CN101651712B - HTTP network access achieving device based on serial port communication - Google Patents
HTTP network access achieving device based on serial port communication Download PDFInfo
- Publication number
- CN101651712B CN101651712B CN2009100925887A CN200910092588A CN101651712B CN 101651712 B CN101651712 B CN 101651712B CN 2009100925887 A CN2009100925887 A CN 2009100925887A CN 200910092588 A CN200910092588 A CN 200910092588A CN 101651712 B CN101651712 B CN 101651712B
- Authority
- CN
- China
- Prior art keywords
- response message
- http
- request message
- acting server
- privately owned
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention relates to an HTTP network access achieving device based on serial port communication, belonging to the technical field of information security. The invention solves the problem that a plurality of potential safety hazards still exist under the traditional protection mode. The HTTP network access achieving device comprises a proxy server 1 and a proxy server 2 which are connected by using a serial port; the proxy server 1 comprises the following functional modules: an HTTP request receiving module, a request message transmitting module, a response message receiving module, a response message extracting module and an HTTP response transmitting module; the proxy server 2 comprises the following functional modules: a request message receiving module, a request message processing module, an HTTP processing module, a response message converting module and a response message transmitting module; and the proxy server 1 and the proxy server 2 are connected by the serial port and follow private communication protocol specifications. The invention ensures that a protected computer is isolated with a network and can access an external network while being isolated with the network, and is used for promoting the security of the protected computer.
Description
Technical field
The present invention relates to acting server, gateway, network communication protocol, computer program, relate in particular to the mutual switching network visit implement device of universal network communication agreement and privately owned communication protocol, belong to information security field.
Background technology
Along with informationalized high speed development, computer network has become the important component part of human daily life, in this safety problem of when using network, being brought simultaneously, causes people's extensive concern.How solving private network and when inserting public network, should visit the safety that public network guarantees private network again, promptly resist from the virus of public network and hacker's attack, is a urgent problem demanding prompt solution.Utilize existing technology can't well resist the attack to private network from computer virus and hacker.The main cause that produces this problem is that private network and public network all are to utilize a universal network communication agreement to be connected; And the universal network communication agreement can be obtained and studied by any tissue or individual as a kind of disclosed standard easily, and this also attacks the condition that provides for illegal person simultaneously.Therefore, as a bridge joint, private network and public network are coupled together, can visit public network, can guarantee that again private network is not because of suffering various attack with public network is interconnected thereby reach the private network user through a private network agreement.
Summary of the invention
The object of the present invention is to provide the secure network access implement device of a kind of private network to public network; This invention is made up of three parts altogether: according to the Internet standard insert private network acting server 1, according to the Internet standard insert public network acting server 2, be used for the serial port of communicating by letter between acting server 1 and the acting server 2, its structure is as shown in Figure 1.Its purpose is, when realizing using user in the private network of Internet agreement to utilize existing web browser secure access public network, guarantees that again private network does not receive the threat from the various unsafe factors of public network, like virus, hacker's attack.
For realizing above-mentioned functions, acting server 1 comprises following functional module:
HTTP asks receiver module, and function is for receiving and respond the standard HTTP request message that the user is sent to acting server 1 according to standard http protocol standard; Convert standard HTTP request message into privately owned request message.
The request message sending module, function is for to send privately owned request message through serial port.
The response message receiver module, function is for to receive privately owned response message through serial port.
Response message extraction module, function are from privately owned response message, to extract standard http response message content.
Http response sending module, function are to send standard http response message according to standard http protocol standard to give the user.
Acting server 2 comprises following functional module:
The request message receiver module, function is for to receive privately owned request message through serial port.
Request message processing module, function are from privately owned request message, to extract standard HTTP request message content.
HTTP processing module, function are the WWW website in transmission standard HTTP request message to the public network, the WWW website acceptance criteria http response message from public network.
The response message modular converter, function is for to convert standard http response message into privately owned response message.
The response message sending module, function is for to send privately owned response message through serial port.
For realizing the foregoing invention purpose; Acting server 1 converts standard HTTP request into the process of privately owned request message; Acting server 1 converts privately owned response message into the process of standard http response message; Acting server 2 converts privately owned request message the process of standard HTTP request message into, and acting server 2 converts standard http response message into the process of using serial port to communicate according to privately owned communication protocol between process and the acting server 1 and the acting server 2 of privately owned response message.
The present invention has following effect: use serial port to connect acting server 1 and acting server 2; Mutual conversion in acting server 1,2 enterprising column criterion http protocols and privately owned communication protocol; And adopt privately owned communication protocol specifications to carry out the communication of 1,2 of acting servers; Make that the private network and the public network of use universal network communication agreement are isolated, and then make the assailant in the public network can't invade private network, improved the fail safe of private network.Adopt online agency's mechanism; Make the user as long as use browser just can use this method access site to need not to change any software arrangements through in webpage, submitting network address to; Saved the process of client exploitation, maintenance and upgrading, the deployment of this programme is very simple for the configuration of traditional firewall or gateway with configuration.
Description of drawings
Fig. 1 secure network cut-in method topological diagram
Fig. 2 acting server 1, acting server 2 serial port connected modes
The information flow chart of Fig. 3 secure network cut-in method, wherein the numeral in the circle is corresponding to the information flow step
The privately owned request message data format of Fig. 4
The privately owned response message data format of Fig. 5
Embodiment
Couple together through a RS-232 cable between the serial port of acting server 1 and acting server 2; As shown in Figure 2, the serial interface cable line adopts three-wire system, uses and sends data wire (TxD), receives data wire (RxD) and three holding wires of signal ground; Sending data wire links to each other with the reception data wire; Intersected with each other, the signal ground correspondence is joined, and serial port adopts full-duplex communication mechanism.Use privately owned communication protocol specifications to communicate between acting server 1 and the acting server 2 and played the effect of isolating private network and public network.Therefore, the present invention can be used for preventing that assailant in the public network to the invasion of private network, preventing the leakage of confidential information in the private network.For ensureing that the private network information security provides a kind of solution with independent intellectual property right.
Information flow
It is as shown in Figure 3 that user in the private network carries out the information flow of HTTP visit, and step is:
1, before the communication beginning; Start acting server 1, start acting server 2; Before opening acting server 1 and acting server 2 interconnective serial ports, the serial port communications parameter of acting server 1 and acting server 2 is provided with following setting: baud rate: 9600 byte per seconds; Data bit: 8; Check digit: do not have; Position of rest: 1.When opening the interconnective serial port of acting server 1 and acting server 2, the waiting-timeout time when serial port being set receiving data is 200 seconds.
2, communication beginning, acting server 1 at first receives the standard HTTP request message that the user asks start page.Wherein, user's request mode is: the IP address of input acting server 1 and the title and the extension name thereof of start page in browser address bar.Example:
Http: // 10.0.0.1/example.htm
After acting server 1 is received the standard HTTP request message of user to start page; Return to a standard http response of the user message in the private network according to the standard http protocol, the response entity (BODY) in the standard http response message is the start page that the user asked in the private network.User in the private network need import the WWW website network address that will visit in the address box in start page, and after the click on submission button, the user's in the private network web browser forms standard HTTP request message and is sent to acting server 1.Acting server 1 extracts required parameter from this standard HTTP request message, parameter comprises URL (URL), requesting method (METHOD), request resource position (URI) and Hostname (HOST).Above-mentioned parameter according to privately owned communication protocol predetermined data form such as Fig. 4, is constituted privately owned request message, give the sending module of the request message on the acting server 1 privately owned request message.Wherein, Hostname (HOST) is to confirm like this:
A) the WWW website of submitting to from start page for visit; To comprise a request address parameter in the standard HTTP request message; Parameter value by the URL (URL) of request WWW website; Acting server 1 is isolated host name (HOST) and is claimed the Hostname (HOST) in the original standard HTTP request message of replacement when generating request message from this URL (URL).Acting server 1 will be preserved this Hostname (HOST), submit the URL (URL) of another WWW website to up to the user;
B) for the relative address link in any webpage of visit, acting server 1 uses the Hostname of preserving (HOST) as the Hostname (HOST) in will asking;
C) for the absolute address` link in any webpage of visit; The address of absolute address` in webpage link is set to the value of the request address parameter that acting server 1 received in acting server 2 converts standard http response message into the process of privately owned response message; Visiting this absolute address` link is equivalent to acting server 1 is submitted to as the value of request address parameter in the address of this absolute address` link; Acting server 1 is separation host title (HOST) and request resource position (URI) from this parameter, with isolated Hostname (HOST) as the Hostname that will ask (HOST).
The building method of privately owned request message is following: use the beginning and the end of " < START>", " < END>" privately owned request message of mark, the use newline is distinguished different required parameters territory, the usage level tab is distinguished parameters different in the same parameter field.The parameter name that request is associated in the header field and parameter value with ' ' link to each other.URL (URL) is contained in request address territory among Fig. 4 with request resource position (URI), and requesting method (METHOD) is contained in requesting party's legal order among Fig. 4, and Hostname (HOST) is contained in and asks header field among Fig. 4.
3, the request message sending module on the acting server 1 is sent to acting server 2 with privately owned request message.During transmission, send according to the size of one time 16 byte.That is, data to be sent are divided into the data block of some 16 bytes, and the part of last less than 16 bytes is according to himself big or small composition data piece.Data block of every transmission; Transmitting terminal adds short a delay of 0.22 second; With the data that guarantee that receiving terminal has the time enough correct handling to receive, the data block that is divided into 16 bytes or following size is in order to guarantee the accuracy in the transmission course, can to obtain the short transmission time simultaneously.The probability that sends the big more loading error occurring of data block much larger than the size of sending data block owing to the baud rate of serial ports is high more, is inversely proportional to so send the size and the transmission time of byte, is directly proportional with the error rate.Every send to accomplish after, transmitting terminal empties the output stream of serial ports, prevents that receiving terminal from receiving repeating data.Above-mentioned port receives the waiting-timeout time and the short setting that postpones of data, in the time of can also making the recipient adopt serial port action listener model serious data does not take place and loses phenomenon.
4, the request message receiver module on the acting server 2 receives privately owned request message and gives the request message processing module with it and handle.Method of reseptance is following: when receiving privately owned request message, adopt serial port action listener model, promptly when the data arrives serial port, the fetch program starts, the beginning reading of data.Adopting the benefit of action listener model is that with respect to the common polling mechanism that adopts, the action listener mode can effectively reduce program taking resource for computer system.The problem of action listener model obliterated data can receive the waiting-timeout time of data and provide delay to solve at transmitting terminal by increasing port.During reception, use the buffer stopper of 16 bytes to receive data.The maximum length that transmitting terminal once sends data need be equal to or less than the maximum length that receiving terminal once receives data.Data block of every reception is just spliced with the data of receiving before, except first data block, is reduced into privately owned request message at last;
5, the request message processing module on the acting server 2 is extracted URL (URL), requesting method (METHOD), request resource position (URI) and Hostname (HOST) according to the regulation of privately owned communication protocol from privately owned request message.Give the HTTP on the acting server 2 processing module with the URL that obtains (URL), requesting method (METHOD), request resource position (URI) and Hostname (HOST).Privately owned request message data format such as Fig. 4, URL (URL) is contained in request address territory among Fig. 4 with request resource position (URI), and requesting method (METHOD) is contained in requesting party's legal order among Fig. 4, and Hostname (HOST) is contained in and asks header field among Fig. 4.
6, the HTTP processing module on the acting server 2 is that parameter constitutes standard HTTP request message with URL (URL), requesting method (METHOD), request resource position (URI) and the Hostname of receiving (HOST), sets up with the WWW website of this Hostname (HOST) indication that standard HTTP is connected and the standard HTTP request message of formation is sent to this WWW website.
7, the HTTP processing module acceptance criteria http response message on the acting server 2 extracts responsive state (STATUS), response entity type (MIME-TYPE) and response entity (BODY) and gives the modular converter of the response message on the acting server 2 from the standard http response message that receives.Wherein, need do following processing to response entity (BODY): whether the response entity in the criterion http response message is webpage.If not, directly give the module processing of the response message on the acting server 2 with standard http response message; If, be the value of the request address parameter that received of acting server 1 earlier with the address setting in the link of the absolute address` in the webpage, give the module processing of the response message on the acting server 2 with amended standard http response message again.The method that the request address parameter is set is to utilize the mechanism that allows in the standard http protocol to transmit the html web page parameter through URL (URL) to accomplish, and is as follows:
If the absolute address` in the former link is: [absolute address`], then
Is amended chained address: [acting server 1 address]? [request address parameter name]=[absolute address`];
Wherein, [acting server 1 address] is to be made up of the IP address of acting server 1, the title and the extension name thereof of start page, and this webpage is used to transmit the request address parameter and gives acting server 1.
8, the response message modular converter on the acting server 2 constitutes privately owned response message with the responsive state of receiving (STATUS), response entity type (MIME-TYPE) and response entity (BODY), gives the sending module of the response message on the acting server 2 with privately owned response message.Privately owned response message building method is following: use the beginning and the end of " < START>", " < END>" privately owned corresponding message of mark; Use " SEND " mark responsive state territory finishes, uses the beginning and the end of " HEADERS ", " HEND " mark response header field, use " BODY " beginning of mark response entity.Use " < TAG>" to separate different parameter in the response header field, the parameter name that is associated in the response header field and parameter value with ' ' link to each other.Privately owned response message data format such as Fig. 5, responsive state (STATUS) is contained in responsive state territory among Fig. 5, and response entity type (MIME-TYPE) is contained in and responds header field among Fig. 5, and response entity (BODY) is contained in and responds entity domains among Fig. 5.
9, the response message sending module on the acting server 2 is sent to acting server 1 with privately owned response message.During transmission, send according to the size of one time 16 byte.That is, data to be sent are divided into the data block of some 16 bytes, and the part of last less than 16 bytes is according to himself big or small composition data piece.Data block of every transmission; Transmitting terminal adds short a delay of 0.22 second; With the data that guarantee that receiving terminal has the time enough correct handling to receive, the data block that is divided into 16 bytes or following size is in order to guarantee the accuracy in the transmission course, can to obtain the short transmission time simultaneously.The probability that sends the big more loading error occurring of data block much larger than the size of sending data block owing to the baud rate of serial ports is high more, is inversely proportional to so send the size and the transmission time of byte, is directly proportional with the error rate.Every send to accomplish after, transmitting terminal empties the output stream of serial ports, prevents that receiving terminal from receiving repeating data.Above-mentioned port receives the waiting-timeout time and the short setting that postpones of data, in the time of can also making the recipient adopt serial port action listener model serious data does not take place and loses phenomenon.
10, the response message receiver module on the acting server 1 receives privately owned response message and gives the response message extraction module with it and handle.Method of reseptance is following: when receiving privately owned response message, adopt serial port action listener model, promptly when the data arrives serial port, the fetch program starts, the beginning reading of data.Adopting the benefit of action listener model is that with respect to the common polling mechanism that adopts, the action listener mode can effectively reduce program taking resource for computer system.The problem of action listener model obliterated data can receive the waiting-timeout time of data and provide delay to solve at transmitting terminal by increasing port.During reception, use the buffer stopper of 16 bytes to receive data.The maximum length that transmitting terminal once sends data need be equal to or less than the maximum length that receiving terminal once receives data.Data block of every reception is just spliced with the data of receiving before, except first data block, is reduced into privately owned request message at last;
11, the response message extraction module on the acting server 1 is according to the regulation of privately owned communication protocol; From privately owned response message, extract responsive state (STATUS), response contents type (MIME-TYPE) and response entity (BODY) formation standard http response message and give the sending module of the http response on the acting server 1, return the user in this standard http response message to private network by the http response sending module.Wherein, privately owned response message data format such as Fig. 5, responsive state (STATUS) is contained in responsive state territory among Fig. 5, and response entity type (MIME-TYPE) is contained in and responds header field among Fig. 5, and response entity (BODY) is contained in and responds entity domains among Fig. 5.
The present invention has following effect: use serial port to connect acting server 1 and acting server 2; Mutual conversion in acting server 1,2 enterprising column criterion http protocols and privately owned communication protocol; And adopt privately owned communication protocol specifications to carry out the communication of 1,2 of acting servers; Make that the private network and the public network of use universal network communication agreement are isolated, and then make the assailant in the public network can't invade private network, improved the fail safe of private network.Adopt online agency's mechanism; Make the user as long as use browser just can use this method access site to need not to change any software arrangements through in webpage, submitting network address to; Saved the process of client exploitation, maintenance and upgrading, the deployment of this programme is very simple for the configuration of traditional firewall or gateway with configuration.
Obtaining greater security is cost with the response time; Setting according to serial port; The net rate that serial port sends and receives is 9600 bps both 1200 byte per seconds; Because the delay of adding when sending: every transmission 16 bytes are waited for 220 milliseconds, and the webpage of visit size about one 40000 byte needed about 138 seconds time, and this time promptly asks to receive the time of response from client computer transmission HTTP.For the applied environment of safety first, this time-delay is an acceptable.This response time is to draw according to concrete hardware environment condition.Being configured to of experimental machine: central processing unit (CPU): AMD double-core 1.9GHz, internal memory (RAM) size: 2G.If use the stronger main frame of disposal ability, can reduce the delay that serial port sends data, thereby reduce total response time.
Claims (1)
1. based on the HTTP network access achieving device of serial communication; It is characterized in that; This device comprise according to the Internet standard insert private network acting server 1, according to the Internet standard insert public network acting server 2, be used for the serial port of communication between acting server 1 and the acting server 2
Acting server 1 comprises following functional module:
HTTP asks receiver module, and function is for receiving and respond the standard HTTP request message that the user is sent to acting server 1 according to standard http protocol standard; Convert standard HTTP request message into privately owned request message;
The request message sending module, function is for to send privately owned request message through serial port;
The response message receiver module, function is for to receive privately owned response message through serial port;
Response message extraction module, function are from privately owned response message, to extract standard http response message content;
Http response sending module, function are to send standard http response message according to standard http protocol standard to give the user;
Acting server 2 comprises following functional module:
The request message receiver module, function is for to receive privately owned request message through serial port;
Request message processing module, function are from privately owned request message, to extract standard HTTP request message content;
HTTP processing module, function are the WWW website in transmission standard HTTP request message to the public network, the WWW website acceptance criteria http response message from public network;
The response message modular converter, function is for to convert standard http response message into privately owned response message;
The response message sending module, function is for to send privately owned response message through serial port.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100925887A CN101651712B (en) | 2009-09-11 | 2009-09-11 | HTTP network access achieving device based on serial port communication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100925887A CN101651712B (en) | 2009-09-11 | 2009-09-11 | HTTP network access achieving device based on serial port communication |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101651712A CN101651712A (en) | 2010-02-17 |
| CN101651712B true CN101651712B (en) | 2012-02-22 |
Family
ID=41673817
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009100925887A Expired - Fee Related CN101651712B (en) | 2009-09-11 | 2009-09-11 | HTTP network access achieving device based on serial port communication |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101651712B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103607454B (en) * | 2013-11-20 | 2017-03-08 | Tcl通讯(宁波)有限公司 | The method that android system browser arranges privately owned proxy server |
| CN112995291B (en) * | 2021-02-05 | 2023-02-21 | 厦门市美亚柏科信息股份有限公司 | HTTP message collection method based on proxy, terminal equipment and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1708973A (en) * | 2002-12-13 | 2005-12-14 | 艾利森电话股份有限公司 | Error messaging method in HTTP based communication systems |
| CN201550142U (en) * | 2009-09-11 | 2010-08-11 | 北京工业大学 | HTTP network access realizing system based on serial communication |
-
2009
- 2009-09-11 CN CN2009100925887A patent/CN101651712B/en not_active Expired - Fee Related
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1708973A (en) * | 2002-12-13 | 2005-12-14 | 艾利森电话股份有限公司 | Error messaging method in HTTP based communication systems |
| CN201550142U (en) * | 2009-09-11 | 2010-08-11 | 北京工业大学 | HTTP network access realizing system based on serial communication |
Non-Patent Citations (1)
| Title |
|---|
| 蔡永泉等.远程在线实验平台的安全性分析与改进.《北京工业大学学报》.2006,第461-466页. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101651712A (en) | 2010-02-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101651711B (en) | HTTP network access achieving method based on serial communication | |
| CN102474447B (en) | Data transfer device, data transfer method, and data transfer system | |
| US20090044005A1 (en) | Unauthorized communication detection method | |
| CN103108037B (en) | A kind of communication means, Web server and Web communication system | |
| CN101771695A (en) | Transmission control protocol (TCP) connection processing method and system and synchronization (SYN) agent equipment | |
| JP6444988B2 (en) | Communication system using HTTP | |
| US8490173B2 (en) | Unauthorized communication detection method | |
| US20060195589A1 (en) | Method and system for avoiding an unintentional time-out for communications in a client-proxy-server environment | |
| CN107632988A (en) | Browser voice method of sending and receiving, device and voice inter-speaking system | |
| CN101651712B (en) | HTTP network access achieving device based on serial port communication | |
| CN102202071A (en) | Microsoft service network (MSN)-based network video monitoring method and system | |
| US20030037102A1 (en) | Message broker | |
| CN202094935U (en) | Dynamic IP network based remote switch signal control system | |
| CN102075592B (en) | Method for screening DNS (Domain Name System) request | |
| CN101167331B (en) | Method, system and device for transferring network event log protocol message | |
| CN201550142U (en) | HTTP network access realizing system based on serial communication | |
| AU2002361965A8 (en) | Browser-enabled communication system and client and server for one such communication system | |
| CN109474678A (en) | A kind of information transferring method and device | |
| CN104735075B (en) | A kind of bandwidth amplification attack leak detection method based on Web server | |
| CN106487819B (en) | A kind of method and apparatus that HTTP request is acted on behalf of by UDP | |
| KR101269552B1 (en) | Method and apparatus for denial of service detection against incomplete get request of http | |
| CN103944962A (en) | Method for Web server information hiding and gateway equipment | |
| CN105812416B (en) | The method and system of file is transmitted between heterogeneous networks | |
| CN105763583A (en) | Method and system for communication with PHP process | |
| CN106131060A (en) | Utilize the tcp/ip communication control method of SYN bag manipulative communications deception track |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120222 Termination date: 20120911 |