CN110191203B - Method for realizing dynamic access of server and electronic equipment - Google Patents
Method for realizing dynamic access of server and electronic equipment Download PDFInfo
- Publication number
- CN110191203B CN110191203B CN201910402899.2A CN201910402899A CN110191203B CN 110191203 B CN110191203 B CN 110191203B CN 201910402899 A CN201910402899 A CN 201910402899A CN 110191203 B CN110191203 B CN 110191203B
- Authority
- CN
- China
- Prior art keywords
- server
- data
- domain name
- service request
- service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The application relates to a method and a device for realizing dynamic access of a server. The method comprises the following steps: a service request end initiates a domain name resolution request to an operator domain name resolution server to obtain a first server access address returned by the operator domain name resolution server; according to the first server access address, the service request terminal initiates a server access request to acquire data service; receiving a first response message returned in response to the server access request; if the first response message indicates that network hijacking occurs in the server access process performed by the service request terminal, trying to acquire a second server access address through other domain name resolution servers; and executing the acquisition of the data service according to the second server access address. The method provided by the application realizes the reasonable access of the service request end to the server.
Description
Technical Field
The present application relates to the field of internet technologies, and in particular, to a method and an electronic device for implementing dynamic access to a server.
Background
In the conventional technical implementation, when a client accesses a data server to obtain data services, a server access address corresponding to a domain name in a URL (uniform resource locator) to be accessed is first obtained by an operator domain name resolution server, and then the data server is accessed according to the server access address returned by the operator domain name resolution server. However, domain hijacking or other problems are easily caused in domain name resolution performed by the operator domain name resolution server, so that the client cannot acquire data services correctly.
To address this technical problem, more and more clients rely on httpDNS servers to obtain server access addresses. The httpDNS server can effectively prevent domain name hijacking, but greatly increases service cost, and the resource consumption of the httpDNS server is large due to too many client accesses, which easily causes the performance problem of the httpDNS server.
Therefore, how to realize reasonable access of the client to the data server is a problem to be solved urgently in the existing implementation.
Disclosure of Invention
Based on the above technical problem, the present application provides a method and an apparatus for implementing dynamic access to a server, an electronic device, and a computer-readable storage medium.
Wherein, the technical scheme who this application adopted does:
a method for realizing dynamic access of a server comprises the following steps: a service request end initiates a domain name resolution request to an operator domain name resolution server to obtain a first server access address returned by the operator domain name resolution server; according to the first server access address, the service request terminal initiates a server access request to acquire data service; receiving a first response message returned in response to the server access request; if the response message indicates that network hijacking occurs in the server access process performed by the service request terminal, trying to acquire a second server access address through other domain name resolution servers; and re-executing the acquisition of the data service according to the second server access address.
An electronic device, comprising: the domain name resolution module is used for controlling a service request end to initiate a domain name resolution request to an operator domain name resolution server and acquiring a server access address returned by the operator domain name resolution server; the data request module is used for controlling the service request terminal to initiate a server access request according to the server access address so as to acquire data service; the first message receiving module is used for receiving a first response message returned in response to the server access request; the hijack processing module is used for trying to acquire a second server access address through other domain name resolution servers under the condition that the response message indicates that network hijack occurs in the server access process performed by the service request terminal; and the data acquisition module is used for re-executing the acquisition of the data service according to the second server access address.
An electronic device comprising a processor and a non-volatile readable storage medium, wherein the processor reads a computer program stored on the non-volatile storage medium to perform the method as described above.
In the embodiment of the application, the service request end preferentially accesses the operator domain name resolution server to obtain the first server access address, and accesses the data server according to the first server access address to obtain the data service. Under the condition that network hijacking occurs in the process of server access, the service request end acquires the access address of the second server by using other domain name resolution servers so as to acquire the data service again according to the access address of the second server, so that the service cost is reduced, the correctness of the data service acquired by the service request end is ensured, the resource consumption of other domain name resolution servers is reduced, and the server is reasonably accessed by the service request end.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present application and together with the description, serve to explain the principles of the application.
FIG. 1 is a schematic illustration of an implementation environment in accordance with the subject application;
FIG. 2 is a flow diagram illustrating a method for implementing dynamic access to a server in accordance with an exemplary embodiment;
FIG. 3 is a flow chart illustrating a method of implementing dynamic access to a server in accordance with another exemplary embodiment;
FIG. 4 is a flow chart illustrating a method of implementing dynamic access to a server in accordance with another exemplary embodiment;
FIG. 5 is a flow chart illustrating a method of implementing dynamic access to a server in accordance with another exemplary embodiment;
FIG. 6 is a flow chart illustrating a method of implementing dynamic access to a server in accordance with another exemplary embodiment;
FIG. 7 is a block diagram illustrating an electronic device in accordance with an example embodiment.
