CN103873488A - Internet surfing control method based on router plug-in - Google Patents
Internet surfing control method based on router plug-in Download PDFInfo
- Publication number
- CN103873488A CN103873488A CN201410138915.9A CN201410138915A CN103873488A CN 103873488 A CN103873488 A CN 103873488A CN 201410138915 A CN201410138915 A CN 201410138915A CN 103873488 A CN103873488 A CN 103873488A
- Authority
- CN
- China
- Prior art keywords
- user
- plug
- network
- unit
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to the technical field of network communication and discloses an internet surfing control method based on a router plug-in. The internet surfing control method comprises the following steps that an agency service plug-in is installed at a specified router node through a cloud platform according to a safety management setting; the router node receives a network connection request made by a user, and the agency service plug-in detects whether a network identification of the user is stored locally or not; according to a detection result of the agency service plug-in, whether the user can be connected to a network which the user makes the request for having access to is judged, and corresponding processing is conducted. According to the internet surfing control method, since the relevant internet surfing plug-in is installed in a common router and a multi-node independent authentication mode is adopted for distributed management, the problem that the whole network breaks down due to a failure of the central node is solved, and cost is greatly lowered compared with that of an expensive enterprise-class router.
Description
Technical field
The present invention relates to network communications technology field, relate in particular to a kind of upper network control method based on router plug.
Background technology
Current various client device is mainly by various wired or wireless means access networks and then access the Internet, network all belongs to Open Network mostly, user, without also arbitrarily browsing through certification is accessible, exists numerous hidden danger although this mode is convenient at secure context.For strengthening fail safe, some website needs loaded down with trivial details verification process to control, as inputs user name, password, then carries out mobile phone checking, mailbox checking or use client certificate, plug-in unit certification etc.It is exactly through certain equipment, the request of online to be authenticated before user's online that online is controlled, and the request not conforming to the rules or require is kidnapped, and the certification that allows user be correlated with, will not be rejected access by the request of certification.According to the difference of authentication mode, conventional online control model mainly contains client and network agent two quasi-modes at present:
1, client certificate pattern, this pattern is that relevant client-side program is installed on the equipment that will surf the Net, after client completes network connection certification (network access authentication often will be inputted specific user name and password), access server is by the operator logo of client and user's mark binding, and store, in the time of the client-requested page, the mark of storing when certificate server just obtains client's operator logo and access service is compared, if correct, server end generates the page of request according to client user's request, user just can enter the required data of browsing.
2, server agent pattern, this is at present relatively more conventional a kind of mode, in the ordinary course of things, and while using web browser directly to remove to connect other Internet websites to obtain the network information, must send Request signal and obtain answer, then the other side returns information again with the transmission of bit mode.Proxy server is the station server between browser and Web server, after having had it, browser is not directly to reach back webpage to Web server but send request to proxy server, Request signal can first be delivered to proxy server, is fetched the needed information of browser and is sent to user's browser by proxy server.And, most of proxy server all has the function of buffering, just look like a large Cache, constantly will newly obtain data storing to the memory of the machine, if the data that browser is asked have existed and have been up-to-date on the memory of the machine, so just again do not fetch data from Web server, and the direct browser that data on memory is sent to user so just can significantly improve surfing and efficiency.
All equipment that needs online all passes through the unified proxy server validation checking of surfing the Net, on proxy server, header or the message of request are resolved, judge whether to meet the planning of online, carry out the parsing of the degree of depth as the network identity of the equipment of record request (as MAC Address of Network Card or IP address) or to the message of request, filter or kidnap by established rule the certification (as inputted user name or password) that the set page is correlated with to user, be verified agency service and can record network of relation mark, this solution need to be used at least one special proxy server, can be gateway route or a gateway server of special enterprise-level, the method of controlling is substantially all the mode based on user name and password.
But, conventional proxy mode control network access needs a professional network equipment (special enterprise-level route or server) as Centroid, generally this node device is all very expensive, and needs special technical staff to safeguard this node.All data flow can go out through this Centroid, node just becomes a bottleneck of external service on net so, once the collapse of the webserver of Centroid, so whole network will be paralysed thoroughly, and need professional personnel to repair, cause huge loss.And the general employing of network agent pattern is the certification of user name pin mode, this just depends on the third-party related data service of network, and once having there is fault in third-party service or has occurred the problems such as data leakage, the whole network system also will be paralysed, and have a strong impact on service quality and user and experience.
Summary of the invention
Based on above shortcomings in prior art, technical problem to be solved by this invention is how to improve the safety and stability of center type proxy server.
A kind of upper network control method based on router plug disclosed in this invention, comprises step:
Set the routing node installation agent service plug of specifying by cloud platform based on safety management;
Described routing node receives Client-initiated network connecting request, detects the local network identity that whether stores described user by described agency service plug-in unit;
Judge according to the testing result of described agency service plug-in unit whether described user can be connected to the network that enters of request and process accordingly.
Preferably, in described step S3, in the time that described agency service plug-in unit detects that this locality stores described user's network identity, described user can be connected to the Internet that request enters;
In the time that described proxy server plug-in unit does not detect described user's network identity, automatic spring also links to a new web page described user is verified.
Preferably, described automatic spring also links to a new web page and comprises step: user's request is kidnapped to the port of nginx server, needed user to input to set in advance the new web page of question and answer by one of described nginx server end automatic spring.
Preferably, described in, verify and comprise step: in described new web page, have the problem of inputting before default user, user inputs corresponding answer according to this problem.
Preferably, when after the answer correctly of user's input, automatically ask the network identity entering to deposit in described plug-in unit and/or nginx server described user; When the answer mistake of input, will continue to answer until answer is correct, otherwise cannot enter related web page.
Preferably, after described user is by checking, the network identity entering for described request is set up proprietary passage by described agency service plug-in unit, and set corresponding effective time, within this effective time, will automatically complete normal network linking service by the passage of having set up with the request of this network identity.
Preferably, described in each, in router, be all independently provided with the agency service plug-in unit of oneself, adopt distributed way management.
Preferably, in the time not needing described agency service plug-in unit, by described cloud platform, this plug-in unit is unloaded.
Compared with prior art, a kind of upper network control method based on router plug provided by the present invention, relevant online plug-in unit is installed in ordinary router, and adopt multinode independence authentication mode, distributed management, every router is the independent plug-in unit that oneself is installed independently controls service all, there is no Centroid, solve the fault that causes whole network because of the fault of Centroid, also greatly reduced cost with respect to expensive enterprise-level route.In addition, the present invention adopts the question and answer authentication system based on cloud platform, not only solve this problem, also can upgrade at any time the data of the each node of backup according to user's demand, each partial node can arrange separately question and answer, to ensure fail safe, no longer depend on third-party Data support unduly, also ensure the consistency of data.
Brief description of the drawings
Fig. 1 is the schematic diagram of a kind of upper network control method based on router plug of the present invention;
Fig. 2 is the concrete handling process schematic diagram of a kind of upper network control method based on router plug of the present invention.
Embodiment
Following examples are only for technical scheme of the present invention is more clearly described, and can not limit the scope of the invention with this.Censure specific features as used some vocabulary in the middle of specification and claim.Those skilled in the art should understand, and hardware manufacturer may be called same parts with different nouns.This specification and claims are not used as distinguishing the mode of parts with the difference of title, but the difference in function is used as the criterion of distinguishing with parts.Specification subsequent descriptions is for implementing preferred embodiments of the present invention, and right described description is to illustrate that this novel rule is object, not in order to limit scope of the present invention.Protection scope of the present invention is when being as the criterion depending on the claims person of defining.
Below in conjunction with the drawings and specific embodiments, the present invention is described in further details.
Router is as bridge between subscriber terminal equipment and Internet, play irreplaceable important function, router is the main node equipment of the Internet, by the forwarding of route determination data, its processing speed is one of Main Bottleneck of network service, the reliability and stability of route also directly affect the quality of network interconnection, also can say, router has formed the skeleton of Internet.The function of proxy server (Proxy Server) is exactly that agency network user reaches to obtain the network information, figuratively, it is the terminal of the network information, just as a large Cache, significantly improve surfing and efficiency by buffer memory frequently-used data, it is also a kind of important safety function that Internet link level gateway provides simultaneously.
As shown in Figure 1, a kind of upper network control method based on router plug that the present invention proposes, mainly comprises the steps:
S1, based on safety management set, by cloud platform specify routing node installation agent service plug; Wherein, " cloud platform ", be a kind of service platform of application-oriented property based on integrating hardware, software, network infrastructure, data center, it splits into different modules by the various information demand of enterprise by function, is integrated on this platform with the form of modular unit.The application service that " cloud platform " provides all offers user by the Internet, himself has opening, extensibility, supports seamless upgrade, and its standard interface can the multiple application service of interface flexibility, makes service content can constantly expand extension.Resource in " cloud " can be obtained at any time, selects as required, expands at any time, pay by using concerning user.
S2, described routing node receive Client-initiated network connecting request, detect the local network identity that whether stores described user by described agency service plug-in unit;
S3, judge according to the testing result of described agency service plug-in unit whether described user can be connected to the network that enters of request and process accordingly.
Specifically, in step S1, this agency service plug-in unit can adopt the pattern of Kernel Proxy, described in each, in routing node, be equipped with oneself independently agency service plug-in unit, there is no Centroid, user can upgrade the data of the each node of backup as required at any time, wherein, each router on network is node, and they will search routing table, selects the most rational route directs communication.Adopt multinode authentication mode, distributed management, has solved the fault that causes whole network because of the fault of Centroid, no longer depends on third-party Data support unduly, has also greatly reduced cost with respect to expensive enterprise-level route.
With reference to Fig. 2, in step S3, in the time that described agency service plug-in unit detects the network identity (common and IP address binding) that self stores user, user can be connected directly to and ask the Internet entering to be browsed;
And in the time that described proxy server plug-in unit detects the network identity of not storing this user, automatic spring also links to a new web page user is verified;
More specifically, in the time the network identity of not storing this user being detected, user's request is kidnapped to the port of nginx server, as 80 ports, by described nginx server end, one of automatic spring is needed user to input to set in advance the webpage of question and answer.Nginx (" engine x ") is a high performance HTTP and Reverse Proxy, is also an IMAP/POP3/SMTP proxy server, and it is few that it occupies internal memory, and concurrent ability is strong.Certainly, relevant technical staff in the field is appreciated that 80 ports are only as example, obviously also user's request can be bundled in to any designated port of proxy server, on the ports such as 3128,8080.
In new web page, there is the problem of inputting before default user, user need to be according to this problem input answer, when after the answer correctly of user's input, automatically ask the network identity (MAC Address and IP address) entering to deposit in this plug-in unit and nginx server user, when the answer mistake of input, will continue to answer, until answer correctly, otherwise, cannot enter related web page.
In addition, when after the answer correctly of user's input, this agency service plug-in unit will be set up proprietary passage for this network identity, and set corresponding effective time, within this effective time, with the request of this network identity by automatically by the passage of having set up, and no longer kidnapped by Kproxy, complete normal network linking service, described effective time can be according to user's actual needs setting, as 12 hours, 24 hours etc., when having exceeded this valid period, user's network identity need to be verified again, so also can ensure the fail safe of network data.
In the time not needing this proxy server, can be by cloud platform by the plug-in unit unloading of this control online, by cloud platform distributed management, easily and effectively.
Compared with prior art, a kind of upper network control method based on router plug of the present invention, relevant online plug-in unit is installed in ordinary router, and adopt multinode independence authentication mode, distributed management, solve the fault that causes whole network because of the fault of Centroid, also greatly reduced cost with respect to expensive enterprise-level route.In addition, the present invention adopts the question and answer authentication system based on cloud platform, also can upgrade at any time the data of the each node of backup according to user's demand, each partial node can arrange separately question and answer, to ensure fail safe, no longer depend on third-party Data support unduly, also ensure the consistency of data.
It should be noted that; the foregoing is only preferred embodiment of the present invention; not thereby limit scope of patent protection of the present invention, the present invention can also carry out to the structure of above-mentioned various parts the improvement of material and structure, or adopts technical equivalents thing to replace.Therefore the equivalent structure that all utilizations specification of the present invention and diagramatic content are done changes, or directly or indirectly apply to other correlative technology fields and be all in like manner all contained in the scope that the present invention contains.
Claims (8)
1. the upper network control method based on router plug, is characterized in that, described method comprises step:
Set the routing node installation agent service plug of specifying by cloud platform based on safety management;
Described routing node receives Client-initiated network connecting request, detects the local network identity that whether stores described user by described agency service plug-in unit;
Judge according to the testing result of described agency service plug-in unit whether described user can be connected to the network that enters of request and process accordingly.
2. the method for claim 1, is characterized in that, in described step S3, in the time that described agency service plug-in unit detects that this locality stores described user's network identity, described user can be connected to the Internet that request enters;
In the time that described proxy server plug-in unit does not detect described user's network identity, automatic spring also links to a new web page described user is verified.
3. method as claimed in claim 2, is characterized in that, described automatic spring also links to a new web page and comprises step:
User's request is kidnapped to the port of nginx server, needed user to input to set in advance the new web page of question and answer by one of described nginx server end automatic spring.
4. method as claimed in claim 2 or claim 3, is characterized in that, described in verify and comprise step:
In described new web page, have the problem of inputting before default user, user inputs corresponding answer according to this problem.
5. method as claimed in claim 4, is characterized in that, when after the answer correctly of user's input, automatically asks the network identity entering to deposit in described plug-in unit and/or nginx server described user; When the answer mistake of input, will continue to answer until answer is correct, otherwise cannot enter related web page.
6. method as claimed in claim 5, it is characterized in that, after described user is by checking, the network identity entering for described request is set up proprietary passage by described agency service plug-in unit, and set corresponding effective time, within this effective time, will automatically complete normal network linking service by the passage of having set up with the request of this network identity.
7. the method for claim 1, is characterized in that, is all independently provided with the agency service plug-in unit of oneself described in each in router, adopts distributed way management.
8. method as claimed in claim 7, is characterized in that, in the time not needing described agency service plug-in unit, by described cloud platform, this plug-in unit is unloaded.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410138915.9A CN103873488A (en) | 2014-04-08 | 2014-04-08 | Internet surfing control method based on router plug-in |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410138915.9A CN103873488A (en) | 2014-04-08 | 2014-04-08 | Internet surfing control method based on router plug-in |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103873488A true CN103873488A (en) | 2014-06-18 |
Family
ID=50911614
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410138915.9A Pending CN103873488A (en) | 2014-04-08 | 2014-04-08 | Internet surfing control method based on router plug-in |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103873488A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105072148A (en) * | 2015-06-30 | 2015-11-18 | 青岛海尔智能家电科技有限公司 | Method and device for building connection with terminal |
| CN105072149A (en) * | 2015-06-30 | 2015-11-18 | 青岛海尔智能家电科技有限公司 | Method and device for building remote communication through proxy gateway |
| WO2016019714A1 (en) * | 2014-08-08 | 2016-02-11 | 小米科技有限责任公司 | Method and apparatus for informing connecting condition between external device and router |
| WO2016023361A1 (en) * | 2014-08-12 | 2016-02-18 | 小米科技有限责任公司 | Method and apparatus for controlling router plug-in |
| CN111343080A (en) * | 2020-02-28 | 2020-06-26 | 北京芯盾时代科技有限公司 | Agent-based mail service method, server, client and system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1815971A (en) * | 2005-02-03 | 2006-08-09 | 杭州华为三康技术有限公司 | Green internet-accessing system based on concentrated management and dictributed control, and method therefor |
| US20070124802A1 (en) * | 2000-08-01 | 2007-05-31 | Hereuare Communications Inc. | System and Method for Distributed Network Authentication and Access Control |
| CN101188603A (en) * | 2006-11-16 | 2008-05-28 | 中兴通讯股份有限公司 | A method for access to the external network according to user's right |
| CN101895526A (en) * | 2009-05-20 | 2010-11-24 | 中国电信股份有限公司 | Dial-up authentication method and system |
| CN102830997A (en) * | 2012-08-17 | 2012-12-19 | 北京金山软件有限公司 | Method, device and equipment for controlling plug-in installation |
-
2014
- 2014-04-08 CN CN201410138915.9A patent/CN103873488A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070124802A1 (en) * | 2000-08-01 | 2007-05-31 | Hereuare Communications Inc. | System and Method for Distributed Network Authentication and Access Control |
| CN1815971A (en) * | 2005-02-03 | 2006-08-09 | 杭州华为三康技术有限公司 | Green internet-accessing system based on concentrated management and dictributed control, and method therefor |
| CN101188603A (en) * | 2006-11-16 | 2008-05-28 | 中兴通讯股份有限公司 | A method for access to the external network according to user's right |
| CN101895526A (en) * | 2009-05-20 | 2010-11-24 | 中国电信股份有限公司 | Dial-up authentication method and system |
| CN102830997A (en) * | 2012-08-17 | 2012-12-19 | 北京金山软件有限公司 | Method, device and equipment for controlling plug-in installation |
Non-Patent Citations (2)
| Title |
|---|
| 程治国: "基于M0n0的插件式防火墙系统开发与研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
| 赵键;吴介一: "高性能主动路由器软插件设计技术", 《计算机工程与应用》 * |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016019714A1 (en) * | 2014-08-08 | 2016-02-11 | 小米科技有限责任公司 | Method and apparatus for informing connecting condition between external device and router |
| RU2632395C2 (en) * | 2014-08-08 | 2017-10-04 | Сяоми Инк. | Method and device for reporting state of connection between external device and router |
| WO2016023361A1 (en) * | 2014-08-12 | 2016-02-18 | 小米科技有限责任公司 | Method and apparatus for controlling router plug-in |
| RU2632396C2 (en) * | 2014-08-12 | 2017-10-04 | Сяоми Инк. | Method and device to control router plug-in module |
| CN105072148A (en) * | 2015-06-30 | 2015-11-18 | 青岛海尔智能家电科技有限公司 | Method and device for building connection with terminal |
| CN105072149A (en) * | 2015-06-30 | 2015-11-18 | 青岛海尔智能家电科技有限公司 | Method and device for building remote communication through proxy gateway |
| CN111343080A (en) * | 2020-02-28 | 2020-06-26 | 北京芯盾时代科技有限公司 | Agent-based mail service method, server, client and system |
| CN111343080B (en) * | 2020-02-28 | 2020-12-04 | 北京芯盾时代科技有限公司 | Agent-based mail service method, server, client and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20190140890A1 (en) | Method and system of a dynamic high-availability mode based on current wide area network connectivity | |
| CN103812728B (en) | A kind of network diagnosis method, system and router | |
| US8761001B2 (en) | Method and network system for implementing user port orientation in multi-machine backup scenario of broadband remote access server | |
| CN103873488A (en) | Internet surfing control method based on router plug-in | |
| CN109284140B (en) | Configuration method and related equipment | |
| CN108156240B (en) | Method and system for accessing industrial adapter to server | |
| CN107959701A (en) | Data sharing method, cloud terminal, cloud desktop virtual machine and pass-through proxy server | |
| CN106060072B (en) | Authentication method and device | |
| CN106341270B (en) | A kind of fault handling method and device | |
| CN107508822A (en) | Access control method and device | |
| CN104702623B (en) | IP blockage method and system | |
| WO2015131524A1 (en) | Remote access server method and web server | |
| CN106302428A (en) | The automatic deployment method of a kind of encryption level and device | |
| CN108429743A (en) | A kind of security policy configuration method, system, domain control server and firewall box | |
| CN107911383A (en) | A kind of cryptographic check method and apparatus | |
| CN109495431A (en) | Connection control method, device and system and interchanger | |
| CN108512699B (en) | Block chain service server data anomaly detection method and equipment and block chain system | |
| CN102480472B (en) | Application program integration login method of enterprise inner network and verification server thereof | |
| CN105897479A (en) | Method of detecting wide area network interface of gateway device and gateway device | |
| CN105391566B (en) | A kind of method and device that dynamic network equipments configuration compares | |
| CN106302400A (en) | The processing method and processing device of access request | |
| CN104869118B (en) | A kind of method and system for realizing DDoS defence based on dynamic tunneling technique | |
| CN104540183B (en) | A kind of control method and device of hotspot | |
| CN107943622A (en) | Spare O&M methods, devices and systems | |
| CN105391720A (en) | User terminal login method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140618 |