CN103209135A - Hyper text transport protocol (HTTP) data flow control method based on linux platform - Google Patents
Hyper text transport protocol (HTTP) data flow control method based on linux platform Download PDFInfo
- Publication number
- CN103209135A CN103209135A CN2013101596455A CN201310159645A CN103209135A CN 103209135 A CN103209135 A CN 103209135A CN 2013101596455 A CN2013101596455 A CN 2013101596455A CN 201310159645 A CN201310159645 A CN 201310159645A CN 103209135 A CN103209135 A CN 103209135A
- Authority
- CN
- China
- Prior art keywords
- http
- message
- request
- url address
- address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to the field for monitoring and controlling the network communication through a network access device, and in particular relates to a hyper text transport protocol (HTTP) data flow control method based on a linux platform. The method comprises the following steps of detecting whether the HTTP kernel detection module is forbidden or not at the moment; detecting whether a message received from a network interface is a HTTP request message or not; extracting a request uniform resource locator (URL) address of the current HTTP request message, and comparing the extracted request URL address with the content configured by a user to filter the URL address; when the request URL address conforms to a filter rule, resetting a transmission control protocol (TCP) head, arranging fin at 1, exchanging a multi-access computer (MAC) address and an internet protocol (IP) address as well as a source port and a target port, deleting the HTTP content of an application layer, and recalculating characteristics of the data message such as a TCP sequence number. The control method has wide application range, is convenient to implement and has a positive effect on improving the internet surfing environment and purifying the network information content; and only a filter or reoriented condition in a character string form only needs to be provided on the aspect of the configuration, and a good application effect can be realized even under the background that the user does not have corresponding professional knowledge.
Description
Technical field
The present invention relates to network access equipment to supervision and the control field of network service, relate in particular to a kind of control method of changeing based on the http traffic of linux platform.
Background technology
The rule of communication mutually between http protocol (the hypertext transport protocol) browser that has been a kind of specified in more detail and the Web server transmits the data transfer protocol of web documents by the internet.It allows the HTML(Hypertext Markup Language) document is sent to Web browser from Web server.HTML is a kind of for the SGML of creating document, and these documents cover the link of relevant information.Agreement promoter can click a link and visit other document, image or multimedia object, and obtains the additional information about linked terms, and HTTP is operated on the Transmission Control Protocol in the ICP/IP protocol system.That use among the WWW now is HTTP/1.1, and it is to be formulated in June nineteen ninety by RFCs (Requests for comments).Wherein defined the different operating mode that eight kinds of methods (also crying " action " sometimes) show the resource of Request-URI appointment in the HTTP/1.1 agreement altogether, what use when wherein the user asks resource link on the World Wide Web (WWW) is the 6ET method, GET represents to send request to specific resource, and the parameter of GET method comprises Object linking.
Along with Internet development, and the growth of home communications broadband services, people can be linked into the Internet by various terminals anywhere or anytime, arbitraryly browse various interested information.Meanwhile because the unified supervision of the poor information of internet world, various illegal, harmful information is full of wherein, makes the netizen hard to guard against.Especially fangle is full of curious teenager, how to ensure that the teenager is not provided the environment of a good useful study information by the murder by poisoning of the junk information on the Internet for them, development for network access equipment will be a kind of challenge especially of a kind of opportunity, if network access equipment can be accomplished to carry out control in information request source, thereby then can the linking request that major part is illegal do the isolation filtration or redirect to better directs network user of green useful information channel, can see and safeguard good " network order ", be that equipment is stable, easy-to-use rigid demand.
How effectively isolating illegal harmful network information, protect netizen's legitimate rights and interests, reach the effect of green internet, is the urgent technical barrier that need solve in the actual life.
Summary of the invention
The object of the present invention is to provide a kind of control method of changeing based on the http traffic of linux platform, solve present effectively procuratorial work of network, filtration and redirected problem.
For addressing the above problem, the technical solution used in the present invention is:
A kind of http traffic based on the linux platform changes control method, it is characterized in that may further comprise the steps:
Step 1 is loaded corresponding linux operating system;
The network interface that step 2, initialization apparatus are used for receiving message and send message;
Step 3 is enabled HTTP data kernel detection module and application layer configuration module;
Step 4 detects the current HTTP kernel detection module of whether forbidding, if forbidding then carry out step 5 not;
Step 5: detect to receive from network interface whether message is the HTTP request message, if the HTTP request message then carries out step 6;
Step 6: extract current HTTP request message the request URL address and with the configurating filtered URL address contents of user relatively, if described request URL address is configured or is configured to filter then carries out step 7;
Step 7: institute request URL address meets the filtering rule configuration, then TCP RST and FIN are put 1 and exchange MAC Address, IP address and source/destination interface, deletion application layer HTTP content, recomputate the TCP sequence number of data message, recomputate TCP head check and and the check of IP head and, re-constructing TCP conversation end message, and the network interface by the reception sources request message sends out the message of structure, to finish this http session, then carry out step 5.
Further technical scheme is, in the described step 4, detects and currently whether forbids HTTP kernel detection module, and testing process stops if forbid then.
Further technical scheme is, in the described step 6, if described request URL address is not configured or is configured to not filter then direct execution in step eight, described step 8: extract the request URL address of current HTTP request message and dispose the Redirect URL content relatively with the user, carry out step 5 if this request URL address is not configured or is configured to not be redirected.
Further technical scheme is, in the described step 8, if this request URL address is configured or disposes not to be not to be redirected then to carry out step 9, described step 9: institute request URL address meets is redirected the rule configuration, exchange MAC Address, the IP address, and source/destination interface, upgrading the application layer content is 302 re-direction of content of http protocol, wherein re-direction of content comprises redirected URL address, recomputate the TCP sequence number of data message, recomputate TCP head check and and the check of IP head and, construct HTTP request redirection message with this, and the network interface by the reception sources request message sends out the message of structure, to reach this HTTP request is redirected, carries out step 5 again.
The beneficial effect that adopts technique scheme to produce is: it is wide that the present invention is suitable for platform, be convenient to implement, for improving the online environment, purify network information content positive role is arranged, because the crucial procuratorial work parameter of present technique is the known network URL of daily netizen address, so filtration or the redirected condition of character string forms only need be provided aspect configuration, even do not possess user itself under the background of corresponding professional knowledge good effect not arranged all.Be applicable to the popularization on a large scale of network access equipment.
Description of drawings
Fig. 1 is a kind of schematic flow sheet that changes control method based on the http traffic of linux platform of the present invention.
Embodiment
In order to make purpose of the present invention, technical scheme and advantage clearer, below in conjunction with embodiment, the present invention is further elaborated.Should be appreciated that specific embodiment described herein only in order to explaining the present invention, and be not used in restriction the present invention.
According to the invention also discloses an a kind of embodiment who changes control method based on the http traffic of linux platform:
A kind of http traffic based on the linux platform changes control method, may further comprise the steps:
Step 1 is loaded corresponding linux operating system;
The network interface that step 2, initialization apparatus are used for receiving message and send message;
Step 3 is enabled HTTP data kernel detection module and application layer configuration module;
Step 4 detects the current HTTP kernel detection module of whether forbidding, if forbidding then carry out step 5 not;
Step 5: detect to receive from network interface whether message is the HTTP request message, if the HTTP request message then carries out step 6;
Step 6: extract current HTTP request message the request URL address and with the configurating filtered URL address contents of user relatively, if described request URL address is configured or is configured to filter then carries out step 7;
Step 7: institute request URL address meets the filtering rule configuration, then TCP RST and FIN are put 1 and exchange MAC Address, IP address and source/destination interface, deletion application layer HTTP content, recomputate the TCP sequence number of data message, recomputate TCP head check and and the check of IP head and, re-constructing TCP conversation end message, and the network interface by the reception sources request message sends out the message of structure, to finish this http session, then carry out step 5.
A kind of http traffic based on the linux platform changes another embodiment of control method according to the present invention, in the described step 4, detects and currently whether forbids HTTP kernel detection module, if forbid then testing process termination.
A kind of another embodiment that changes control method based on the http traffic of linux platform according to the present invention, in the described step 6, if described request URL address is not configured or is configured to not filter then direct execution in step eight, described step 8: extract the request URL address of current HTTP request message and dispose the Redirect URL content relatively with the user, carry out step 5 if this request URL address is not configured or is configured to not be redirected.
A kind of another embodiment that changes control method based on the http traffic of linux platform according to the present invention, in the described step 8, if this request URL address is configured or disposes not to be not to be redirected then to carry out step 9, described step 9: institute request URL address meets is redirected the rule configuration, exchange MAC Address, the IP address, and source/destination interface, upgrading the application layer content is 302 re-direction of content of http protocol, wherein re-direction of content comprises redirected URL address, recomputate the TCP sequence number of data message, recomputate TCP head check and and the check of IP head and, construct HTTP request redirection message with this, and the network interface by the reception sources request message sends out the message of structure, to reach this HTTP request is redirected, carries out step 5 again.
Fig. 1 shows and the invention also discloses a kind of embodiment of the best that changes control method based on the http traffic of linux platform:
A kind of http traffic based on the linux platform changes control method, may further comprise the steps:
Step 1 is loaded corresponding linux operating system;
The network interface that step 2, initialization apparatus are used for receiving message and send message;
Step 3 is enabled HTTP data kernel detection module and application layer configuration module;
Step 4 detects the current HTTP kernel detection module of whether forbidding, if forbidding then carry out step 5 not, testing process stops if forbid then;
Step 5: detect to receive from network interface whether message is the HTTP request message, if the HTTP request message then carries out step 6;
Step 6: extract current HTTP request message the request URL address and with the configurating filtered URL address contents of user relatively, if described request URL address is configured or is configured to filter then carries out step 7, if described request URL address is not configured or is configured to not filter then direct execution in step eight;
Step 7: institute request URL address meets the filtering rule configuration, then TCP RST and FIN are put 1 and exchange MAC Address, IP address and source/destination interface, deletion application layer HTTP content, recomputate the TCP sequence number of data message, recomputate TCP head check and and the check of IP head and, re-constructing TCP conversation end message, and the network interface by the reception sources request message sends out the message of structure, to finish this http session, then carry out step 5;
Step 8: extract the request URL address of current HTTP request message and dispose the Redirect URL content relatively with the user, if not being configured or being configured to not be redirected, this request URL address carries out step 5, if this request URL address is configured or disposes not to be not to be redirected then to carry out step 9;
Step 9: institute request URL address meets is redirected the rule configuration, exchange MAC Address, the IP address, and source/destination interface, upgrading the application layer content is 302 re-direction of content of http protocol, wherein re-direction of content comprises redirected URL address, recomputate the TCP sequence number of data message, recomputate TCP head check and and the check of IP head and, construct HTTP request redirection message with this, and the network interface by the reception sources request message sends out the message of constructing, and to reach this HTTP request is redirected, and carries out step 5 again.
Claims (4)
1. the http traffic based on the linux platform changes control method, it is characterized in that may further comprise the steps:
Step 1 is loaded corresponding linux operating system;
The network interface that step 2, initialization apparatus are used for receiving message and send message;
Step 3 is enabled HTTP data kernel detection module and application layer configuration module;
Step 4 detects the current HTTP kernel detection module of whether forbidding, if forbidding then carry out step 5 not;
Step 5: detect to receive from network interface whether message is the HTTP request message, if the HTTP request message then carries out step 6;
Step 6: extract current HTTP request message the request URL address and with the configurating filtered URL address contents of user relatively, if described request URL address is configured or is configured to filter then carries out step 7;
Step 7: institute request URL address meets the filtering rule configuration, then TCP RST and FIN are put 1 and exchange MAC Address, IP address and source/destination interface, deletion application layer HTTP content, recomputate the TCP sequence number of data message, recomputate TCP head check and and the check of IP head and, re-constructing TCP conversation end message, and the network interface by the reception sources request message sends out the message of structure, to finish this http session, then carry out step 5.
2. a kind of http traffic based on the linux platform according to claim 1 changes control method, it is characterized in that: in the described step 4, detects and currently whether forbid HTTP kernel detection module, if forbid then testing process termination.
3. a kind of http traffic based on the linux platform according to claim 1 and 2 changes control method, it is characterized in that: in the described step 6, if described request URL address is not configured or is configured to not filter then direct execution in step eight, described step 8: extract the request URL address of current HTTP request message and dispose the Redirect URL content relatively with the user, carry out step 5 if this request URL address is not configured or is configured to not be redirected.
4. a kind of http traffic based on the linux platform according to claim 3 changes control method, it is characterized in that: in the described step 8, if this request URL address is configured or disposes not to be not to be redirected then to carry out step 9, described step 9: institute request URL address meets is redirected the rule configuration, exchange MAC Address, the IP address, and source/destination interface, upgrading the application layer content is 302 re-direction of content of http protocol, wherein re-direction of content comprises redirected URL address, recomputate the TCP sequence number of data message, recomputate TCP head check and and the check of IP head and, construct HTTP request redirection message with this, and the network interface by the reception sources request message sends out the message of structure, to reach this HTTP request is redirected, carries out step 5 again.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310159645.5A CN103209135B (en) | 2013-05-03 | 2013-05-03 | A kind of control method turned based on the http traffic of linux platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310159645.5A CN103209135B (en) | 2013-05-03 | 2013-05-03 | A kind of control method turned based on the http traffic of linux platform |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103209135A true CN103209135A (en) | 2013-07-17 |
| CN103209135B CN103209135B (en) | 2016-03-02 |
Family
ID=48756224
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310159645.5A Active CN103209135B (en) | 2013-05-03 | 2013-05-03 | A kind of control method turned based on the http traffic of linux platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103209135B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112261039A (en) * | 2020-10-20 | 2021-01-22 | 四川天邑康和通信股份有限公司 | Method for realizing fusion gateway http and http URL filtering |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1555170A (en) * | 2003-12-23 | 2004-12-15 | 沈阳东软软件股份有限公司 | Flow filtering fine wall |
| CN101795230A (en) * | 2010-02-23 | 2010-08-04 | 西安交通大学 | Network flow recovery method |
| CN101888312A (en) * | 2009-05-15 | 2010-11-17 | 北京启明星辰信息技术股份有限公司 | Attack detection and response method and device of WEB page |
| CN102868693A (en) * | 2012-09-17 | 2013-01-09 | 苏州迈科网络安全技术股份有限公司 | URL (Uniform Resource Locator) filtering method and URL (Uniform Resource Locator) filtering system aiming at HTTP (Hyper Text Transport Protocol) segment request |
| US20130067591A1 (en) * | 2011-09-13 | 2013-03-14 | Proscend Communications Inc. | Method for filtering web page content and network equipment with web page content filtering function |
-
2013
- 2013-05-03 CN CN201310159645.5A patent/CN103209135B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1555170A (en) * | 2003-12-23 | 2004-12-15 | 沈阳东软软件股份有限公司 | Flow filtering fine wall |
| CN101888312A (en) * | 2009-05-15 | 2010-11-17 | 北京启明星辰信息技术股份有限公司 | Attack detection and response method and device of WEB page |
| CN101795230A (en) * | 2010-02-23 | 2010-08-04 | 西安交通大学 | Network flow recovery method |
| US20130067591A1 (en) * | 2011-09-13 | 2013-03-14 | Proscend Communications Inc. | Method for filtering web page content and network equipment with web page content filtering function |
| CN102868693A (en) * | 2012-09-17 | 2013-01-09 | 苏州迈科网络安全技术股份有限公司 | URL (Uniform Resource Locator) filtering method and URL (Uniform Resource Locator) filtering system aiming at HTTP (Hyper Text Transport Protocol) segment request |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112261039A (en) * | 2020-10-20 | 2021-01-22 | 四川天邑康和通信股份有限公司 | Method for realizing fusion gateway http and http URL filtering |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103209135B (en) | 2016-03-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8935419B2 (en) | Filtering device for detecting HTTP request and disconnecting TCP connection | |
| US9794242B2 (en) | Method, apparatus and application platform for realizing logon to an application service website | |
| EP2627032B1 (en) | Method, policy server and gateway for determining policies | |
| KR101272670B1 (en) | Apparatus, method and computer readable recording medium of distinguishing access network of a user terminal | |
| WO2012113272A1 (en) | Method, system and device for improving security of terminal when surfing internet | |
| CN102262552A (en) | Method and system for synchronizing application program of different equipment | |
| CN102394838A (en) | IM (instant messaging) method, server and IM system | |
| WO2012155994A1 (en) | Anonymous signalling | |
| CN103236976B (en) | A kind of multirouting method that POS WIFI and Ethernet coexist | |
| CN104486326B (en) | Using the authentication method of wechat access network identification | |
| CN102724322A (en) | Remote control method and device | |
| CN103269313B (en) | The implementation method of embedded Linux home gateway forced gate | |
| CN102567101A (en) | Multi-process management system for recognizing and monitoring pornographic images of WAP (wireless application protocol) mobile phone media | |
| CN103763125A (en) | Statistical method and device for number of actual users in operator network | |
| KR101259910B1 (en) | Apparatus and method for detecting modified uniform resource locator | |
| CN103067389B (en) | High safety file transfer method based on short website | |
| CN103905421A (en) | Suspicious event detection method and system based on URL heterogeneity | |
| CN103425930B (en) | A kind of online script detection method and system in real time | |
| Wang et al. | Smart devices information extraction in home wi‐fi networks | |
| CN103354546A (en) | Message filtering method and message filtering apparatus | |
| TW201312369A (en) | Method for filetring web page content and network equipment | |
| CN103209135A (en) | Hyper text transport protocol (HTTP) data flow control method based on linux platform | |
| CN102148869B (en) | Method and device for JAVA application to transfer information to local | |
| KR101521903B1 (en) | Method and system protecting the virus of link-data in local of terminal | |
| CN103944885A (en) | Web data uploading control method and gateway device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |