Shulou(Shulou.com)06/02 Report--

This article mainly introduces "what are the knowledge points of the HITP agent". In the daily operation, I believe that many people have doubts about the knowledge points of the HITP agent. The editor consulted all kinds of materials and sorted out simple and easy-to-use methods of operation. I hope it will be helpful to answer the questions of "what are the knowledge points of the HITP agent?" Next, please follow the editor to study!

1. HTTP Agent

Baidu encyclopedia is explained in this way: proxy client HTTP access, the main proxy browser to access web pages, its ports are generally 80, 8080, 3128 and so on.

Baidu encyclopedia is really too vague. Let's talk about what is HTTP agent in detail. If we say HTTP agent, then we have to talk about WEB agent first.

Proxy, to put it bluntly, is "intermediary", and Web proxy (proxy) server is the intermediate entity of the network. The agent is located between the client and the server and acts as a "middleman", sending HTTP messages back and forth between endpoints.

The proxy server on Web is the middleman who performs transactions on behalf of the client. If there is no Web agent, the HTTP client will talk directly to the HTTP server. With the Web agent, the client can talk to the agent, and then the agent communicates with the server on behalf of the client. The client still completes the transaction, but it is achieved through the high-quality service provided by the proxy server. The proxy server for HTTP is both a Web server and a Web client. The HTTP client sends a request message to the agent, and the proxy server must handle the request and connection correctly, just like the Web server, and then return the response.

At the same time, the agent itself sends a request to the server, so it must behave like the correct HTTP client to send the request and receive the response. Let's take a look at a picture:

If you want to create your own HTTP proxy, you should carefully follow the rules for HTTP clients and HTTP servers.

1.1 categories of agents

Agents are divided into private agents and shared agents.

Sharing agent

Most agents are public sharing agents. Centralized agents are more cost-efficient and easier to manage. Some proxy applications, such as caching proxy servers, take advantage of common requests between users, so the more users are imported into the same proxy server, the more useful it will be.

Private agent

Dedicated private agents are not common, but they do exist, especially when running directly on client computers. Some browser aids, as well as some ISP services, run small proxies directly on the user's PC to extend browser features, improve performance, or provide host advertising for free ISP services.

1.2 differences between agents and gateways

Agents connect to two or more applications that use the same protocol. Gateways are different, and gateways connect to two or more endpoints that use different protocols. The gateway acts as a "protocol converter". Even if the client and the server use different protocols, the client can complete the transaction with the server.

In fact, from the diagram, the difference between HTTP gateway and HTTP proxy is really blurred. Because browsers and servers implement different versions of HTTP, agents often have to do some protocol conversion work. Commercial proxy servers will also implement gateway functions to support SSL security protocols, SOCKS firewalls, FTP access, and Web-based applications.

1.2 Why use proxies

Proxy server can improve security, improve performance and save money. The proxy server can see and contact all the HTTP traffic that flows through, so the agent can monitor the traffic and modify it to implement many useful value-added Web services.

Let's take a look at how to use several specific agents.

Children's filter:

While primary schools provide unhindered access to educational sites, filter agents can be used to prevent students from accessing adult content.

Document access control

You can use a proxy server to implement a unified access control policy between a large number of Web servers and Web resources and create an audit tracking mechanism. This is useful in large enterprise environments or other distributed organizations. All access control functions can be configured on centralized proxy servers without frequent access control upgrades on many Web servers managed by different organizations, manufactured by different manufacturers and using different modes.

Security firewall

Network security engineers often use proxy servers to improve security. The proxy server restricts which application layer protocol data can flow into or out of an organization on a single secure node in the network. You can also provide the kind of hook program used by Web and E-mail agents to eliminate viruses for detailed inspection of traffic.

Reverse proxy

In fact, this reverse proxy is what we need to use, the agent can pretend to be the Web server. These agents, called substitutes (surrogate) or reverse proxies (reverse proxy), receive real requests to the Web server, but unlike Web servers, they can initiate communication with other servers to locate the requested content as needed. You can use these reverse proxies to improve performance when accessing public content on slow Web servers. In this configuration, these reverse proxies are commonly referred to as server accelerators (server accelerator), and alternatives can be used in conjunction with the content routing function to create a distributed network of content to be replicated on demand.

Now that we all know what the agent can do, do we need to know where he comes from and where he is going? Next, we'll see where the agent left him.

1.3 where is the agent located

1.3.1 deployment of proxy server

Depending on the use, the proxy server can be placed in different locations.

Export agency

Access (entry) agent

Reverse proxy

Network switching agent

1.4 how does the agent authenticate

Agents can be used as access control devices. HTTP defines a mechanism called agent authentication (proxy authentication), which blocks requests for content until the user provides a valid access certificate to the agent.

When a request for restricted content arrives at a proxy server, the proxy server can return a 407 Proxy Authorization Required status code that requires the use of an access certificate, as well as a Proxy-Authenticate header field that describes how to provide these certificates

When the client receives a 407 response, it attempts to collect the required certificates from the local database or by prompting the user.

As soon as the certificate is obtained, the client resends the request, providing the required certificate in the Proxy-Authorization header field.

If the certificate is valid, the agent sends the original request down the transmission link (see figure 6-25c); otherwise, another 407 reply is sent.

In fact, to put it bluntly, the agent can implement the authentication and authorization mechanism, and then control our access to the content accordingly, as shown below:

If there are multiple agents in the transmission link, and each agent has to be authenticated, agent authentication usually does not work well. It is suggested that HTTP should be upgraded to associate certification certificates with specific signposts in the agent chain, but these upgrades have not been widely implemented.

The problems that agents should pay attention to.

The proxy server may not be able to understand all the first fields that pass through it.

Some titles may be newer than the agent itself; his first may be a custom header unique to a particular application. Agents must forward header fields that they do not know, and must maintain the relative order of header fields of the same name.

At this point, the study of "what are the knowledge points of HITP agent" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.