FIG. 8 is a diagram illustrating a hardware configuration of an electronic device in accordance with an exemplary embodiment.
While certain embodiments of the present application have been illustrated by the accompanying drawings and described in detail below, such drawings and description are not intended to limit the scope of the inventive concepts in any manner, but are rather intended to explain the concepts of the present application to those skilled in the art by reference to the particular embodiments.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
FIG. 1 is a schematic diagram of an implementation environment, which is a data service system, in accordance with the present invention. In an exemplary embodiment, as shown in FIG. 1, the implementation environment includes: a service requester 100, a domain name resolution server 200 and a data server 300.
The service request terminal 100 is a terminal that can be operated by a service request client, and may be a smart phone, a tablet computer, a notebook computer, a computer, or other electronic devices, which is not limited herein. The service request client may be an application client (APP) or a web page client, which is not limited herein. In addition, the number of service requesters 100 may be arbitrary (only 1 is shown in fig. 1).
The domain name resolution servers 200 are used to provide domain name resolution services to the service request terminal 100, and the number of the domain name resolution servers 200 may be any. As shown in fig. 1, the domain name resolution server 200 includes an operator domain name resolution server and an httpDNS server, and the service request terminal 100 can obtain a server access address of the data server 300 by accessing one of the domain name resolution servers 200, so that the service request terminal 100 requests the data server 300 for obtaining a data service according to the server access address.
The data server 300 is configured to provide data services to the service request end 100, for example, the data server 300 may store data uploaded by the service request end 100, and may also send related data to the service request end 100 according to a data acquisition request initiated by the service request end 100.
As shown in fig. 1, the data server 300 includes an http data server and an https data server, and the service request terminal 100 obtains a data service by accessing one of the data servers 300. Data transmission is performed between the http data server and the service request terminal 100 through an http (HyperText Transfer Protocol) Protocol, and data transmission is performed between the https data server and the service request terminal 100 through an https (HyperText Transfer Protocol Secure) Protocol.
In this implementation environment, the cost of the service request terminal 100 obtaining the domain name resolution service through the operator domain name resolution server is low, but the problems of domain name hijacking, high user connection failure rate, and the like are likely to occur. Although the service request terminal 100 can perform domain name resolution around the operator to prevent domain name hijacking by acquiring the domain name resolution service through the httpDNS server, the service cost is greatly increased. The access of a large number of service request terminals 100 to the httpDNS server causes the resource consumption of the httpDNS server to be too large, and the performance problem of the httpDNS server is easily caused.
In addition, since the http data server cannot perform encrypted transmission of data, data stealing or tampering is easily caused in data transmission performed between the http data server and the service request terminal 100, which leads to easy data hijacking. Although the https data server can provide a more secure data service to the service requester 100, there are problems in that the service cost increases and the resource consumption of the https data server itself is excessive.
In order to solve the above problems, an aspect of the present invention provides a method for implementing dynamic access to a server. The method is suitable for the service request end 100 in the implementation environment shown in fig. 1. By performing this method, the service requester 100 can make reasonable access to the domain name resolution server 200 and the data server 300.
As shown in fig. 2, in an exemplary embodiment, the method for implementing dynamic access of a server at least comprises the following steps:
It should be noted that, the data server according to this embodiment should be understood as a target server for the service requester to obtain the data service, and does not represent any limitation to the type of the target server in this embodiment.
The service request side acquires the data service provided by the data server according to the URL to be accessed corresponding to the data server. The URL to be accessed may be obtained according to user input, or may be obtained according to a history access record locally cached at the service request end, which is not limited herein. The URL to be accessed comprises the domain name of the data server.
The service request end can not directly access the data server according to the URL to be accessed, the domain name included in the URL to be accessed needs to be analyzed through the domain name analysis server, and the access to the data server is realized according to the server access address obtained through the analysis of the domain name analysis server.
The operator domain name resolution server is domain name resolution service equipment provided by an operator to a user, can provide low-cost domain name resolution service for the user, and is easy to cause domain name hijacking or other problems. However, considering the problem of high user cost and high resource consumption of other domain name resolution servers, the service request terminal preferentially obtains the domain name resolution service from the operator resolution server.
The domain name resolution request sent by the service request end to the operator resolution server includes the domain name in the URL to be accessed. In one embodiment, after receiving the domain name resolution request, the operator domain name resolution server searches for a corresponding domain name resolution result according to a domain name included in the domain name resolution request, and returns the searched resolution result (i.e., the first server access address) to the service request end.
