the front end proxy server external server program object, the request for the service received from the user client;(iii) send, to the one of the first threads of execution, the request for the service received from the user client;(iv) receive, from the other one of the first threads of execution, the response from the target server to the request for the service received from the user client; and(v) send, to the second thread of execution, the response from the target server to the request for the service received from the user client.