CN101610251B - Information intercepting method and device for predefined keywords - Google Patents
Information intercepting method and device for predefined keywords Download PDFInfo
- Publication number
- CN101610251B CN101610251B CN2009100173194A CN200910017319A CN101610251B CN 101610251 B CN101610251 B CN 101610251B CN 2009100173194 A CN2009100173194 A CN 2009100173194A CN 200910017319 A CN200910017319 A CN 200910017319A CN 101610251 B CN101610251 B CN 101610251B
- Authority
- CN
- China
- Prior art keywords
- client
- keyword
- server
- intercepting
- data flow
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Landscapes
- Computer And Data Communications (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to an information intercepting device running in a bridging mode. The information intercepting device comprises an intercepting device, a data stream processing device and a configuration device, wherein the intercepting device is used for intercepting all data streams; the data stream processing device is connected with the intercepting device and recombines the data streams intercepted by the intercepting device; and the configuration device permits users to set the keywords and template files and configure the device. The invention has the advantages of very perfectly solving the problem of information intercepting, solving http full connection attack popular at present by a built-in acceleration engine and solving the problem of bi-directional intercepting of bad information.
Description
Technical field
The invention belongs to the information intercepting field, specifically is a kind of information intercepting method and equipment of predefined keywords.
Background technology
Transmit information such as pornographic, reaction in the network in order to solve, various information intercepting technology are arisen at the historic moment, like green dam.
Ways of addressing this issue is generally at present:
1. based on the barrier technique (software or hardware) of URL address base (perhaps domain name storehouse) be such as the address of a webpage:
Http:// news.163.com/special/00013FR0/MichaelJosephJackson.ht Ml, news.163.com is exactly a domain name here, and this is a lot of to be URL altogether.This technology is to collect the URL of harmful content or domain name through the mode of manual work, makes a database, soft, this database of hardware inquiry of being used for stopping; See whether the address that will visit matees; If coupling need stop so, should tackle current visit.
2. the barrier technique of content-based analysis (software)
Green dam is exactly a typical case, need on the computer of terminal use's (such as home computer, office computer etc.), monitoring software be installed, and analyzes the source code of browser, carries out the replacement of termination character string.
Above-mentioned technology has following drawback:
1. based on the technology of URL address base, drawback is conspicuous, all has every day thousands of new website to occur, and at least also there are several thousand pages each website, depends on the manual retrieval purely, and workload is too big, cost is too high, and this hysteresis quality is very big.
2. the representative of second kind of technology has been exactly green dam.Through a lot of antivirus softwares, fail-safe software manufacturer test, there are a lot of leaks in green dam; And this thing lets the people dislike very much, and no one hopes monitored; On the performance, bigger to the speed influence of computer, software supervision must have this result who influences performance; And can both see on the network, common people hold the resistance attitude to this thing.
3. existing all technology all are unidirectional, such as enterprises a web server are arranged, and in the enterprise network outlet interception equipment are arranged, and green dam perhaps is installed on the web server.In this network environment, if the web server has Pornograph, be can be by existing software or equipment interception, because software can only be monitored browser, hardware is again unidirectional interception entirely.
Summary of the invention
The object of the invention is exactly to above-mentioned deficiency, a kind of content-based analysis is provided, has not had the information intercepting method and the equipment of the instant intercept information of hysteresis quality.
The invention provides a kind of information intercepting method and equipment of predefined keywords, its method is:
1) iptables (iptables is the IP packet filtration system integrated with linux kernel) is forwarded to blocking apparatus iptables-tnat-A PREROUTING-ix-ptcp--dport 80-j REDIRECT--to-port 8080 with (80 port) packet of accessed web page;
2) data flow is recombinated: the filter instead of client is to the server initiation request, and the content of server response is introduced into filter; This step is different from the mode of prior art: prior art is that packet is accepted one by one; Recombinate according to the built-in sequence number of ICP/IP protocol then; Efficient is lower; And the incorrect situation of the order that occurs lost data packets or packet easily, this then directly transfer in application layer of technology provided by the invention can not lost;
3) data flow is decoded to the variable in the internal memory, the blocking apparatus instead of client obtains the content of server response, deposits in a string variable earlier;
4) keyword that scanning is formulated in the variable of blocking apparatus in internal memory, device can read these keywords when starting, and puts into a character string array of internal memory, if do not have keyword then get into the 5th) step, if keyword arranged then get into the 6th) step;
5) data flow is sent to client, the request of client during this time is in standby mode, and has set up the connection that is called " keeping being connected " with system, only need issue client to content and get final product;
6),, again with the data stream encoding in the internal memory, send to client after then replacing if be configured to alternative patterns according to being configured into line operate; If be the interception pattern, then read template file, with the content encoding of template file, and send to client; Template file also is (perhaps to need) predefine, acquiescence, and the user can oneself revise;
7) visit finishes, and destroys variable simultaneously with releasing memory.
The said the 2nd) step also comprises a buffer step, promptly has an accelerator that web-page requests is cushioned, and alleviates the pressure of server.(1). realize the visit acceleration, can alleviate load of server, also saved bandwidth to server; (2). can significantly improve systematic function, will skip retrieval flow in the same page utmost point short time, improve the performance of system; (3). because have a various attack on the net, buffer step also can head it off, and the protection server can not overload because of huge request amount.
The said the 4th) keyword in the step is the keyword of the needs that in configuration file, define interception.
Realize the information intercepting equipment of the predefined keywords of said method, comprising:
One blocking apparatus is used to tackle all data flow;
One data stream processing device is connected with blocking apparatus, and the data flow of blocking apparatus interception is recombinated;
One inking device lets the user that keyword and template file are set, and equipment is configured.
Information intercepting equipment provided by the invention also comprises an accelerator, is used for web-page requests is cushioned, and alleviates the pressure of server, quickens access speed.
Information intercepting method provided by the invention and equipment have following advantage:
1. the present invention is based on content analysis, does not have hysteresis quality, and visit each time all can be by automatic analysis, and is instant interception, does not have the problem of hysteresis quality.
2. equipment provided by the invention is positioned over network exit; Such as the outlet of data center, the network egress of company etc.; And be to run on " bridge " pattern, in other words, be transparent in network; The terminal use does not also know to have so equipment existence, and information source (server) does not know to have so equipment yet; Because the transmission of network data is to need to pass through the I P address, and this equipment is network bridge mode, so other people can't have access to this equipment, does not also just have the safety issue of self; Equipment self also framework an accelerating engine, not only can not influence access speed, also can quicken; Because transparent, the user does not know have so that a thing exists, let alone dislike and having resisted.
3. two-way interception.This equipment is positioned in the network, gives an example, and between a and b, so no matter a visits the website of b, perhaps the website of b visit a so long as the webpage flow all can be swept one time by analysis engine, as long as flame is arranged, will be tackled.
Therefore, produced following advantage:
1. very perfectly solved the problem of information intercepting.
2. built-in accelerating engine can also solve current trend " http connects entirely " and attack.
3. solved the two-way interception problem of flame.
Embodiment
Further explain, explain the present technique scheme through the execution mode of indefiniteness below.
A kind of information intercepting equipment of predefined keywords comprises:
One blocking apparatus is used to tackle all data flow;
One data stream processing device is connected with blocking apparatus, and the data flow of blocking apparatus interception is recombinated;
One inking device lets the user that keyword and template file are set, and equipment is configured;
One accelerator is used for web-page requests is cushioned, and alleviates the pressure of server, quickens access speed.
Like this, when using, run on network bridge mode, such as, user definition " terror " and " Falun Gong " two speech need to replace, so in the webpage of all these devices of flowing through, these two speech all can be replaced by several " * " number; If need to be set to interception, then all the elements of this webpage can be changed into user-defined template content, such as " this page contains unsuitable content, and visit is under an embargo ".
Specifically, at first begin step 1) iptables (iptables is the IP packet filtration system integrated with linux kernel) (80 port) packet of accessed web page is forwarded to blocking apparatus iptables-t na t-A PREROUTING-ix-p tcp--dport 80-j REDIRECT--to-port 8080.
Get into step 2 then) data flow to be recombinated: the filter instead of client is to the server initiation request, and the content of server response is introduced into filter; This step is different from the mode of prior art: prior art is that packet is accepted one by one; Recombinate according to the built-in sequence number of ICP/IP protocol then; Efficient is lower; And the incorrect situation of the order that occurs lost data packets or packet easily, this then directly transfer in application layer of technology provided by the invention can not lost.And also be provided with an accelerator, be used for web-page requests is cushioned, alleviate the pressure of server.
And then get into step 3) data flow is decoded to the variable in the internal memory, the blocking apparatus instead of client obtains the content of server response, deposits in a string variable earlier.
Get into the keyword (like " terror " in this example and " Falun Gong ") that scanning is formulated in the variable of step 4) blocking apparatus in internal memory; Device can read these keywords when starting; And put into a character string array of internal memory; If do not have keyword then get into the 5th) step, if keyword arranged then get into the 6th) step.
Get into step 5) again data flow is sent to client, the request of client during this time is in standby mode, and has set up the connection that is called " keeping being connected " with system, only need issue client to content and get final product.
And then get into step 6) according to being configured into line operate, if be configured to alternative patterns, again with the data stream encoding in the internal memory, send to client after then replacing; If be the interception pattern, then read template file, with the content encoding of template file, and send to client; Template file also is (perhaps to need) predefine, acquiescence, and the user can oneself revise.
Get into the step 7) visit at last and finish, destroy variable simultaneously with releasing memory.
Claims (2)
1. the information intercepting method of a predefined keywords is characterized in that comprising the steps:
1) the iptables packet that will visit the webpage of 80 ports is forwarded to blocking apparatus;
2) data flow is recombinated: the filter instead of client is to the server initiation request, and the content of server response is introduced into filter; In request process, also be provided with a buffering course, promptly have an accelerator that web-page requests is cushioned, alleviate the pressure of server; The data flow reorganization of this step is transfer in application layer;
3) data flow is decoded to the variable in the internal memory, blocking apparatus is accepted after the client-requested, the instead of client request server, and at this moment blocking apparatus just becomes client, is obtaining the content of server response, deposits in a string variable earlier;
4) keyword that scanning is formulated in the variable of blocking apparatus in internal memory is not if having keyword then get into the 5th) step, if keyword arranged then get into the 6th) step;
5) data flow is sent to client;
6),, again with the data stream encoding in the internal memory, send to client after then replacing if be configured to alternative patterns according to being configured into line operate; If be the interception pattern, then read template file, with the content encoding of template file, and send to client;
7) visit finishes, and destroys variable simultaneously with releasing memory.
2. the information intercepting method of predefined keywords according to claim 1 is characterized in that: the keyword that the keyword in the said the 4th) going on foot is tackled for the needs that in configuration file, define.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2009100173194A CN101610251B (en) | 2009-07-21 | 2009-07-21 | Information intercepting method and device for predefined keywords |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2009100173194A CN101610251B (en) | 2009-07-21 | 2009-07-21 | Information intercepting method and device for predefined keywords |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101610251A CN101610251A (en) | 2009-12-23 |
CN101610251B true CN101610251B (en) | 2012-12-05 |
Family
ID=41483833
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2009100173194A Expired - Fee Related CN101610251B (en) | 2009-07-21 | 2009-07-21 | Information intercepting method and device for predefined keywords |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101610251B (en) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103024243A (en) * | 2011-09-23 | 2013-04-03 | 夏森林 | Photographic facsimile system |
CN103973817A (en) * | 2014-05-29 | 2014-08-06 | 上海斐讯数据通信技术有限公司 | System and method for shielding information push of internet |
CN105516073B (en) * | 2014-10-20 | 2018-12-25 | 中国银联股份有限公司 | Network intrusion prevention method |
CN105812417B (en) * | 2014-12-29 | 2019-05-03 | 国基电子(上海)有限公司 | Remote server, router and bad webpage information filtering method |
CN110262787B (en) * | 2019-06-21 | 2022-12-13 | 北京搜房科技发展有限公司 | Statement replacement method and device and electronic equipment |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101175013A (en) * | 2006-11-03 | 2008-05-07 | 飞塔信息科技(北京)有限公司 | Method, network system and proxy server for preventing denial of service attack |
EP2034678A1 (en) * | 2007-09-05 | 2009-03-11 | CVON Innovations Ltd | Systems, methods, network elements and applications for modifying messages |
CN101415159A (en) * | 2008-12-02 | 2009-04-22 | 腾讯科技(深圳)有限公司 | Method and apparatus for intercepting junk mail |
-
2009
- 2009-07-21 CN CN2009100173194A patent/CN101610251B/en not_active Expired - Fee Related
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101175013A (en) * | 2006-11-03 | 2008-05-07 | 飞塔信息科技(北京)有限公司 | Method, network system and proxy server for preventing denial of service attack |
EP2034678A1 (en) * | 2007-09-05 | 2009-03-11 | CVON Innovations Ltd | Systems, methods, network elements and applications for modifying messages |
CN101415159A (en) * | 2008-12-02 | 2009-04-22 | 腾讯科技(深圳)有限公司 | Method and apparatus for intercepting junk mail |
Also Published As
Publication number | Publication date |
---|---|
CN101610251A (en) | 2009-12-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101610251B (en) | Information intercepting method and device for predefined keywords | |
CN102724189B (en) | A kind of method and device controlling user URL access | |
CN102239673B (en) | Method and system for profiling data traffic in telecommunications networks | |
CN1262940C (en) | Equipment and method for providing global session persistence | |
US20140280859A1 (en) | Sharing control system and method for network resources download information | |
CN101540734A (en) | Method, system and device for accessing Cookie by crossing domain names | |
CN103581363A (en) | Method and device for controlling baleful domain name and illegal access | |
CN101610294A (en) | A kind of method of utilizing intelligent DNS to improve website visiting speed | |
CN112333290A (en) | Data access control method, device, storage medium and content distribution network system | |
CN102624918A (en) | Proxy access method based on URL (Uniform Resource Locator) rewriting technique | |
CN1700682A (en) | Virtual domain name resolution proxy method and system | |
CN103269313A (en) | Method for achieving embedded linux home gateway captive portal | |
KR100723657B1 (en) | Method for admitting or intercepting selectively an access to internet by users using private IP | |
CN101932134A (en) | Web management based ratio data card and implementing method thereof | |
CN105516744A (en) | Smart TV accessing method and smart TV accessing system | |
CN1152517C (en) | Method of guarding network attack | |
de Bruijn et al. | Application-tailored I/O with Streamline | |
CN102510386B (en) | Distributed attack prevention method and device | |
CN105959248B (en) | The method and device of message access control | |
CN116668191B (en) | Internet of things application virtual gateway with data encryption convergence function | |
CN104852997B (en) | Method for processing network address, server and computer readable storage medium | |
CN201114172Y (en) | Enterprise united portal device | |
RU84598U1 (en) | INTERNET NETWORK REQUEST FORWARDING SYSTEM | |
CN101350810A (en) | Url filtrating base on authentication user set | |
CN1181645C (en) | Control method of network access of user to log on |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
C17 | Cessation of patent right | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20121205 Termination date: 20130721 |