Embodiment
It should be noted that in the case where not conflicting, the feature in embodiment and embodiment in the application can phase
Mutually combination.Describe the present invention in detail below with reference to the accompanying drawings and in conjunction with the embodiments.
In order that those skilled in the art more fully understand the present invention program, below in conjunction with the embodiment of the present invention
Accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is only
The embodiment of a part of the invention, rather than whole embodiments.Based on the embodiment in the present invention, ordinary skill people
The every other embodiment that member is obtained under the premise of creative work is not made, should all belong to the model that the present invention is protected
Enclose.
It should be noted that term " first " in description and claims of this specification and above-mentioned accompanying drawing, "
Two " etc. be for distinguishing similar object, without for describing specific order or precedence.It should be appreciated that so using
Data can exchange in the appropriate case, so as to embodiments of the invention described herein can with except illustrating herein or
Order beyond those of description is implemented.In addition, term " comprising " and " having " and their any deformation, it is intended that cover
Lid is non-exclusive to be included, for example, the process, method, system, product or the equipment that contain series of steps or unit are not necessarily limited to
Those steps or unit clearly listed, but may include not list clearly or for these processes, method, product
Or the intrinsic other steps of equipment or unit.
The embodiments of the invention provide a kind of data processing method for network safety prevention.
Fig. 1 is the flow chart of data processing method according to a first embodiment of the present invention.As illustrated, the data processing side
Method comprises the following steps:
Step S102, receiving terminal accesses the request of application server.
User is in using terminal, it is impossible to be immediately seen the IP address of application server, user sees in terminal to be accessed
Domain name, such as service.aaa.com.Applied if user needs to access, the safeguard such as fire wall is receiving use
After the access request at family, the domain name service.aaa.com for needing to access is parsed.
Step S104, according to the IP address of request analysis application server.
The IP address for parsing application server parses IP address using dns server, can also be local in fire wall
DNS cache in search IP address.The method for parsing IP address using dns server can be using the conventional solution of dns server
The method for analysing IP address, because the method that IP address is parsed using dns server is not that the present invention is of interest, does not do superfluous herein
State.The particular content for searching IP address using the local DNS cache of fire wall has corresponding description in the following embodiments.
Step S106, judges whether the IP address that parsing is obtained is unsafe IP address.
Obtained IP address is parsed using dns server, or finds corresponding IP address in the dns cache, is all needed
Will be by the judgement of fire wall, to determine to parse whether obtained IP is unsafe IP address.
The obtained IP address of parsing is searched in IP credit databases, according to each IP stored in IP credit databases
The corresponding IP prestige in location, determines whether the IP address that the parsing is obtained is unsafe IP address.
If the IP prestige that the IP address that the parsing is obtained is found in IP credit databases is low, it is determined that parsing is obtained
IP address be unsafe IP address.
Step S108, if it is judged that the obtained IP address of parsing is unsafe IP address, then by unsafe IP
Deleted from response message location.
After unsafe IP address is deleted from response message, terminal can not perceive unsafe IP address, therefore,
It can be good at avoiding the unsafe IP address of terminal access, adding terminal makes the security of application.
Step S110, the response message deleted after unsafe IP address is sent to terminal.
Delete after unsafe IP address, the IP address of safety has been only included in response message, it is not unsafe
IP address, therefore, any one IP address in terminal access response message are all safe, can ensure that terminal can make
With application terminal, and the application server of access safety.
If after deleting unsafe IP address, there is no IP address in response message, then return and can not visit to terminal
The response asked.
By the embodiment of the present invention, judge whether the IP address that parsing is obtained is unsafe IP address, if it is judged that
IP address is unsafe, and unsafe IP address is deleted from response message, and will delete unsafe IP address
Response message is sent to terminal so that terminal can not perceive appointing in unsafe IP address, and terminal access response message
One IP address of meaning can access safety application server.Because terminal can be utilized in addition to unsafe IP address
Secure IP addresses access application server, therefore, the terminal some application server be unsafe server when, also
Using other safe application servers the terminal can normally be used, improve the robustness of terminal program.
Meanwhile, when parsing the IP address of application server, the IP of application server can be directly inquired about in the dns cache
Address, if it is possible to inquire the IP address, it may not be necessary to sent to dns server and parse asking for application server IP address
Ask, improve the efficiency of inquiry, further increase the efficiency of network protection.
Fig. 2 is data processing method flow chart according to a second embodiment of the present invention.As illustrated, dangerous that will delete
IP address after response message send to before terminal, the data processing method also comprises the following steps:
Step S202, the secure IP addresses deleted in the response message after unsafe IP address are arranged according to IP prestige
Sequence.
After unsafe IP address is deleted, the secure IP addresses in the Chinese inquiry response message of IP credit databases
Corresponding IP prestige, and the IP address of safety is ranked up according to the height of IP prestige.
Secure IP addresses, are stored in response message by step S204 according to the order of the IP prestige after sequence.
After height according to IP prestige is ranked up, the IP address of safety is stored in response according to the height of IP prestige
In message.
Because the IP prestige that IP address above is come in response message is higher, terminal is generally selected in response message and leaned on
Preceding IP address conducts interviews as the IP address of application server, and the access speed of the higher application server of IP prestige and
Access stability all preferable, therefore, the secure IP addresses after the height sequence according to IP prestige are stored in response message.
Step S206, secure IP addresses are locally preserved in fire wall.
Safe IP address is locally preserved in fire wall, the terminal is used within some period, and access application clothes
During business device, corresponding IP address can be directly called in the caching of fire wall, is parsed without sending to dns server,
The security of the application server of terminal access can not only be ensured, moreover it is possible to improve the protection efficiency of safeguard, improve protection
Performance.
By the above method, the higher IP address of IP prestige is sent to terminal as preferred IP address, provided for terminal
More stablize and safe application server, the access safety of user can not only be ensured, moreover it is possible to improve Consumer's Experience.
Further, include according to the IP address for the request analysis application server for accessing server:It is local in fire wall
Search the IP address of application server.Judge locally whether to find the IP address of application server in fire wall.And if
The IP address less than application server is locally searched in fire wall, then sends the requests to dns server, and receive DNS service
The IP address for the application server that device parsing is obtained.
Fire wall, which locally has, can store the IP address of application server in DNS cache, DNS cache, please in parsing terminal
When seeking the IP address of access, IP address corresponding with the application server asked is searched in the dns cache first, if in fire prevention
IP address corresponding less than with the application server of request is searched in the DNS cache of wall, then by parsing application server IP
The request of location is sent to dns server, and IP address corresponding with application server, dns server parsing are parsed by dns server
Obtain after IP address corresponding with application server, the IP address that parsing is obtained returns to fire wall, and fire wall is received
Search whether the IP address after parsing is safe IP address after IP address after parsing.
Further, include according to the IP address for the request analysis application server for accessing server:It is local in fire wall
Search the IP address of application server.Judge locally whether to find the IP address of application server in fire wall.And if
The IP address of application server is locally found in fire wall, then does not send the requests to dns server, directly invokes and find
Application server IP address as dns server response.
Similarly, if can locally find the IP address of application server in fire wall, without with will parsing IP
The request of location is sent to dns server, directly the corresponding IP address of the application server of search request in the dns cache, if
IP address corresponding with the application server asked is found, then directly invokes the IP address of lookup, and the IP that judgement is found
Whether address is safe IP address.
Obtained IP address, or the IP address locally found in fire wall are either parsed by dns server, all
Need to judge whether the IP address that parsing is obtained is safe by fire wall.
The IP address that parsing is obtained is searched in IP credit databases, judges whether the IP address that parsing is obtained is safety
, if it is judged that the obtained IP address of parsing is unsafe IP address, then by unsafe IP address from response message
It is middle to delete.
It should be noted that the IP address that parsing is obtained is probably one or more, usual terminal can possess multiple IP
, there is a preferred IP address address in multiple IP address, and terminal accesses application server according to preferred IP address.
Further, after unsafe IP address is deleted from response message, data processing method also includes:Sentence
Whether the number of the secure IP addresses in disconnected response message is 0.If it is judged that the number of the secure IP addresses in response message
For 0, then the response message for forbidding accessing is sent to terminal.
Be resolved to after IP address, unsafe IP address deleted from response message, then unsafe IP address without
Method is perceived by terminal, and terminal can not access unsafe IP address naturally, so as to ensure that using terminal accesses application server
Security.Whether the number for judging the IP address in response message is 0, if it is judged that of the IP address in response message
Number is 0, then does not have safe IP address to supply with using in response message, then the response message for forbidding accessing is sent to terminal.
If the number of the IP address in response message is not 0, the IP address to safety sorts according to IP prestige, by the row of being stored with
The response message of IP address after sequence is sent to terminal, and IP prestige highest IP address comes in response message front end as first choice
IP address, terminal accesses application server after response message is received according to preferred IP address, so that terminal security is visited
Ask application server.
By the present invention, IP prestige is searched to the IP address that parsing is obtained first, by unsafe IP address from response report
Deleted in text so that terminal can not perceive unsafe IP address, so as to ensure that terminal security accesses application server, further
Ground, after unsafe IP address is deleted, the IP address to safety carries out IP prestige sequences, by IP prestige highest IP address
As preferred IP address, accessed for terminal program, so that when unsafe IP address is preferred IP address, deleting not
After the IP address of safety, application program can also be used normally, using the above method, not only ensure terminal access application service
The security of device, additionally it is possible to which terminal can also be used normally when unsafe IP address is disabled, so as to solve prior art
The problem of barrier propterty of middle network-safeguard system is low, and then reached the effect for the barrier propterty for improving network-safeguard system.
Fig. 3 is the schematic diagram of data processing method according to embodiments of the present invention by taking application P as an example.
Specifically, by taking application P as an example, it is assumed that application P using two application servers, respectively application server A300 and
Application server B400, corresponding two different IP addresses are A, B.Assuming that attacker attacks and controls application server
A300, lucky A servers are supplied to the user in S areas by dns server as somewhere S preferred server.
Terminal 100 is when application P is accessed, the access request of the receiving terminal 100 of fire wall 200, and in fire wall 200
DNS cache 600 in inquire about the terminal 100 request application P server address.
If inquiring the application P of the terminal 100 request server address in DNS cache 600, fire wall is searched
Using the IP prestige of P server address.If not inquiring the application P of the terminal 100 request in DNS cache 600
Server address, then be sent to dns server 500 by the request of terminal 100, the request by dns server 500 to terminal 100
Parsed, and the server address of the application P after parsing is back to fire wall 200.
The server address for the application P that fire wall 200 is inquired about or received is A, B, now in IP credit databases 700
Middle inquiry server address A, B, it is assumed that inquire A for unsafe IP address, then delete A from response message, reservation
Server address is B.
Server address in response message is B, then sends B to terminal 100, terminal 100 is according to access IP address B.
If also including the server address C of safety in response message, the server address retained in response message is B, C, according to
B, C IP prestige are ranked up, and such as B prestige is more than C prestige, then comes B before C, if B, C for inquiring
IP prestige is identical, then is arranged according to the order in original response message.
Server address B, the C retained in response message is safe IP address, can will contain server address B, C
Response message is sent to terminal 100, and the higher server address B of IP prestige is supplied into terminal 100 as preferred IP address, and
Server address B, C for retaining in response message are stored in the DNS cache 600 of fire wall.
User is obtained after server address B, can access server B, so as to using applying P.
Using the above method, in dns resolution server address, by the low server address of IP prestige from response message
Delete so that terminal can not perceive malicious IP addresses, improve the whole efficiency of network-safeguard system.In addition, being obtained in parsing
After multiple IP address, multiple IP address that parsing is obtained are searched in IP credit databases, are carried out according to the height of IP prestige
Sequence, is sent to terminal, the high server of the IP prestige that terminal access is received by the high IP address of IP prestige.By sorting it
Afterwards, the preferred IP address in original response message is have changed, not only causes terminal normally using applying P, moreover it is possible to avoid terminal from visiting
Unsafe IP address is asked, the stability of application is improved.
Meanwhile, preserved using the DNS cache in fire wall and obtained IP address is parsed, it is necessary to identical according to terminal request
When request is parsed, directly searched, parsed without sending to dns server in fire wall, improve parsing
The efficiency of terminal request, so as to improve the operational efficiency of terminal applies.
The data processing equipment that the data processing method of the embodiment of the present invention can be provided by the embodiment of the present invention come
Perform, the data processing equipment of the embodiment of the present invention can be used for performing the data processing side that the embodiment of the present invention is provided
Method.
The embodiment of the present invention additionally provides a kind of data processing equipment for network safety prevention.
Fig. 4 is the schematic diagram of data processing equipment according to a first embodiment of the present invention.As illustrated, the data processing is filled
Put including receiving unit 10, resolution unit 20, judging unit 30, deletion unit 40 and response unit 50.
Receiving unit 10 is used for the request that receiving terminal accesses application server.
User is in using terminal, it is impossible to be immediately seen the IP address of application server, user sees in terminal to be accessed
Domain name, such as service.aaa.com.Applied if user needs to access, the safeguard such as fire wall is receiving use
After the access request at family, the domain name service.aaa.com for needing to access is parsed.
Resolution unit 20 is used for the IP address according to request analysis application server.
The IP address for parsing application server parses IP address using dns server, can also be local in fire wall
DNS cache in search IP address.The method for parsing IP address using dns server can be using the conventional solution of dns server
The method for analysing IP address, because the method that IP address is parsed using dns server is not that the present invention is of interest, does not do superfluous herein
State.The particular content for searching IP address using the local DNS cache of fire wall has corresponding description in the following embodiments.
Judging unit 30 is used to judge whether the IP address that parsing is obtained is unsafe IP address.
Obtained IP address is parsed using dns server, or finds corresponding IP address in the dns cache, is all needed
Will be by the judgement of fire wall, to determine to parse whether obtained IP is unsafe IP address.
The obtained IP address of parsing is searched in IP credit databases, according to each IP stored in IP credit databases
The corresponding IP prestige in location, determines whether the IP address that the parsing is obtained is unsafe IP address.
If the IP prestige that the IP address that the parsing is obtained is found in IP credit databases is low, it is determined that parsing is obtained
IP address be unsafe IP address.
Unit 40 is deleted for when judging that it is unsafe IP address to parse obtained IP address, by unsafe IP
Deleted from response message address.
After unsafe IP address is deleted from response message, terminal can not perceive unsafe IP address, therefore,
It can be good at avoiding the unsafe IP address of terminal access, adding terminal makes the security of application.
Response unit 50 is used to send the response message deleted after unsafe IP address to terminal.
Delete after unsafe IP address, the IP address of safety has been only included in response message, it is not unsafe
IP address, therefore, any one IP address in terminal access response message are all safe, can ensure that terminal can make
With application terminal, and the application server of access safety.
If after deleting unsafe IP address, there is no IP address in response message, then return and can not visit to terminal
The response asked.
By the embodiment of the present invention, judge whether the IP address that parsing is obtained is unsafe IP address, if it is judged that
IP address is unsafe, and unsafe IP address is deleted from response message, and will delete unsafe IP address
Response message is sent to terminal so that terminal can not perceive appointing in unsafe IP address, and terminal access response message
One IP address of meaning can access safety application server.Because terminal can be utilized in addition to unsafe IP address
Secure IP addresses access application server, therefore, the terminal some application server be unsafe server when, also
Using other safe application servers the terminal can normally be used, improve the robustness of terminal program.
Meanwhile, when parsing the IP address of application server, the IP of application server can be directly inquired about in the dns cache
Address, if it is possible to inquire the IP address, it may not be necessary to sent to dns server and parse asking for application server IP address
Ask, improve the efficiency of inquiry, further increase the efficiency of network protection.
Fig. 5 is the schematic diagram of data processing equipment according to a second embodiment of the present invention.As illustrated, the data processing is filled
Put including:Receiving unit 10, resolution unit 20, judging unit 30 and deletion unit 40, in addition to sequencing unit 60, message are preserved
Unit 70 and local storage unit 80.
The response message that sequencing unit 60 is used for after by the unsafe IP address of deletion is sent to before terminal, will be deleted
The secure IP addresses in response message after unsafe IP address sort according to IP prestige.
After unsafe IP address is deleted, the secure IP addresses in the Chinese inquiry response message of IP credit databases
Corresponding IP prestige, and the IP address of safety is ranked up according to the height of IP prestige.
Message storage unit 70 is used to IP prestige highest secure IP addresses being stored in response message.And
Because the IP prestige that IP address above is come in response message is higher, terminal is generally selected in response message and leaned on
Preceding IP address conducts interviews as the IP address of application server, and the access speed of the higher application server of IP prestige and
Access stability all preferable, therefore, the secure IP addresses after the height sequence according to IP prestige are stored in response message.
Local storage unit 80 is used to locally preserve secure IP addresses in fire wall.
Safe IP address is locally preserved in fire wall, the terminal is used within some period, and access application clothes
During business device, corresponding IP address can be directly called in the caching of fire wall, is parsed without sending to dns server,
The security of the application server of terminal access can not only be ensured, moreover it is possible to improve the protection efficiency of safeguard, improve protection
Performance.
By the above method, the higher IP address of IP prestige is sent to terminal as preferred IP address, provided for terminal
More stablize and safe application server, the access safety of user can not only be ensured, moreover it is possible to improve Consumer's Experience.
Further, resolution unit 20 includes searching modul, judge module and transceiver module.
Searching modul is used for the IP address that application server is locally searched in fire wall.Judge module is used to judge in fire prevention
Whether wall locally finds the IP address of application server.Transceiver module is used to locally search less than application server in fire wall
IP address when, send the requests to dns server, and receive the IP address for the application server that dns server parsing is obtained.
Fire wall, which locally has, can store the IP address of application server in DNS cache, DNS cache, please in parsing terminal
When seeking the IP address of access, IP address corresponding with the application server asked is searched in the dns cache first, if in fire prevention
IP address corresponding less than with the application server of request is searched in the DNS cache of wall, then by parsing application server IP
The request of location is sent to dns server, and IP address corresponding with application server, dns server parsing are parsed by dns server
Obtain after IP address corresponding with application server, the IP address that parsing is obtained returns to fire wall, and fire wall is received
Search whether the IP address after parsing is safe IP address after IP address after parsing.
Further, resolution unit 20 includes:Searching modul is with being used for the IP that application server is locally searched in fire wall
Location.Judge module is used to judge locally whether find the IP address of application server in fire wall.And calling module is used for
When fire wall locally finds the IP address of application server, dns server is not sent the requests to, directly invokes and finds
Application server IP address as dns server response.
Similarly, if can locally find the IP address of application server in fire wall, without with will parsing IP
The request of location is sent to dns server, directly the corresponding IP address of the application server of search request in the dns cache, if
IP address corresponding with the application server asked is found, then directly invokes the IP address of lookup, and the IP that judgement is found
Whether address is safe IP address.
Obtained IP address, or the IP address locally found in fire wall are either parsed by dns server, all
Need to judge whether the IP address that parsing is obtained is safe by fire wall.
The IP address that parsing is obtained is searched in IP credit databases, judges whether the IP address that parsing is obtained is safety
, if it is judged that the obtained IP address of parsing is unsafe IP address, then by unsafe IP address from response message
It is middle to delete.
It should be noted that the IP address that parsing is obtained is probably one or more, usual terminal can possess multiple IP
, there is a preferred IP address address in multiple IP address, and terminal accesses application server according to preferred IP address.
Further, the data processing equipment also includes message judging unit and transmitting element.
Message judging unit is used for after unsafe IP address is deleted from response message, judges in response message
The numbers of secure IP addresses whether be 0.
Transmitting element is used to, when the number of the secure IP addresses in judging response message is 0, send and forbid to terminal
The response message of access.
Be resolved to after IP address, unsafe IP address deleted from response message, then unsafe IP address without
Method is perceived by terminal, and terminal can not access unsafe IP address naturally, so as to ensure that using terminal accesses application server
Security.Whether the number for judging the IP address in response message is 0, if it is judged that of the IP address in response message
Number is 0, then does not have safe IP address to supply with using in response message, then the response message for forbidding accessing is sent to terminal.
If the number of the IP address in response message is not 0, the IP address to safety sorts according to IP prestige, by the row of being stored with
The response message of IP address after sequence is sent to terminal, and IP prestige highest IP address comes in response message front end as first choice
IP address, terminal accesses application server after response message is received according to preferred IP address, so that terminal security is visited
Ask application server.
By the present invention, IP prestige is searched to the IP address that parsing is obtained first, by unsafe IP address from response report
Deleted in text so that terminal can not perceive unsafe IP address, so as to ensure that terminal security accesses application server, further
Ground, after unsafe IP address is deleted, the IP address to safety carries out IP prestige sequences, by IP prestige highest IP address
As preferred IP address, accessed for terminal program, so that when unsafe IP address is preferred IP address, deleting not
After the IP address of safety, application program can also be used normally, using the above method, not only ensure terminal access application service
The security of device, additionally it is possible to which terminal can also be used normally when unsafe IP address is disabled, so as to solve prior art
The problem of barrier propterty of middle network-safeguard system is low, and then reached the effect for the barrier propterty for improving network-safeguard system.
It should be noted that can be in such as one group computer executable instructions the step of the flow of accompanying drawing is illustrated
Performed in computer system, and, although logical order is shown in flow charts, but in some cases, can be with not
The order being same as herein performs shown or described step.
The preferred embodiments of the present invention are the foregoing is only, are not intended to limit the invention, for the skill of this area
For art personnel, the present invention can have various modifications and variations.Within the spirit and principles of the invention, that is made any repaiies
Change, equivalent substitution, improvement etc., should be included in the scope of the protection.