JP2020047176A - Packet relay device, packet relay control method, and packet relay control program - Google Patents

Abstract

To provide a packet relay device configured to reduce processing load when a terminal acquires a file from a web server on the Internet.SOLUTION: When a storage file presence determination unit 30 determines that a value of a part of a header part of HTTP 200 OK response (hereinafter referred to as "response") has been already registered on an access history information table 10 of a storage unit 106, and when a file update determination unit 40 determines that the value of a part of the header part of the response received from a web server 122 is the same as a past value registered on the access history information table 10, a packet relay device prevents an inquiry to a determination server 123 for safety on a file included in the received response, and prevents the file from being stored in a file storage unit 20. In accordance with a determination result of the determination server 123 indicating registration on the access history information table 10, the contents of the file included in the response is rewritten and transmitted to a terminal.SELECTED DRAWING: Figure 1

Description

  The present invention relates to a packet relay device, a packet relay control method, and a packet relay control program, and more particularly to reducing a processing load on a packet relay device when a terminal connected to the packet relay device acquires a file on a web server. The present invention relates to a packet relay device, a packet relay control method, and a packet relay control program.

  When a terminal such as a notebook PC (Personal Computer), tablet, or smartphone acquires a file from an arbitrary web server on the Internet using a general web browser, the acquired file is stored as a cache in the terminal. doing.

  Therefore, when the user of the terminal performs the operation of acquiring the same file again, the terminal or the web server performs the following operation. That is, when the terminal attempts to acquire a file, the web browser adds a field such as “If-Modified-Since” or a field such as “If-None-Match” to the header part of the “HTTP GET request”. To the web server. The header part of the “HTTP GET request” is an HTTP (Hypertext Transfer Protocol) packet. Based on these fields, the web server performs an operation of checking whether the file stored in the cache in the terminal is the same as the file on the web server.

  If the file stored in the cache in the terminal is the same as the file on the web server, the file requested to be obtained from the web server on the Internet should not be transmitted to the terminal. Controlling. That is, when the web server determines that the files are the same, the web server returns an “HTTP 304 Not Modified response” with a status code of “304” to the terminal. The status code "304" means that the file has not been updated. This “HTTP 304 Not Modified response” includes only the header field, and does not include the file itself that is the target of the acquisition request.

  On the other hand, if the web server determines that the file stored in the cache in the terminal and the file on the web server are not the same, the web server sends a response “200” with the status code “200”. An “HTTP 200 OK response” is returned to the terminal. This “HTTP 200 OK response” includes not only the header field but also the file itself that is the target of the acquisition request.

  Here, the cache of the web browser is provided uniquely for each terminal. Therefore, for example, when there are a plurality of terminals as terminals accessing the Internet via the same packet relay device, the plurality of terminals try to acquire the same file on the same web server In such a case, it is necessary for each terminal to receive the same file from the web server and store it as a cache. In such a case, there is a problem that the processing load on the web server increases.

  Therefore, a countermeasure as described in Japanese Patent Application Laid-Open No. 2006-343855, “Content Relay Device and Content Relay Method” has been proposed. In the technology described in Patent Literature 1, a packet relay device that relays a packet between a terminal and a web server includes a content storage unit that stores a file from the web server as a cache. The packet relay device transfers the first file received as the “HTTP 200 OK response” from the web server to the requesting terminal, and also stores it as a cache in the content storage unit in the packet relay device. Then, the packet relay device determines whether a second or subsequent acquisition request for the same file of the same web server has been received from any one of the one or more terminals connected to the packet relay device. Monitoring, when the second or subsequent file acquisition request is received from the terminal, the file stored in the content storage unit is transmitted to the requesting terminal without transmitting the acquisition request to the web server. And send it back. Thus, the processing load on the web server side can be reduced.

  In recent years, service forms such as an enterprise business service for acquiring various files from a web server and exchanging information in a commercial transaction and an online shopping service for purchasing and electronic payment of a product have become popular in recent years. In this service mode, a terminal accesses a web server connected to the Internet via a packet relay device. However, in such corporate business services and online shopping services, for example, correct information is not transmitted and received, such as incorrect products being displayed, information containing viruses is downloaded, account numbers, There is a security risk of accessing malware such as malicious viruses and phishing scams, such as personal information such as card numbers being stolen illegally.

  In order to avoid such danger, as a current technology, a form in which a determination server having a function of determining whether or not a file of each web server on the Internet is a file safe for security is proposed on the Internet is proposed. Have been. As described above, the terminal transmits the “HTTP GET request” via the packet relay device and receives the “HTTP 200 OK response” including the file from the web server. The “HTTP GET request” is a request transmitted to obtain a file from a web server on the Internet. The packet relay device relays the “HTTP GET request” and the “HTTP 200 OK response”. Then, the packet relay device first accesses a determination server on the Internet. When the packet relay device receives, from the determination server, information indicating that the file of the web server that the terminal is trying to acquire is a secure file, the packet relay device transmits an “HTTP 200 OK response” including the file to the request source. Return to terminal.

  Also, as a similar risk avoidance measure, a measure to avoid phishing scams has been proposed. For example, Japanese Unexamined Patent Application Publication No. 2008-242672 of Patent Document 2 entitled "Web Page Authenticity Confirmation Device, Web Page Authenticity Confirmation Method and Program" describes a technique for avoiding phishing fraud. In the technology described in Patent Document 2, a determination server that determines whether the web server is a true server or a fake server is provided on the Internet based on information included in a web page of the web server. Then, when the terminal requests the acquisition of the web page in the web server, the packet relay device, which is the relay device, first accesses the determination server, and determines the result of the authenticity of the web server, The judgment server returns the request to the requesting terminal. As a method of determining the authenticity, it has been proposed to embed digital watermark information in advance in a web page of a web server.

JP 2006-343855 A JP 2008-242672 A

  As described above, at present, when a terminal such as a notebook PC, a tablet, or a smartphone obtains a file from a web server on the Internet using a web browser, if the same file has already been obtained, Save it on the terminal side as a web browser cache. With this mechanism, the file that has been acquired in the cache can be extracted without accessing the Internet.

  However, as described above, the cache of the web browser is uniquely provided for each terminal. For example, there are a plurality of terminals as terminals accessing the Internet via the same packet relay device. In such a case, the following problem occurs. That is, when each of a plurality of terminals under the packet relay device tries to acquire the same file on the same web server, each terminal receives the same file from the web server and stores it as a cache. Processing is required. As a result, there is a problem that not only the processing load on the packet relay device but also the processing load on the web server side increases.

  Further, when the packet relay device inquires the determination server on the Internet whether or not the file of the web server is a secure file, there is the following problem. That is, each time the packet relay apparatus receives an "HTTP GET request" for a request to acquire the file from each terminal for each of the subordinate terminals, the packet relay apparatus determines whether the file is a secure file. Must be inquired to the determination server. This inquiry is required even if the files that make an acquisition request to the web server are the same file.

  Here, in order to reduce the number of inquiries from the packet relay device to the determination server, a countermeasure for controlling the inquiry to the determination server as follows may be considered. In this countermeasure, the packet relay device transmits the received “HTTP GET request” to the web server as a result of transmitting the received “HTTP GET request” to the web server instead of receiving the “HTTP GET request” from the terminal. When the packet relay device receives an “HTTP 304 Not Modified response” of only the header indicating that the file has not been updated from the content of the file cached in the requesting terminal, the packet relay device makes an inquiry to the determination server. Not to be. On the other hand, when the packet relay device receives the “HTTP 200 OK response” including not only the header portion but also the file from the web server, it performs control to make an inquiry to the determination server. With this measure, it is possible to reduce the number of inquiries from the packet relay device to the determination server.

  However, the cache of the web browser is provided uniquely for each terminal as described above. Therefore, when there are a plurality of terminals connected under the packet relay device and each terminal tries to acquire the same file on the web server, each terminal receives the file from the web server. It is necessary to. At this time, each time the packet relay device receives the “HTTP 200 OK response” for each terminal from the web server, it is necessary to make an inquiry to the determination server. As a result, the problem that not only the processing load on the packet relay device but also the processing load on the determination server side increases cannot be solved.

(Purpose of this disclosure)
An object of the present disclosure is to provide a packet relay device capable of reducing a processing load when a terminal acquires a file from a web server on the Internet and connects the terminal with the web server in view of the problem. , A packet relay control method and a packet relay control program.

  In order to solve the above problems, a packet relay device, a packet relay control method, and a packet relay control program according to the present invention mainly employ the following characteristic configurations.

(1) The packet relay device according to the present invention comprises:
Relays packets between the terminal and a web server on the Internet,
After transmitting an "HTTP GET request" for requesting acquisition of the file of the web server on the Internet received from the terminal to the Internet, when any packet is returned from the web server, the packet A packet analysis unit that detects that the packet is a “HTTP 200 OK response” packet including the file requested to be obtained from the terminal;
A file storage unit that stores the file included in the “HTTP 200 OK response” received from the web server, and is set as information for specifying the file included in the “HTTP 200 OK response”. Extracting a part of the value specified in advance in the header part of the “HTTP 200 OK response”, and using the extracted part of the value as information for specifying the file stored in the file storage unit. An access history information table for setting and registering as history information of a file previously received and stored in the file storage unit, in association with information specifying the file of the web server obtained and requested by the “HTTP GET request”. Storage unit,
Whether the partial value of the header part of the “HTTP 200 OK response” is set and registered in the access history information table as information for specifying the file previously received and stored in the file storage unit A storage file presence / absence determination unit for determining whether or not
Each time the “HTTP 200 OK response” is received from the web server, the partial value of the header part of the “HTTP 200 OK response” received this time and the file received in the past and stored in the file storage part are specified. A file update determining unit that compares the partial value set and registered in the access history information table as information for determining whether or not the value is the same;
Each time the “HTTP 200 OK response” is received from the web server, it is determined whether the file included in the “HTTP 200 OK response” received this time is a security-safe file or a dangerous file. A file security determination unit that makes an inquiry to a determination server on the Internet having a function and obtains a determination result regarding security security of the file as a response from the determination server;
The request for obtaining the determination result obtained as a response from the determination server and the partial value extracted from the header part of the “HTTP 200 OK response” received this time by the “HTTP GET request” An access history information table setting registration unit for setting and registering in the access history information table in association with information specifying a file of the web server;
A file storage unit for storing the file included in the “HTTP 200 OK response” received this time in the file storage unit;
According to the determination result obtained as a response from the determination server, the content of the file included in the “HTTP 200 OK response” received this time is rewritten, and the source of the “HTTP GET request” is rewritten. A response transmission unit for transmitting to the terminal;
It is characterized by having.

(2) The packet relay control method according to the present invention comprises:
Relays packets between the terminal and a web server on the Internet,
After transmitting an "HTTP GET request" for requesting acquisition of the file of the web server on the Internet received from the terminal to the Internet, when any packet is returned from the web server, the packet Analyzing the packet to detect that the packet is an “HTTP 200 OK response” packet including the file requested to be obtained from the terminal;
The file included in the “HTTP 200 OK response” received from the web server is stored in a file storage unit, and is set as information for specifying the file included in the “HTTP 200 OK response”. Extracting a part of the value previously specified in the header part of the “HTTP 200 OK response”, and using the extracted part of the value as information for specifying the file stored in the file storage unit, A storage step of setting and registering in the access history information table as history information of a file previously received and stored in the file storage unit, in association with information specifying the file of the web server requested to be acquired by the “HTTP GET request” When,
Whether the partial value of the header part of the “HTTP 200 OK response” is set and registered in the access history information table as information for specifying the file previously received and stored in the file storage unit A storage file presence / absence determination step of determining whether or not the storage file exists;
Each time the “HTTP 200 OK response” is received from the web server, the partial value of the header part of the “HTTP 200 OK response” received this time and the file received in the past and stored in the file storage part are specified. A file update determining step of comparing the partial value set and registered in the access history information table as information for determining whether or not the values are the same;
Each time the “HTTP 200 OK response” is received from the web server, it is determined whether the file included in the “HTTP 200 OK response” received this time is a security-safe file or a dangerous file. File security determining step of making an inquiry to a determination server on the Internet having a function and acquiring a determination result regarding security security of the file as a response from the determination server;
The request for obtaining the determination result obtained as a response from the determination server and the partial value extracted from the header part of the “HTTP 200 OK response” received this time by the “HTTP GET request” An access history information table setting registration step of setting and registering in the access history information table in association with information specifying a file of a web server;
A file storing step of storing a file included in the “HTTP 200 OK response” received this time in the file storage unit;
According to the determination result obtained as a response from the determination server, the content of the file included in the “HTTP 200 OK response” received this time is rewritten, and the source of the “HTTP GET request” is rewritten. A response transmission step to be transmitted to the terminal,
It is characterized by having.

(3) The packet relay control program according to the present invention comprises:
A packet relay control in a packet relay device that relays a packet between a terminal and a web server on the Internet is executed by a computer in the packet relay device,
After transmitting an "HTTP GET request" for requesting acquisition of the file of the web server on the Internet received from the terminal to the Internet, when any packet is returned from the web server, the packet A packet analysis function of detecting that the packet is an “HTTP 200 OK response” packet including a file requested to be obtained from the terminal;
A file storage unit that stores the file included in the “HTTP 200 OK response” received from the web server, and is set as information for specifying the file included in the “HTTP 200 OK response”. Extracting a part of the value previously specified in the header part of the “HTTP 200 OK response”, and using the extracted part of the value as information for specifying the file stored in the file storage unit, A storage function for setting and registering in the access history information table as history information of a file previously received and stored in the file storage unit in association with information specifying the file of the web server requested to be acquired by the “HTTP GET request” When,
Whether the partial value of the header part of the “HTTP 200 OK response” is set and registered in the access history information table as information for specifying the file previously received and stored in the file storage unit A stored file presence / absence determination function for determining whether or not
Each time the “HTTP 200 OK response” is received from the web server, the partial value of the header part of the “HTTP 200 OK response” received this time and the file received in the past and stored in the file storage part are specified. A file update determination function of comparing the partial value set and registered in the access history information table as information for determining whether or not the value is the same;
Each time the “HTTP 200 OK response” is received from the web server, it is determined whether the file included in the “HTTP 200 OK response” received this time is a security-safe file or a dangerous file. A file security determination function for making an inquiry to a determination server on the Internet having a function and acquiring a determination result regarding security security of the file as a response from the determination server;
The request for obtaining the determination result obtained as a response from the determination server and the partial value extracted from the header part of the “HTTP 200 OK response” received this time by the “HTTP GET request” An access history information table setting registration function for setting and registering in the access history information table in association with information specifying a file of a web server;
A file saving function for saving a file included in the “HTTP 200 OK response” received this time in the file storage unit;
According to the determination result obtained as a response from the determination server, the content of the file included in the “HTTP 200 OK response” received this time is rewritten, and the source of the “HTTP GET request” is rewritten. A response sending function to send to the terminal,
It is characterized by having.

  ADVANTAGE OF THE INVENTION According to the packet relay apparatus, the packet relay control method, and the packet relay control program of this invention, the following effects can be mainly exerted.

  When any terminal connected to the LAN network side of the packet relay device that relays the packet attempts to obtain a file of the web server on the Internet and sends a request to obtain the file to the packet relay device, The packet relay device confirms whether or not the file to be obtained by the terminal is already stored in a storage unit in the packet relay device. It is determined whether or not the above file has been updated from a file already stored in the storage unit, and in response to a result of the determination, an inquiry regarding security security of the file is made to a determination server. Can be determined, so that the number of inquiries to the determination server can be reduced. Thus, the traffic between the packet relay device and the determination server can be reduced, and the performance of the packet relay device and the determination server can be improved.

1 is a network configuration diagram illustrating an example of a connection configuration of a packet relay device according to the present invention and an internal configuration of the packet relay device. 3 is a flowchart illustrating an example of an internal operation of the packet relay device illustrated in FIG. 2 is a sequence chart showing an example of a signal flow when the terminal shown in FIG. 1 accesses a web server on the Internet via a packet relay device. 4 is a sequence chart illustrating an example of a signal flow different from that in FIG. 3 when the terminal illustrated in FIG. 1 accesses a web server on the Internet via a packet relay device. 3 is a table showing an example of an access history information table stored in a storage unit of the packet relay device of FIG. 1 and for registering a history of access to a web server from a terminal. 6 is a table illustrating an example of a case where the setting registration content of the access history information table illustrated in FIG. 5 is updated with a part of a header part of a newly received “HTTP 200 OK response” and the setting is registered again. . 6 is a table showing an example different from FIG. 5 of an access history information table stored in a storage unit of the packet relay device of FIG. 1 and for registering a history of access to a web server from a terminal. 8 is a table showing an example different from FIGS. 5 and 7 of an access history information table stored in a storage unit of the packet relay device of FIG. 1 for registering a history of access to a web server from a terminal.

  Hereinafter, preferred embodiments of a packet relay device, a packet relay control method, and a packet relay control program according to the present invention will be described with reference to the accompanying drawings. In the following description, a packet relay device and a packet relay control method according to the present invention will be described. However, such a packet relay method may be implemented as a packet relay control program executable by a computer, or It goes without saying that the packet relay control program may be recorded on a computer-readable recording medium. Moreover, the drawing reference numerals attached to the following drawings are added for convenience to each element as an example to facilitate understanding, and it is needless to say that the present invention is not intended to limit the present invention to the illustrated embodiment. No.

<Features of the present invention>
Prior to the description of the embodiments of the present invention, the features of the present invention will be outlined first. The present invention relates to a packet relay device that relays a connection between a terminal and a server on the Internet, and when a HTTP (Hypertext Transfer Protocol) access request for file acquisition is made from the terminal to a web server. If the same file as the file included in the HTTP response returned from the web server has not been stored in the packet relay device, the packet relay device queries the determination server about the contents of the file. The main feature is that a means for rewriting the contents of the file included in the HTTP response in accordance with the response from the determination server is provided.

  In other words, the present invention is mainly characterized by having the following functions. That is, first, an HTTP access request (referred to as an “HTTP GET request”) for obtaining a file of an arbitrary web server on the Internet is transmitted from a terminal, and the web server receives the HTTP request. When a response including the file (referred to as the “HTTP 200 OK response”) is returned, the packet relay apparatus transmits the file included in the “HTTP 200 OK response” received this time to the inside of the packet relay apparatus. Has a function of confirming whether or not the content is the same as the content of a file already stored in the storage unit.

  Second, if the file has not yet been stored in the storage unit in the packet relay device, or if the file has been stored, the contents of the file stored in the storage unit If the file included in the received “HTTP 200 OK response” is different, it is determined whether the file included in the received “HTTP 200 OK response” is a safe file. It has a function of making an inquiry to a determination server on the Internet, which has a function to perform the determination. On the other hand, when the file included in the “HTTP 200 OK response” received this time is the same as the content of the file already stored in the storage unit in the packet relay device, The file included in the "HTTP 200 OK response" received this time according to the judgment contents already stored as the judgment result from the judgment server regarding the stored file contents without making an inquiry to the judgment server. It has a function of rewriting the content and transmitting it to the acquisition requesting terminal.

  Third, the result of determining whether the file is a 'safe file' or a 'dangerous file' from the determination server which received the inquiry from the packet relay device is returned as a response to the packet relay of the inquiry source. When the packet is returned to the device, the packet relay device checks the content of the response returned from the determination server. If the content of the response is determined to be a "dangerous file", the packet relay device returns "HTTP 200". It has a function of rewriting the contents of the file included in the “OK response” so as to remove the danger and transmitting the file to the terminal that has requested acquisition. On the other hand, if the response content from the determination server is determined to be a “safe file”, the content of the file included in the “HTTP 200 OK response” is It has a function to transmit to the original terminal.

  Thus, it is possible to reduce the number of inquiries made to the determination server and reduce the processing load on the packet relay device and the determination server.

  The main features of the present invention will be further described as follows. The packet relay device constantly monitors packets transmitted and received between one or more terminals on the LAN network connected to the packet relay device. When an HTTP packet whose request method is 'GET' (hereinafter, referred to as an “HTTP GET request”) is received from any terminal on the LAN network, the packet relay apparatus sends the “HTTP GET request” to a web server on the Internet. "HTTP GET request".

  When a packet having a status code of “200” (hereinafter, referred to as “HTTP 200 OK response”) is received as a response to the “HTTP GET request” from a web server on the Internet, the packet relay apparatus A part of a predetermined value (for example, a value of a Last-Modified field indicating the latest update date and time) of a header part of the “HTTP 200 OK response” and the “HTTP 200 OK response” already stored in the packet relay device. It is checked whether or not the value matches a part of the header part specified in advance.

  If the packet relay apparatus has not yet stored the partial value of the header portion of the “HTTP 200 OK response”, or has already stored the partial value, the header of the stored “HTTP 200 OK response” If the value of the part does not match the value of the part of the header of the “HTTP 200 OK response” received this time, the packet relay apparatus transmits the file of the “HTTP 200 OK response” received this time. Inquires the judgment server about the contents.

  Thereafter, the packet relay device rewrites the file content of the “HTTP 200 OK response” received this time according to the response content returned from the determination server as a result of the inquiry about the file content, and sends the file to the acquisition request source terminal. In addition to the transmission, the file contents before rewriting are stored in the storage unit. Further, the packet relay apparatus associates the partial value of the header portion of the “HTTP 200 OK response” and the response content from the determination server with the “HTTP GET request” that has issued the acquisition request, and associates the access history information with the access history information. Is stored in the storage unit.

  Here, when the response content returned from the determination server is a determination result of “dangerous file”, the file content of the “HTTP 200 OK response” received this time is removed so that the danger is removed. After rewriting, it is transmitted to the acquisition requesting terminal. On the other hand, if the response content returned from the determination server is a determination result of a “secure file”, the file content of the “HTTP 200 OK response” received this time is obtained without being rewritten. Sent to the requesting terminal.

  If the stored part of the value of the header part of the “HTTP 200 OK response” matches the part of the value of the header part of the “HTTP 200 OK response” received this time, The relay device rewrites the file content of the “HTTP 200 OK response” received this time according to the response content already stored from the determination server without making an inquiry to the determination server, and Send to terminal.

  By operating as described above, the number of inquiries to the determination server can be reduced, and the processing load on the packet relay device and the determination server can be reduced.

<Configuration example of embodiment of the present invention>
Next, an example of a connection configuration and an internal configuration of the packet relay device according to the present invention will be described in detail with reference to the drawings. FIG. 1 is a network configuration diagram showing an example of a connection configuration of a packet relay device according to the present invention and an internal configuration of the packet relay device. The packet relay device 101 shown in FIG. 1 includes therein a LAN (Local Area Network) interface 102, a WAN (Wide Area Network) interface 103, a routing unit 104, and a packet relay device function unit 105 as functional units related to the present invention. , And at least a storage unit 106. Note that, with regard to the internal configuration of the packet relay apparatus 101 shown in FIG. Note that the packet relay apparatus 101 may be a router having a packet routing function (a broadband router or the like), or may have a packet relay function between a terminal and a web server on the Internet without having a routing function. The relay device may be provided.

  The packet relay device function unit 105 includes at least a packet analysis unit 105a and an access determination function unit 105b. Further, the access determination function unit 105b includes therein a stored file existence determination unit 30, a file update determination unit 40, a file security determination unit 50, an access history information table setting registration unit 60, a file storage unit 70, and a response transmission. At least a portion 80 is provided.

  The LAN interface 102 and the WAN interface 103 have one or more Ethernet (registered trademark) interfaces. The LAN interface 102 is connected to a LAN-side network 111, and terminals 112 and 113 are connected to the LAN-side network 111. The terminal 112 includes at least a web browser 112a, and the terminal 113 includes at least a web browser 113a. Here, the LAN-side network 111 is not limited to a wired connection, but may be a wireless connection.

  The WAN interface 103 is connected to the Internet 121, but the connection method with the Internet 121 is not specified, and the WAN interface 103 may be connected in any form. At least a web server 122 and a determination server 123 are connected to the Internet 121. The Internet 121 is a communication network in which a computer network, a telephone exchange network, a mobile communication network, an intranet in a company, and the like are interconnected, and the packet relay apparatus 101 and the web server 122, the determination server 123, and the Internet 121 Various devices and terminals (not shown) can be connected for communication.

  Upon receiving a packet from the terminal 112 or 113 via the LAN-side network 111, the LAN interface 102 of the packet relay apparatus 101 transmits the packet to the routing unit 104. Further, upon receiving the packet from the routing unit 104, the LAN interface 102 transmits the packet to the terminal 112 or 113 via the LAN-side network 111.

  Upon receiving a packet from the Internet 121, the WAN interface 103 of the packet relay device 101 transmits the packet to the routing unit 104. When receiving the packet from the routing unit 104, the WAN interface 103 transmits the packet to the Internet 121.

  When receiving the packet from the WAN interface 103, the routing unit 104 of the packet relay device 101 transmits the received packet to the packet analysis unit 105 a in the packet relay device function unit 105 of the packet relay device 101.

  The packet analysis unit 105a of the packet relay apparatus 101 has a function of analyzing the content of the packet received from the routing unit 104, and performs a process according to the content of the packet. That is, the packet analysis unit 105a transfers the packet to the access determination function unit 105b or designates the packet as the packet via the routing unit 104 according to the content of the packet received from the routing unit 104. To the specified destination. As described above, when the packet received from the routing unit 104 is the HTTP response packet transmitted by the web server 122 (that is, the “HTTP 200 OK response”), the packet analysis unit 105a specifies First, the packet is transferred to the access determination function unit 105b instead of the destination.

  More specifically, after transmitting the “HTTP GET request” for requesting the acquisition of the file of the web server 122 on the Internet 121 received from the terminal 112 or the terminal 113 to the Internet 121, the packet analysis unit 105a When a packet is returned from the server 122, the packet is analyzed to detect that the packet is an "HTTP 200 OK response" packet including a file requested to be obtained from the terminal 112 or 113. In this case, the packet is first transferred to the access determination function unit 105b.

  The access determination function unit 105b of the packet relay apparatus 101 is connected to the Internet 121 as necessary for the file contents included in the HTTP response packet (that is, the “HTTP 200 OK response”) received from the packet analysis unit 105a. The determination server 123 makes an inquiry about the security of the file, and rewrites the file content included in the received HTTP response packet (that is, the “HTTP 200 OK response”) in response to the response from the determination server 123.

  Here, the stored file presence / absence determination unit 30 provided inside the access determination function unit 105b stores, in the access history information table 10 of the storage unit 106, a part of the value previously specified in the header part of the “HTTP 200 OK response”. Then, it is determined whether or not the setting is registered as information for specifying a file received in the past and stored in the file storage unit 20 of the storage unit 106.

  In addition, each time the file update determination unit 40 provided inside the access determination function unit 105b receives the “HTTP 200 OK response” from the web server 122, the file update determination unit 40 includes a part of the header part of the “HTTP 200 OK response” received this time. The value is compared with a partial value set and registered in the access history information table 10 of the storage unit 106 as information for specifying a file received in the past and stored in the file storage unit 20 of the storage unit 106. , Are determined to be the same value.

  The file security determination unit 50 provided inside the access determination function unit 105b determines whether the file included in the “HTTP 200 OK response” received this time every time the “HTTP 200 OK response” is received from the web server 122. An inquiry is made to a determination server 123 on the Internet 121 having a function of determining whether the file is secure or dangerous, and as a response from the determination server 123, Acquire the judgment result regarding safety. Here, a file that is dangerous in security is a file that contains malware such as a malicious virus or a phishing scam, and a file that is safe in security is a file that does not contain malware.

  Further, the access history information table setting registration unit 60 provided inside the access determination function unit 105b stores the determination result obtained as a response from the determination server 123 in the file security determination unit 50 and the “HTTP” received this time. The part of the value extracted from the header part of the “200 OK response” and the information that specifies the file of the web server 122 that has been requested by the “HTTP GET request” (that is, the URL (Uniform Resource Locator) of the file on the web server 122) ) And the file name) are set and registered in the access history information table 10 of the storage unit 106.

  In addition, the file storage unit 70 provided inside the access determination function unit 105b stores the file included in the “HTTP 200 OK response” received this time in the file storage unit 20 of the storage unit 106.

  In addition, the response transmission unit 80 provided inside the access determination function unit 105b responds to the determination result obtained as a response from the determination server 123 by using the file included in the “HTTP 200 OK response” received this time. Is rewritten and transmitted to the terminal 112 or the terminal 113 of the transmission source of the “HTTP GET request”.

  In the storage unit 106 of the packet relay apparatus 101, an access history information table 10 for setting and registering information regarding an access history to the Internet 121 (in other words, information regarding a processing result of the access determination function unit 105b) and an HTTP response packet (that is, “ At least a file storage unit 20 that saves a file included in the “HTTP 200 OK response”) and, in some cases, information of a header portion as a cache. That is, the file storage unit 20 stores the file included in the “HTTP 200 OK response” received from the web server 122 and, in some cases, the information of the header part of the “HTTP 200 OK response”. Department. Further, the access history information table 10 includes a part of the header part of the “HTTP 200 OK response” set as information for specifying the file included in the “HTTP 200 OK response”, which is specified in advance. A value is extracted, and the extracted part of the value is used as information for specifying the file stored in the file storage unit 20 as information for specifying the file. A storage unit for setting and registering as history information of a file received in the past and stored in the file storage unit in association with a URL or a file name.

  The determination server 123 connected to the Internet 121 receives the HTTP response packet (that is, “HTTP 200 OK response”) from the web server 122 and, from the packet relay apparatus 101, relates to the file content included in the HTTP response packet. Upon receiving the inquiry, it is determined whether the file of the HTTP response packet transmitted by the web server 122 to the packet relay apparatus 101 is a secure file or a dangerous file, and the determined result is used as a response. Is returned to the packet relay device 101 of the inquiry source. Note that the determination processing of the determination server 123 may be realized using any existing known technology.

  Further, the web browser 112a, the web browser 113a, and the like included in each terminal such as the terminal 112 and the terminal 113 connected to the LAN-side network 111 may be realized using any existing known technology. Also, the web server 122 connected to the Internet 121 may be realized using any existing known technology.

<Description of Operation of Embodiment of the Present Invention>
Next, the operation of the packet relay apparatus 101 shown in FIG. 1 will be described with respect to the terminal 112 connected to the LAN-side network 111 and the web server 122 and the determination server 123 connected to the Internet 121. An example of the processing will be described in detail with reference to the drawings.

(Example of Internal Operation in Packet Relay Device 101)
First, the operation in the packet relay apparatus 101 will be described using the flowchart of FIG. FIG. 2 is a flowchart illustrating an example of an internal operation of the packet relay apparatus 101 shown in FIG. 1. Mainly, operations of the packet analysis unit 105a and the access determination function unit 105b of the packet relay apparatus function unit 105 will be described. ing.

  In the flowchart of FIG. 2, first, the WAN interface 103 of the packet relay apparatus 101 constantly monitors whether a packet has been received from the Internet 121. When the WAN interface 103 receives a packet from the Internet 121, the WAN interface 103 transfers the received packet to the packet analysis unit 105a of the packet relay device function unit 105 via the routing unit 104.

  The packet analysis unit 105a analyzes the contents of the transferred packet, and determines whether the packet is an HTTP response packet received from the web server 122 connected to the Internet 121 (that is, an “HTTP 200 OK response”). Is determined (step S1). If the packet analysis unit 105a determines that the packet received by the WAN interface 103 is an HTTP response packet from the web server 122 (Yes in step S1), the packet analysis unit 105a relays the received HTTP response packet from the web server 122. The data is transferred to the access determination function unit 105b of the device function unit 105.

  On the other hand, if the packet received by the WAN interface 103 is not an HTTP response from the web server 122 (that is, “HTTP 200 OK response”) (No in step S1), the packet analysis unit 105a sends the header of the packet to the Forwards the packet to the destination specified by. If the WAN interface 103 has not received a packet from the Internet 121 (No in step S1), the packet reception monitoring operation in step S1 is repeated.

  Upon receiving the HTTP response packet (that is, “HTTP 200 OK response”) from the web server 122 from the packet analysis unit 105a, the access determination function unit 105b first causes the storage file presence / absence determination unit 30 to access the access history information in the storage unit 106. A search is made in the table 10 to determine whether or not a predetermined value of the header part of the HTTP response packet (that is, “HTTP 200 OK response”) is set and registered in a corresponding column in the access history information table 10. Confirm (step S2).

  When a part of the header of the HTTP response packet is stored in the corresponding column in the access history information table 10 of the storage unit 106 (Yes in step S2), the file storage unit 20 of the storage unit 106 Has a file already saved. Therefore, next, the file update determination unit 40 is activated, and the file included in the HTTP response packet received this time (that is, the “HTTP 200 OK response”) is stored in the file storage unit 20 of the storage unit 106. It is confirmed whether or not the file is an updated file than the current file (step S3). That is, the file update determination unit 40 extracts a part of the header part of the HTTP response packet received this time (that is, the “HTTP 200 OK response”) specified in advance, and extracts the value from the access history information table 10 in the storage unit 106. And confirms whether or not a part of the value of the header part different from the HTTP response packet received this time is stored.

  If the corresponding column in the access history information table 10 of the storage unit 106 stores a partial value of a header portion different from the HTTP response packet received this time (that is, “HTTP 200 OK response”), (Yes in step S3), the file included in the HTTP response packet received this time (that is, the “HTTP 200 OK response”) is updated more than the file stored in the file storage unit 20 of the storage unit 106. File.

  In step S2, as a result of searching the access history information table 10 of the storage unit 106 by the stored file presence / absence determination unit 30, a part of the header part is stored in a corresponding column of the access history information table 10 of the storage unit 106. Is not stored (No in step S2), the file is not yet stored in the file storage unit 20 of the storage unit 106, and the HTTP response packet received this time (ie, "HTTP The file included in the “200 OK response”) is a new file received for the first time from the web server 122.

  It is determined that the file included in the HTTP response packet received this time (that is, the “HTTP 200 OK response”) is a file that is updated more than the file stored in the file storage unit 20 of the storage unit 106. In this case (Yes in step S3) or when it is determined that the file is a new file received for the first time from the web server 122 (No in step S2), the access determination function unit 105b activates the file security determination unit 50. Then, in order to inquire whether the file included in the HTTP response packet received this time is a safe file, an inquiry packet to the determination server 123 is created. Then, an inquiry packet regarding the file content of the HTTP response packet is transmitted from the WAN interface 103 to the determination server 123 connected to the Internet 121 (step S4).

  When a response packet to the inquiry packet is returned from the determination server 123, the file safety determination unit 50 in the access determination function unit 105b of the packet relay apparatus 101 receives the received determination server via the WAN interface 103 and receives the received determination server. The response from 123 is passed to the access history information table setting registration unit 60 and the response transmission unit 80.

  The access history information table setting registration unit 60 stores the received response from the determination server 123 and a part of the header part of the currently received HTTP response packet with the web server 122 specified by the “HTTP GET request”. The file is stored in the access history information table 10 in the storage unit 106 in such a manner as to be associated with the information for specifying the file to be requested for acquisition (step S5). Then, the response transmission unit 80 is activated, and according to the determination result indicated by the response from the determination server 123, the content of the file included in the HTTP response packet received this time (that is, the “HTTP 200 OK response”) is Rewriting is performed to remove the danger (step S6).

  On the other hand, if the access history information table 10 of the storage unit 106 stores a partial value of the same header part as the currently received HTTP response packet (that is, “HTTP 200 OK response”) in step S3, (No in step S3), the file included in the HTTP response packet received this time (that is, the “HTTP 200 OK response”) has been updated from the file stored in the file storage unit 20 of the storage unit 106. It is determined that the file is the same as the file stored in the file storage unit 20 of the storage unit 106.

  In such a case, that is, when the file included in the HTTP response packet received this time (that is, the “HTTP 200 OK response”) has not been updated (No in step S3), the storage unit 106 In addition to reading out the determination result of the determination server 123 regarding the contents of the file already set and registered in the access history information table 10, the response transmission unit 80 is started, and the file of the HTTP response packet is read in accordance with the read out determination result. The contents are rewritten so as to remove the danger (step S6).

  Thereafter, the response transmission unit 80 of the access determination function unit 105b determines whether the file rewritten according to the determination result indicated by the response from the determination server 123 or the determination result read from the access history information table 10 in the storage unit 106 (ie, The HTTP response packet (that is, the “HTTP 200 OK response”) including the file as received from the web server 122 or in a state rewritten to remove the danger is transmitted via the routing unit 104. Transfer to the LAN interface 102. The LAN interface 102 transmits the HTTP response packet (that is, the “HTTP 200 OK response”) transferred from the response transmission unit 80 of the access determination function unit 105 b to the file acquisition request source terminal 112 connected to the LAN side network 111. (Step S7).

(Flow of signal when terminal 112 accesses web server 122)
Next, the signal exchange between the packet relay apparatus 101 and the terminal 112, the web server 122, and the determination server 123 will be described with reference to the sequence charts of FIGS. FIG. 3 is a sequence chart showing an example of a signal flow when the terminal 112 shown in FIG. 1 accesses the web server 122 on the Internet 121 via the packet relay device 101. Here, FIG. 3 asks the determination server 123 whether or not the file included in the “HTTP 200 OK response” received this time from the web server 122 by the packet relay apparatus 101 is a secure file. An example of a signal flow in the case is shown.

  That is, in FIG. 3, information on a part of the header part of “HTTP 200 OK response” specified in advance is not yet stored in the access history information table 10 of the storage unit 106 of the packet relay apparatus 101. The file included in the received “HTTP 200 OK response” is the first file that has not yet been acquired in the packet relay apparatus 101, or the file included in the “HTTP 200 OK response” received this time from the web server 122. A part of the value of the header part is different from a part of the value of the header part stored in the access history information table 10 of the storage part 106, and is included in the “HTTP 200 OK response” received this time. Is stored in the file storage unit 20 of the storage unit 106. 4 shows an example of a signal flow when it is determined that the file has been updated from the current file.

  FIG. 4 is a sequence chart illustrating an example of a signal flow different from that in FIG. 3 when the terminal 112 illustrated in FIG. 1 accesses the web server 122 on the Internet 121 via the packet relay device 101. That is, FIG. 4 illustrates an example of a signal flow in a case where the packet relay apparatus 101 does not make an inquiry to the determination server 123 regarding a file included in the “HTTP 200 OK response” received this time from the web server 122. ing.

  That is, in FIG. 4, the access history information table 10 in the storage unit 106 of the packet relay apparatus 101 includes the same header part as the previously specified part of the header part of the “HTTP 200 OK response” received this time. A state in which information about some values is stored and the file included in the “HTTP 200 OK response” received this time is not updated from the file stored in the file storage unit 20 of the storage unit 106 In the case where it is determined that there is a file, the determination server indicating whether or not the file stored in the file storage unit 20 of the storage unit 106 is a safe file in the access history information table 10 of the storage unit 106 13 shows an example of a signal flow in a case where the response from 123 has already been set and registered. To have.

  3 and 4 show the flow of signals when the packet relay apparatus 101 receives an “HTTP GET request” indicating a file acquisition request from the terminal 112, but simplification will be made. Therefore, transmission and reception of signals between the terminal 112, the packet relay apparatus 101, the web server 122, and the determination server 123 will be described, and the LAN-side network 111 existing between the terminal 112 and the packet relay apparatus 101, The description of transmission and reception of signals between the Internet 101 and the Internet 121 existing between the Web server 122 and the determination server 123 is omitted.

  As described above, the packet relay apparatus 101 transmits and receives packets to and from the terminal 112 connected to the LAN-side network 111 via the LAN interface 102, and transmits and receives the web server 122 and the determination server from the Internet 121 to the WAN interface 103. 123 is transmitted and received. Then, when a packet transmitted from the web server 122 or the determination server 123 via the Internet 121 is received from the WAN interface 103, the routing unit 104 in the packet relay apparatus 101 The packet is transferred to the function unit 105 (packet analysis unit 105a, access determination function unit 105b). When receiving a packet from the packet relay device function unit 105 (packet analysis unit 105a, access determination function unit 105b), the routing unit 104 in the packet relay device 101 transmits the packet to the LAN according to the designated destination. The data is transmitted to the interface 102 and the WAN interface 103.

  In the sequence charts of FIGS. 3 and 4, it is assumed that the IP address of the packet relay device 101 on the LAN side is “192.168.100.1/24”, and the IP address of the terminal 112 is “192.168”. .100.10 / 24 '. It is also assumed that the URL of the file existing on the web server 122 is' HTTP://example.com/test1.txt ', and the update date and time of the file' test1.txt 'is' Fri, 20 Oct 2017 12:26:19 GMT '.

  Unless otherwise specified, the method of the HTTP request transmitted from the terminal 112 to the web server 122 via the packet relay device 101 is 'GET', and the HTTP request is returned from the web server 122 to the terminal 112 via the packet relay device 101. It is assumed that the status code of the HTTP response packet is '200'. Also, in response to an inquiry from the packet relay apparatus 101 regarding a file, a response returned from the determination server 123 to the packet relay apparatus 101 is a result of determination of either a “safe file” or a “dangerous file”. Assume that

  FIG. 5 is a table showing an example of the access history information table 10 stored in the storage unit 106 of the packet relay apparatus 101 of FIG. 1 and for registering a history of access to the web server 122 from the terminal 112 or the terminal 113. FIG. 5 shows information (for example, URL, file name) for specifying a file to be acquired in the “HTTP GET request” transmitted from the terminal 112 to the web server 122, and the web server 122 Information for specifying the file included in the transmitted “HTTP 200 OK response” (that is, a part of the value specified in the header portion, for example, a value indicating the update date and time of the file), and the determination server 123 5 shows an example in which the contents of a response indicating a determination result of a file received from the server are stored.

  That is, the access history information table 10 of FIG. 5 includes a GET column 11, a Host column 12, a Last-Modified column 13, and a determination server response column 14. Here, the file name of the file requested to be obtained by the terminal 112, for example, '/test1.txt' is set and registered in the GET column 11 on the “HTTP GET request” side, and in the Host column 12 on the “HTTP GET request” side. Then, the terminal 112 sets and registers the URL indicating the location of the file on the web server 122 specified as the acquisition request destination, for example, 'example.com'.

  In the Last-Modified column 13 on the “HTTP 200 OK response” side, the web server 122 that has received the “HTTP GET request” indicated by the GET column 11 and the Host column 12 in the “HTTP GET request” column is returned. When the content of the file included in the “HTTP 200 OK response”, for example, the file content of the file name “test1.txt” is stored in the file storage unit 20 of the packet relay apparatus 101, the information is used to specify the file. Then, a part of a predetermined value such as a value indicating the update date and time, for example, a value indicating the update date and time is extracted from the header part of the “HTTP 200 OK response” and registered. The Last-Modified column 13 in FIG. 5 shows an example in which the update date and time of 'Fri, 20 Oct 2017 12:26:19 GMT' is set and registered as an example. In the judgment server response field 14, the content of the file included in the "HTTP 200 OK response" received this time and stored in the file storage unit 20, for example, the security of the file content of the file name "test1.txt" With respect to the gender, the determination result of the determination server 123 obtained by making an inquiry to the determination server 123, for example, information indicating “secure file” is set and registered.

  In the present embodiment, the previously specified partial value of the header portion registered and set in the access history information table 10 of the storage unit 106 described in the flowchart of FIG. The value of the latest update date and time 'Fri, 20 Oct 2017 12:26:19 GMT' of the file content of the file name 'test1.txt' registered and set in the Modified column 13. The file stored in the storage unit 20 is the content of the file with the file name '/test1.txt' registered and set in the GET column 11.

((Flow of signal when packet relay apparatus 101 inquires determination server 123))
Next, a part of the value specified in advance in the header part of the “HTTP 200 OK response” used as information for specifying the file stored in the file storage unit 20 of the storage unit 106 is the access history information of the storage unit 106. When the setting is not registered in the table 10 or the partial value of the header is set and registered in the access history information table 10, the partial value of the header is registered but This is a case where the value differs from a part of the header part of the “HTTP 200 OK response” received this time from the web server 122, and is included in the “HTTP 200 OK response” for the determination server 123. The sequence flow of FIG. 3 shows the signal flow when making an inquiry regarding the security of the file contents. It is used to explain one example.

  In the sequence chart of FIG. 3, when the terminal 112 performs a web access operation to request acquisition of a file (URL: example.com, file name: test1.txt) on the web server 122 (sequence Seq1), the terminal An “HTTP GET request” including information for specifying a file to be an acquisition request is transmitted from 112 to the web server 122 on the Internet 121 via the packet relay device 101 (sequence Seq2). At this time, in the packet relay device 101 that relays the “HTTP GET request”, the access history information table setting registration unit 60 of the access determination function unit 105b determines the acquisition request target included in the “HTTP GET request”. The URL “example.com” indicating the location of the file and the file name “test1.txt” of the file are stored in the Host column 12 and the GET column 11 on the “HTTP GET request” side of the access history information table 10 in the storage unit 106. Then, the setting is registered as information for specifying the file on the web server 122 that is the acquisition request target by the “HTTP GET request”.

  Thereafter, when the “HTTP 200 OK response” including the requested file is returned to the packet relay apparatus 101 from the web server 122 that has received the “HTTP GET request” via the Internet 121 (sequence Seq3). ), The WAN interface 103 of the packet relay device 101 transfers the “HTTP 200 OK response” from the routing unit 104 to the packet analysis unit 105a of the packet relay device function unit 105. When the packet analysis unit 105a analyzes the transferred packet and determines that the packet is the “HTTP 200 OK response” received from the web server 122, the access determination is performed on the “HTTP 200 OK response”. The data is further transferred to the function unit 105b.

  Upon receiving the “HTTP 200 OK response” from the packet analysis unit 105a, the access determination function unit 105b first activates the storage file presence / absence determination unit 30 and accesses the access history information table 10 of the storage unit 106 (that is, the access history information table It is determined whether or not a part of the header part of the “HTTP 200 OK response” specified in advance (that is, a value indicating the date and time of file update) is set and registered in the Last-Modified field 13 of 10). If the value of the part of the header is set and registered, the file update determination unit 40 is then activated, and the header of the “HTTP 200 OK response” received this time is identified in advance. The extracted partial value (that is, the value of the Last-Modified field indicating the file update date and time) is extracted, and the same value as the extracted partial value of the header portion is stored in the access history information table 10 of the storage unit 106 (ie, It is confirmed whether the setting is registered in the Last-Modified column 13) of the access history information table 10 (sequence Seq4).

  As the confirmation result, a part of the specified value of the header part of “HTTP 200 OK response” is set and registered in the access history information table 10 of the storage unit 106 (that is, the Last-Modified column 13 of the access history information table 10). Otherwise, the file is not stored in the file storage unit 20, and the file included in the “HTTP 200 OK response” received this time from the packet analysis unit 105a is The stored file presence / absence determining unit 30 of the access determining function unit 105b determines that the file is a new file received for the first time. Alternatively, although the above part of the values is set and registered in the access history information table 10 of the storage unit 106 (that is, the Last-Modified column 13 of the access history information table 10), the “HTTP” received this time from the packet analysis unit 105a If a value different from a partly specified value in the header portion of the “200 OK response” is set and registered, the contents of the file included in the “HTTP 200 OK response” received this time are stored in the storage unit. The file update determination unit 40 of the access determination function unit 105b determines that the content has been updated from the file content stored in the file storage unit 20 of the file 106. As described above, when it is determined that the file is a new file, or when it is determined that the file contents have been updated (sequence Seq5), the determination server 123 receives the current file as follows. An inquiry is made regarding a file included in the “HTTP 200 OK response”.

  That is, the access determination function unit 105b activates the file security determination unit 50, and relates to the security of the file content from the web server 122 included in the “HTTP 200 OK response” received this time from the packet analysis unit 105a. In order to make an inquiry to the determination server 123, an inquiry packet for inquiring about the security of the file contents is created and transferred to the WAN interface 103 of the packet relay apparatus 101 (sequence Seq6). As a result, an inquiry packet regarding the security of the file contents is transmitted to the determination server 123 on the Internet 121 via the WAN interface 103 of the packet relay apparatus 101 (sequence Seq7).

  Upon receiving the inquiry packet from the packet relay device 101, the determination server 123 receives the contents of the file specified in the inquiry packet (that is, the contents of the file from the web server 122 included in the “HTTP 200 OK response”). ) Is checked to determine whether the file is safe or dangerous. Then, the determination server 123 creates a response packet including the determination result of the file, and returns the created response packet to the packet relay device 101 that has transmitted the inquiry packet (sequence Seq8).

  Upon receiving the response packet from the determination server 123, the packet relay device 101 transfers the received response packet to the file security determination unit 50 of the access determination function unit 105b via the WAN interface 103. The file security determination unit 50 of the access determination function unit 105b activates the access history information table setting registration unit 60 and associates the response packet received from the determination server 123 with the "HTTP GET request" to be processed. Of the response (that is, the determination result of the file) is set and registered in the determination server response column 14 of the access history information table 10 of the storage unit 106, and further, a part of the header of the “HTTP 200 OK response” received this time is received. The value (that is, the value of the Last-Modified field) is set and registered in the Last-Modified column 13 of the access history information table 10 of the storage unit 106 (sequence Seq9).

  Thereafter, the access determination function unit 105b activates the response transmission unit 80, and according to the content of the response from the determination server 123, the file included in the “HTTP 200 OK response” received this time from the web server 122. Is rewritten (sequence Seq10), the “HTTP 200 OK response” is transmitted from the LAN interface 102 to the terminal 112 that has transmitted the “HTTP GET request” (that is, the file acquisition request source). Yes (sequence Seq11).

  For example, when the response content from the determination server 123 is a response “safe file”, the content of the file included in the “HTTP 200 OK response” received from the web server 122 is not rewritten. Is transmitted from the LAN interface 102 to the terminal 112 as it is. If the response content from the determination server 123 is a response of “dangerous file”, the content of the file included in the “HTTP 200 OK response” received from the web After being rewritten to be removed, it is transmitted from the LAN interface 102 to the terminal 112.

  In the sequence Seq9, a part of the header part of the “HTTP 200 OK response” is already set and registered in the access history information table 10 of the storage unit 106 (that is, the Last-Modified column 13 of the access history information table 10). However, if a value different from a part of the value of the header part of the “HTTP 200 OK response” received this time from the packet analysis unit 105 a is set and registered, Thus, the information set in the Last-Modified column 13 of the access history information table 10 in the storage unit 106 is rewritten.

  For example, the value of a part of the header part of the “HTTP 200 OK response” already set and registered in the access history information table 10 of the storage unit 106 (that is, the Last-Modified field 13 of the access history information table 10) is shown in FIG. As shown in the No. 1 line, the update date and time of 'Fri, 20 Oct 2017 12:26:19 GMT', and the header part of the “HTTP 200 OK response” received this time from the packet analysis unit 105a. Is a new update date and time of 'Tue, 24 Oct 2017 12:26:19 GMT', the contents of the file requested to be obtained (file name: test1.txt) are stored in the storage unit. It can be determined from the content stored in the file storage unit 106 that the file has been updated. Therefore, the file security determination unit 50 of the access determination function unit 105b sends an inquiry to the determination server 123 regarding the file contents of the file updated at the update date and time 'Tue, 24 Oct 2017 12:26:19 GMT' in the sequence Seq6. Do it for

  Then, upon receiving a response packet from the determination server 123 in response to the inquiry in sequence Seq8, the file safety determination unit 50 of the access determination function unit 105b checks the response content included in the response packet. As a result of the confirmation, if the updated file is, for example, a response of “secure file”, the file storage unit 70 is activated, and the file content of the file storage unit 20 of the storage unit 106 is received this time. The file is rewritten with the file included in the “HTTP 200 OK response”, and the access history information table setting registration unit 60 is activated to rewrite the setting contents of the access history information table 10 in the storage unit 106 as shown in FIG. .

  That is, the access history information table setting registration unit 60 determines the No. of the determination server response column 14 of the access history information table 10 of the storage unit 106 based on the response content of the response packet. 1 is rewritten from the setting registration contents of FIG. 5, and a part of the header part of the “HTTP 200 OK response” received this time from the packet analysis unit 105a (that is, the value of the Last-Modified field) “Tue, 24 Oct 2017 18:12:25 GMT ', the No. of the access history information table 10 of the storage unit 106 (that is, the Last-Modified column 13 of the access history information table 10). Line 1 is rewritten from the setting registration contents of FIG. FIG. 6 shows an example in which the setting registration contents of the access history information table 10 shown in FIG. 5 are updated with a part of the header part of the newly received “HTTP 200 OK response” and the settings are registered again. FIG.

  Note that the response transmission unit 80 of the access determination function unit 105b checks the content of the response included in the response packet from the determination server 123, and as a result, when the updated file is a response of "dangerous file". As described above, in the sequence Seq10 and the sequence Seq11, the file content of the “HTTP 200 OK response” received this time from the web server 122 is rewritten so as to remove the danger, and then, from the LAN interface 102, the terminal Send to 112. Then, even in such a case, based on the “HTTP 200 OK response” currently received from the web server 122, the file content of the file storage unit 20 of the storage unit 106 is updated by the file storage unit 70 as a “dangerous file”. And store it in the access history information table 10 in the storage unit 106. The setting registration contents of one row are also updated and registered by the access history information table setting registration unit 60.

  However, in some cases, different processing may be performed. That is, for example, when the updated file is a response from the determination server 123 that the file is “dangerous file”, the file content of the “HTTP 200 OK response” is rewritten to remove the danger, and then the LAN Although being transmitted from the interface 102 to the terminal 112, the rewriting of the file content of the file storage unit 20 of the storage unit 106 with the file included in the “HTTP 200 OK response” received this time is stopped. No. of the access history information table 10 in the storage unit 106 The rewriting of the setting registration content of the first row may be stopped, and the setting registration content up to now may be continued.

((Flow of signal when packet relay apparatus 101 does not make inquiry to determination server 123))
Next, there is a case where the same value as the previously specified partial value of the header part of the “HTTP 200 OK response” received this time from the web server 122 is set and registered in the access history information table 10 of the storage unit 106. (That is, the file included in the “HTTP 200 OK response” has not been updated from the file stored in the file storage unit 20 of the storage unit 106), and the determination server 123 An example of the signal flow when it is not necessary to make an inquiry about the contents of the file included in the “HTTP 200 OK response” will be described with reference to the sequence chart of FIG. That is, the same value as the value of the Last-Modified field in the header of the “HTTP 200 OK response” received this time from the web server 122 is stored in the access history information table 10 of the storage unit 106 (that is, the Last-Modified field of the access history information table 10). An example of a signal flow when the signal is registered in the Modified column 13) will be described.

  For example, the update date and time “Fri, 20 Oct 2017 12:26:19 GMT” is registered in the Last-Modified column 13 of the access history information table 10 in FIG. If the same update date and time of 'Fri, 20 Oct 2017 12:26:19 GMT' is also set in the Last-Modified field of the header of the “HTTP 200 OK response” The file update determination unit 40 of the determination function unit 105b determines that the same value as a part of the value of the header part of the “HTTP 200 OK response” received this time is set and registered in the access history information table 10.

  In such a case, the update date and time of the file on the web server 122 is the same as the update date and time of the file stored in the file storage unit 20 of the storage unit 106. Therefore, regarding the file included in the “HTTP 200 OK response” received this time from the web server 122, the value of the update date and time set and registered in the Last-Modified column 13 of the access history information table 10 and the determination server response column 14 It can be determined that the determination result from the determination server 123 registered and set as described above can be applied as it is.

  In the sequence chart of FIG. 4, in response to the “HTTP GET request” transmitted from the terminal 112 to the web server 122 via the packet relay device 101, the packet receiving the “HTTP 200 OK response” from the web server 122 The access determination function unit 105b of the relay apparatus 101 determines that the same value as the previously specified part (Last-Modified field) of the header part of the “HTTP 200 OK response” in the access history information table 10 of the storage unit 106. The operation up to confirming whether or not the setting is registered in the Last-Modified column 13 is exactly the same as the operation of the sequence Seq1 to the sequence Seq4 in the sequence chart of FIG. Therefore, in the sequence chart of FIG. 4, the same sequence numbers as sequence Seq <b> 1 to sequence Seq <b> 4 are added to FIG. 3 to omit redundant description, and the operation after sequence Seq <b> 5 a will be described below.

  As a result of the confirmation in the sequence Seq4 of FIG. 4, a value exactly the same as the value set and registered in the access history information table 10 of the storage unit 106 (ie, the Last-Modified column 13 of the access history information table 10) The file (test1.txt) set in the Last-Modified field of the header part of the “HTTP 200 OK response” received this time from 105a and stored in the file storage unit 20 of the storage unit 106 When the file update determination unit 40 of the access determination function unit 105b determines that the file has not been updated from the above (sequence Seq5a), the following operation is performed.

  That is, in such a case, it is suppressed that the file security determination unit 50 makes an inquiry to the determination server 123, and the file storage unit 70 transmits the file in the file storage unit 20 to the “HTTP 200 OK response” received this time. It also suppresses updating and re-saving with the file included in the file, and furthermore, updating of the setting registration information of the access history information table 10 by the access history information table setting registration unit 60 is also suppressed.

  Then, in the response transmitting unit 80, the response contents already set and registered in the determination server response column 14 of the access history information table 10 of the storage unit 106 (that is, the response content from the determination server 123 regarding the file stored in the file storage unit 20). The content of the file included in the “HTTP 200 OK response” received this time is rewritten according to the response content (response content set and registered in the determination server response field 14) (sequence Seq21). The “HTTP GET request” is transmitted to the terminal 112 that is the transmission source (request for obtaining the file) (sequence Seq22).

  Here, for example, when the response content set and registered in the determination server response column 14 of the access history information table 10 is “secure file”, the “HTTP 200 OK response” received this time from the web server 122 is used. Is transmitted from the LAN interface 102 to the terminal 112 without rewriting the contents of the file included in the file. If the response content set and registered in the determination server response field 14 of the access history information table 10 is “dangerous file”, the response content is included in the “HTTP 200 OK response” received this time from the web server 122. After rewriting the contents of the file so as to remove the danger, the file is transmitted from the LAN interface 102 to the terminal 112.

<Description of Effects of Embodiments of the Present Invention>
As described above in detail, in the present embodiment, the following effects can be obtained.

  In the present embodiment, any one of the terminals 112 and 113 connected to the LAN interface 102 side of the packet relay device 101 that relays a packet, for example, the terminal 112 is connected to the Internet 121 by using the web browser 112a. When the file of the web server 122 is acquired, the following operation is performed, so that the processing load on the packet relay apparatus 101 and the determination server 123 can be reduced.

  That is, the packet relay apparatus 101 first confirms whether or not the file to be obtained by the terminal 112 is already stored in the file storage unit 20 of the storage unit 106 in the packet relay apparatus 101, and the file is stored. In this case, it is next determined whether or not the file on the web server 122 to be acquired has been updated from a file already stored in the file storage unit 20 of the storage unit 106, and the determination result Therefore, it is determined whether or not to make an inquiry regarding the security of the file to the determination server 123, so that the number of times the packet relay apparatus 101 makes an inquiry to the determination server 123 can be reduced. Thus, the traffic between the packet relay device 101 and the determination server 123 can be reduced, and the performance of the packet relay device 101 and the determination server 123 can be improved.

<Another embodiment of the present invention>
Next, another embodiment of the present invention will be described.

  In the above-described embodiment, as shown in FIGS. 5 and 6, the header section for setting and registering one file on the web server 122 in the access history information table 10 of the storage section 106 of the packet relay apparatus 101. Is one (that is, the value set and registered in the Last-Modified column 13 of the access history information table 10). However, the present invention is not limited to such a case.

  For example, assuming a situation in which a file on the web server 122 is rewritten to an unauthorized file and then returns to the original file, as shown in the rows No. 1 and No. 2 in FIG. For one file on the server 122, before and after rewriting to an unauthorized file, a setting column of a part of the header portion of the access history information table 10 (that is, the access history information table Different values may be stored in the 10 Last-Modified fields 13).

  That is, for one file of the web server 122, a part of the value of the header part for specifying the file included in the “HTTP 200 OK response” received this time is stored in the access history information table 10 of the storage unit 106. If the value is different from the registered value, the file included in the “HTTP 200 OK response” received this time overlaps with the file already stored in the file storage unit 20 of the storage unit 106. In order to avoid such a situation, the data may be stored in a newly added form. Then, a part of the value of the header part of the “HTTP 200 OK response” is extracted as information for specifying the newly added and saved file, and a new row (No. .2 line).

  As a result, when one or more files are stored in the file storage unit 20 of the storage unit 106 by the file storage unit 70 for one file on the web server 122, the file storage unit 20 according to the number of files stored in the access history information table 10 of the storage unit 106, a part of the value of the header part of the “HTTP 200 OK response” (that is, the Last- A plurality of values (set and registered in the Modified column 13) are set and registered.

  FIG. 7 shows an example different from FIG. 5 of the access history information table 10 for registering the history of access to the web server 122 from the terminal 112 or the terminal 113 stored in the storage unit 106 of the packet relay apparatus 101 in FIG. FIG. 7 is a table showing an example in which some values of two different header portions are set and registered for one file.

  In the access history information table 10 shown in FIG. 7, as shown in the GET column 11 on the “HTTP GET request” side, for one file “test1.txt”, Last-Modified on the “HTTP 200 OK response” side As shown in column 13, a value indicating the update date and time of “Fri, 20 Oct 2017 12:26:19 GMT” is set and registered in the row of No. 1, and “Sun, 22 Oct 2017 08” in the row of No. 2. : 41: 52 GMT 'indicates an example in which a value indicating an update date and time is set and registered.

  As shown in the judgment server response field 14 of the access history information table 10 in FIG. 7, in the case of a file in which “Fri, 20 Oct 2017 12:26:19 GMT” in the No. 1 row is the update date and time. Indicates that the judgment by the judgment server 123 is a judgment result of “safe file” as a state before being rewritten to an unauthorized file. On the other hand, in the case of a file whose update date is “Sun, 22 Oct 2017 08:41:52 GMT” in the row of No. 2, the determination server 123 determines that the file has been rewritten by an invalid file. Has changed to a judgment result of "dangerous file".

  Next, a description will be given of a different example of a field of a header portion in which information for specifying a file included in the “HTTP 200 OK response” received from the web server 122 is set. In the above-described embodiment, it is determined whether or not the file on the web server 122 is already stored in the file storage unit 20 of the storage unit 106 of the packet relay device 101. The header of the "HTTP 200 OK response" for determining whether the file on the web server 122 has been updated from the file content already stored in the file storage unit 20 of the storage unit 106 of the packet relay apparatus 101. As a partial value (in other words, as a value of a field of a header portion that sets information for specifying a file included in the “HTTP 200 OK response”), the date and time when the file content was last updated (the latest date and time) Update date) was used in the Last-Modified field.

  However, the present invention is not limited to this case, and determines whether or not the file acquired from the web server 122 is already stored in the file storage unit 20 of the storage unit 106 of the packet relay apparatus 101. If the file is included in the “HTTP 200 OK response” received from the web server 122 this time, it is determined whether or not the file included in the “HTTP 200 OK response” has been updated from the stored file, in addition to the header part of the “HTTP 200 OK response”. Alternatively, the determination may be made using the value of the field of.

  For example, as shown in FIG. 8, the value of the ETag field which is an identifier for each file generated by the web server 122, the value of the Content-Length field indicating the size of the file, and the like, are included in the header part of the "HTTP 200 OK response". Using a value other than the Last-Modified field, it is determined whether the file on the web server 122 is stored in the file storage unit 20 of the storage unit 106 of the packet relay apparatus 101, and whether the file is stored. May determine whether or not the content has been updated from the file content already stored.

  FIG. 8 is different from FIGS. 5 and 7 in the access history information table stored in the storage unit 106 of the packet relay apparatus 101 in FIG. 1 and for registering the history of access to the web server 122 from the terminal 112 or the terminal 113. This is a table showing an example, and shows a table example in which an ETag column 15 and a Content-Length column 16 are further added to the “HTTP 200 OK response” side in addition to the Last-Modified column 13.

  In the access history information table 10 illustrated in FIG. 8, whether or not the file acquired from the web server 122 has already been stored in the file storage unit 20 of the storage unit 106 of the packet relay device 101, and whether or not the file has already been stored. In this case, when it is determined whether the file included in the “HTTP 200 OK response” received this time from the web server 122 has been updated from the stored file, the Last-Modified field 13 and the ETag field 15 or the Content-Length column 16, the determination may be made using the value of any one of the columns, or the Last-Modified column 13, the ETag column 15, or the Content-Length column 16 may have more than one. Alternatively, the determination may be made by using the values in the fields of the above or all the fields.

  Focusing on the “HTTP 200 OK response” received this time, the description will be further given. As a part of the value of the header part of the “HTTP 200 OK response” received this time (in other words, included in the “HTTP 200 OK response”) The value of the field that sets the information that identifies the file), the value of the Last-Modified field that sets the latest file update date and time, the value of the Etag field that sets the identifier that identifies the file, and the Content-Length that sets the file size Of the field values, one or more field values may be used.

  Further, according to the present invention, as a part of the header part of the “HTTP 200 OK response” for determining whether or not the file has been updated, the Last-Modified field, the ETag field, and the Content-Length field shown in FIG. The value is not limited to the value, and if it is possible to determine whether or not the file has been updated, the value of the other fields in the header part of the “HTTP 200 OK response” may of course be used. Needless to say.

  The configuration of the preferred embodiment of the present invention has been described above. However, it should be noted that such embodiments are merely examples of the present invention and do not limit the present invention in any way. It will be readily apparent to those skilled in the art that various modifications and changes can be made in accordance with the particular application without departing from the spirit of the invention.

Reference Signs List 10 access history information table 11 GET column 12 Host column 13 Last-Modified column 14 Judgment server response column 15 ETag column 16 Content-Length column 20 File storage unit 30 Saved file presence / absence determination unit 40 File update determination unit 50 File safety determination unit 60 access history information table setting registration unit 70 file storage unit 80 response transmission unit 101 packet relay device 102 LAN interface 103 WAN interface 104 routing unit 105 packet relay device function unit 105a packet analysis unit 105b access determination function unit 106 storage unit 111 LAN side Network 112 Terminal 112a Web browser 113 Terminal 113a Web browser 121 Internet 122 Web server 123 Judgment server

Claims (10)

Relays packets between the terminal and a web server on the Internet,
After transmitting an "HTTP GET request" for requesting acquisition of the file of the web server on the Internet received from the terminal to the Internet, when any packet is returned from the web server, the packet A packet analysis unit that detects that the packet is a “HTTP 200 OK response” packet including the file requested to be obtained from the terminal;
A file storage unit that stores the file included in the “HTTP 200 OK response” received from the web server, and is set as information for specifying the file included in the “HTTP 200 OK response”. Extracting a part of the value specified in advance in the header part of the “HTTP 200 OK response”, and using the extracted part of the value as information for specifying the file stored in the file storage unit. An access history information table for setting and registering as history information of a file previously received and stored in the file storage unit, in association with information specifying the file of the web server obtained and requested by the “HTTP GET request”. Storage unit,
Whether the partial value of the header part of the “HTTP 200 OK response” is set and registered in the access history information table as information for specifying the file previously received and stored in the file storage unit A storage file presence / absence determination unit for determining whether or not
Each time the “HTTP 200 OK response” is received from the web server, the partial value of the header part of the “HTTP 200 OK response” received this time and the file received in the past and stored in the file storage part are specified. A file update determining unit that compares the partial value set and registered in the access history information table as information for determining whether or not the value is the same;
Each time the “HTTP 200 OK response” is received from the web server, it is determined whether the file included in the “HTTP 200 OK response” received this time is a security-safe file or a dangerous file. A file security determination unit that makes an inquiry to a determination server on the Internet having a function and obtains a determination result regarding security security of the file as a response from the determination server;
The request for obtaining the determination result obtained as a response from the determination server and the partial value extracted from the header part of the “HTTP 200 OK response” received this time by the “HTTP GET request” An access history information table setting registration unit for setting and registering in the access history information table in association with information specifying a file of the web server;
A file storage unit for storing the file included in the “HTTP 200 OK response” received this time in the file storage unit;
According to the determination result obtained as a response from the determination server, the content of the file included in the “HTTP 200 OK response” received this time is rewritten, and the source of the “HTTP GET request” is rewritten. A response transmission unit for transmitting to the terminal;
A packet relay device comprising: In the case where the storage file presence / absence determination unit determines that the partial value is set and registered in the access history information table as information for specifying a file received in the past and stored in the file storage unit. hand,
Further, in the file update determination unit, the partial value of the header part of the HTTP 200 OK response received this time includes the access history as information for specifying a file received in the past and stored in the file storage unit. If it is determined that the value is the same as the partial value set and registered in the information table,
With respect to the file included in the “HTTP 200 OK response” received this time, the file security determination unit is inhibited from inquiring the determination server about the security of the file,
In addition, the file storage unit also prevents the file included in the “HTTP 200 OK response” received this time from being stored again in the file storage unit,
The access history information table setting registration unit stores the determination result of the determination server and the partial value extracted from the header part of the “HTTP 200 OK response” received this time in the access history information table. To prevent the settings from being registered again.
The response transmission unit rewrites the content of the file included in the “HTTP 200 OK response” received this time, according to the determination result of the determination server that has already been set and registered in the access history information table. , Transmitting to the terminal of the transmission source of the “HTTP GET request”;
The packet relay device according to claim 1, wherein: In the case where the storage file presence / absence determination unit determines that the partial value is set and registered in the access history information table as information for specifying a file received in the past and stored in the file storage unit. hand,
In the file update determination unit, the partial value of the header part of the “HTTP 200 OK response” received this time is used as information for specifying a file received in the past and stored in the file storage unit. If it is determined that the value is different from the partial value set and registered in the access history information table,
The partial value and the determination result of the determination server, which are set and registered in the access history information table in association with information specifying the file of the web server requested to be acquired by the “HTTP GET request”, The access history information table setting registering unit registers the partial value of the header part of the “HTTP 200 OK response” received this time and the file included in the “HTTP 200 OK response” received this time. In the security judgment unit, the judgment result obtained as a response from the judgment server by making an inquiry about the safety of the file to the judgment server is updated and set and registered again,
In addition, the file storage unit re-saves the file included in the “HTTP 200 OK response” received this time by updating the file previously received and stored in the file storage unit.
According to the determination result of the determination server obtained as a response from the determination server in the file security determination unit with respect to the file included in the “HTTP 200 OK response” received this time, the response transmission unit Rewriting the content of the file included in the “HTTP 200 OK response” received this time, and transmitting the file to the terminal that is the source of the “HTTP GET request”;
The packet relay device according to claim 1 or 2, wherein: The storage file presence / absence determination unit determines that the partial value has not yet been set and registered in the access history information table as information for specifying a file received in the past and stored in the file storage unit. in case of,
The file security judgment unit obtains the judgment result obtained as a response from the judgment server and the partial value extracted from the header part of the “HTTP 200 OK response” received this time by using the access history information. A table setting registration unit that sets and registers in the access history information table in association with information for specifying a file of the web server requested to be acquired by the “HTTP GET request”;
In addition, the file storage unit stores the file included in the “HTTP 200 OK response” received this time in the file storage unit,
According to the determination result of the determination server obtained as a response from the determination server in the file security determination unit with respect to the file included in the “HTTP 200 OK response” received this time, the response transmission unit Rewriting the content of the file included in the “HTTP 200 OK response” received this time, and transmitting the file to the terminal that is the source of the “HTTP GET request”;
4. The packet relay device according to claim 1, wherein: In response to the determination result of the determination server, the response transmission unit rewrites the content of the file included in the “HTTP 200 OK response” received this time, and retransmits the “HTTP GET request”. Regarding the operation to send to the terminal,
If the result of the determination is that the file is dangerous, the content of the file included in the “HTTP 200 OK response” received this time is rewritten so as to remove the risk. The response transmission unit transmits the “HTTP GET request” to the transmission source terminal,
On the other hand, if the result of the determination is that the file is a safe file, the content of the file included in the “HTTP 200 OK response” received this time is not rewritten and the response The transmitting unit transmits the “HTTP GET request” to the terminal that is the transmission source.
The packet relay device according to any one of claims 1 to 4, wherein: As the partial value of the header part of the “HTTP 200 OK response” set and registered in the access history information table, a value of a Last-Modified field for setting the latest file update date and time, and an identifier for identifying the file Use one or more of the values of the Etag field to be set and the Content-Length field to set the file size of the file.
The packet relay device according to claim 1, wherein: As an operation of storing the file included in the “HTTP 200 OK response” in the file storage unit by the file storage unit, one or more files on the web server are stored in the file storage unit. If you save to
As information for specifying each file stored in the file storage unit, a header part of the “HTTP 200 OK response” is stored in the access history information table according to the number of files stored in the file storage unit. Setting and registering a plurality of the partial values of
The packet relay device according to any one of claims 1 to 6, wherein Relays packets between the terminal and a web server on the Internet,
After transmitting an "HTTP GET request" for requesting acquisition of the file of the web server on the Internet received from the terminal to the Internet, when any packet is returned from the web server, the packet Analyzing the packet to detect that the packet is an “HTTP 200 OK response” packet including the file requested to be obtained from the terminal;
The file included in the “HTTP 200 OK response” received from the web server is stored in a file storage unit, and is set as information for specifying the file included in the “HTTP 200 OK response”. Extracting a part of the value previously specified in the header part of the “HTTP 200 OK response”, and using the extracted part of the value as information for specifying the file stored in the file storage unit, A storage step of setting and registering in the access history information table as history information of a file previously received and stored in the file storage unit, in association with information specifying the file of the web server requested to be acquired by the “HTTP GET request” When,
Whether the partial value of the header part of the “HTTP 200 OK response” is set and registered in the access history information table as information for specifying the file previously received and stored in the file storage unit A storage file presence / absence determination step of determining whether or not the storage file exists;
Each time the “HTTP 200 OK response” is received from the web server, the partial value of the header part of the “HTTP 200 OK response” received this time and the file received in the past and stored in the file storage part are specified. A file update determining step of comparing the partial value set and registered in the access history information table as information for determining whether or not the values are the same;
Each time the “HTTP 200 OK response” is received from the web server, it is determined whether the file included in the “HTTP 200 OK response” received this time is a security-safe file or a dangerous file. File security determining step of making an inquiry to a determination server on the Internet having a function and acquiring a determination result regarding security security of the file as a response from the determination server;
The request for obtaining the determination result obtained as a response from the determination server and the partial value extracted from the header part of the “HTTP 200 OK response” received this time by the “HTTP GET request” An access history information table setting registration step of setting and registering in the access history information table in association with information specifying a file of a web server;
A file storing step of storing a file included in the “HTTP 200 OK response” received this time in the file storage unit;
According to the determination result obtained as a response from the determination server, the content of the file included in the “HTTP 200 OK response” received this time is rewritten, and the source of the “HTTP GET request” is rewritten. A response transmission step to be transmitted to the terminal,
A packet relay control method, comprising: In the storage file presence / absence determination step, it is determined that the partial value is set and registered in the access history information table as information for specifying a file received in the past and stored in the file storage unit. hand,
In the file update determination step, the partial value of the header part of the “HTTP 200 OK response” received this time is used as information for specifying a file received in the past and stored in the file storage part. When it is determined that the value is the same as the partial value set and registered in the access history information table,
In regard to the file included in the “HTTP 200 OK response” received this time, the file security determination step suppresses inquiring the determination server about the security of the file in the file security determination step,
Further, by the file saving step, the file included in the “HTTP 200 OK response” received this time is also prevented from being saved again in the file storage unit,
In the access history information table setting registration step, the determination result of the determination server and the partial value extracted from the header part of the “HTTP 200 OK response” received this time are stored in the access history information table. To prevent the settings from being registered again.
According to the determination result of the determination server that has already been set and registered in the access history information table, the response transmission step rewrites the contents of the file included in the “HTTP 200 OK response” received this time. Transmitting the HTTP GET request to the terminal of the transmission source;
The packet relay control method according to claim 8, wherein: A packet relay control in a packet relay device that relays a packet between a terminal and a web server on the Internet is executed by a computer in the packet relay device,
After transmitting an "HTTP GET request" for requesting acquisition of the file of the web server on the Internet received from the terminal to the Internet, when any packet is returned from the web server, the packet A packet analysis function of detecting that the packet is an “HTTP 200 OK response” packet including a file requested to be obtained from the terminal;
A file storage unit that stores the file included in the “HTTP 200 OK response” received from the web server, and is set as information for specifying the file included in the “HTTP 200 OK response”. Extracting a part of the value previously specified in the header part of the “HTTP 200 OK response”, and using the extracted part of the value as information for specifying the file stored in the file storage unit, A storage function for setting and registering in the access history information table as history information of a file previously received and stored in the file storage unit in association with information specifying the file of the web server requested to be acquired by the “HTTP GET request” When,
Whether the partial value of the header part of the “HTTP 200 OK response” is set and registered in the access history information table as information for specifying the file previously received and stored in the file storage unit A stored file presence / absence determination function for determining whether or not
Each time the “HTTP 200 OK response” is received from the web server, the partial value of the header part of the “HTTP 200 OK response” received this time and the file received in the past and stored in the file storage part are specified. A file update determination function of comparing the partial value set and registered in the access history information table as information for determining whether or not the value is the same;
Each time the “HTTP 200 OK response” is received from the web server, it is determined whether the file included in the “HTTP 200 OK response” received this time is a security-safe file or a dangerous file. A file security determination function for making an inquiry to a determination server on the Internet having a function and acquiring a determination result regarding security security of the file as a response from the determination server;
The request for obtaining the determination result obtained as a response from the determination server and the partial value extracted from the header part of the “HTTP 200 OK response” received this time by the “HTTP GET request” An access history information table setting registration function for setting and registering in the access history information table in association with information specifying a file of a web server;
A file saving function for saving a file included in the “HTTP 200 OK response” received this time in the file storage unit;
According to the determination result obtained as a response from the determination server, the content of the file included in the “HTTP 200 OK response” received this time is rewritten, and the source of the “HTTP GET request” is rewritten. A response sending function to send to the terminal,
A packet relay control program characterized by having:

Images