In another embodiment, the service request side locally caches a history resolution record, and before initiating a domain name resolution request to the operator domain name resolution server, the service request side first checks whether a service access address corresponding to a domain name in a URL to be accessed exists in the cache. If not, the service request end sends a domain name resolution request to the operator domain name resolution server so as to obtain a first server access address returned by the operator domain name resolution server.
If the service request end does not have domain name hijacking in the process of accessing the operator domain name resolution server to obtain the server access address, the first server access address returned by the operator domain name resolution server is the real access address of the data server. Otherwise, the first server access address returned by the operator domain name resolution server is not the real access address of the data server, and the service request end cannot access the data server according to the first server access address.
After receiving a first server access address returned by the domain name resolution server, the service request end initiates a server access request to a service end corresponding to the first server access address so as to acquire a specified data service from the service end. For example, the service request side may request the corresponding service side to upload data, or may request the corresponding service side to acquire data.
It should be understood that if the service request end does not have domain name hijacking in the domain name resolution server of the access operator, the first server access address is the real access address of the data server, and the service end accessed by the service request end is the data server; on the contrary, the server accessed by the service request terminal is other server terminals, and the service request terminal cannot acquire the data service corresponding to the server access request from other server terminals.
In one embodiment, if the first server access address points to the http data server and the http data server together, considering that both the service cost and the resource consumption of the http data server are low, the service request end preferentially sends the server access request to the http data server.
The first response message refers to that after the server corresponding to the first server access address receives the server access request, the server access request is responded, and a response result is returned to the service request end in the form of the response message.
Illustratively, the first response message includes a status line, a response header, and a response body. The status line comprises a status code and a status code description, for example, "200 OK" indicates that the server access request sent by the service request end is successfully received; "403 Forbidden" indicates that a server access request is received, but service is denied; "404 Not Found" indicates that the requested service does Not exist or a URL error. The response header is used to store specific information, such as additional response information that is not allowed to be stored in the status line, information about the server itself, information for next access to a resource identified by a Request uniform resource identifier (Request-URI), and the like. The response text is the entity data transmitted by the server.
In step 170, if the first response message indicates that network hijacking occurs in the server access process performed by the service request end, an attempt is made to acquire the access address of the second server through other domain name resolution servers.
The server access performed by the service request end comprises a process of accessing the operator domain name resolution server by the service request end to obtain a first server access address, and a process of accessing a corresponding service end (including a data server) by the service request end according to the first server access address.
Correspondingly, the network hijacking indicated by the response message includes domain hijacking occurring when the service request end accesses the domain name resolution server of the operator, and also includes data hijacking occurring when the service request end accesses the data server.
Other domain name resolution servers are domain name resolution servers deployed by the data service system in addition to the operator domain name resolution server. Other domain name resolution servers can bypass operators to provide domain name resolution services for the service request terminal, and the domain name hijacking problem can be avoided. Other domain name resolution servers may be httpDNS servers as shown in fig. 1, or authoritative domain name resolution servers, URP servers, and so on. And in the embodiment, the number of other domain name resolution servers deployed by the data service system is at least one.
If the first response message indicates that network hijacking occurs in the server access process performed by the service request end, the service request end sends a domain name resolution request to one of the other domain name resolution servers to acquire the second server access address returned by the other domain name resolution servers. The second server access address is the real access address of the data server. And if the first response message indicates that the network hijacking does not occur, the service request end continues to perform the next operation.
It should be noted that whether network hijacking occurs in the server access process performed by the service request end may be specifically determined according to the first response message, and the determination process is referred to the detailed description in the following embodiments, which is not described herein again.
After the service request terminal acquires the second server access address returned by other domain name resolution servers, the server access request is reinitiated according to the second server access address so as to reacquire data service.
As described above, since the second server access address is the real access address of the data server, the server access request initiated by the service request end again is initiated to the data server. And through the response of the data server to the server access request, the service request end is enabled to reacquire the data service provided by the data server.
In this embodiment, since the service request end preferentially obtains the server access address of the data server through the operator domain name resolution server, and uses other domain name resolution servers to obtain the server access address of the data server again under the condition that network hijacking occurs in the data service obtained according to the server access address returned by the operator domain name resolution server, the accuracy of the data service obtained by the service request end is ensured while the service cost is reduced, and the resource consumption of other domain name resolution servers is reduced.
In addition, when the server access address returned by the domain name resolution server points to the http data server and the http data server together, the service request end preferentially accesses the http data server, so that the service cost is further reduced, and the reasonable access of the domain name resolution server and the data server by the service request end is realized.
In an exemplary embodiment, a process in which a service request end determines whether network hijacking occurs in a server access process performed by the service request end according to a received first response message is shown in fig. 3, and includes the following steps:
At step 230, it is determined whether the status line indicates that the server access request was successfully received.
As mentioned above, the status row includes a status code and a corresponding status code description, and the first number in the status code defines the response category, for example, "2 xx" indicates success of the request, "4 xx" indicates error of the request, which is not listed here.
The service request terminal can correspondingly obtain the state of the initiated server access request by identifying the state code in the state row corresponding to the first response message. And by further identifying whether the first digit of the status code is "2," a determination can be made as to whether the server access request was successfully received. If the first digit of the identification status code of the service request end is not '2', the service request end judges that the initiated server access request is not successfully received, and skips to execute the step 250; if the first digit of the identification status code is "2", it is determined that the initiated server access request was successfully received, and execution jumps to step 270.
In one embodiment, since the status code of the server access request successfully received is generally set to "200", the service request end can directly determine whether the server access request is successfully received by identifying whether the status code in the status row is "200".
In step 250, the service request end performs domain hijacking in the domain name resolution server of the access operator.
The domain hijacking of the service request end in the domain name resolution server of the operator refers to that the domain name resolution server of the operator sends a domain name resolution request according to the domain name resolution request sent by the service request end, and a first server access address returned to the service request end is not a real access address of the data server but an access address corresponding to other service ends, such as a phishing website.
Because the server access request contains the specified information for accessing the data server, and the server access request can only be successfully received by the data server, after the server access request is initiated by the service request end according to the first server access address returned by the operator domain name resolution server, the server access request can only be successfully received by the data server under the condition that the first server access address corresponds to the real access address of the data server.
Therefore, the service request end judges that the initiated server access request is not successfully received, and the service request end carries out domain name hijacking in the domain name resolution server of the access operator.
As described above, the server access request can be successfully received by the data server only if the first server access address corresponds to the real access address of the data server. If the service request end judges that the initiated server access request is successfully received, the first server access address returned by the operator domain name resolution server is the real access address of the data server, and the service request end normally accesses the operator domain name resolution server.
By the method provided by the embodiment, whether the domain name hijacking occurs in the domain name resolution server of the operator is accurately judged by the service request terminal.
As shown in fig. 4, in another exemplary embodiment, the process of the service requester determining whether network hijacking occurs in the data service acquisition performed by the service requester according to the received first response message further includes the following steps: in step 310, the service requester obtains a response header and a response body in the first response message. As described above, when the server access address returned by the domain name resolution server points to the http data server and the http data server together, the service request terminal preferentially accesses the http data server.
However, since data encryption transmission is not performed between the http data server and the service request terminal, data hijacking, for example, data stealing or tampering, is easily generated in the access of the service request terminal to the http data server, and therefore, it is necessary to further determine whether data hijacking occurs in the access of the service request terminal to the http data server according to a response header and a response text in the first response message, so as to ensure that the service request terminal obtains a correct data service from the data server.
Before sending the first response message to the service request end, the data server needs to sign the response body in the first response message, adds an extension header in the response header to store the signature, and sends the finally obtained first response message to the service request end. Illustratively, the signature of the data server on the response body is a process of performing key calculation on the response body according to a specified rule, and a first calculated key is stored in the extension header. Therefore, the first response message received by the service request end carries the signature of the data server to the response body.
The rules for the service request side to sign the response body correspond to the signing rules performed by the data server. And the service request end carries out key calculation on the response text in the received first response message according to the rule and obtains a second key.
And only when the response text in the first response message sent by the data server is consistent with the response text in the first response message received by the service request end, the first key signed by the data server is the same as the second key signed by the service request end.
And step 350, if the signature of the service request end is not consistent with the signature carried in the response header, acquiring that the service request end carries out data hijack in the access data server.
As described above, determining whether the signature of the service request end is consistent with the signature carried in the response header may be obtained by determining whether the first key is the same as the second key. If the first response message and the second response message are different, the first response message is intercepted or tampered in the transmission process between the data server and the service request end, and therefore the data hijacking of the data server by the service acquisition request end occurs.
By the method provided by the embodiment, whether the data hijacking occurs in the data access server by the service request terminal is accurately judged.
In an exemplary embodiment, the other domain name resolution servers deployed by the data service system are httpDNS servers, and the service request terminal obtains the second server access address returned by the httpDNS server by sending a domain name resolution request to the httpDNS server.
The domain name resolution is carried out by using the httpdNS server, so that the problem of domain name hijacking can be avoided, and the second server access address returned by the httpdNS server is the real access address corresponding to the data server.
Illustratively, the data service system deploys a plurality of httpdNS servers, and the service request end locally stores an access address list of the httpdNS servers, wherein the access address list comprises the access address corresponding to each httpdNS server. And when the first response message indicates that the network hijacking occurs, the service request end randomly selects an access address from the list to access the corresponding httpDNS server.
In the embodiment, by deploying a plurality of httpDNS servers, the access of the service request terminal can be shunted, the resource consumption of each httpDNS server resource can be reduced, but the service cost is relatively increased.
As shown in fig. 5, in another exemplary embodiment, after the service requester initiates the server request again according to the second server access address, the following steps are further performed:
And the second response message is returned to the service request end after the data server receives the server access request. The second response message still includes a status line, a response header and a response body.
Since the server access request is sent by the service request end according to the second server access address, the data server can successfully receive the server access request, and therefore, the status code in the response message returned by the data server should indicate that the server access request is successfully received.
Because the http data server does not support the transmission of encrypted data, if the service request end accesses the http data server according to the second server access address, the response message returned by the http data server is easy to be hijacked, so the service end needs to judge the http data according to the received second response message, and for the specific judgment process, reference is made to the content described in detail in the embodiment corresponding to fig. 4, which is not described herein again.
If the second response message returned by the data server acquired by the service request end occurs data hijacking in transmission, the http data server is accessed by the service request end, and the data service provided by the http data server is unsafe. The service request terminal needs to initiate a server access request to the https data server again to obtain the secure data service from the https data server.
And if the second response message returned by the data server does not have data hijacking, the current access of the service request end to the data server is safe, and the service request end can perform further operation.
In one embodiment, the http data server and the https data server share the same server access address, and the service request terminal accesses the http data server and the https data server respectively by distinguishing different port numbers of the two data servers.
In this embodiment, the service request end preferentially accesses the http data server, and switches to access the https data server when the http data server cannot provide the secure data service, so that the service request end is ensured to obtain the secure data service, the access amount of the service request end to the https data server is reduced, and the resource consumption of the https data server is reduced.
In another exemplary embodiment, before the service request terminal re-initiates the server access request to the https data server, it is further required to determine whether the service request terminal attempts to access the https data server in the current data service acquisition. If so, the unpredictable problem exists in the current data service system, the service request end cannot obtain the correct data service, the service request end needs to terminate the acquisition of the data service, and a server access request is not initiated to the https data server any more.
In one embodiment, the service request side locally caches history access records to the data server, before initiating a server access request to the https data server, the service request side checks whether the history access records corresponding to the https data server exist in the local cache, and if yes, the service request side indicates that the service request side attempts to access the https data server.
By the method provided by the embodiment, repeated access of the service request terminal to the https data server can be avoided, and resource consumption of the https data server is further reduced.
In another embodiment, as shown in fig. 6, the method for implementing dynamic access of a server further includes the following steps:
in step 510, if the first response message indicates that network hijacking does not occur in the server access performed by the service request end, the service request end detects the URL identifier in the response header of the first response message.
It should be noted first that if the data service provided by the data server migrates under a new URL, but the original URL remains available, indicating that the data server is involved in redirection, the new URL is also referred to as a redirect URL.
After receiving a server access request initiated by a service request end, the data server stores the redirection URL into a response text of the first response message, adds an extension header in a response header of the first response message to identify the redirection URL, and then returns the first response message to the service request end.
After the service request end receives the first response message, whether the data server is related to redirection or not can be obtained correspondingly by detecting the URL identification in the response header of the first response message.
The process of re-executing server access by the service request end comprises the following steps: and the service request terminal re-initiates the domain name resolution request according to the redirection URL and re-initiates the server access request according to the server access address obtained by resolution so as to re-acquire the data service.
In an embodiment, if it is determined that domain name hijacking exists in the access of the service request end to the operator domain name resolution server according to the description in the foregoing embodiment, the present embodiment initiates a domain name resolution request to another domain name resolution server.
Similarly, if there is data hijacking in the access of the interpretation service request end to the http data server according to the description in the foregoing embodiment, the present embodiment initiates a server access request to the http data server.
In the method provided by this embodiment, the redirect URL is stored in the response body of the response message, and in the transmission of the response message, the redirect URL is signed along with the signature of the response body.
FIG. 7 is a block diagram illustrating an electronic device in accordance with an example embodiment. As shown in fig. 7, the apparatus includes a domain name resolution module 610, a data request module 630, a message receiving module 650, a hijack processing module 670, and a data acquisition module 690.
The domain name resolution module 610 is configured to control the service request terminal to initiate a domain name resolution request to the operator domain name resolution server, and obtain a first server access address returned by the operator domain name resolution server.
The data request module 630 is configured to control the service request end to initiate a server access request according to the first server access address, so as to obtain the data service.
The first message receiving module 650 is configured to receive a first response message returned in response to the server access request.
The hijack processing module 670 is configured to attempt to acquire the second server access address through another domain name resolution server when the response message indicates that network hijack occurs in the server access process performed by the service request end.
The data obtaining module 690 is configured to re-perform the obtaining of the data service according to the second server access address.
In another exemplary embodiment, the apparatus further comprises a status line acquisition module and a domain name hijacking acquisition module.
The state line acquisition module is used for controlling the service request terminal to acquire the state line in the response message.
The domain name hijacking acquisition module is used for acquiring the domain name hijacking of the service request end in the domain name resolution server of the access operator under the condition that the status line indicates that the server access request is not successfully received.
In another exemplary embodiment, the apparatus further comprises an information acquisition module, an information signature module, and a data hijacking acquisition module.
The information acquisition module is used for controlling the service request end to acquire the response header and the response text in the first response message.
The signature module is used for controlling the service request end to sign the response text according to a rule agreed with the data server in advance, and the data server is a target server for the service request end to obtain data service.
The data hijacking acquisition module is used for acquiring data hijacking of the service request end in the data access server under the condition that the signature of the service request end is inconsistent with the signature carried in the response header.
In another exemplary embodiment, the data obtaining module 690 is configured to control the service requester to initiate a server access request again according to the second server access address, where the initiated server access request is used to obtain the data service again.
In another exemplary embodiment, the apparatus further includes a second message receiving module and an access request switching module.
The second message receiving module is used for receiving a second response message returned in response to the second server access address.
And the access request switching module is used for controlling the service request terminal to initiate a server access request to the https data server under the condition that the second response message still indicates that network hijacking occurs in the server access process performed by the service request terminal.
In another exemplary embodiment, the apparatus further comprises an identification detection module, a URL obtaining module, and a data obtaining reacquisition module.
The identification detection module is used for controlling the service request end to detect the URL identification in the response header of the first response message under the condition that the first response message indicates that the network hijacking does not occur in the server access process performed by the service request end.
And the URL acquisition module is used for controlling the service request terminal to acquire a redirection URL corresponding to the URL identification from the message body of the first response message when the URL identification is detected.
And the data acquisition reacquisition module is used for controlling the service request end to carry out the access process of the server again according to the redirection URL.
It should be noted that the apparatus provided in the foregoing embodiment and the method provided in the foregoing embodiment belong to the same concept, and the specific manner in which each module performs operations has been described in detail in the method embodiment, and is not described again here.
In one exemplary embodiment, an electronic device includes a processor and a nonvolatile readable storage medium, where the processor reads a computer program stored on the nonvolatile storage medium to execute the method for implementing server dynamic access in the above embodiments.
FIG. 8 is a hardware block diagram of an electronic device shown in accordance with an example embodiment. The electronic device may be embodied as the service requester 100 in the implementation environment shown in fig. 1.
It should be noted that the electronic device is only an example adapted to the application and should not be considered as providing any limitation to the scope of use of the application. The electronic device is also not to be construed as requiring reliance on, or necessity of, one or more components of the exemplary electronic device illustrated in fig. 8.
The hardware structure of the electronic device may have a large difference due to the difference of configuration or performance, as shown in fig. 8, the electronic device includes: a power supply 710, an interface 730, at least one memory 750, and at least one Central Processing Unit (CPU) 770.
The power supply 710 is used for providing an operating voltage for each hardware device on the electronic device.
The interface 730 includes at least one wired or wireless network interface 731, at least one serial-to-parallel conversion interface 733, at least one input/output interface 735, and at least one USB interface 737, etc. for communicating with external devices.
As described in detail above, an electronic device to which the present application is applied will implement the server dynamic access method by the central processor 770 reading a series of computer readable instructions stored in the memory 750.
Furthermore, the present application can also be implemented by hardware circuits or hardware circuits in combination with software instructions, and thus, the implementation of the present application is not limited to any specific hardware circuits, software, or a combination of the two.
In an exemplary embodiment, a computer readable storage medium has a computer program stored thereon, and the computer program, when executed by a processor, implements the method for implementing dynamic access of a server in the above embodiments.
The above description is only a preferred exemplary embodiment of the present application, and is not intended to limit the embodiments of the present application, and those skilled in the art can easily make various changes and modifications according to the main concept and spirit of the present application, so that the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (10)
1. A method for realizing dynamic access of a server, which is characterized by comprising the following steps:
a service request end initiates a domain name resolution request to an operator domain name resolution server to obtain a first server access address returned by the operator domain name resolution server;
according to the first server access address, the service request terminal initiates a server access request to acquire data service;
receiving a first response message returned in response to the server access request;
if the first response message indicates that network hijacking occurs in the server access process performed by the service request terminal, trying to acquire a second server access address through other domain name resolution servers; the other domain name resolution servers are domain name resolution servers which are deployed by a data service system and are except the operator domain name resolution server;
and re-executing the acquisition of the data service according to the second server access address.
2. The method according to claim 1, wherein the network hijacking comprises domain name hijacking occurring in the access of the service request terminal to the operator domain name resolution server, and after the receiving a first response message returned in response to the server access request, the method further comprises:
the service request end acquires the state line in the first response message;
and if the state line indicates that the server access request is not successfully received, the domain name hijacking occurs in the access of the service request end to the operator domain name resolution server.
3. The method according to claim 1 or 2, wherein the network hijacking comprises data hijacking occurring in data service acquisition by the service requester, and after the receiving of the first response message returned in response to the server access request, the method further comprises:
the service request end acquires a response header and a response text in the first response message;
according to a rule agreed with a data server in advance, the service request end signs the response text, and the data server is a target server for the service request end to acquire the data service;
and if the signature of the service request end is not consistent with the signature carried in the response header, the data hijacking occurs in the data service acquisition performed by the service request end.
4. The method of claim 1, wherein the performing the acquisition of the data service according to the second server access address comprises:
and according to the second server access address, the service request end initiates the server access request again, and the initiated server access request is used for reacquiring the data service.
5. The method according to claim 4, wherein the server access request is initiated from the service request terminal to an http data server, and data transmission is performed between the service request terminal and the http data server through an http protocol.
6. The method according to claim 5, wherein after the server access request is initiated again by the service requester according to the second server access address, the method further comprises:
receiving a second response message returned in response to the second server access address;
and if the second response message still indicates that the network hijacking occurs in the server access process performed by the service request terminal, the service request terminal initiates the server access request to the https data server according to the second server access address.
7. An electronic device, comprising:
the domain name resolution module is used for controlling a service request end to initiate a domain name resolution request to an operator domain name resolution server and acquiring a server access address returned by the operator domain name resolution server;
the data request module is used for controlling the service request terminal to initiate a server access request according to the server access address so as to acquire data service;
the first message receiving module is used for receiving a first response message returned in response to the server access request;
the hijack processing module is used for trying to acquire a second server access address through other domain name resolution servers under the condition that the response message indicates that network hijack occurs in the server access process performed by the service request terminal; the other domain name resolution servers are domain name resolution servers which are deployed by a data service system and are except the operator domain name resolution server;
and the data acquisition module is used for re-executing the acquisition of the data service according to the second server access address.
8. The electronic device of claim 7, further comprising:
a status line acquiring module, configured to control the service request end to acquire a status line in the first response message;
and the domain name hijacking acquisition module is used for acquiring the domain name hijacking in the access of the service request end to the operator domain name resolution server when the state line indicates that the server access request is not successfully received.
9. The electronic device of claim 7 or 8, further comprising:
an information obtaining module, configured to control the service request end to obtain a response header and a response text in the first response message;
the information signature module is used for controlling the service request end to sign the response text according to a rule agreed with a data server in advance, and the data server is a target server for the service request end to acquire the data service;
and the data hijacking acquisition module is used for acquiring data hijacking in data service acquisition performed by the service request end when the signature of the service request end is inconsistent with the signature carried in the response header.
10. An electronic device comprising a processor and a non-volatile readable storage medium, wherein the processor reads a computer program stored on the non-volatile readable storage medium to perform the method of any of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910402899.2A CN110191203B (en) | 2019-05-15 | 2019-05-15 | Method for realizing dynamic access of server and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910402899.2A CN110191203B (en) | 2019-05-15 | 2019-05-15 | Method for realizing dynamic access of server and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110191203A CN110191203A (en) | 2019-08-30 |
| CN110191203B true CN110191203B (en) | 2022-02-01 |
Family
ID=67716360
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910402899.2A Active CN110191203B (en) | 2019-05-15 | 2019-05-15 | Method for realizing dynamic access of server and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110191203B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112887255A (en) * | 2019-11-29 | 2021-06-01 | 北京一起教育信息咨询有限责任公司 | Network communication method and device |
| CN111770161B (en) * | 2020-06-28 | 2022-06-07 | 北京百度网讯科技有限公司 | https sniffing jump method and device |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104486140A (en) * | 2014-11-28 | 2015-04-01 | 华北电力大学 | Device and method for detecting hijacking of web page |
| CN106331216A (en) * | 2016-09-13 | 2017-01-11 | 腾讯科技(深圳)有限公司 | Domain name parsing method and domain name parsing device |
| CN106790083A (en) * | 2016-12-22 | 2017-05-31 | 掌阅科技股份有限公司 | Detection method, device and mobile terminal that DNS is kidnapped |
| WO2017096888A1 (en) * | 2015-12-10 | 2017-06-15 | 乐视控股(北京)有限公司 | Method and device for implementing domain name system |
| CN107623693A (en) * | 2017-09-30 | 2018-01-23 | 北京奇虎科技有限公司 | Domain name mapping means of defence and device, system, computing device, storage medium |
| CN108270882A (en) * | 2018-01-24 | 2018-07-10 | 腾讯科技(深圳)有限公司 | The analysis method and device of domain name, storage medium, electronic device |
-
2019
- 2019-05-15 CN CN201910402899.2A patent/CN110191203B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104486140A (en) * | 2014-11-28 | 2015-04-01 | 华北电力大学 | Device and method for detecting hijacking of web page |
| WO2017096888A1 (en) * | 2015-12-10 | 2017-06-15 | 乐视控股(北京)有限公司 | Method and device for implementing domain name system |
| CN106331216A (en) * | 2016-09-13 | 2017-01-11 | 腾讯科技(深圳)有限公司 | Domain name parsing method and domain name parsing device |
| CN106790083A (en) * | 2016-12-22 | 2017-05-31 | 掌阅科技股份有限公司 | Detection method, device and mobile terminal that DNS is kidnapped |
| CN107623693A (en) * | 2017-09-30 | 2018-01-23 | 北京奇虎科技有限公司 | Domain name mapping means of defence and device, system, computing device, storage medium |
| CN108270882A (en) * | 2018-01-24 | 2018-07-10 | 腾讯科技(深圳)有限公司 | The analysis method and device of domain name, storage medium, electronic device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110191203A (en) | 2019-08-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11128621B2 (en) | Method and apparatus for accessing website | |
| WO2011089788A1 (en) | Classified information leakage prevention system, classified information leakage prevention method and classified information leakage prevention programme | |
| US8533581B2 (en) | Optimizing security seals on web pages | |
| CN109257373B (en) | Domain name hijacking identification method, device and system | |
| CN110888838B (en) | Request processing method, device, equipment and storage medium based on object storage | |
| US11831617B2 (en) | File upload control for client-side applications in proxy solutions | |
| US11163499B2 (en) | Method, apparatus and system for controlling mounting of file system | |
| CN113242331B (en) | Different types of address conversion method, device, computer equipment and storage medium | |
| CN110191203B (en) | Method for realizing dynamic access of server and electronic equipment | |
| CN110489957B (en) | Management method of access request and computer storage medium | |
| CN113691646A (en) | Domain name service resource access method, device, electronic equipment and medium | |
| CN110619022B (en) | Node detection method, device, equipment and storage medium based on block chain network | |
| CN108055299B (en) | Portal page pushing method, network access server and Portal authentication system | |
| US9130994B1 (en) | Techniques for avoiding dynamic domain name system (DNS) collisions | |
| US8694659B1 (en) | Systems and methods for enhancing domain-name-server responses | |
| CN111259371B (en) | Internet of things equipment authentication method, electronic device and storage medium | |
| WO2020224108A1 (en) | Url interception and conversion method, device, and computer apparatus | |
| CN111241523B (en) | Authentication processing method, device, equipment and storage medium | |
| CN112152993A (en) | Method and device for detecting webpage hijacking, computer equipment and storage medium | |
| TWI546688B (en) | Method for processing url and associated server and non-transitory computer readable storage medium | |
| CN113709136B (en) | Access request verification method and device | |
| CN111917787B (en) | Request detection method, request detection device, electronic equipment and computer readable storage medium | |
| CN110572375B (en) | IP address proxy method and device | |
| US10567518B2 (en) | Automatic discovery and onboarding of electronic devices | |
| JP2013251000A (en) | User verification device, method, and program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |