ch08: Integration Points

Gateways, Tunnels, and Relays

8.网关、隧道和中继

1. Gateways

Three Types of Gateway:

Gateways are described by their client- and server-side protocols, separated by a slash:

<client-protocol>/<server-protocol>

• Server-side gateways speak HTTP with clients and a foreign protocol with servers (HTTP/*).

• Client-side gateways speak foreign protocols with clients and HTTP with servers (*/HTTP).

2. Protocol Gateways

2.1 HTTP/*: Server-Side Web Gateways

Convert client-side HTTP requests into a foreign protocol, as the requests travel inbound to the origin server.

2.2 HTTP/HTTPS: Server-Side Security Gateways

2.3 HTTPS/HTTP: Client-Side Security Accelerator Gateways

HTTPS/HTTP gateways sit in front of the web server, usually as an invisible intercepting gateway or a reverse proxy.

They receive secure HTTPS traffic, decrypt the secure traffic, and make normal HTTP requests to the web server.

These gateways often include special decryption hardware to decrypt secure traffic much more efficiently than the origin server.

3. Resource Gateways

An application server:

3.1 Common Gateway Interface (CGI)

4. Tunnels

Web tunnels, enable access to applications that speak non-HTTP protocols through HTTP applications.

4.1 Establishing HTTP Tunnels with CONNECT

Web tunnels are established using HTTP's CONNECT method.

CONNECT requests:

CONNECT home.netscape.com:443 HTTP/1.0
User-agent: Mozilla/4.0

CONNECT responses:

HTTP/1.0 200 Connection Established
Proxy-agent: Netscape-Proxy/1.1

4.2 SSL Tunneling

Web tunnels were first developed to carry encrypted SSL traffic through firewalls.

To allow SSL traffic to flow through existing proxy firewalls, a tunneling feature was added to HTTP, in which raw, encrypted data is placed inside HTTP messages and sent through normal HTTP channels.

4.3 Tunnel Authentication

5. Relays

HTTP relays are simple HTTP proxies that do not fully adhere to the HTTP specifications.

Relays process enough HTTP to establish connections, then blindly forward bytes.