CN112422429B - Data request processing method and device, storage medium and electronic equipment - Google Patents

Data request processing method and device, storage medium and electronic equipment Download PDF

Info

Publication number
CN112422429B
CN112422429B CN202011297442.9A CN202011297442A CN112422429B CN 112422429 B CN112422429 B CN 112422429B CN 202011297442 A CN202011297442 A CN 202011297442A CN 112422429 B CN112422429 B CN 112422429B
Authority
CN
China
Prior art keywords
domain name
request
target domain
data request
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011297442.9A
Other languages
Chinese (zh)
Other versions
CN112422429A (en
Inventor
夏云
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beike Technology Co Ltd
Original Assignee
Beike Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beike Technology Co Ltd filed Critical Beike Technology Co Ltd
Priority to CN202011297442.9A priority Critical patent/CN112422429B/en
Publication of CN112422429A publication Critical patent/CN112422429A/en
Application granted granted Critical
Publication of CN112422429B publication Critical patent/CN112422429B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L45/00Routing or path finding of packets in data switching networks
    • H04L45/38Flow based routing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5053Lease time; Renewal aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The embodiment of the disclosure discloses a data request processing method, a data request processing device and a computer-readable storage medium. The method is applied to the traffic forwarding equipment and comprises the following steps: receiving a data request with a destination domain name as a domain name of flow forwarding equipment; the data request also stores a target domain name in a specified area, and the target domain name is different from the domain name of the flow forwarding equipment; checking a target domain name according to a preset domain name list; under the condition that the target domain name passes the verification, updating the target domain name of the data request into the target domain name; and forwarding the updated data request of the destination domain name. The embodiment of the disclosure does not need to apply for a dedicated path for each server in the backend service system, is very convenient to implement, can avoid the occurrence of path conflict, and is beneficial to ensuring the traffic forwarding performance.

Description

Data request processing method and device, storage medium and electronic equipment
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to a data request processing method and apparatus, a storage medium, and an electronic device.
Background
In the field of communication technology, traffic forwarding devices are widely used. In a current mainstream implementation manner of the traffic forwarding device, a globally unique dedicated path needs to be applied for each server in a backend service system corresponding to the traffic forwarding device, and a data request sent to the traffic forwarding device needs to carry a path, so as to identify the corresponding dedicated path through the path, where the path is generally located in a Uniform Resource Locator (URL) in the data request.
It should be noted that, when the implementation manner is adopted, since dedicated paths need to be applied for each server, the implementation is very complicated, and path conflicts may occur, and in addition, the path increases the length of the URL, increases the time required for gateway routing, thereby affecting the traffic forwarding performance.
Disclosure of Invention
The present disclosure is proposed to solve the above technical problems. The embodiment of the disclosure provides a data request processing method and device, a storage medium and an electronic device.
According to an aspect of the embodiments of the present disclosure, a data request processing method is provided, which is applied to a traffic forwarding device, and the method includes:
receiving a data request with a destination domain name as the domain name of the flow forwarding equipment; a target domain name is also stored in a specified area in the data request, wherein the target domain name is different from the domain name of the flow forwarding device;
checking the target domain name according to a preset domain name list;
under the condition that the target domain name passes the verification, updating the target domain name of the data request into the target domain name;
and forwarding the data request with the updated destination domain name.
In an optional example, the data request further stores request signature data and a request generation timestamp in the specified area;
updating the destination domain name of the data request to the target domain name if the check on the target domain name passes, including:
under the condition that the verification of the target domain name is passed, acquiring a private key corresponding to the target domain name;
generating a timestamp according to a private key corresponding to the target domain name, a request parameter in the data request and the request, and performing signature processing to obtain a signature processing result;
according to the signature processing result, verifying the request signature data;
and updating the target domain name of the data request to the target domain name when the verification of the request signature data is passed.
In an optional example, the preset domain name list comprises a preset domain name white list;
the obtaining of the private key corresponding to the target domain name includes:
determining a private key corresponding to the target domain name according to a corresponding relation between the domain name and the private key recorded in a preset record;
the method further comprises the following steps:
adding a new server to a back-end service system corresponding to the flow forwarding equipment;
adding the domain name of the new server to the preset domain name white list;
and distributing a private key for the new server, and adding a corresponding relation between the domain name of the new server and the private key distributed for the new server into the preset record.
In an optional example, the signing according to the private key corresponding to the target domain name, the request parameter in the data request, and the request generation timestamp, so as to obtain a signature processing result includes:
determining a code corresponding to each request parameter in all request parameters in the data request;
determining signature basic data corresponding to each request parameter according to each request parameter and the code corresponding to each request parameter;
connecting all the signature basic data corresponding to all the request parameters by using a preset symbol to obtain a connection result;
splicing the private key corresponding to the target domain name, the connection result and the request generation timestamp to obtain a splicing result;
and adopting a preset signature algorithm to perform operation processing on the splicing result so as to obtain a signature processing result.
In an optional example, the data request further stores a request generation timestamp in the designated area;
updating the destination domain name of the data request to the target domain name if the check on the target domain name passes, including:
acquiring a current timestamp;
and updating the target domain name of the data request to the target domain name when the time interval between the current timestamp and the request generation timestamp is smaller than a preset time interval and the target domain name passes the check.
According to another aspect of the embodiments of the present disclosure, there is provided a data request processing apparatus, applied to a traffic forwarding device, the apparatus including:
a receiving module, configured to receive a data request with a destination domain name being a domain name of the traffic forwarding device; a target domain name is also stored in a specified area in the data request, wherein the target domain name is different from the domain name of the flow forwarding device;
the checking module is used for checking the target domain name according to a preset domain name list;
the updating module is used for updating the target domain name of the data request into the target domain name under the condition that the target domain name passes the verification;
and the forwarding module is used for forwarding the data request with the updated destination domain name.
In an optional example, the data request further stores request signature data and a request generation timestamp in the specified area;
the update module includes:
the first obtaining sub-module is used for obtaining a private key corresponding to the target domain name under the condition that the target domain name passes the verification;
the signature processing submodule is used for generating a timestamp according to a private key corresponding to the target domain name, the request parameter in the data request and the request, and performing signature processing to obtain a signature processing result;
the verification submodule is used for verifying the request signature data according to the signature processing result;
and the first updating sub-module is used for updating the target domain name of the data request to the target domain name under the condition that the verification of the request signature data passes.
In an optional example, the preset domain name list comprises a preset domain name white list;
the first obtaining submodule is specifically configured to:
determining a private key corresponding to the target domain name according to a corresponding relation between the domain name and the private key recorded in a preset record;
the device further comprises:
a first adding module, configured to add a new server to a backend service system corresponding to the traffic forwarding device;
the second adding module is used for adding the domain name of the new server to the preset domain name white list;
and the processing module is used for distributing a private key for the new server and adding the corresponding relation between the domain name of the new server and the private key distributed for the new server into the preset record.
In an optional example, the signature processing sub-module includes:
the first determining unit is used for determining codes corresponding to each request parameter in all the request parameters in the data request;
the second determining unit is used for determining the signature basic data corresponding to each request parameter according to each request parameter and the code corresponding to each request parameter;
the connection unit is used for connecting all the signature basic data corresponding to all the request parameters by using a preset symbol so as to obtain a connection result;
the splicing unit is used for splicing the private key corresponding to the target domain name, the connection result and the request generation timestamp to obtain a splicing result;
and the operation processing unit is used for performing operation processing on the splicing result by adopting a preset signature algorithm to obtain a signature processing result.
In an optional example, the data request further stores a request generation timestamp in the designated area;
the update module includes:
the second obtaining submodule is used for obtaining the current timestamp;
and the second updating sub-module is used for updating the target domain name of the data request into the target domain name under the condition that the time interval between the current timestamp and the request generation timestamp is smaller than a preset time interval and the target domain name passes the verification.
