CN107018178A - The method and system that a kind of network request agency performs - Google Patents
The method and system that a kind of network request agency performs Download PDFInfo
- Publication number
- CN107018178A CN107018178A CN201710095086.4A CN201710095086A CN107018178A CN 107018178 A CN107018178 A CN 107018178A CN 201710095086 A CN201710095086 A CN 201710095086A CN 107018178 A CN107018178 A CN 107018178A
- Authority
- CN
- China
- Prior art keywords
- network request
- service end
- agency service
- agency
- destination server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/60—Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
Abstract
Execution field, the method and system that more particularly to a kind of network request agency performs are acted on behalf of the present invention relates to network request.The present invention is to receive initial network of the client based on https by S1, agency service end to ask;S2, the agency service end judge whether the certificate for the destination server that the initial network request is accessed is effective and obtains correspondence result, if the certificate is effectively,:S3, the agency service end feedback result give the client and send the initial network and ask to the destination server;The network request for accessing the destination server is converted to the transfer network request based on http according to the result and sends the transfer network request to agency service end by S4, the client.So as to avoid the security of sender's duplicate test targeted sites of network request, the judgement of mistake is caused so as to interrupt access of the network request for targeted sites, while also avoiding influenceing the efficiency of network execution.
Description
Technical field
Execution field is acted on behalf of the present invention relates to network request, method and be that more particularly to a kind of network request agency performs
System.
Background technology
When accessing https website, in order to confirm whether accessed website is in a safe condition, it will verify and be visited
The domain name and certificate of website are asked, but if make use of intermediate proxy server during access, will be because of packet
By intermediate proxy server transfer, and certificate may be pointed out to be invalid.Prior art needs each client to lead certificate
Enter to trusting in root certificate, can just prevent that prompting certificate is invalid;If do not imported into trust root certificate, even if middle-agent
Server is the server that can be trusted, and client also can point out certificate invalid always, so as to lead to not the station needed for accessing
Point.
The content of the invention
The technical problems to be solved by the invention are:Avoid being identified as effective certificate into non-effective certificate;So as to make
The fault interrupt performed into network request, the efficiency that influence network request is performed.
In order to solve the above-mentioned technical problem, the technical solution adopted by the present invention is:
The present invention provides a kind of method that network request agency performs, including step:
Agency service end receives initial network request of the client based on https;
The agency service end judges whether the certificate for the destination server that the initial network request is accessed is effective and obtains
To correspondence result, if the certificate is effectively,:
The agency service end feedback result, which gives the client and sends the initial network, asks to the mesh
Mark server;
The client is converted to the network request for accessing the destination server based on http's according to the result
Transfer network request simultaneously sends the transfer network request to agency service end.
The present invention separately provides the system that a kind of network request agency performs, including:
First receiving module, initial network request of the client based on https is received for agency service end;
Judge module, the certificate for the destination server that the initial network request is accessed is judged for the agency service end
Whether effectively and obtain correspondence result, if the certificate effectively,:
Feedback module, feeds back the result to the client for the agency service end and sends the initial network
Ask to the destination server;
First modular converter, the network request of the destination server will be accessed for the client according to the result
Be converted to the transfer network request based on http and send the transfer network request to agency service end.
The beneficial effects of the present invention are:The checking of targeted sites certificate is carried out by agency service end, and according to checking
Result, network request is mutually changed between https and http, can without network request transmission hair again import card
Book, it is possible to access the targeted sites based on https, it is to avoid the safety of sender's duplicate test targeted sites of network request
Property, cause the judgement of mistake to interrupt access of the network request for targeted sites, while also avoiding influence network from performing
Efficiency.
Brief description of the drawings
The FB(flow block) for the method embodiment that Fig. 1 performs for a kind of network request agency of the invention;
The system block diagram for the system embodiment that Fig. 2 performs for a kind of network request agency of the invention;
Label declaration:
1st, the first receiving module;2nd, judge module;3rd, feedback module;4th, the first modular converter.
Embodiment
To describe technology contents, the objects and the effects of the present invention in detail, below in conjunction with embodiment and coordinate attached
Figure is explained.
The design of most critical of the present invention is:Target clothes are carried out come the sender that agency network is asked by agency service end
The certification authentication of business device and the mutual conversion for carrying out network request and the network request based on http based on https, it is to avoid
Carry out the certification authentication of destination server to cause effective certificate being identified as non-validity by the sender of network request
Certificate situation.Improve the efficiency that the accuracy and network request of network request execution are performed.
Fig. 1 and Fig. 2 is refer to,
As shown in figure 1, the present invention provides a kind of method that network request agency performs:
Agency service end receives initial network request of the client based on https;
The agency service end judges whether the certificate for the destination server that the initial network request is accessed is effective and obtains
To correspondence result, if the certificate is effectively,:
The agency service end feedback result, which gives the client and sends the initial network, asks to the mesh
Mark server;
The client is converted to the network request for accessing the destination server based on http's according to the result
Transfer network request simultaneously sends the transfer network request to agency service end.
Seen from the above description, the beneficial effects of the present invention are:Realize and the initial network is carried out by agency service end
Ask the certification authentication of destination server accessed, it is to avoid the sender asked by initial network is verified, causes mistake
Judge to have interrupted access of the network request for targeted sites, while also avoiding the efficiency for influenceing network to perform.Afterwards will
The initial network request is converted to the transfer network request based on http, it is possible to avoids client from being verified again, causes
The judgement of mistake, influences efficiency.
Further, in addition to:
The agency service end receives the transfer network request;
The transfer network request is converted into the access network request based on https by the agency service end;
The agency service end sends the access network request to the destination server.
Seen from the above description, the received transfer network request is converted to by agency service end and be based on
Https access network request, then the access network request is sent to the destination server, so can be in client
In the case of not sending the network request based on https, it is also possible to obtain the response of the destination server based on https.
Further, in addition to:
The agency service end receives the initial network response message based on https that the destination server is sent;
The initial network response message is converted to the corresponding transfer network based on http and rung by the agency service end
Answer information;
Transmit the transfer network response message and give transmission the client in the agency service end.
Seen from the above description, the network response message based on https that destination server is responded is converted into being based on
Http network response message hair sends the transmission client to, and so this is to exempt telling that client carries out certification authentication
Operation, can also read the network request information of the transmission of the destination server.
Further, in addition to:
The destination server, real-time reception network request.
Seen from the above description, described destination server timely responds to request, can improve the efficiency of network request execution,
Improve the comfortableness of user's online.
Further, in addition to:
The invalid result of the certificate is obtained by sending the first network requesting party parsing certificate.
Seen from the above description, the sender of network request may duplicate test targeted sites security, cause mistake
Judgement by mistake is so as to interrupt access of the network request for targeted sites, and this can have a strong impact on the implementation effect of network request,
It may finally cause user can not access target server.
Further, in addition to:
The agency service end parses the IP address that the initial network request obtains the destination server.
Seen from the above description, the IP for carrying out network request by agency service end parses work, circumvents client and is tested
Demonstrate,prove the operation of certificate.
As shown in Fig. 2 the present invention provides the system that a kind of network request agency performs, including:
First receiving module 1, initial network request of the client based on https is received for agency service end;
Judge module 2, the card for the destination server that the initial network request is accessed is judged for the agency service end
Whether book is effective and obtains correspondence result, if the certificate is effectively,:
Feedback module 3, feeds back the result to the client for the agency service end and sends the original net
Network is asked to the destination server;
First modular converter 4, please by the network for accessing the destination server according to the result for the client
Ask and be converted to the transfer network request based on http and send the transfer network request to agency service end.
Further, in addition to:
Second receiving module, the transfer network request is received for the agency service end;
Second modular converter, the visit based on https is converted into for the agency service end by the transfer network request
Ask network request;
First sending module, the access network request is sent to the destination server for the agency service end.
Further, in addition to:
Second sending module, the first based on https of the destination server transmission is received for the agency service end
Beginning network response message;
3rd modular converter, corresponding be based on is converted to for the agency service end by the initial network response message
Http transfer network response message;
Delivery module, transmits the transfer network response message for the agency service end and gives transmission the client.
Further, in addition to:
Parsing module, the IP that the initial network request obtains the destination server is parsed for the agency service end
Address.
Embodiments of the invention one are:
Agency service end receives initial network request of the client based on https;
The agency service end judges whether the certificate for the destination server that the initial network request is accessed is effective and obtains
To correspondence result, if the certificate is effectively,:
The agency service end feedback result, which gives the client and sends the initial network, asks to the mesh
Mark server;
The client is converted to the network request for accessing the destination server based on http's according to the result
Transfer network request simultaneously sends the transfer network request to agency service end;
The agency service end receives the transfer network request;
The transfer network request is converted into the access network request based on https by the agency service end;
The agency service end sends the access network request to the destination server.
The agency service end receives the initial network response message based on https that the destination server is sent;
The initial network response message is converted to the corresponding transfer network based on http and rung by the agency service end
Answer information;
Transmit the transfer network response message and give transmission the client in the agency service end.
Embodiments of the invention two are:
The request of the initial network based on https that the browser that S1, agency service end obtain client is sent,
S2, agency service end will verify that the initial network asks the certificate of the destination server of access whether effective;If
Effectively:It is effective result to feed back the certificate of destination server that initial network request accesses, and send the initial network please
Ask to the destination server, if invalid, the certificate for feeding back the destination server to the browser of client is invalid, and stops
Only access described destination server.
S3, the browser of client receive the result of the feedback, judge that the initial network is asked according to the result
Whether the certificate of the destination server of access is effective, if invalid:The browser of client then stops the destination service described in access
Device;If effectively:The browser of client is converted to all network requests based on https for accessing the destination servers pair
Should the transfer network request based on http, and it is described based on http transfer network request packet afterbody addition https mark,
And the transfer network request is sent jointly into agency service end together with other network requests.
Whether S4, agency service end receive network request, judge the afterbody of the network request packet received comprising https marks
Note, if comprising, the network request comprising https marks is converted into the corresponding access network request based on https, and
The access network request is sent to corresponding destination server;If not comprising https mark, judge network request whether be
Network request based on https, if so, S1 steps are repeated, if it is not, directly transmitting the network request to corresponding destination service
Device.
S5, the network request response message based on https of agency service end the reception server response, are based on described
Https network request response message is converted to the network request response message based on http, and sends described based on http's
Browser of the network request response message to client.
In summary, the method and system that a kind of network request agency that the present invention is provided performs.Pass through agency service end
The sender for carrying out agency network request carries out the certification authentication of destination server, and allows client please by the network based on https
Ask and be converted to the network request based on http, agency service end is converted to the network request based on http based on https afterwards
Network request be sent to the destination server;Act on behalf of the net based on https that service end feeds back destination server simultaneously
Network request response message is converted to the network request response message based on http, and the network request based on https is rung
Information is answered to be sent to the client.So as to avoid by network request sender carry out destination server certification authentication from
And cause to be identified as effective certificate into the situation of the certificate of non-validity.Improve the accuracy and network of network request execution
Ask the efficiency performed.
Embodiments of the invention are the foregoing is only, are not intended to limit the scope of the invention, it is every to utilize this hair
The equivalents that bright specification and accompanying drawing content are made, or the technical field of correlation is directly or indirectly used in, similarly include
In the scope of patent protection of the present invention.
Claims (10)
1. a kind of method that network request agency performs, it is characterised in that including:
S1, agency service end receive initial network request of the client based on https;
S2, the agency service end judge whether the certificate for the destination server that the initial network request is accessed is effective and obtains
Correspondence result, if the certificate is effectively,:
S3, the agency service end feedback result give the client and send the initial network and ask to the target
Server;
S4, the client are converted to the network request for accessing the destination server based in http according to the result
Turn network request and send the transfer network request to agency service end.
2. a kind of method that network request agency performs according to claim 1, it is characterised in that after the S4, also wrap
Include:
The agency service end receives the transfer network request;
The transfer network request is converted into the access network request based on https by the agency service end;
The agency service end sends the access network request to the destination server.
3. a kind of method that network request agency performs according to claim 1, it is characterised in that also wrapped after the S3
Include:
The agency service end receives the initial network response message based on https that the destination server is sent;
The initial network response message is converted to the corresponding transfer network based on http and responded by the agency service end to be believed
Breath;
Transmit the transfer network response message and give transmission the client in the agency service end.
4. a kind of method that network request agency performs according to claim 1, it is characterised in that also include:
The destination server, real-time reception network request.
5. a kind of method that network request agency performs according to claim 1, it is characterised in that also include:
The client parses the certificate and obtains the invalid result of the certificate.
6. a kind of method that network request agency performs according to claim 1, it is characterised in that also include:
The agency service end parses the IP address that the initial network request obtains the destination server.
7. the system that a kind of network request agency performs, it is characterised in that including:
First receiving module, initial network request of the client based on https is received for agency service end;
Judge module, for the agency service end judge the destination server that initial network request is accessed certificate whether
Effectively and obtain correspondence result, if the certificate effectively,:
Feedback module, feeds back the result to the client for the agency service end and sends the initial network request
To the destination server;
First modular converter, changes the network request for accessing the destination server according to the result for the client
For the transfer network request based on http and the transfer network request is sent to agency service end.
8. the system that a kind of network request agency performs according to claim 7, it is characterised in that also include:
Second receiving module, the transfer network request is received for the agency service end;
The transfer network request, the access net based on https is converted into for the agency service end by the second modular converter
Network is asked;
First sending module, the access network request is sent to the destination server for the agency service end.
9. the system that a kind of network request agency performs according to claim 7, it is characterised in that also include:
Second sending module, the original net based on https that the destination server is sent is received for the agency service end
Network response message;
3rd modular converter, is converted to the initial network response message for the agency service end corresponding based on http
Transfer network response message;
Delivery module, transmits the transfer network response message for the agency service end and gives transmission the client.
10. the system that a kind of network request agency performs according to claim 7, it is characterised in that also include:
Parsing module, the IP of the initial network request acquisition destination server is parsed for the agency service end
Location.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710095086.4A CN107018178B (en) | 2017-02-22 | 2017-02-22 | method and system for executing network request agent |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710095086.4A CN107018178B (en) | 2017-02-22 | 2017-02-22 | method and system for executing network request agent |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107018178A true CN107018178A (en) | 2017-08-04 |
CN107018178B CN107018178B (en) | 2019-12-06 |
Family
ID=59439816
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710095086.4A Active CN107018178B (en) | 2017-02-22 | 2017-02-22 | method and system for executing network request agent |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107018178B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110555180A (en) * | 2019-09-11 | 2019-12-10 | 中南大学 | Web page object request method and HTTPS request response method |
CN111181963A (en) * | 2019-12-30 | 2020-05-19 | 华数传媒网络有限公司 | Authentication method based on port forwarding hypertext transfer protocol |
CN115277236A (en) * | 2022-08-01 | 2022-11-01 | 福建天晴在线互动科技有限公司 | Method and system for carrying out request analysis on domain name |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101141447A (en) * | 2006-09-08 | 2008-03-12 | 飞塔信息科技(北京)有限公司 | HTTPS communication tunnel security check and content filtering system and method |
US20100071052A1 (en) * | 2008-09-13 | 2010-03-18 | Microsoft Corporation | Reverse proxy architecture |
CN102118386A (en) * | 2009-12-25 | 2011-07-06 | 佳能It解决方案股份有限公司 | Relay device and relay processing method |
CN103188074A (en) * | 2011-12-28 | 2013-07-03 | 上海格尔软件股份有限公司 | Proxy method for improving SSL algorithm intensity of browser |
CN104270379A (en) * | 2014-10-14 | 2015-01-07 | 北京蓝汛通信技术有限责任公司 | HTTPS proxy forwarding method and device based on transmission control protocol |
-
2017
- 2017-02-22 CN CN201710095086.4A patent/CN107018178B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101141447A (en) * | 2006-09-08 | 2008-03-12 | 飞塔信息科技(北京)有限公司 | HTTPS communication tunnel security check and content filtering system and method |
US20100071052A1 (en) * | 2008-09-13 | 2010-03-18 | Microsoft Corporation | Reverse proxy architecture |
CN102118386A (en) * | 2009-12-25 | 2011-07-06 | 佳能It解决方案股份有限公司 | Relay device and relay processing method |
CN103188074A (en) * | 2011-12-28 | 2013-07-03 | 上海格尔软件股份有限公司 | Proxy method for improving SSL algorithm intensity of browser |
CN104270379A (en) * | 2014-10-14 | 2015-01-07 | 北京蓝汛通信技术有限责任公司 | HTTPS proxy forwarding method and device based on transmission control protocol |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110555180A (en) * | 2019-09-11 | 2019-12-10 | 中南大学 | Web page object request method and HTTPS request response method |
CN111181963A (en) * | 2019-12-30 | 2020-05-19 | 华数传媒网络有限公司 | Authentication method based on port forwarding hypertext transfer protocol |
CN115277236A (en) * | 2022-08-01 | 2022-11-01 | 福建天晴在线互动科技有限公司 | Method and system for carrying out request analysis on domain name |
CN115277236B (en) * | 2022-08-01 | 2023-08-18 | 福建天晴在线互动科技有限公司 | Method and system for carrying out request analysis on domain name |
Also Published As
Publication number | Publication date |
---|---|
CN107018178B (en) | 2019-12-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104348777B (en) | The access control method and system of a kind of mobile terminal to third-party server | |
CN104270379B (en) | HTTPS agency retransmission methods and device based on transmission control protocol | |
CN104954330B (en) | A kind of methods, devices and systems to be conducted interviews to data resource | |
CN103825881B (en) | The reorientation method and device of WLAN user are realized based on wireless access controller AC | |
CN102065141B (en) | Method and system for realizing single sign-on of cross-application and browser | |
CN104022875B (en) | A kind of two-way authorization system, client and method | |
CN109067914A (en) | Proxy Method, device, equipment and the storage medium of Web service | |
CN101217512B (en) | A client-end state maintenance method, system, client-end and application server | |
US20050063377A1 (en) | System and method for monitoring network traffic | |
CN105991589A (en) | Method, apparatus, and system for redirection | |
CN102480490A (en) | Method for preventing CSRF attack and equipment thereof | |
JPWO2017130292A1 (en) | Server and program | |
CN105812323A (en) | Method and device for accessing data by crossing network domains | |
CN103747076B (en) | Cloud platform access method and device | |
CN107483609A (en) | A kind of Network Access Method, relevant device and system | |
CN107018178A (en) | The method and system that a kind of network request agency performs | |
CN107124430A (en) | Pagejack monitoring method, device, system and storage medium | |
CN102710621B (en) | A kind of user authentication method and system | |
CN101204038A (en) | Method for translating an authentication protocol | |
CN103634111B (en) | Single-point logging method and system and single sign-on client-side | |
CN107508822A (en) | Access control method and device | |
CN106559405A (en) | A kind of portal authentication method and equipment | |
CN109040069A (en) | A kind of dissemination method, delivery system and the access method of cloud application program | |
CN106254906B (en) | A kind of net cast HLS anti-stealing link method and system | |
CN108259457A (en) | A kind of WEB authentication methods and device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |