CN110191203A - Realize the method and electronic equipment of server dynamic access - Google Patents
Realize the method and electronic equipment of server dynamic access Download PDFInfo
- Publication number
- CN110191203A CN110191203A CN201910402899.2A CN201910402899A CN110191203A CN 110191203 A CN110191203 A CN 110191203A CN 201910402899 A CN201910402899 A CN 201910402899A CN 110191203 A CN110191203 A CN 110191203A
- Authority
- CN
- China
- Prior art keywords
- server
- service request
- data
- request terminal
- service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
Abstract
This application involves a kind of method and devices for realizing server dynamic access.The described method includes: service request terminal initiates domain name analysis request to operator domain name resolution server, the first server access address that the operator domain name resolution server returns is obtained;According to the first server access address, the service request terminal initiates server access request, to obtain data service;Receive the first response message for responding the server access request and returning;If first response message indicates that network abduction occurs during the server access that the service request terminal carries out, it tries pass through other domain name resolution servers and obtain second server access address;The acquisition of the data service is executed according to the second server access address.Method provided by the present application realizes reasonable access of the service request terminal to server.
Description
Technical field
This application involves Internet technical fields more particularly to a kind of method for realizing server dynamic access and electronics to set
It is standby.
Background technique
In traditional technology is realized, client first passes through operation when accessing data server to obtain data service
Quotient's domain name resolution server obtains the corresponding server access address of domain name in URL (uniform resource locator) to be visited, then
It is accessed according to the server access address that operator domain name resolution server returns to data server.But due to operator
Domain Hijacking or other problems are easy to happen in the domain name mapping that domain name resolution server carries out, cause client correct
Obtain data service.
In order to solve this technical problem, more and more clients obtain server dependent on httpDNS server and visit
Ask address.It can be effectively prevent Domain Hijacking using httpDNS server, but substantially increase cost of serving, and is excessive
But also the consumption of httpDNS server own resource is larger, the performance for easily causing httpDNS server is asked for the access of client
Topic.
Therefore, how to realize reasonable access of the client to data server, be urgent problem to be solved in existing realization.
Summary of the invention
Based on above-mentioned technical problem, the application provides a kind of method and device for realizing server dynamic access, electronics is set
Standby, computer readable storage medium.
Wherein, technical solution used by the application are as follows:
A method of realizing server dynamic access, comprising: service request terminal is sent out to operator domain name resolution server
Domain name mapping request is played, the first server access address that the operator domain name resolution server returns is obtained;According to described
First server access address, the service request terminal initiates server access request, to obtain data service;Receive response institute
The first response message stating server access request and returning;If the response message indicates what the service request terminal carried out
Network occurs during server access to kidnap, it tries obtain second server access by other domain name resolution servers
Location;The acquisition of the data service is re-executed according to the second server access address.
A kind of electronic equipment, comprising: domain name mapping module, for controlling service request terminal to operator domain name analysis service
Device initiates domain name analysis request, and obtains the server access address that the operator domain name resolution server returns;Data are asked
Modulus block, for controlling the service request terminal and initiating server access request, to obtain according to the server access address
Data service;First message receiving module, for receiving the first response message for responding the server access request and returning;
Processing module is kidnapped, net occurs during for indicating the server access of the service request terminal progress in the response message
In the case that network is kidnapped, attempt to obtain second server access address by other domain name resolution servers;Data acquisition module,
For re-executing the acquisition of the data service according to the second server access address.
A kind of electronic equipment, including processor and non-volatile readable storage medium, which is characterized in that the processor is read
The computer program stored on the non-volatile memory medium is taken, to execute method as described above.
In embodiments herein, the preferential access operator domain name resolution server of service request terminal obtains first service
Device access address, and accessed data server to obtain data service according to first server access address.Institute into
In the case where network abduction occurs during capable server access, service request terminal reuses other domain name resolution servers and obtains
Take second server access address, with according to second server access address reacquire data service, reduce service at
This while, not only ensure that the correctness of service request terminal fetched data service, also reduce other domain name resolution services
The resource consumption of device itself, to realize reasonable access of the service request terminal to server.
It should be understood that above general description and following detailed description be only it is exemplary and explanatory, not
The application can be limited.
Detailed description of the invention
The drawings herein are incorporated into the specification and forms part of this specification, and shows the implementation for meeting the application
Example, and together with specification it is used to explain the principle of the application.
Fig. 1 is a kind of schematic diagram of implementation environment according to involved in the application;
Fig. 2 is a kind of flow chart of method for realizing server dynamic access shown according to an exemplary embodiment;
Fig. 3 is a kind of flow chart of the method for realizing server dynamic access shown according to another exemplary embodiment;
Fig. 4 is a kind of flow chart of the method for realizing server dynamic access shown according to another exemplary embodiment;
Fig. 5 is a kind of flow chart of the method for realizing server dynamic access shown according to another exemplary embodiment;
Fig. 6 is a kind of flow chart of the method for realizing server dynamic access shown according to another exemplary embodiment;
Fig. 7 is the block diagram of a kind of electronic equipment shown according to an exemplary embodiment.
Fig. 8 is the hardware structure diagram of a kind of electronic equipment shown according to an exemplary embodiment.
Through the above attached drawings, it has been shown that the specific embodiment of the application will be hereinafter described in more detail, these attached drawings
It is not intended to limit the range of the application design in any manner with verbal description, but is by referring to specific embodiments
Those skilled in the art illustrate the concept of the application.
Specific embodiment
Here will the description is performed on the exemplary embodiment in detail, the example is illustrated in the accompanying drawings.Following description is related to
When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment
Described in embodiment do not represent all embodiments consistent with the application.On the contrary, they be only with it is such as appended
The example of the consistent device and method of some aspects be described in detail in claims, the application.
Fig. 1 is a kind of schematic diagram of implementation environment according to the present invention, which is a data service system.?
In one exemplary embodiment, as shown in Figure 1, the implementation environment includes: service request terminal 100,200 sum number of domain name resolution server
According to server 300.
Wherein, service request terminal 100 is the terminal for the operation of service request client, can be smart phone, puts down
Plate computer, laptop, computer or other electronic equipments, this place are not limited.Service request client can be
Application client (APP), can also be webpage client, also without restriction herein.In addition, service request terminal 100
Quantity can be any (1 is only shown in Fig. 1).
Domain name resolution server 200 is used to provide domain name resolution service to service request terminal 100, also, domain name mapping takes
The quantity of business device 200 is also possible to arbitrarily.As shown in Figure 1, domain name resolution server 200 includes operator domain name analysis service
Device and httpDNS server, service request terminal 100 can obtain number by accessing one of domain name resolution server 200
According to the server access address of server 300, so that service request terminal 100 is according to the server access address to data server
300 request data services.
Data server 300 is then for providing data service to service request terminal 100, for example, data server 300 can be with
The data uploaded to service request terminal 100 store, and can also be asked according to the data acquisition that service request terminal 100 is initiated
It asks, sends related data to service request terminal 100.
As shown in Figure 1, data server 300 includes http data server and https data server, service request terminal
100 obtain data service by accessing one of data server 300.Wherein, http data server and service request
Data biography is carried out by http (HyperText Transfer Protocol, hypertext transfer protocol) agreement between end 100
It is defeated, pass through https (Hypertext Transfer Protocol between https data server and service request terminal 100
Secure, Hyper text transfer security protocol) agreement carries out data transmission.
In the implementation environment, service request terminal 100 obtains domain name resolution service by operator domain name resolution server
Cost is relatively low, but is easy to happen Domain Hijacking, the problems such as user's connection failure rate is higher.Service request terminal 100 passes through
HttpDNS server obtains the mode of domain name resolution service, although can carry out domain name mapping around operator prevents Domain Hijacking,
But substantially increase cost of serving.Access of the greater number of service request terminal 100 to httpDNS server, so that
The consumption of httpDNS server own resource is excessive, is easy to cause httpDNS server performance problem.
In addition, since http data server not can be carried out the encrypted transmission of data, so that http data server and clothes
The data transmission carried out between business request end 100 is easy to happen data theft or distorts, and causes to be easy to happen hijacking data.
Although https data server can provide safer data service to service request terminal 100, but still presence service cost increases
It is subject to and https data server own resource consumes excessive problem.
To solve the above-mentioned problems, one aspect of the present invention provides a kind of method for realizing server dynamic access.
Service request terminal 100 of this method suitable for implementation environment shown in Fig. 1.By executing this method, service request terminal 100 can
Domain name resolution server 200 and data server 300 are rationally accessed.
As shown in Fig. 2, the method for realizing server dynamic access includes at least following step in an exemplary embodiment
It is rapid:
Step 110, service request terminal initiates domain name analysis request to operator domain name resolution server, obtains provider domain
The first server access address that name resolution server returns.
Firstly the need of explanation, data server involved by the present embodiment is understood as service request terminal and obtains number
According to the destination server of service, it is not offered as having carried out any restrictions to type of the present embodiment to destination server.
Acquisition of the service request terminal to data server data presented service, need according to data server it is corresponding to
URL is accessed to realize.URL to be visited can be inputted according to user and be acquired, can also be according to service request terminal local cache
History access record obtains, and is also not limited herein.It include the domain name of data server in URL to be visited.
Service request terminal directly can not access data server according to URL to be visited, need to pass through domain name resolution server
The included domain name of URL to be visited is parsed, and real according to the server access address that domain name resolution server parses
Now to the access of data server.
Operator domain name resolution server is the domain name resolution service equipment that operator provides a user, and can be mentioned for user
For the domain name resolution service of low cost, but it is easy to happen Domain Hijacking or other problems.But in view of user cost and other
The larger problem of domain name resolution server resource consumption, service request terminal preferentially obtain domain name mapping to operator's resolution server
Service.
In service request terminal into the request of domain name mapping transmitted by operator's resolution server, comprising in URL to be visited
Domain name.In one embodiment, it after operator domain name resolution server receives domain name mapping request, is requested according to domain name mapping
The corresponding domain name mapping of contained domain name lookup is as a result, and return to the parsing result found (i.e. first server access address)
To service request terminal.
In another embodiment, service request terminal local cache has history solution new record, and service request terminal is in Xiang Yunying
Before quotient's domain name resolution server initiates domain name analysis request, first check opposite with the presence or absence of domain name in URL to be visited in caching
The service access address answered.If no, service request terminal sends domain name analysis request to operator domain name resolution server, with
Obtain the first server access address that operator domain name resolution server returns.
If service request terminal is not sent out during access operator domain name resolution server obtains server access address
Raw Domain Hijacking, the first server access address that operator domain name resolution server returns are the true access of data server
Address.Otherwise, the first server access address that operator domain name resolution server returns not is the true visit of data server
Ask address, data server can not be accessed according to first server access address in service request terminal.
Step 130, according to first server access address, service request terminal initiates server access request, to obtain number
According to service.
Wherein, after service request terminal receives the first server access address that domain name resolution server returns, to first
Server-side corresponding to server access address initiates server access request, to obtain specified data service to the server-side.
For example, service request terminal can request to upload data to corresponding with service end, it can also be to corresponding with service end request data.
It should be appreciated that if Domain Hijacking does not occur in access operator domain name resolution server for service request terminal, the
One server access address is the true access address of data server, and the server-side that service request terminal is accessed is data service
Device;Conversely, the accessed server-side of service request terminal is other server-sides, service request terminal cannot obtain clothes from other server-sides
The corresponding data service of device access request of being engaged in.
In one embodiment, if first server access address is directed toward http data server and https number jointly
According to server, it is contemplated that the consumption of the cost of serving and own resource of http data server is lower, service request terminal preferentially to
Http data server sends server access request.
Step 150, the first response message for receiving response server access request and returning.
Wherein the first response message refers to, server-side corresponding to first server access address receives server access request
Afterwards, by responding to server access request, response results are back to service request terminal in the form of response message.
Illustratively, the first response message includes statusline, web response header Web and response text.Statusline include status code and
Status code description, such as " 200OK " indicate to be properly received the server access request that service request terminal is sent;
" 403Forbidden " expression receives server access request, but refuses offer service;" 404Not Found " indicates request
Service is not present or URL mistake.Web response header Web is used to store the additional sound for not allowing to store in specify information, such as statusline
Answer information, the information about server-side itself, the resource progress to requesting uniform resource identifier (Request-URI) to be identified
The information etc. of access in next step.Response text is then the solid data that server-side is transmitted.
Step 170, if network occurs during the server access that the first response message instruction service request terminal carries out
It kidnaps, it tries obtain second server access address by other domain name resolution servers.
Wherein, the carried out server access of service request terminal includes service request terminal access operator domain name resolution service
Device obtains the process of first server access address, and including service request terminal according to the access pair of first server access address
Answer the process of server-side (including data server).
Corresponding, it includes the domain name mapping of service request terminal access operator that the indicated network occurred of response message, which is kidnapped,
The Domain Hijacking occurred in server also includes the hijacking data occurred in service request terminal access data server.
Other domain name resolution servers are that data service system is disposed, in addition to operator domain name resolution server
Domain name resolution server.Other domain name resolution servers can get around operator and provide domain name resolution service to service request terminal,
It can be avoided and Domain Hijacking problem occur.Other domain name resolution servers can be httpDNS server as shown in Figure 1,
Either authoritative domain name resolution server, URP server etc..And in the present embodiment, data service system disposes it
The quantity of his domain name resolution server is at least one.
If the first response message indicates that network abduction, service occurs during the server access that service request terminal carries out
Then other domain name resolution servers send domain name analysis request thereto for request end, to obtain other domain name resolution servers
The second server access address returned.Second server access address is the true access address of data server.If
Network abduction does not occur for the instruction of the first response message, and service request terminal then continues to operate in next step.
It should be noted that network abduction, Ke Yigen whether occur during the server access that service request terminal carries out
Specifically judge according to the first response message, deterministic process refers to the detailed description in following embodiments, this place does not repeat.
Step 190, the acquisition of data service is re-executed according to second server access.
Wherein, after service request terminal gets the second server access address that other domain name resolution servers are returned,
Server access request is re-initiated according to second server access address, to reacquire data service.
As previously described, due to the true access address that second server access address is data server, service request
The server access request initiated again is held, is initiated to data server.Server is visited by data server
The response for asking request makes service request terminal reacquire data service provided by data server.
In the present embodiment, data server is obtained since service request terminal preferentially passes through operator domain name resolution server
Server access address, and obtain data service in the server access address that returns according to operator domain name resolution server
In the case that middle generation network is kidnapped, with reacquiring the server access of data server using other domain name resolution servers
Location not only ensure that the correctness of service request terminal fetched data service, also reduce while reducing cost of serving
The resource consumption of other domain name resolution servers itself.
In addition, the returned server access address of domain name resolution server be directed toward jointly http data server and
When https data server, service request terminal preferentially to access http data server, further reduced cost of serving, from
And realize reasonable access of the service request terminal to domain name resolution server and data server.
In an exemplary embodiment, service request terminal judges service request according to the first response message received
The process for holding the server access carried out network abduction whether occurs in the process is as shown in Figure 3, comprising the following steps:
Step 210, service request terminal obtains the statusline in the first response message.
Step 230, judge whether statusline instruction server access request is successfully received.
As previously mentioned, statusline includes status code and the description of corresponding status code, the first digit definition in status code
Response classification, such as " 2xx " expression requests successfully, and " 4xx " expression request error, this place is not listed one by one.
Service request terminal can be obtained accordingly and be initiated by the status code in statusline corresponding to the first response message of identification
The state of server access request.And whether it is " 2 " by the first digit of further identification state code, can determine whether to service
Whether device access request is successfully received.Wherein, if the first digit of service request terminal identification state code is not " 2 ", clothes
Business request end judges that initiated server access request is not successfully received, jumps and executes step 250;If identification state code
First digit is " 2 ", then judges that initiated server access request is successfully received, jump and execute step 270.
In one embodiment, it since the status code that server access request is successfully received is usually set to " 200 ", takes
Whether request end of being engaged in by the status code in identification state row is " 200 ", can directly judge server access request whether by
It is properly received.
Step 250, in access operator domain name resolution server Domain Hijacking occurs for service request terminal.
Wherein, service request terminal Domain Hijacking occurs in access operator domain name resolution server refers to, provider domain
According to the initiated domain name analysis request of service request terminal, the first server returned to service request terminal accesses name resolution server
Address is not the true access address of data server, but the corresponding access address of other server-sides, such as fishing website.
Since server access request includes specify information of the access number according to server, server access request can only be counted
It is properly received according to server, therefore, in the first server that service request terminal is returned according to operator domain name resolution server
After access address initiates server access request, the true access only in first server access address corresponding data server
In the case where address, server access request can be properly received by data server.
Therefore, service request terminal is not successfully received by the initiated server access request of judgement, then service request terminal
Domain Hijacking has occurred in access operator domain name resolution server.
Step 270, service request terminal is normal to the access of operator domain name resolution server.
As previously mentioned, only the true access address of first server access address corresponding data server the case where
Under, server access request can be properly received by data server.If service request terminal judges that initiated server is visited
Ask that request is successfully received, then it represents that the first server access address that operator domain name resolution server is returned is data clothes
The true access address of business device, service request terminal are normal to the access of operator domain name resolution server.
The method provided through this embodiment is realized to service request terminal in access operator domain name resolution server
Whether the accurate judgement of Domain Hijacking is occurred.
As shown in figure 4, in the embodiment of another exemplary, service request terminal according to the first response message received,
Judge that the process that network abduction whether occurs in the data service acquisition of service request terminal progress still further comprises following steps:
Step 310, service request terminal obtains web response header Web and response text in the first response message.As previously mentioned, in domain name mapping
When http data server and https data server are directed toward in the returned server access address of server jointly, service request
End is preferentially to access http data server.
But due to not carrying out Data Encryption Transmission between http data server and service request terminal, lead to service request terminal
To being easy to happen hijacking data in the access of http data server, such as data theft occurs or distorts, it is therefore desirable to according to
Web response header Web and response text in first response message further judge access of the service request terminal to http data server
In whether hijacking data occurs, obtain correct data service to guarantee service request terminal from data server.
Step 330, according to the rule made an appointment with data server, service request terminal is to response text signature.
Wherein, data server needs before sending the first response message to service request terminal to the first response message
In response text sign, and new extensions header, will the first sound of final gained to store the signature in web response header Web
Message is answered to be sent to service request terminal.Illustratively, data server is according to specified rule to sound to the signature of response text
It answers text to carry out the process of cipher key calculation, calculates gained first key and be stored in extension header.Therefore, service request terminal is connect
Data server is carried in the first response message received to the signature of response text.
The rule that service request terminal signs to response text is corresponding with the signature rule that data server carries out.Clothes
Request end be engaged according to the rule, to the response text progress cipher key calculation received in the first response message, and it is close to obtain second
Key.
Response text and service request terminal only in the first response message transmitted by data server receive first
When response text in response message is consistent, data server signature gained first key and service request terminal signature gained the
Two keys are just identical.
Step 350, if the signature carried in the signature and web response header Web of service request terminal is inconsistent, service request is obtained
In access data server hijacking data occurs for end.
As previously mentioned, judging whether the signature carried in the signature and web response header Web of service request terminal is consistent, can pass through
Judge whether first key is identical as the second key to obtain.If the two is different, then it represents that the first response message takes in data
It is intercepted or distorts in transmission process between business device and service request terminal, therefore obtain service request terminal in access data service
Hijacking data occurs in device.
The method provided through this embodiment realizes and whether number occurs in access data server to service request terminal
According to the accurate judgement of abduction.
In an exemplary embodiment, other domain name resolution servers that data service system is disposed are httpDNS
Server, service request terminal are returned by sending domain name analysis request to httpDNS server with obtaining httpDNS server
The second server access address returned.
There is the problem of Domain Hijacking due to using the progress domain name mapping of httpDNS server can be avoided, httpDNS clothes
The second server access address that business device is returned is the corresponding true access address of data server.
Illustratively, data service system disposes multiple httpDNS servers, and service request terminal has been locally stored
HttpDNS server access address list includes the corresponding access address of every httpDNS server in the list.First
When network abduction occurs for response message instruction, service request terminal randomly selects an access address from the list and is corresponded to
The access of httpDNS server.
The present embodiment can carry out flow-dividing control to the access of service request terminal by disposing multiple httpDNS servers,
It can reduce the resource consumption of every httpDNS server resource, but also relative increase cost of serving.
As shown in figure 5, in another exemplary embodiment, service request terminal according to second server access address again
After secondary initiation server request, following steps are also executed:
Step 410, the second response message returned in response to second server access address is received.
Wherein, which is after data server receives server access request, to return to service request terminal
's.Second response message still includes statusline, web response header Web and response text.
Step 430, if the second response message still indicates that net occurs during the server access that service request terminal carries out
Network is kidnapped, and service request terminal then initiates server access request to https data server according to second server access address.
Wherein, since server access request is that service request terminal is sent according to second server access address, data
Server can be successfully received server access request, therefore the status code in data server institute returning response message is answered
When instruction server access request is successfully received.
Since http data server does not support the transmission of encryption data, if service request terminal is visited according to second server
Ask that address has accessed http data server, the response message that http data server returns then is easy to happen hijacking data, because
The second response message judges this to this server-side needs based on the received, and it is corresponding real that specific deterministic process refers to part Fig. 4
The content being described in detail in example is applied, this place repeats no more.
If service request terminal obtains the second response message that data server is returned occurs hijacking data in the transmission,
Then indicate that service request terminal accessed is http data server, and data service provided by http data server is
It is unsafe.Service request terminal then needs to initiate server access request to https data server again, with from https number
According to obtaining safe data service in server.
If hijacking data does not occur for the second response message that data server is returned, indicate that service request terminal is currently right
The access of data server be it is safe, service request terminal is able to carry out further operation.
In one embodiment, http data server and https data server share same server access address,
Respectively access of the service request terminal to http data server and https data server is by distinguishing the two data service
The different port numbers of device are realized.
In the present embodiment, service request terminal preferentially accesses http data server, and is obtaining http data server
Handover access https data server in the case where safe data service can not be provided, not only guarantee that service request terminal obtains
The data service of safety, also reduces service request terminal to the amount of access of https data server, to reduce https data
The resource consumption of server.
In the embodiment of another exemplary, service request terminal is initiating server visit to https data server again
Before asking request, also need to judge whether data service that service request terminal is currently carried out attempted access https number in obtaining
According to server.If it is, indicating there is a problem of imprevision in current data service system, service request terminal cannot be obtained
Correct data service is obtained, service request terminal need to terminate the acquisition to data service, no longer initiate to https data server
Server access request.
In one embodiment, service request terminal local cache has the history access record to data server, and service is asked
It asks end before initiating server access request to https data server, checks and whether there is https data in local cache
The corresponding history access record of server, if it is, indicating that service request terminal attempted access https data server.
The method provided through this embodiment, can be avoided service request terminal to the repeated accesses of https data server,
It further reduced the resource consumption of https data server.
In embodiment in another embodiment, as shown in fig. 6, the method for realizing server dynamic access further includes following
Step:
Step 510, if network misfortune does not occur in the server access that the first response message instruction service request terminal carries out
It holds, service request terminal then detects the mark of the URL in the web response header Web of the first response message.
Firstly the need of explanation, if data service provided by data server moves under new URL, but keep
Original URL is available, indicates that data server is related to redirecting, new URL is also referred to as Redirect URL.
Data server receive service request terminal initiation server access request after, Redirect URL can be stored to
In the response text of first response message, and in the web response header Web of the first response message new extensions header to Redirect URL
It is identified, which is known as URL mark, the first response message is then back to service request terminal.
After service request terminal receives the first response message, the URL in web response header Web by detecting the first response message is marked
Know, can accordingly obtain whether data server is related to redirecting.
Step 530, when detecting URL mark, service request terminal obtains URL mark from the response text of the first response message
Know corresponding Redirect URL.
Step 550, according to Redirect URL, service request terminal re-executes the access process of server.
Wherein, it includes: service request terminal according to Redirect URL weight that service request terminal, which re-executes the process of server access,
It is new to initiate domain name analysis request, and server access request is re-initiated according to the server access address that parsing obtains, with
Reacquire the process of data service.
In one embodiment, if according to the description in previous embodiment, judge service request terminal to operator domain name
There are Domain Hijacking in the access of resolution server, the present embodiment, which then initiates domain name mapping to other domain name resolution servers, is asked
It asks.
Similarly, if according to the description in previous embodiment, access of the interpretation service request terminal to http data server
In there are hijacking data, the present embodiment then initiates server access request to https data server.
In method provided in this embodiment, Redirect URL is stored to the response text of response message, in response message
In transmission, Redirect URL is signed with the signature in response to text, compared in existing realization directly by Redirect URL store to
The web response header Web of response message, the present embodiment institute providing method can guarantee the safety of Redirect URL.
Fig. 7 is the block diagram of a kind of electronic equipment shown according to an exemplary embodiment.As shown in fig. 7, the device includes
Domain name mapping module 610, message reception module 650, kidnaps processing module 670 and data acquisition module at data demand module 630
690。
Domain name mapping module 610 is asked for controlling service request terminal to the initiation domain name mapping of operator domain name resolution server
It asks, and obtains the first server access address that operator domain name resolution server returns.
Data demand module 630 is used to control service request terminal according to first server access address and initiate server visit
Request is asked, to obtain data service.
The first response message that first message receiving module 650 is returned for receiving response server access request.
Processing module 670 is kidnapped to be used to send out during the server access carried out with response message instruction service request terminal
In the case that raw network is kidnapped, attempt to obtain second server access address by other domain name resolution servers.
Data acquisition module 690 is used to re-execute the acquisition of data service according to second server access address.
In the embodiment of another exemplary, which further includes that statusline obtains module and Domain Hijacking acquisition module.
Statusline obtains module for controlling the statusline in service request terminal acquisition response message.
Domain Hijacking obtains module and is used to obtain in the case where statusline instruction server access request is not successfully received
Take service request terminal that Domain Hijacking occurs in access operator domain name resolution server.
In the embodiment of another exemplary, which further includes that data obtaining module, Information Signature module and data are robbed
Hold acquisition module.
Data obtaining module be used to control the service request terminal obtain web response header Web in first response message and
Respond text.
Signature blocks are used to control service request terminal to response text label according to the rule made an appointment with data server
Name, data server are the destination servers that service request terminal obtains data service.
It is inconsistent that hijacking data obtains the signature that module is used to carry in the signature and web response header Web of service request terminal
In the case of, it obtains service request terminal and hijacking data occurs in access data server.
In the embodiment of another exemplary, data acquisition module 690 is used for according to second server access address, control
Service request terminal initiates server access request again, and the server access request initiated again is for reacquiring data clothes
Business.
In the embodiment of another exemplary, which further includes second message receiving module and access request switching mould
Block.
Second message receiving module is for receiving the second response message returned in response to second server access address.
Access request switching module is used to still indicate the server access that service request terminal carries out in the second response message
In the case where network abduction occurs in journey, control service request terminal initiates server access request to https data server.
In the embodiment of another exemplary, which further includes label detection module, URL acquisition module and data acquisition
Recapture modulus block.
Label detection module is used for during the server access that the first response message instruction service request terminal carries out not
In the case where network abduction occurs, control service request terminal then detects the mark of the URL in the web response header Web of the first response message.
URL obtains module and is used for when detecting URL mark, control service request terminal from the message of the first response message just
URL is obtained in text identifies corresponding Redirect URL.
Data acquisition recaptures modulus block for controlling the visit that service request terminal re-executes server according to Redirect URL
Ask process.
It should be noted that method provided by device provided by above-described embodiment and above-described embodiment belongs to same structure
Think, the concrete mode that wherein modules execute operation is described in detail in embodiment of the method, no longer superfluous herein
It states.
In one exemplary embodiment, a kind of electronic equipment, including processor and non-volatile readable storage medium, should
Processor reads the computer program stored on non-volatile memory medium, to execute the realization server in the various embodiments described above
The method of dynamic access.
Fig. 8 is the hardware structure diagram of a kind of electronic equipment according to shown by an exemplary embodiment.The electronic equipment can
With the service request terminal 100 being implemented as in implementation environment shown in Fig. 1.
It should be noted that the electronic equipment is the example for adapting to the application, it must not believe that there is provided right
Any restrictions of the use scope of the application.The electronic equipment can not be construed to need to rely on or must have in Fig. 8
One or more component in illustrative electronic equipment shown.
The hardware configuration of the electronic equipment can generate biggish difference due to the difference of configuration or performance, as shown in figure 8,
Electronic equipment includes: power supply 710, interface 730, at least a memory 750 and at least central processing unit (CPU, a Central
Processing Units)770。
Wherein, power supply 710 is used to provide operating voltage for each hardware device on electronic equipment.
Interface 730 includes an at least wired or wireless network interface 731, at least a string and translation interface 733, at least one defeated
Enter output interface 735 and at least USB interface 737 etc., is used for and external device communication.
The carrier that memory 750 is stored as resource, can be read-only memory, random access memory, disk or CD
Deng the resource stored thereon includes operating system 751, application program 753 or data 755 etc., and storage mode can be short
Temporary storage permanently stores.Wherein, operating system 751 is for managing and each hardware device in controlling electronic devices and answering
It can be Windows with program 753 to realize calculating and processing of the central processing unit 770 to mass data 755
ServerTM, Mac OS XTM, UnixTM, LinuxTM etc..Application program 753 is to be based on completing at least on operating system 751
The computer program of one particular job, may include an at least module, and each module can have been separately included to electronics
The series of computation machine readable instruction of equipment.Data 755 can be stored in the metadata of interface etc. in disk.
Central processing unit 770 may include the processor of one or more or more, and be set as through bus and memory
750 communications, for the mass data 755 in operation and processing memory 750.
As described in detail above, the electronic equipment for being applicable in the application will read memory by central processing unit 770
The form of the series of computation machine readable instruction stored in 750 come complete realize server dynamic access method.
In addition, also can equally realize the application by hardware circuit or hardware circuit combination software instruction, therefore, realize
The application is not limited to the combination of any specific hardware circuit, software and the two.
In one exemplary embodiment, a kind of computer readable storage medium, is stored thereon with computer program, the calculating
The method of the realization server dynamic access in the various embodiments described above is realized when machine program is executed by processor.
Above content, only the preferable examples embodiment of the application, the embodiment for being not intended to limit the application, this
Field those of ordinary skill can very easily carry out corresponding flexible or repair according to the central scope and spirit of the application
Change, therefore the protection scope of the application should be subject to protection scope required by claims.
Claims (10)
1. a kind of method for realizing server dynamic access, which is characterized in that the described method includes:
Service request terminal initiates domain name analysis request to operator domain name resolution server, obtains the operator domain name parsing clothes
The first server access address that business device returns;
According to the first server access address, the service request terminal initiates server access request, to obtain data clothes
Business;
Receive the first response message for responding the server access request and returning;
If first response message indicates that network abduction occurs during the server access that the service request terminal carries out,
It then attempts to obtain second server access address by other domain name resolution servers;
The acquisition of the data service is re-executed according to the second server access address.
2. the method according to claim 1, wherein it includes the server-side to the operation that the network, which is kidnapped,
Domain Hijacking occurs in the access of quotient's domain name resolution server, is returned in the reception response server access request
After first response message, the method also includes:
The service request terminal obtains the statusline in first response message;
If the statusline indicates that the server access request is not successfully received, the service request terminal is to the fortune
It seeks in the access of quotient's domain name resolution server and domain name abduction occurs.
3. method according to claim 1 or 2, which is characterized in that it includes what the server-side carried out that the network, which is kidnapped,
In obtaining hijacking data occurs for data service, disappears in first response for receiving the response server access request and returning
After breath, the method also includes:
The service request terminal obtains web response header Web and response text in first response message;
According to the rule made an appointment with data server, the service request terminal signs to the response text, the data
Server is the destination server that the service request terminal obtains the data service;
If the signature of the service request terminal and the signature carried in the web response header Web are inconsistent, the service request terminal
In obtaining the hijacking data occurs for the data service of progress.
4. the method according to claim 1, wherein described execute institute according to the second server access address
State the acquisition of data service, comprising:
According to the second server access address, the service request terminal initiates the server access request again, again
The server access initiated is requested for reacquiring the data service.
5. according to the method described in claim 4, it is characterized in that, server access request be the service request terminal to
What http data server was initiated, it is counted between the service request terminal and the http data server by http agreement
According to transmission.
6. according to the method described in claim 5, it is characterized in that, described according to the second server access address, institute
It states after service request terminal initiates server access request again, the method also includes:
Receive the second response message for responding the second server access address and returning;
If second response message still indicates that the net occurs during the server access that the service request terminal carries out
Network is kidnapped, and the service request terminal initiates the service to https data server according to the second server access address
Device access request.
7. a kind of electronic equipment characterized by comprising
Domain name mapping module initiates domain name analysis request to operator domain name resolution server for controlling service request terminal, and
Obtain the server access address that the operator domain name resolution server returns;
Data demand module, for controlling the service request terminal and initiating server access according to the server access address
Request, to obtain data service;
First message receiving module, for receiving the first response message for responding the server access request and returning;
Processing module is kidnapped, is sent out during for indicating the server access of the service request terminal progress in the response message
In the case that raw network is kidnapped, attempt to obtain second server access address by other domain name resolution servers;
Data acquisition module, for re-executing the acquisition of the data service according to the second server access address.
8. electronic equipment according to claim 7, which is characterized in that further include:
Statusline obtains module, obtains statusline in first response message for controlling the service request terminal;
Domain Hijacking obtains module, for obtaining when the statusline indicates that the server access request is not successfully received
Take the service request terminal to Domain Hijacking occurs in the access of the operator domain name resolution server.
9. electronic equipment according to claim 7 or 8, which is characterized in that further include:
Data obtaining module obtains web response header Web and response in first response message for controlling the service request terminal
Text;
Information Signature module, for controlling the service request terminal to described according to the rule made an appointment with data server
Text signature is responded, the data server is the destination server that the service request terminal obtains the data service;
Hijacking data obtains module, different for the signature signed with carried in the web response header Web in the service request terminal
When cause, obtains in the data service acquisition that the service request terminal carries out and hijacking data occurs.
10. a kind of electronic equipment, including processor and non-volatile readable storage medium, which is characterized in that the processor is read
The computer program stored on the non-volatile memory medium is taken, 1 to 6 described in any item methods are required with perform claim.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910402899.2A CN110191203B (en) | 2019-05-15 | 2019-05-15 | Method for realizing dynamic access of server and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910402899.2A CN110191203B (en) | 2019-05-15 | 2019-05-15 | Method for realizing dynamic access of server and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110191203A true CN110191203A (en) | 2019-08-30 |
| CN110191203B CN110191203B (en) | 2022-02-01 |
Family
ID=67716360
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910402899.2A Active CN110191203B (en) | 2019-05-15 | 2019-05-15 | Method for realizing dynamic access of server and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110191203B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111770161A (en) * | 2020-06-28 | 2020-10-13 | 北京百度网讯科技有限公司 | https sniffing jump method and device |
| CN112887255A (en) * | 2019-11-29 | 2021-06-01 | 北京一起教育信息咨询有限责任公司 | Network communication method and device |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104486140A (en) * | 2014-11-28 | 2015-04-01 | 华北电力大学 | Device and method for detecting hijacking of web page |
| CN106331216A (en) * | 2016-09-13 | 2017-01-11 | 腾讯科技(深圳)有限公司 | Domain name parsing method and domain name parsing device |
| CN106790083A (en) * | 2016-12-22 | 2017-05-31 | 掌阅科技股份有限公司 | Detection method, device and mobile terminal that DNS is kidnapped |
| WO2017096888A1 (en) * | 2015-12-10 | 2017-06-15 | 乐视控股(北京)有限公司 | Method and device for implementing domain name system |
| CN107623693A (en) * | 2017-09-30 | 2018-01-23 | 北京奇虎科技有限公司 | Domain name mapping means of defence and device, system, computing device, storage medium |
| CN108270882A (en) * | 2018-01-24 | 2018-07-10 | 腾讯科技(深圳)有限公司 | The analysis method and device of domain name, storage medium, electronic device |
-
2019
- 2019-05-15 CN CN201910402899.2A patent/CN110191203B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104486140A (en) * | 2014-11-28 | 2015-04-01 | 华北电力大学 | Device and method for detecting hijacking of web page |
| WO2017096888A1 (en) * | 2015-12-10 | 2017-06-15 | 乐视控股(北京)有限公司 | Method and device for implementing domain name system |
| CN106331216A (en) * | 2016-09-13 | 2017-01-11 | 腾讯科技(深圳)有限公司 | Domain name parsing method and domain name parsing device |
| CN106790083A (en) * | 2016-12-22 | 2017-05-31 | 掌阅科技股份有限公司 | Detection method, device and mobile terminal that DNS is kidnapped |
| CN107623693A (en) * | 2017-09-30 | 2018-01-23 | 北京奇虎科技有限公司 | Domain name mapping means of defence and device, system, computing device, storage medium |
| CN108270882A (en) * | 2018-01-24 | 2018-07-10 | 腾讯科技(深圳)有限公司 | The analysis method and device of domain name, storage medium, electronic device |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112887255A (en) * | 2019-11-29 | 2021-06-01 | 北京一起教育信息咨询有限责任公司 | Network communication method and device |
| CN111770161A (en) * | 2020-06-28 | 2020-10-13 | 北京百度网讯科技有限公司 | https sniffing jump method and device |
| CN111770161B (en) * | 2020-06-28 | 2022-06-07 | 北京百度网讯科技有限公司 | https sniffing jump method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110191203B (en) | 2022-02-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103916244B (en) | Verification method and device | |
| CN107454094A (en) | A kind of data interactive method and system | |
| WO2018018697A1 (en) | Method and system for identifying spam message from false base station | |
| CN103858457A (en) | Multi-hop single sign-on (sso) for identity provider (idp) roaming/proxy | |
| US11611551B2 (en) | Authenticate a first device based on a push message to a second device | |
| CN105119973A (en) | User information processing method and user information processing server | |
| WO2012079650A1 (en) | User interaction for web resources | |
| JP2011100489A (en) | User confirmation device and method, and program | |
| CN103428179A (en) | Method, system and device for logging into multi-domain-name website | |
| JP2010273045A (en) | Server apparatus | |
| US20230315793A1 (en) | Automated web page accessing | |
| CN110191203A (en) | Realize the method and electronic equipment of server dynamic access | |
| CN110489957B (en) | Management method of access request and computer storage medium | |
| CN114978752A (en) | Weak password detection method and device, electronic equipment and computer readable storage medium | |
| CN108880923A (en) | The method and apparatus that policer operation applied to application server is requested | |
| CN107979577B (en) | Terminal authentication method and device | |
| US9762535B2 (en) | Information processing apparatus, system, method and medium | |
| JPWO2011070726A1 (en) | Attribute information linkage providing system, access information management device, access information proxy management device, method, and program | |
| CN114338130B (en) | Information processing method, device, server and storage medium | |
| US8984616B2 (en) | Efficient routing for reverse proxies and content-based routers | |
| CN111490997B (en) | Task processing method, proxy system, service system and electronic equipment | |
| CN113742702A (en) | Method, system, equipment and storage medium for safety access based on enterprise WeChat | |
| CN106878353A (en) | Smart machine obtains the methods, devices and systems of business datum | |
| KR100477798B1 (en) | The method of multi-modal session management | |
| WO2017150083A1 (en) | Authentication processing device and authentication processing method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |