CPC H04L 63/0236 (2013.01) [H04L 63/0263 (2013.01); H04L 63/0281 (2013.01); H04L 63/101 (2013.01); H04L 63/108 (2013.01); H04L 69/165 (2013.01); H04L 69/22 (2013.01)] | 18 Claims |
1. A system comprising one or more processing devices and one or more memory devices coupled to the one or more processing devices, the one or more memory devices storing executable code that, when executed by the one or more processing devices, causes the one or more processing devices to:
authenticate a user of a client computing device with respect to a first connection between the client computing device and an application, the first connection being established according to a first protocol;
receive, acting as a reverse proxy, a response during the first connection, the response being sent by the application to the client computing device;
if the response is an instruction to the client computing device to establish a second connection to the application according to a second protocol:
allocate a dynamic port number;
replace an original port number in the response with the dynamic port number to obtain a modified response;
create an entry in an access control list (ACL), the entry including the dynamic port number and one or more attributes of the client computing device;
forward the modified response to the client computing device;
receive a connection request from the client computing device and addressed to the dynamic port number;
evaluate the connection request with respect to the ACL;
in response to the connection request being addressed to the dynamic port number and corresponding to the entry in the ACL, replace the dynamic port number with the original port number to obtain a modified connection request; and
forward the modified connection request to the application.
|