Why Agent
Because I recently read a "DDoS attack prevention and depth profiling", recognized the realization reverse proxy is a viable means of preventing DDoS. Therefore, in line with the mood of curiosity, probably go look at the http reverse proxy implementation.
Acting classification
- Forward proxy: hide the true client request to the server, the server-side service is transparent. Good example: VPN. As shown below
- Reverse Proxy: The real server ip address is hidden. As shown below
Here only the direction of Acting
- Reverse proxy schematic
Acting commentary about the direction of principle
- From the diagram, we can see the whole process: the client had sent a request to the server being really, really naughty but we do not want to expose their own server, so he called his brother (proxy) to expose themselves, before receiving client sent the request, and the request is legitimate to see, and then sent to the real server.
Although the principle is so simple. But, but, again, when the connection broker client service and then connect the real server, there are some difficulties
- How client calls API interface, is to receive the proxy server, or a real server. Ha ha ha, if you call the interface of real server then reverse proxy server does not make any sense. So we call a proxy server, but how we have to call a proxy server interface, the interface proxy server, what characteristic? We first look at the proxy server code:
package main import ( "log" "net" "net/http" "net/http/httputil" "net/url" ) type Pxy struct{} func (p *Pxy) ServeHTTP(w http.ResponseWriter, r *http.Request) { trueServer := "http://localhost:2003" url, err := url.Parse(trueServer) if err != nil { log.Println(err) return } proxy := httputil.NewSingleHostReverseProxy(url) log.Println(proxy) proxy.ServeHTTP(w, r) } func main() { http.Handle("/", &Pxy{}) log.Fatal(http.ListenAndServe(":2002", nil)) }Is not looking a bit ignorant circle, Aha, so little can be achieved? But the use of go is so short and pithy. But the question again: How does this client initiated the request to specify a particular interface path ah! do not worry
http.Handle("/",&Pxy{}) //作用:匹配当前目录下的所有路径。就好比如:能够匹配localhost:9090/test的路径.因此会自动识别客户端对代理服务器发起的请求The client code that initiates the request:
angular实现1、为了减少跨域的问题,我再angular项目中配置了代理 a.在项目中创建proxy.config.json文件,并将如下代码写入 { "/api":{ "target":"http://localhost:2002", "secure":false, "pathRewrite":{ "^/api":"" }, "loglevel":"debug" } } b.在package.json文件中的”start“的位置修改代码 "start": "ng serve --proxy-config proxy.config.json", 2、在任意一个组件的ts文件中写入如下代码 goproxy(){ const httpOptions={ headers:new HttpHeaders({'Content-Type': 'application/json'}) }; var api = "/api/PostTest" this.http.post(api, {"Text":"dfadsf","Picture":"dfasdfsda"},httpOptions).subscribe((Response)=>{ console.log("post请求的代理",Response) }) }In the code, we can see that using http: // localhost: 2002 / postTest initiate a request to the proxy server.
- The proxy server receives a request sent by the client, but he himself can not respond to the client data, so he will pass this function request to the real server.
func (p *Pxy) ServeHTTP(w http.ResponseWriter, r *http.Request) { trueServer := "http://202.192.81.4:2003" url, err := url.Parse(trueServer) if err != nil { log.Println(err) return } proxy := httputil.NewSingleHostReverseProxy(url) log.Println(proxy) proxy.ServeHTTP(w, r) }- Real server code
package main import ( "net/http" "log" "io/ioutil" "encoding/json" ) func PostTest(w http.ResponseWriter,r *http.Request){ w.Header().Set("Access-Control-Allow-Origin", "*") //允许访问所有域 w.Header().Add("Access-Control-Allow-Headers", "Content-Type") //header的类型 w.Header().Set("content-type", "application/json") //返回数据格式是json body,err := ioutil.ReadAll(r.Body) if err!=nil{ log.Println(err) return } var data interface{} json.Unmarshal(body,&data) log.Println(data) } func main() { http.HandleFunc("/PostTest", PostTest) log.Fatal(http.ListenAndServe(":2003", nil)) log.Println("这里还能运行?") }From the code, we can see the real PostTest interface is received here. After the data has been processed here, because the real server playfully that he does not send data directly to the client, or sent to a proxy server. Then the proxy server to the client.
This code is only a brief introduction and then the real process of a complete client-server proxy server, and is not related to the proxy server blacklist processing, load balancing implementation, will follow up on.
to sum up
Overall: Client Access Interface is the interface, the real address of the server's proxy server is not going to show up.
Follow-up question to be solved
- The use of reverse proxy load balancing
- Achieve reverse proxy content penetration
- Black and white list processing
Reference material