According to still another aspect of the embodiments of the present disclosure, there is provided a computer-readable storage medium storing a computer program for executing the above-described data request processing method.
According to still another aspect of an embodiment of the present disclosure, there is provided an electronic device including:
a processor;
a memory for storing the processor-executable instructions;
the processor is used for reading the executable instruction from the memory and executing the instruction to realize the data request processing method.
In the embodiment of the present disclosure, the requester may send a data request with a destination domain name being the domain name of the traffic forwarding device, and the specified area of the data request may further store a target domain name, which may be the domain name of the real destination of the data request. Therefore, after the traffic forwarding device receives the data request, the target domain name is verified according to the preset domain name list, and under the condition that the verification is passed, the traffic forwarding device can update the target domain name of the data request to the target domain name and forward the data request with the updated target domain name, so that the data request forwarded by the traffic forwarding device is finally sent to a real target end of the data request. It can be seen that, in the embodiment of the present disclosure, by making the domain name of the data request sent by the requesting party be the domain name of the traffic forwarding device, and making the specified area of the data request store the target domain name, it can be ensured that the data request is received by the traffic forwarding device and forwarded to the correct server.
The technical solution of the present disclosure is further described in detail by the accompanying drawings and examples.
Drawings
The above and other objects, features and advantages of the present disclosure will become more apparent by describing in more detail embodiments of the present disclosure with reference to the attached drawings. The accompanying drawings are included to provide a further understanding of the embodiments of the disclosure and are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description serve to explain the principles of the disclosure and not to limit the disclosure. In the drawings, like reference numbers generally represent like parts or steps.
Fig. 1 is a schematic flowchart of a data request processing method according to an exemplary embodiment of the present disclosure.
Fig. 2 is one of the data request processing schematics in an exemplary embodiment of the present disclosure.
Fig. 3 is a second schematic diagram of data request processing in an exemplary embodiment of the present disclosure.
Fig. 4 is a schematic structural diagram of a data request processing apparatus according to an exemplary embodiment of the present disclosure.
Fig. 5 is a schematic structural diagram of a data request processing apparatus according to another exemplary embodiment of the present disclosure.
Fig. 6 is a block diagram of an electronic device provided in an exemplary embodiment of the present disclosure.
Detailed Description
Hereinafter, example embodiments according to the present disclosure will be described in detail with reference to the accompanying drawings. It is to be understood that the described embodiments are merely a subset of the embodiments of the present disclosure and not all embodiments of the present disclosure, with the understanding that the present disclosure is not limited to the example embodiments described herein.
It should be noted that: the relative arrangement of the components and steps, the numerical expressions, and numerical values set forth in these embodiments do not limit the scope of the present disclosure unless specifically stated otherwise.
It will be understood by those of skill in the art that the terms "first," "second," and the like in the embodiments of the present disclosure are used merely to distinguish one element from another, and are not intended to imply any particular technical meaning, nor is the necessary logical order between them.
It is also understood that in embodiments of the present disclosure, "a plurality" may refer to two or more and "at least one" may refer to one, two or more.
It is also to be understood that any reference to any component, data, or structure in the embodiments of the disclosure, may be generally understood as one or more, unless explicitly defined otherwise or stated otherwise.
In addition, the term "and/or" in the present disclosure is only one kind of association relationship describing an associated object, and means that three kinds of relationships may exist, for example, a and/or B may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" in the present disclosure generally indicates that the former and latter associated objects are in an "or" relationship.
It should also be understood that the description of the various embodiments of the present disclosure emphasizes the differences between the various embodiments, and the same or similar parts may be referred to each other, so that the descriptions thereof are omitted for brevity.
Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the disclosure, its application, or uses.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
Embodiments of the present disclosure may be applied to electronic devices, which may be specifically traffic forwarding devices, which may be described in the general context of computer system-executable instructions, such as program modules, being executed by a computer system. Generally, program modules may include routines, programs, objects, components, logic, data structures, etc. that perform particular tasks or implement particular abstract data types. The computer system may be practiced in distributed cloud computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed cloud computing environment, program modules may be located in both local and remote computer system storage media including memory storage devices.
Exemplary method
Fig. 1 is a schematic flowchart of a data request processing method according to an exemplary embodiment of the present disclosure. The method shown in fig. 1 is applied to a traffic forwarding device, and the method shown in fig. 1 includes step 101, step 102, step 103, and step 104, which are described below.
Step 101, receiving a data request with a destination domain name as a domain name of a traffic forwarding device; and the data request also stores a target domain name in the specified area, wherein the target domain name is different from the domain name of the flow forwarding equipment.
It should be noted that the traffic forwarding device may correspond to a backend service system, the backend service system may include multiple servers, different servers in the backend service system may provide different data services, and each server in the traffic forwarding device and the backend service system may have a globally unique domain name; the traffic forwarding device may also be referred to as a gateway device, and the backend service system may also be referred to as a post-gateway system.
Specifically, as shown in fig. 2 and fig. 3, the backend service system may include four servers, which are a first server, a second server, a third server, and a fourth server respectively; the first server is used for providing data service A, the second server is used for providing data service B, the third server is used for providing data service C, and the fourth server is used for providing data service D.
When a user needs to use a data service (assuming that the data service is a target data service) provided by a certain server in the backend service system, the user can operate on the terminal device to initiate a corresponding data request; the data request may include a destination domain name storage region and a designated region, where the destination domain name storage region stores a domain name of the traffic forwarding device, and the designated region stores a destination domain name, where the destination domain name may be a domain name of a real destination of the data request, that is, a domain name of a server capable of providing a destination data service. Alternatively, the data request may be a HyperText Transfer Protocol (HTTP) request, the designated region may be a request header (i.e., header) region in the HTTP request, the target DOMAIN name stored in the designated region may be represented as ORIGIN _ DOMAIN, and the target DOMAIN name storage region may be a structural body region in the HTTP Protocol.
The destination domain name storage area in the data request stores the domain name of the traffic forwarding device, that is, the destination domain name of the data request is currently the traffic forwarding device, and the data request is sent to the traffic forwarding device, so that the traffic forwarding device can receive the data request with the destination domain name being the domain name of the traffic forwarding device.
Step 102, checking the target domain name according to a preset domain name list.
The preset domain name list can be stored in a shared memory mode, and the performance and the expansibility of the mode are good; the memory sharing mode includes, but is not limited to, etcd, apollo, memcache, redis, and the like.
Optionally, the preset domain name list may include a preset domain name white list, and the preset domain name white list may include a domain name of each server in the backend service system. In this way, the preset domain name white list can be traversed and searched to determine whether the target domain name exists in the preset domain name white list, if so, the target domain name can be judged to pass the verification, otherwise, the target domain name can be judged not to pass the verification.
It should be noted that, theoretically, the preset domain name list may also include a preset domain name blacklist, and in this case, it may also be determined whether the check on the target domain name passes or not according to whether the target domain name exists in the preset domain name blacklist.
And 103, updating the target domain name of the data request to the target domain name when the check on the target domain name is passed.
Here, in the case that the check of the target domain name passes, the domain name of the traffic forwarding device stored in the destination domain name storage area of the data request may be replaced with the target domain name to update the destination domain name of the data request.
In one example, the domain name of the traffic forwarding device is gateway.com, and the target domain name is a.com, then the original data request may be represented as gateway.com/uri, and after the target domain name of the data request is updated to the target domain name, the data request whose target domain name is updated may be represented as a.com/uri; wherein, uri's full English name is a Uniform Resource Identifier, uri means a Uniform Resource Identifier.
And 104, forwarding the data request with the updated destination domain name.
After the destination domain name of the data request is updated to the target domain name, the traffic forwarding device may forward the data request with the updated destination domain name, and since the destination domain name of the data request with the updated destination domain name is the target domain name, the data request with the updated destination domain name is finally sent to the real destination end of the data request.
It should be noted that, if the traffic forwarding device subsequently receives a response from the true destination of the data request, the traffic forwarding device may forward the received response to the requester of the data request (e.g., the terminal device in the foregoing).
In the embodiment of the present disclosure, the requester may send a data request with a destination domain name being the domain name of the traffic forwarding device, and the specified area of the data request may further store a target domain name, which may be the domain name of the real destination of the data request. Therefore, after the traffic forwarding device receives the data request, the target domain name is verified according to the preset domain name list, and under the condition that the verification is passed, the traffic forwarding device can update the target domain name of the data request to the target domain name and forward the data request with the updated target domain name, so that the data request forwarded by the traffic forwarding device is finally sent to a real target end of the data request. It can be seen that, in the embodiment of the present disclosure, by making the domain name of the data request sent by the requesting party be the domain name of the traffic forwarding device, and making the specified area of the data request store the target domain name, it can be ensured that the data request is received by the traffic forwarding device and forwarded to the correct server.
In an optional example, the data request also stores request signature data and a request generation time stamp in a specified area;
in the case that the check on the target domain name passes, updating the destination domain name of the data request to the target domain name, including:
under the condition that the verification of the target domain name is passed, acquiring a private key corresponding to the target domain name;
generating a timestamp according to a private key corresponding to the target domain name, a request parameter in the data request and the request, and performing signature processing to obtain a signature processing result;
according to the signature processing result, verifying the request signature data;
and updating the destination domain name of the data request to the target domain name when the check on the request signature data passes.
In the embodiment of the present disclosure, the correspondence between the domain name and the private key may be configured in advance. When the verification of the target domain name is passed, the private key corresponding to the target domain name can be determined according to the pre-configured corresponding relationship, and then, the signature processing can be performed according to the private key corresponding to the target domain name, the request parameter in the data request and the request generation timestamp, so as to obtain a signature processing result.
In a specific embodiment, signing according to a private key corresponding to a target domain name, a request parameter in a data request, and a request generation timestamp to obtain a signature processing result includes:
determining a code corresponding to each request parameter in all request parameters in the data request;
determining signature basic data corresponding to each request parameter according to each request parameter and the code corresponding to each request parameter;
connecting all the signature basic data corresponding to all the request parameters by using a preset symbol to obtain a connection result;
splicing a private key corresponding to the target domain name, the connection result and the request generation timestamp to obtain a splicing result;
and performing operation processing on the splicing result by adopting a preset signature algorithm to obtain a signature processing result.
Here, the request parameter may be an Application Programming Interface (API); the Code corresponding to any request parameter may be American Standard Code for Information Interchange (ASCII) Code; the preset symbol may be an and symbol (i.e., &); the pre-set signature algorithm may be a fifth version of the message digest algorithm (i.e., the MD5 algorithm).
For ease of understanding, this embodiment is described below with a specific example.
Assuming that the data request includes two API request parameters, i.e., foo and bar, where the ASCII code for foo is 1 and the code for bar is 2, it may be determined that the signature base data for foo is 1 and the signature base data for bar is 2. Subsequently, foo ═ 1 and bar ═ 2 can be ordered, for example, bar ═ 2 and foo ═ 1, after which bar ═ 2 and foo ═ 1 can be used, the result being bar ═ 2& foo ═ 1.
Assuming that the private key corresponding to the target domain name is represented as secret _ key and the Request generation timestamp is represented as Request _ ts, when the private key corresponding to the target domain name, the connection result, and the Request generation timestamp are spliced, the obtained splicing result may be represented as secret _ key + bar 2& foo 1+ Request _ ts. Then, the stitching result may be operated by using the MD5 algorithm to obtain a signature processing result, and assuming that the signature processing result is represented as access _ signature, the access _ signature is MD5(secret _ key + bar 2& foo + Request _ ts).
It is easy to see that, with this embodiment, based on the operations such as the code determination operation, the connection operation, and the concatenation operation, the signature processing result can be obtained very conveniently and reliably.
Of course, the manner of performing signature processing according to the private key corresponding to the target domain name, the request parameter in the data request, and the request generation timestamp is not limited to this, and for example, other symbols different from (a) and (b) may be directly used to connect all API request parameters to obtain a connection result, then the private key corresponding to the target domain name, the connection result, and the request generation timestamp are spliced to obtain a splicing result, and then the signature algorithm different from MD5 is used to perform operation processing on the splicing result to obtain a signature processing result.
Regardless of the manner in which the signature processing result is obtained, the request signature data stored in the designated area can be verified according to the signature processing result after the signature processing result is obtained. It should be noted that the request signature data stored in the designated area may be generated before the terminal device sends the data request, and a generation manner of the request signature data may be consistent with a manner of obtaining a signature processing result, which may specifically refer to the above description of the manner of obtaining the signature processing result, and is not described herein again. In this way, in the case that the signature processing result is the same as the request signature data stored in the designated area, it can be determined that the verification of the request signature data passes; otherwise, it is determined that the verification of the requested signature data fails.
When the verification of the request signature data passes, the request signature data can be considered to be legal, and at this time, the destination domain name of the data request can be updated to the target domain name, and the data request after the destination domain name is updated is forwarded.
In the event that the verification of the request-signature data fails, the request-signature data may be deemed to be illegal, at which point the data request may be discarded.
In the embodiment of the disclosure, under the condition that the request signature data and the request generation timestamp are stored in the designated area, the verification of the request signature data can be performed based on the private key corresponding to the target domain name, the request parameter in the data request and the request generation timestamp, and the target domain name is updated only under the condition that the verification is passed, so that the security risk brought by the response of the illegal data request including the request signature data can be avoided, and the system resources can be saved.
In one optional example, the preset name list comprises a preset name white list;
obtaining a private key corresponding to a target domain name, comprising:
determining a private key corresponding to the target domain name according to the corresponding relation between the domain name and the private key recorded in the preset record;
the method further comprises the following steps:
adding a new server to a back-end service system corresponding to the flow forwarding equipment;
adding the domain name of the new server into a preset domain name white list;
and distributing a private key for the new server, and adding a corresponding relation between the domain name of the new server and the private key distributed for the new server into a preset record.
In the embodiment of the present disclosure, a preset record may be configured in advance, and a corresponding relationship between a domain name of each server in the backend service system and a corresponding private key may be recorded in the preset record. Therefore, under the condition that the verification of the target domain name is passed, the private key corresponding to the target domain name can be determined according to the recorded corresponding relation in the preset record.
It should be noted that in some cases, for example, in the case of a new service scenario, in order to ensure that a user can enjoy a data service corresponding to the new service scenario, a new server may be added to the backend service system, where the new server is used to provide the data service corresponding to the new service scenario. At this time, the background management module in fig. 3 may be invoked to add the domain name of the new server to the preset domain name white list, and in addition, the access party private key management module in fig. 2 and 3 may be invoked to allocate a private key to the new server, and add a corresponding relationship between the domain name of the new server and the private key allocated to the new server to the preset record, so that the user can subsequently and normally enjoy the data service provided by the new server through the updating of the preset domain name white list and the preset record.
In an optional example, a request generation timestamp is also stored in the data request in the specified area;
in the case that the check on the target domain name passes, updating the destination domain name of the data request to the target domain name, including:
acquiring a current timestamp;
and under the condition that the time interval between the current timestamp and the request generation timestamp is smaller than the preset time interval and the target domain name passes the verification, updating the target domain name of the data request into the target domain name.
Here, the preset time interval may be 30 seconds, 1 minute, 2 minutes or other values, which are not listed here.
In the embodiment of the disclosure, when the time interval between the current timestamp and the request generation timestamp is less than the preset time interval and the check on the target domain name passes, it may be considered that the real target end of the data request is a certain server in the backend service system, and the data request is not expired, so that the target domain name may be updated, and if the time interval between the current timestamp and the request generation timestamp is greater than or equal to the preset time interval, the update of the target domain name may be prohibited regardless of whether the check on the target domain name passes, that is, the traffic forwarding system may forward only the data request that is not expired, which is beneficial to ensuring the timeliness of data request processing.
In conjunction with fig. 2 and 3, in an embodiment of the present disclosure, after receiving an HTTP request, which may be denoted as gateway.com/uri, a target domain name (assumed as a.com) in a request header area in the HTTP request may be checked based on a preset domain name white list; if the verification of the a.com is passed, signature verification can be carried out, namely, the request signature data in the request header area in the HTTP request is verified; if the check of the request signature data is passed, traffic forwarding assembly may be performed, that is, the destination domain name of the HTTP request is sent after being updated from gateway.com to a.com, and the sent HTTP request may be represented as a.com/uri. If a.com happens to be the domain name of the first server, the first server will eventually receive an HTTP request, which may be denoted as a.com/uri.
In summary, the embodiments of the present disclosure can reliably implement traffic forwarding, are very convenient to implement, have low implementation complexity, can avoid path collision, and can also ensure traffic forwarding performance.
Exemplary devices
Fig. 4 is a schematic structural diagram of a data request processing apparatus according to an exemplary embodiment of the present disclosure, where the apparatus shown in fig. 4 is applied to a traffic forwarding device, and the apparatus shown in fig. 4 includes a receiving module 401, a checking module 402, an updating module 403, and a forwarding module 404.
A receiving module 401, configured to receive a data request with a destination domain name being a domain name of a traffic forwarding device; the data request also stores a target domain name in a specified area, and the target domain name is different from the domain name of the flow forwarding equipment;
a checking module 402, configured to check a target domain name according to a preset domain name list;
an updating module 403, configured to update the destination domain name of the data request to the target domain name when the check on the target domain name passes;
a forwarding module 404, configured to forward the updated data request of the destination domain name.
In an optional example, the data request also stores request signature data and a request generation time stamp in a specified area;
as shown in fig. 5, the update module 403 includes:
the first obtaining sub-module 4031 is configured to obtain a private key corresponding to the target domain name when the target domain name is checked to pass;
the signature processing submodule 4032 is configured to generate a timestamp according to the private key corresponding to the target domain name, the request parameter in the data request, and the request, and perform signature processing to obtain a signature processing result;
the verification submodule 4033 is used for verifying the request signature data according to the signature processing result;
a first updating sub-module 4034, configured to update the destination domain name of the data request to the target domain name if the check on the request signature data passes.
In one optional example, the preset name list comprises a preset name white list;
the first obtaining sub-module 4031 is specifically configured to:
determining a private key corresponding to the target domain name according to the corresponding relation between the domain name and the private key recorded in the preset record;
the device also includes:
the first adding module is used for adding a new server to a back-end service system corresponding to the flow forwarding equipment;
the second adding module is used for adding the domain name of the new server to a preset domain name white list;
and the processing module is used for distributing the private key for the new server and adding the corresponding relation between the domain name of the new server and the private key distributed for the new server into the preset record.
In an alternative example, the signature processing sub-module 4032 includes:
the first determining unit is used for determining codes corresponding to each request parameter in all request parameters in the data request;
the second determining unit is used for determining the signature basic data corresponding to each request parameter according to each request parameter and the code corresponding to each request parameter;
the connection unit is used for connecting all the signature basic data corresponding to all the request parameters by using a preset symbol so as to obtain a connection result;
the splicing unit is used for splicing the private key corresponding to the target domain name, the connection result and the request generation timestamp to obtain a splicing result;
and the operation processing unit is used for performing operation processing on the splicing result by adopting a preset signature algorithm to obtain a signature processing result.
In an optional example, a request generation timestamp is also stored in the data request in the specified area;
an update module 403, comprising:
the second obtaining submodule is used for obtaining the current timestamp;
and the second updating submodule is used for updating the target domain name of the data request into the target domain name under the condition that the time interval between the current timestamp and the request generation timestamp is smaller than the preset time interval and the target domain name is verified to pass.
Exemplary electronic device
Next, an electronic apparatus according to an embodiment of the present disclosure is described with reference to fig. 6. The electronic device may be either or both of the first device and the second device, or a stand-alone device separate from them, which stand-alone device may communicate with the first device and the second device to receive the acquired input signals therefrom.
Fig. 6 illustrates a block diagram of an electronic device 600 in accordance with an embodiment of the disclosure.
As shown in fig. 6, the electronic device 600 includes one or more processors 601 and memory 602.
The processor 601 may be a Central Processing Unit (CPU) or other form of processing unit having data processing capabilities and/or instruction execution capabilities, and may control other components in the electronic device 600 to perform desired functions.
Memory 602 may include one or more computer program products that may include various forms of computer-readable storage media, such as volatile memory and/or non-volatile memory. The volatile memory may include, for example, Random Access Memory (RAM), cache memory (cache), and/or the like. The non-volatile memory may include, for example, Read Only Memory (ROM), hard disk, flash memory, etc. One or more computer program instructions may be stored on the computer-readable storage medium and executed by the processor 601 to implement the data request processing methods of the various embodiments of the present disclosure described above and/or other desired functions. Various contents such as an input signal, a signal component, a noise component, etc. may also be stored in the computer-readable storage medium.
In one example, the electronic device 600 may further include: an input device 603 and an output device 604, which are interconnected by a bus system and/or other form of connection mechanism (not shown).
For example, when the electronic device 600 is a first device or a second device, the input means 603 may be a microphone or a microphone array. When the electronic device 600 is a stand-alone device, the input means 603 may be a communication network connector for receiving the acquired input signals from the first device and the second device.
The input device 603 may also include, for example, a keyboard, a mouse, and the like.
The output device 604 can output various kinds of information to the outside. The output devices 604 may include, for example, a display, speakers, a printer, and a communication network and remote output devices connected thereto, among others.
Of course, for simplicity, only some of the components of the electronic device 600 relevant to the present disclosure are shown in fig. 6, omitting components such as buses, input/output interfaces, and the like. In addition, electronic device 600 may include any other suitable components depending on the particular application.
Exemplary computer program product and computer-readable storage Medium
In addition to the above-described methods and apparatus, embodiments of the present disclosure may also be a computer program product comprising computer program instructions that, when executed by a processor, cause the processor to perform the steps in the data request processing method according to various embodiments of the present disclosure described in the "exemplary methods" section above of this specification.
The computer program product may write program code for carrying out operations for embodiments of the present disclosure in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server.
Furthermore, embodiments of the present disclosure may also be a computer-readable storage medium having stored thereon computer program instructions that, when executed by a processor, cause the processor to perform steps in a data request processing method according to various embodiments of the present disclosure described in the "exemplary methods" section above of this specification.
The computer-readable storage medium may take any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may include, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The foregoing describes the general principles of the present disclosure in conjunction with specific embodiments, however, it is noted that the advantages, effects, etc. mentioned in the present disclosure are merely examples and are not limiting, and they should not be considered essential to the various embodiments of the present disclosure. Furthermore, the foregoing disclosure of specific details is for the purpose of illustration and description and is not intended to be limiting, since the disclosure is not intended to be limited to the specific details so described.
In the present specification, the embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts in the embodiments are referred to each other. For the system embodiment, since it basically corresponds to the method embodiment, the description is relatively simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The block diagrams of devices, apparatuses, systems referred to in this disclosure are only given as illustrative examples and are not intended to require or imply that the connections, arrangements, configurations, etc. must be made in the manner shown in the block diagrams. These devices, apparatuses, devices, systems may be connected, arranged, configured in any manner, as will be appreciated by those skilled in the art. Words such as "including," "comprising," "having," and the like are open-ended words that mean "including, but not limited to," and are used interchangeably therewith. The words "or" and "as used herein mean, and are used interchangeably with, the word" and/or, "unless the context clearly dictates otherwise. The word "such as" is used herein to mean, and is used interchangeably with, the phrase "such as but not limited to".
The methods and apparatus of the present disclosure may be implemented in a number of ways. For example, the methods and apparatus of the present disclosure may be implemented by software, hardware, firmware, or any combination of software, hardware, and firmware. The above-described order for the steps of the method is for illustration only, and the steps of the method of the present disclosure are not limited to the order specifically described above unless specifically stated otherwise. Further, in some embodiments, the present disclosure may also be embodied as programs recorded in a recording medium, the programs including machine-readable instructions for implementing the methods according to the present disclosure. Thus, the present disclosure also covers a recording medium storing a program for executing the method according to the present disclosure.
It is also noted that in the devices, apparatuses, and methods of the present disclosure, each component or step can be decomposed and/or recombined. These decompositions and/or recombinations are to be considered equivalents of the present disclosure.
The previous description of the disclosed aspects is provided to enable any person skilled in the art to make or use the present disclosure. Various modifications to these aspects will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other aspects without departing from the scope of the disclosure. Thus, the present disclosure is not intended to be limited to the aspects shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
The foregoing description has been presented for purposes of illustration and description. Furthermore, this description is not intended to limit embodiments of the disclosure to the form disclosed herein. While a number of example aspects and embodiments have been discussed above, those of skill in the art will recognize certain variations, modifications, alterations, additions and sub-combinations thereof.

Claims (12)

1. A data request processing method is applied to a traffic forwarding device, and comprises the following steps:
receiving a data request with a destination domain name as the domain name of the flow forwarding equipment; a target domain name is also stored in a specified area in the data request, wherein the target domain name is different from the domain name of the flow forwarding device;
checking the target domain name according to a preset domain name list;
under the condition that the target domain name passes the verification, updating the target domain name of the data request into the target domain name;
and forwarding the data request with the updated destination domain name.
2. The method of claim 1, wherein the data request further stores request signature data and a request generation timestamp in the designated area;
updating the destination domain name of the data request to the target domain name if the check on the target domain name passes, including:
under the condition that the verification of the target domain name is passed, acquiring a private key corresponding to the target domain name;
generating a timestamp according to a private key corresponding to the target domain name, a request parameter in the data request and the request, and performing signature processing to obtain a signature processing result;
according to the signature processing result, verifying the request signature data;
and updating the target domain name of the data request to the target domain name when the verification of the request signature data is passed.
3. The method of claim 2, wherein the predetermined list of domain names comprises a predetermined white list of domain names;
the obtaining of the private key corresponding to the target domain name includes:
determining a private key corresponding to the target domain name according to a corresponding relation between the domain name and the private key recorded in a preset record;
the method further comprises the following steps:
adding a new server to a back-end service system corresponding to the flow forwarding equipment;
adding the domain name of the new server to the preset domain name white list;
and distributing a private key for the new server, and adding a corresponding relation between the domain name of the new server and the private key distributed for the new server into the preset record.
4. The method according to claim 2, wherein the performing signature processing according to the private key corresponding to the target domain name, the request parameter in the data request, and the request generation timestamp to obtain a signature processing result includes:
determining a code corresponding to each request parameter in all request parameters in the data request;
determining signature basic data corresponding to each request parameter according to each request parameter and the code corresponding to each request parameter;
connecting all the signature basic data corresponding to all the request parameters by using a preset symbol to obtain a connection result;
splicing the private key corresponding to the target domain name, the connection result and the request generation timestamp to obtain a splicing result;
and adopting a preset signature algorithm to perform operation processing on the splicing result so as to obtain a signature processing result.
5. The method of claim 1, wherein the data request further stores a request generation timestamp in the designated area;
updating the destination domain name of the data request to the target domain name if the check on the target domain name passes, including:
acquiring a current timestamp;
and updating the target domain name of the data request to the target domain name when the time interval between the current timestamp and the request generation timestamp is smaller than a preset time interval and the target domain name passes the check.
6. A data request processing apparatus, applied to a traffic forwarding device, the apparatus comprising:
a receiving module, configured to receive a data request with a destination domain name being a domain name of the traffic forwarding device; a target domain name is also stored in a specified area in the data request, wherein the target domain name is different from the domain name of the flow forwarding device;
the checking module is used for checking the target domain name according to a preset domain name list;
the updating module is used for updating the target domain name of the data request into the target domain name under the condition that the target domain name passes the verification;
and the forwarding module is used for forwarding the data request with the updated destination domain name.
7. The apparatus of claim 6, wherein the data request further stores request signature data and a request generation timestamp in the designated area;
the update module includes:
the first obtaining sub-module is used for obtaining a private key corresponding to the target domain name under the condition that the target domain name passes the verification;
the signature processing submodule is used for generating a timestamp according to a private key corresponding to the target domain name, the request parameter in the data request and the request, and performing signature processing to obtain a signature processing result;
the verification submodule is used for verifying the request signature data according to the signature processing result;
and the first updating sub-module is used for updating the target domain name of the data request to the target domain name under the condition that the verification of the request signature data passes.
8. The apparatus of claim 7, wherein the predetermined name list comprises a predetermined name white list;
the first obtaining submodule is specifically configured to:
determining a private key corresponding to the target domain name according to a corresponding relation between the domain name and the private key recorded in a preset record;
the device further comprises:
a first adding module, configured to add a new server to a backend service system corresponding to the traffic forwarding device;
the second adding module is used for adding the domain name of the new server to the preset domain name white list;
and the processing module is used for distributing a private key for the new server and adding the corresponding relation between the domain name of the new server and the private key distributed for the new server into the preset record.
9. The apparatus of claim 7, wherein the signature processing sub-module comprises:
the first determining unit is used for determining codes corresponding to each request parameter in all the request parameters in the data request;
the second determining unit is used for determining the signature basic data corresponding to each request parameter according to each request parameter and the code corresponding to each request parameter;
the connection unit is used for connecting all the signature basic data corresponding to all the request parameters by using a preset symbol so as to obtain a connection result;
the splicing unit is used for splicing the private key corresponding to the target domain name, the connection result and the request generation timestamp to obtain a splicing result;
and the operation processing unit is used for performing operation processing on the splicing result by adopting a preset signature algorithm to obtain a signature processing result.
10. The apparatus of claim 6, wherein the data request further stores a request generation timestamp in the designated area;
the update module includes:
the second obtaining submodule is used for obtaining the current timestamp;
and the second updating sub-module is used for updating the target domain name of the data request into the target domain name under the condition that the time interval between the current timestamp and the request generation timestamp is smaller than a preset time interval and the target domain name passes the verification.
11. A computer-readable storage medium, in which a computer program is stored, the computer program being configured to perform the data request processing method of any one of claims 1 to 5.
12. An electronic device, comprising:
a processor;
a memory for storing the processor-executable instructions;
the processor is used for reading the executable instructions from the memory and executing the instructions to realize the data request processing method of any one of the claims 1 to 5.
CN202011297442.9A 2020-11-18 2020-11-18 Data request processing method and device, storage medium and electronic equipment Active CN112422429B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011297442.9A CN112422429B (en) 2020-11-18 2020-11-18 Data request processing method and device, storage medium and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011297442.9A CN112422429B (en) 2020-11-18 2020-11-18 Data request processing method and device, storage medium and electronic equipment

Publications (2)

Publication Number Publication Date
CN112422429A CN112422429A (en) 2021-02-26
CN112422429B true CN112422429B (en) 2022-04-22

Family

ID=74774752

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011297442.9A Active CN112422429B (en) 2020-11-18 2020-11-18 Data request processing method and device, storage medium and electronic equipment

Country Status (1)

Country Link
CN (1) CN112422429B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006068108A1 (en) * 2004-12-21 2006-06-29 Matsushita Electric Industrial Co., Ltd. GATEWAY, NETWORK CONFIGURATION, AND METHOD FOR CONTROLLING ACCESS TO Web SERVER
US7089325B1 (en) * 2000-07-05 2006-08-08 Register.Com, Inc. Method and apparatus for URL forwarding
CN107948329A (en) * 2018-01-03 2018-04-20 湖南麓山云数据科技服务有限公司 A kind of cross-domain processing method and system
CN108616490A (en) * 2016-12-13 2018-10-02 腾讯科技(深圳)有限公司 A kind of method for network access control, apparatus and system

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101997903B (en) * 2009-08-27 2013-09-25 国际商业机器公司 Method and system for processing hypertext transfer protocol request
US8694642B2 (en) * 2010-10-21 2014-04-08 Opendns, Inc. Selective proxying in domain name systems
CN103312749B (en) * 2012-03-13 2016-12-14 华为技术有限公司 A kind of application layer traffic optimizes discovery method, equipment and the system of server
US9602468B2 (en) * 2014-11-19 2017-03-21 Facebook, Inc. Techniques to authenticate a client to a proxy through a domain name server intermediary
US9807050B2 (en) * 2015-04-15 2017-10-31 Cisco Technology, Inc. Protocol addressing for client and destination identification across computer networks
US20180191856A1 (en) * 2016-12-29 2018-07-05 Synology Inc. Cross-domain communication methods and proxy servers using the same
CN110716850B (en) * 2018-07-11 2022-05-06 腾讯科技(深圳)有限公司 Page testing method, device and system and storage medium

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7089325B1 (en) * 2000-07-05 2006-08-08 Register.Com, Inc. Method and apparatus for URL forwarding
WO2006068108A1 (en) * 2004-12-21 2006-06-29 Matsushita Electric Industrial Co., Ltd. GATEWAY, NETWORK CONFIGURATION, AND METHOD FOR CONTROLLING ACCESS TO Web SERVER
CN108616490A (en) * 2016-12-13 2018-10-02 腾讯科技(深圳)有限公司 A kind of method for network access control, apparatus and system
CN107948329A (en) * 2018-01-03 2018-04-20 湖南麓山云数据科技服务有限公司 A kind of cross-domain processing method and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
跨域及其设置方法;赵学作,赵少农;《网络安全和信息化》;20190605;全文 *

Also Published As

Publication number Publication date
CN112422429A (en) 2021-02-26

Similar Documents

Publication Publication Date Title
CN109150978B (en) Method and device for debugging micro service
US10891383B2 (en) Validating computer resource usage
US9430302B2 (en) Method, device and system for using and invoking Oauth API
WO2017097123A1 (en) Access request conversion method and device
CN111062024B (en) Application login method and device
US11120107B2 (en) Managing content delivery to client devices
CN110958237A (en) Authority verification method and device
US7130877B2 (en) Request processing switch
CN112202705A (en) Digital signature verification generation and verification method and system
CN109379336A (en) A kind of uniform authentication method, distributed system and computer readable storage medium
CN112764726A (en) Data synthesis method and device
CN113612686A (en) Traffic scheduling method and device and electronic equipment
US20100049833A1 (en) Method, apparatus and computer program for modifying an endpoint reference representing a web service endpoint
CN113778499B (en) Method, apparatus, device and computer readable medium for publishing services
CN112422429B (en) Data request processing method and device, storage medium and electronic equipment
JP3528065B2 (en) Inherited access control method on computer network
CN111027051B (en) Method and device for controlling page permission calling and readable storage medium
CN113472831B (en) Service access method, device, gateway equipment and storage medium
CN112905970A (en) Authority verification method and device, computer readable storage medium and electronic equipment
CN112968866B (en) Method, device and system for binding user account information and user identity information
CN111506846A (en) Web page generation method and device, electronic equipment and storage medium
CN114338788B (en) Message pushing method, electronic equipment and storage medium
CN117792797B (en) Data authority management method and device based on industrial Internet identification analysis
CN115987683B (en) Node access control method, device, equipment and medium in block chain network
CN113901377B (en) Service calling method, device, storage medium and equipment of legacy system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant