CN104811462A - Access gateway redirection method and access gateway - Google Patents
Access gateway redirection method and access gateway Download PDFInfo
- Publication number
- CN104811462A CN104811462A CN201410037878.2A CN201410037878A CN104811462A CN 104811462 A CN104811462 A CN 104811462A CN 201410037878 A CN201410037878 A CN 201410037878A CN 104811462 A CN104811462 A CN 104811462A
- Authority
- CN
- China
- Prior art keywords
- terminal
- url
- address
- connection request
- portal server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to an access gateway redirection method and an access gateway. The access gateway redirection method mainly comprises the step that the access gateway judges whether a uniform resource locator (URL) which is transmitted by a terminal, aims to a portal server, is carried by a hyper text transfer protocol connection request message and is used for accessing the portal server is a right uniform resource locator (URL) or not, and the access gateway forwards the connection request to the portal server when the uniform resource locator (URL) is a right uniform resource locator (URL), and a hyper text transfer protocol (HTTP) redirection message is transmitted to the terminal when the uniform resource locator (URL) is a wrong uniform resource locator (URL). According to the embodiment of the invention, the correctness of the uniform resource locator (URL) which is transmitted by the terminal and is carried by the connection request is judged; the connection request is forwarded to the portal server when the uniform resource locator (URL) is a right uniform resource locator (URL); and when the uniform resource locator (URL) is a wrong uniform resource locator (URL), the terminal is forced to be redirected to the portal server, so that the terminal can obtain a right uniform resource locator (URL); and therefore, when a user utilizes saved portal uniform resource locators (URL) to perform Web authentication, a Web authentication process can be proceeded successfully, and the fault-tolerant ability of the Web authentication process can be improved.
Description
Technical field
The present invention relates to wireless communication technology field, particularly relate to a kind of IAD reorientation method and IAD.
Background technology
The certification being widely used in linking Internet based on door (Portal) agreement, HTML (Hypertext Markup Language) (Hypertext Transfer Protocol, HTTP) redirected web authentication controls.The typical signalling flow journey of web authentication as shown in Figure 1, comprises the following steps:
Step 101: terminal sends HTTP connection request message to IAD;
Step 102: IAD judges that (generally based on IP address or the MAC Address of terminal) terminal is in un-authenticated state, pushes HTTP redirection message to unverified terminal;
Generally, URL(uniform resource locator) (the UnionResource Location of structure is comprised in HTTP redirection message, URL), URL is below example: http a: // 221.176.1.140:8080/wlan/index.php wlanuserip=183.241.167.185 & wlanacname=1201.0010.100.00 & ssid=CMCC & NASID=8047202010000460
The information such as the IP address (wlanuserip=183.241.167.185) needed for subsequent authentication flow process are initiated in the IP address (221.176.1.140) wherein containing Portal server.
Step 103: terminal sends HTTP connection request message to Portal server;
Terminal utilizes above-mentioned URL to send HTTP request to Portal server, owing to comprising the IP address of terminal in the URL that IAD constructs when HTTP redirection, therefore, step 103 can realize by this unique identification information also namely the IP address of terminal pass to Portal server.
Step 104:Portal server pushes the unified certification Portal page to terminal;
Step 105: terminal receive user input account and password and to Portal server send logging request;
Step 106:Portal server is to Radius server lookup customer charging information;
Step 107:Radius server returns Query Result to Portal server;
Step 108:Portal server determination Query Result be successfully time, send challenge Challenge message to IAD;
The IP address (wlanuserip) that Portal extracts from URL is contained in described Challenge message.
Step 109: the Challenge of distribution is sent to Portal server by IAD;
The Challenge that step 110:Portal server by utilizing receives is encrypted user name password, and the information such as account number cipher are sent to IAD;
Step 111: the verify data received is forwarded to remote customer dialing authentication system (Remote Authentication Dial In User Service, Radius) server and verifies by IAD;
Step 112: IAD receives the authentication result of Radius server feedback;
In this step 112, IAD receive in flow process is reached the standard grade in certification Radius server reply certification by after message by this IP address configuration for passing through authentication state.
Step 113: the authentication result of Radius server feedback is forwarded to Portal server by IAD;
Step 114:Portal server pushes to terminal and logins successfully the page.
Step 115:Portal server sends authentication success to IAD.
In above-mentioned steps 102, the concrete judgement flow process of IAD as shown in Figure 2, comprises the following steps:
Step 201: IAD receives message;
Step 202: IAD judges whether IP address is in authentication state; If so, then step 204 is performed; If not, then step 203 is performed;
Step 203: judge whether the message received is HTTP message; If so, then step 205 is performed; If not, then step 206 is performed;
Step 204: E-Packet;
Step 205: judge object IP address whether in white list, if so, then performs step 207; If not, then step 208 is performed;
Step 206: E-Packet according to forwarding rule;
Step 207: be forwarded to the network equipment that object IP address is pointed to;
Step 208:HTTP is redirected to Portal server.
It should be noted that, above-mentionedly judge whether IP address of terminal is in authentication state, judge message be whether HTTP message with judge object IP whether within white list three determining steps look specific implementation process may sequencing different, but do not affect the overall decision logic of IAD.
Under normal circumstances, legal terminal successfully can carry out above-mentioned flow process, successfully passes through web authentication, but, when legal terminal preserves Portal URL, when utilizing the Portal URL preserved to carry out above-mentioned web authentication flow process, the problem of identifying procedure failure greatly may be there is.
In prior art, IAD all processes message according to the flow process in Fig. 2 after receiving message, aforesaid operations is with the addition of in the present invention, above-mentioned steps 401 can be carried out after receiving message, also can the judged result of step 202 be no after carry out, can carrying out when the judged result of step 203 is for being, can also carry out when the judged result of step 205 is for being.
Preferably, in order to carry out the judgement of URL correctness targetedly, alleviate the load of IAD, IAD is after determining that the object IP address of described HTTP connection request message is in white list, judging described for accessing whether the URL of Portal server is correct URL, also namely carrying out after being in the judged result of step 205.
Preferably, IAD by following two kinds of methods judge that terminal sends for accessing whether the URL of Portal server is correct URL:
First method:
When the IP address of terminal comprised in described URL is identical with the IP address of the current reality of this terminal, the URL carried in the HTTP connection request message that IAD determination terminal sends is correct URL;
When the IP address of terminal comprised in described URL is not identical with the IP address of the current reality of this terminal, the URL carried in the HTTP connection request message that IAD determination terminal sends is the URL of mistake.
The IP address comprised in the URL of above-mentioned first method also even terminal access Portal is not equal to the IP address of the current reality of terminal, then force HTTP redirection once, make terminal set up HTTP according to correct URL with Portal server to be connected, ensure the correct circulation of follow-up signaling.
According to above-mentioned first method, now the judgement flow process of IAD as shown in Figure 5.
Second method:
IAD is when determining that the HTTP connection request message of sensing Portal server that terminal sends had carried out a HTTP redirection, determine that the URL carried in the described HTTP connection request message that terminal sends is correct URL, when determining that the HTTP connection request message of sensing Portal server that terminal sends did not carry out HTTP redirection, determine that the URL carried in the HTTP connection request message of the sensing Portal server that terminal sends is the URL of mistake.
Namely above-mentioned second method also determines that terminal is directly set up HTTP with Portal server without HTTP redirection and is connected, then force HTTP redirection once, make terminal set up HTTP according to correct URL with Portal server to be connected, to ensure the correct circulation of follow-up signaling.
According to above-mentioned second method, now the judgement flow process of IAD as shown in Figure 6.
Preferably, IAD obtains the source IP address of described HTTP connection request message, using the IP address of this source address as the current reality of terminal.
Preferably, when the current state corresponding to IP address of IAD current reality of terminal in the IP address state table determining self maintained is for association, determine that the described HTTP connection request message that terminal sends did not carry out HTTP redirection;
The current state corresponding to IP address is have recorded in described IP address state table; Current state corresponding to IP address comprises: associate, be redirected, online, certification neutralization is unallocated; Be connected when Access Network gateway detects that terminal establishes with network, and through DHCP (DynamicHost Configuration Protocol, DHCP) IP address is got, now the current state of this IP address is association, between each state, state transition diagram is as shown in Figure 7, and state transitions condition is as follows:
Jumping to redirected condition by association is that IAD indicating terminal carries out HTTP redirection and detects that terminal correctly performs HTTP redirection;
By the redirected condition jumped in certification be IAD detect terminal initiate certification;
By jump in certification online condition be IAD detect terminal authentication success;
By the condition jumping to association be online IAD detect terminal roll off the production line and receive radius server reply charging stop message;
By the condition jumping to association in certification be IAD detect terminal authentication failure;
That IAD detects that terminal is redirected time-out by being redirected the condition jumping to association;
Under any state, when terminal disconnect to expire with IP address lease under the connection of network or DHCP situation all jump to unallocated.
Preferably, for avoiding redirect between state frequently, redirect time delay is set between each state, time delay inverse is started after meeting redirect condition, before counting down toward 0, redirect condition changes, then perform associative operation according to the redirect condition after changing, before counting down toward 0, redirect condition does not change, redirect can be carried out, especially to the redirect of unallocated state, the time delay of previous status to unallocated state transition can be set, after meeting redirect condition, start time delay inverse, count down toward the redirect that terminal before 0 is recovered then to cancel with the connection of network to unallocated state.
By the scheme of the embodiment of the present invention one, because the correctness of the URL carried in the connection request that sends terminal judges, when correct, this connection request is forwarded to Portal server, when incorrect, carry out forcing to be redirected to Portal server makes terminal can obtain correct URL, therefore, when user utilizes the Portal URL of preservation to carry out web authentication, still successfully can carry out web authentication flow process, improve the fault-tolerant ability of web authentication flow process, and compare other solutions, do not affect the normal use of user, be conducive to ensureing user awareness.
Summary of the invention
The embodiment of the present invention provides a kind of IAD reorientation method and IAD, with solve in prior art the Portal URL utilizing preservation carry out web authentication flow process time, greatly may there is the problem of identifying procedure failure.
The method that IAD is redirected, described method comprises:
IAD judge to carry in the HTTP connection request message of the sensing Portal server that terminal sends for accessing whether the URL of Portal server is correct URL;
If so, then by this connection request message repeating to Portal server;
If not, then send HTTP redirection message to terminal, this HTTP redirection message forces terminal to be redirected to Portal server.
A kind of IAD, described IAD comprises:
Receiving element, what send for receiving terminal carries URL for accessing Portal server and points to the HTML (Hypertext Markup Language) HTTP connection request message of Portal server;
Judging unit, for judging whether described URL is correct URL;
Performance element, for when the judged result of judging unit is for being, by this connection request message repeating to Portal server; When judged result is no, send HTTP redirection message to terminal, this HTTP redirection message forces terminal to be redirected to Portal server.
In the scheme of the embodiment of the present invention, because the correctness of the URL carried in the connection request that IAD sends terminal judges, when correct, this connection request is forwarded to Portal server, when incorrect, carry out pressure and be redirected to Portal server, make terminal can obtain correct URL, therefore, when user utilizes the Portal URL of preservation to carry out web authentication, still successfully can carry out web authentication flow process, improve the fault-tolerant ability of web authentication flow process, when making user utilize the Portal URL of preservation to carry out above-mentioned web authentication flow process, also can succeed.
Accompanying drawing explanation
Fig. 1 is web authentication signaling process schematic diagram in background technology;
Fig. 2 is the decision logic schematic flow sheet of IAD in background technology;
Fig. 3 is the packet sectional drawing of the crawl in the embodiment of the present invention;
Fig. 4 is one of flow chart of IAD reorientation method in the embodiment of the present invention one;
Fig. 5 is the flow chart two of IAD reorientation method in the embodiment of the present invention one;
Fig. 6 is the flow chart three of IAD reorientation method in the embodiment of the present invention one;
Fig. 7 is the state transitions schematic diagram of IP address in the embodiment of the present invention one;
Fig. 8 is the structural representation of IAD in the embodiment of the present invention two.
Embodiment
In order to scheme and the beneficial effect thereof of the embodiment of the present invention are clearly described, first use the Portal URL of preservation to carry out web authentication flow process in conjunction with web authentication principle to user below and occur that the reason of authentification failure is analyzed in detail:
Terminal is reached the standard grade to be needed to input user name, password at the Portal certification page of network push, and the URL of this page is that IAD is pushed to terminal under normal circumstances, wherein contains the IP address of terminal in URL.If user opens the Portal page in first and collected to collection, arrived the URL that this collection is opened on second ground again, now also namely user utilizes the Portal URL of preservation to initiate HTTP connection request to access network.
Afterwards, IAD carries out being redirected when judging, because the IP address comprising Portal server in this URL must in the white list of IAD, therefore, IAD is when object IP address is the IP address of Portal server, can by this message repeating to Portal server, also namely when terminal is unverified, terminal still can access Portal server.
Afterwards, when in step 108, Portal is to IAD request challenge in FIG, the IP address (being also the wlanurserip in URL) of the terminal that Portal extracts from URL is contained in this Challenge message, if so user saves the URL on first ground, use with having arrived second, because usual IP address is distributed and/or dynamic assignment by location, so this wlanurserip mistake, Portal is caused to send to the IP address mistake of the terminal of IAD in the request challenge stage, IAD may find after having verified this IP address that this IP address is not local distribution, or this IP address is authenticated be have passed.If IAD finds IP address error, reply Portal server in the distribution challenge stage exactly and made a mistake, Portal will push the result of " reaching the standard grade unsuccessfully " to user, also namely causes the failure of web authentication flow process.
Analyze by real case below:
The Portal URL preserved in terminal is: http: // 221.176.1.140:8080/wlan/index.php wlanuserip=183.241.167.185 & wlanacname=1201.0010.100.00 & ssid=CMCC & NASID=8047202010000460, current real ip address is that this terminal (from the message of arresting in Fig. 3 31) of 183.241.166.197 is set up HTTP to Portal and connected, but the wlanuserip now in the Portal URL that preserves of terminal is 183.241.167.185(from the message of arresting in Fig. 3 32) and the IP address of the current reality of nonterminal, and wlanuserip in userip and URL subsequently in the req_challenge message that sends of Portal unanimously (183.241.167.185 and non-user real ip address), now IAD is verified and is found that this IP address is not yet assigned to user, therefore challenge interaction flow is have rejected in the ack_challenge message of replying Portal, cause user's access failure.
Based on above-mentioned analysis, in the embodiment of the present invention, IAD is first analyzed, when correct, by this connection request message repeating to Portal server the correctness of the URL carried in the HTTP connection request message received; Time incorrect, send HTTP redirection message, terminal is forced to be redirected to Portal server, the IP address of the terminal comprised in the URL that now terminal receives is the IP address of current reality, also just solve the problem that the IP address of terminal in URL and the current real ip address of terminal may be inconsistent, and then successfully can carry out web authentication.
The solution of the present invention is described in detail below in conjunction with specific embodiment.
Embodiment one
As shown in Figure 4, be a kind of IAD reorientation method schematic diagram in the embodiment of the present invention one, described method specifically comprises the following steps:
Step 401: IAD judge to carry in the HTTP connection request message of the sensing Portal server that terminal sends for accessing whether the URL of Portal server is correct URL; If so, then step 402 is performed; If not, then step 403 is performed;
Step 402: by this connection request message repeating to Portal server;
Step 403: send HTTP redirection message to terminal, this HTTP redirection message forces terminal to be redirected to Portal server.
Embodiment two
Based on the same idea with the embodiment of the present invention one, the embodiment of the present invention two proposes a kind of IAD, and its structural representation as shown in Figure 8, comprising: receiving element 81, judging unit 82 and performance element 83, wherein:
Receiving element 81, what send for receiving terminal carries URL for accessing Portal server and points to the HTTP connection request message of door Portal server;
Judging unit 82, for judging whether described URL is correct URL;
Performance element 83, for when the judged result of judging unit is for being, by this connection request message repeating to Portal server; When judged result is no, send HTTP redirection message to terminal, this HTTP redirection message forces terminal to be redirected to Portal server.
Preferably, described judging unit 82, specifically for after determining that the object IP address of described HTTP connection request message is in white list, judges described for accessing whether the URL of Portal server is correct URL.
Preferably, judging unit 82, when the IP address of terminal specifically for comprising in described URL is identical with the IP address of the current reality of this terminal, determines that the URL carried in the HTTP connection request message of the sensing Portal server that terminal sends is correct URL, or, when the IP address of terminal comprised in described URL is not identical with the IP address of the current reality of this terminal, determine that the URL carried in the HTTP connection request message of the sensing Portal server that terminal sends is that the URL of mistake is when determining that the HTTP connection request message of sensing Portal server that terminal sends had carried out a HTTP redirection, determine that the URL carried in the described HTTP connection request message that terminal sends is correct URL, when determining that the HTTP connection request message of sensing Portal server that terminal sends did not carry out HTTP redirection, determine that the URL carried in the HTTP connection request message of the sensing Portal server that terminal sends is the URL of mistake.
Preferably, described IAD also comprises:
Acquiring unit 84, for obtaining the source IP address of described HTTP connection request message, using the IP address of this source address as the current reality of terminal.
Preferably, described IAD also comprises:
Record cell 85, for recording the current state corresponding to IP address; Current state corresponding to IP address comprises: associate, be redirected, online, certification neutralization is unallocated; Be connected when detecting that terminal establishes with network, and get IP address through DHCP, now the current state of this IP address is association, and the jump condition between each state is as follows: jumping to redirected condition by association is that indicating terminal carries out HTTP redirection and detects that terminal correctly performs HTTP redirection; By the redirected condition jumped in certification be detect terminal initiate certification; By jump in certification online condition be detect terminal authentication success; By the condition jumping to association be online detect terminal roll off the production line and receive radius server reply charging stop message; By the condition jumping to association in certification be detect terminal authentication failure; Detect that terminal is redirected time-out by being redirected the condition jumping to association; Under any state, when terminal disconnect to expire with IP address lease under the connection of network or DHCP situation all jump to unallocated;
Described judging unit 82, during specifically for the current state corresponding to the IP address determining the current reality of terminal in record cell for association, determines that the described HTTP connection request message that terminal sends did not carry out HTTP redirection.
Those skilled in the art should understand, the embodiment of the application can be provided as method, system or computer program.Therefore, the application can adopt the form of complete hardware embodiment, completely software implementation or the embodiment in conjunction with software and hardware aspect.And the application can adopt in one or more form wherein including the upper computer program implemented of computer-usable storage medium (including but not limited to magnetic disc store, CD-ROM, optical memory etc.) of computer usable program code.
The application describes with reference to according to the flow chart of the method for the embodiment of the present application, equipment (system) and computer program and/or block diagram.Should understand can by the combination of the flow process in each flow process in computer program instructions realization flow figure and/or block diagram and/or square frame and flow chart and/or block diagram and/or square frame.These computer program instructions can being provided to the processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing device to produce a machine, making the instruction performed by the processor of computer or other programmable data processing device produce device for realizing the function of specifying in flow chart flow process or multiple flow process and/or block diagram square frame or multiple square frame.
These computer program instructions also can be stored in can in the computer-readable memory that works in a specific way of vectoring computer or other programmable data processing device, the instruction making to be stored in this computer-readable memory produces the manufacture comprising command device, and this command device realizes the function of specifying in flow chart flow process or multiple flow process and/or block diagram square frame or multiple square frame.
These computer program instructions also can be loaded in computer or other programmable data processing device, make on computer or other programmable devices, to perform sequence of operations step to produce computer implemented process, thus the instruction performed on computer or other programmable devices is provided for the step realizing the function of specifying in flow chart flow process or multiple flow process and/or block diagram square frame or multiple square frame.
Although described the preferred embodiment of the application, those skilled in the art once obtain the basic creative concept of cicada, then can make other change and amendment to these embodiments.So claims are intended to be interpreted as comprising preferred embodiment and falling into all changes and the amendment of the application's scope.
Obviously, those skilled in the art can carry out various change and modification to the present invention and not depart from the spirit and scope of the present invention.Like this, if these amendments of the present invention and modification belong within the scope of the claims in the present invention and equivalent technologies thereof, then the present invention is also intended to comprise these change and modification.
Claims (10)
1. an IAD reorientation method, is characterized in that, described method comprises:
IAD judge to carry in the HTML (Hypertext Markup Language) HTTP connection request message of the sensing door Portal server that terminal sends for accessing whether the uniform resource position mark URL of Portal server is correct URL;
If so, then by this connection request message repeating to Portal server;
If not, then send HTTP redirection message to terminal, this HTTP redirection message forces terminal to be redirected to Portal server.
2. the method for claim 1, is characterized in that, IAD, after determining that the object IP address of described HTTP connection request message is in white list, judges described for accessing whether the URL of Portal server is correct URL.
3. method as claimed in claim 1 or 2, is characterized in that, IAD judge by the following method to carry in the HTTP connection request message of the sensing Portal server that terminal sends for accessing whether the URL of Portal server is correct URL:
When the IP address of terminal comprised in described URL is identical with the IP address of the current reality of this terminal, the URL carried in the HTTP connection request message of the sensing Portal server that IAD determination terminal sends is correct URL; When the IP address of terminal comprised in described URL is not identical with the IP address of the current reality of this terminal, the URL carried in the HTTP connection request message of the sensing Portal server that IAD determination terminal sends is the URL of mistake;
Or
IAD is when determining that the HTTP connection request message of sensing Portal server that terminal sends had carried out a HTTP redirection, determine that the URL carried in the described HTTP connection request message that terminal sends is correct URL, when determining that the HTTP connection request message of sensing Portal server that terminal sends did not carry out HTTP redirection, determine that the URL carried in the HTTP connection request message of the sensing Portal server that terminal sends is the URL of mistake.
4. method as claimed in claim 3, it is characterized in that, IAD obtains the source IP address of described HTTP connection request message, using the IP address of this source address as the current reality of terminal.
5. method as claimed in claim 3, it is characterized in that, when the current state corresponding to IP address of IAD current reality of terminal in the IP address state table determining self maintained is for association, determine that the described HTTP connection request message that terminal sends did not carry out HTTP redirection;
The current state corresponding to IP address is have recorded in described IP address state table; Current state corresponding to IP address comprises: associate, be redirected, online, certification neutralization is unallocated; Be connected when Access Network gateway detects that terminal establishes with network, and get IP address through dynamic host configuration protocol DHCP, now the current state of this IP address is association, and the jump condition between each state is as follows:
Jumping to redirected condition by association is that indicating terminal carries out HTTP redirection and detects that terminal correctly performs HTTP redirection;
By the redirected condition jumped in certification be detect terminal initiate certification;
By jump in certification online condition be detect terminal authentication success;
By the condition jumping to association be online detect terminal roll off the production line and receive remote customer dialing authentication system Radius server reply charging stop message;
By the condition jumping to association in certification be detect terminal authentication failure;
Detect that terminal is redirected time-out by being redirected the condition jumping to association;
Under any state, when terminal disconnect to expire with IP address lease under the connection of network or DHCP situation all jump to unallocated.
6. an IAD, is characterized in that, described IAD comprises:
Receiving element, what send for receiving terminal carries uniform resource position mark URL for accessing door Portal server and points to the HTML (Hypertext Markup Language) HTTP connection request message of Portal server;
Judging unit, for judging whether described URL is correct URL;
Performance element, for when the judged result of judging unit is for being, by this connection request message repeating to Portal server; When judged result is no, send HTTP redirection message to terminal, this HTTP redirection message forces terminal to be redirected to Portal server.
7. IAD as claimed in claim 6, it is characterized in that, described judging unit, specifically for after determining that the object IP address of described HTTP connection request message is in white list, judges described for accessing whether the URL of Portal server is correct URL.
8. IAD as claimed in claims 6 or 7, it is characterized in that, judging unit, when IP address of terminal specifically for comprising in described URL is identical with the IP address of the current reality of this terminal, determine that the URL carried in the HTTP connection request message of the sensing Portal server that terminal sends is correct URL; When the IP address of terminal comprised in described URL is not identical with the IP address of the current reality of this terminal, determine that the URL carried in the HTTP connection request message of the sensing Portal server that terminal sends is the URL of mistake;
Or
When determining that the HTTP connection request message of sensing Portal server that terminal sends had carried out a HTTP redirection, determine that the URL carried in the described HTTP connection request message that terminal sends is correct URL, when determining that the HTTP connection request message of sensing Portal server that terminal sends did not carry out HTTP redirection, determine that the URL carried in the HTTP connection request message of the sensing Portal server that terminal sends is the URL of mistake.
9. IAD as claimed in claim 8, it is characterized in that, described IAD also comprises:
Acquiring unit, for obtaining the source IP address of described HTTP connection request message, using the IP address of this source address as the current reality of terminal.
10. IAD as claimed in claim 8, it is characterized in that, described IAD also comprises:
Record cell, for recording the current state corresponding to IP address; Current state corresponding to IP address comprises: associate, be redirected, online, certification neutralization is unallocated; Be connected when detecting that terminal establishes with network, and get IP address through dynamic host configuration protocol DHCP, now the current state of this IP address is association, and the jump condition between each state is as follows: jumping to redirected condition by association is that indicating terminal carries out HTTP redirection and detects that terminal correctly performs HTTP redirection; By the redirected condition jumped in certification be detect terminal initiate certification; By jump in certification online condition be detect terminal authentication success; By the condition jumping to association be online detect terminal roll off the production line and receive remote customer dialing authentication system Radius server reply charging stop message; By the condition jumping to association in certification be detect terminal authentication failure; Detect that terminal is redirected time-out by being redirected the condition jumping to association; Under any state, when terminal disconnect to expire with IP address lease under the connection of network or DHCP situation all jump to unallocated;
Described judging unit, during specifically for the current state corresponding to the IP address determining the current reality of terminal in record cell for association, determines that the described HTTP connection request message that terminal sends did not carry out HTTP redirection.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410037878.2A CN104811462B (en) | 2014-01-26 | 2014-01-26 | A kind of access gateway reorientation method and access gateway |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410037878.2A CN104811462B (en) | 2014-01-26 | 2014-01-26 | A kind of access gateway reorientation method and access gateway |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104811462A true CN104811462A (en) | 2015-07-29 |
| CN104811462B CN104811462B (en) | 2018-05-18 |
Family
ID=53695954
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410037878.2A Active CN104811462B (en) | 2014-01-26 | 2014-01-26 | A kind of access gateway reorientation method and access gateway |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104811462B (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105338072A (en) * | 2015-10-20 | 2016-02-17 | 上海斐讯数据通信技术有限公司 | HTTP (hyper text transport protocol) redirecting method and routing equipment |
| CN105391625A (en) * | 2015-12-25 | 2016-03-09 | 成都云晖航空科技股份有限公司 | Safe operation method of aerial Internet social platform |
| CN105554511A (en) * | 2015-12-24 | 2016-05-04 | 成都云晖航空科技股份有限公司 | Encryption transmission method of onboard audio and video files |
| CN105578466A (en) * | 2015-12-23 | 2016-05-11 | 成都云晖航空科技股份有限公司 | In-flight entertainment file transmission method |
| CN105610690A (en) * | 2015-12-25 | 2016-05-25 | 成都云晖航空科技股份有限公司 | Method for constructing aerial internet social contact platform |
| CN105610689A (en) * | 2015-12-25 | 2016-05-25 | 成都云晖航空科技股份有限公司 | Aerial internet social contact system |
| CN105635127A (en) * | 2015-12-24 | 2016-06-01 | 成都云晖航空科技股份有限公司 | Airborne audio and video file transmission system |
| CN105872766A (en) * | 2016-03-31 | 2016-08-17 | 乐视控股(北京)有限公司 | Display control method and device |
| CN106550001A (en) * | 2015-09-23 | 2017-03-29 | 中兴通讯股份有限公司 | A kind of method and device of redirection |
| WO2017166806A1 (en) * | 2016-03-29 | 2017-10-05 | 上海斐讯数据通信技术有限公司 | Browser-based method for jumping to access authentication page, and user terminal |
| CN108933794A (en) * | 2018-08-22 | 2018-12-04 | 广州视源电子科技股份有限公司 | A kind of method, apparatus, equipment and server that business strategy is added |
| CN109041101A (en) * | 2018-08-24 | 2018-12-18 | 北京小米移动软件有限公司 | WIFI cutout processing method, terminal, server and storage medium |
| CN110891056A (en) * | 2019-11-20 | 2020-03-17 | 杭州迪普科技股份有限公司 | HTTPS request authentication method and device, electronic equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060059092A1 (en) * | 2004-09-16 | 2006-03-16 | Burshan Chen Y | Method and apparatus for user domain based white lists |
| CN102075583A (en) * | 2011-01-30 | 2011-05-25 | 杭州华三通信技术有限公司 | HTTP request message processing method and equipment |
| CN103200159A (en) * | 2012-01-04 | 2013-07-10 | 中国移动通信集团公司 | Network access method and equipment |
| US20130268666A1 (en) * | 2012-04-04 | 2013-10-10 | David Wilson | Captive portal redirection using display layout information |
-
2014
- 2014-01-26 CN CN201410037878.2A patent/CN104811462B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060059092A1 (en) * | 2004-09-16 | 2006-03-16 | Burshan Chen Y | Method and apparatus for user domain based white lists |
| CN102075583A (en) * | 2011-01-30 | 2011-05-25 | 杭州华三通信技术有限公司 | HTTP request message processing method and equipment |
| CN103200159A (en) * | 2012-01-04 | 2013-07-10 | 中国移动通信集团公司 | Network access method and equipment |
| US20130268666A1 (en) * | 2012-04-04 | 2013-10-10 | David Wilson | Captive portal redirection using display layout information |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106550001A (en) * | 2015-09-23 | 2017-03-29 | 中兴通讯股份有限公司 | A kind of method and device of redirection |
| CN106550001B (en) * | 2015-09-23 | 2021-02-23 | 中兴通讯股份有限公司 | Redirection method and device |
| WO2017049908A1 (en) * | 2015-09-23 | 2017-03-30 | 中兴通讯股份有限公司 | Method and device for redirection |
| CN105338072A (en) * | 2015-10-20 | 2016-02-17 | 上海斐讯数据通信技术有限公司 | HTTP (hyper text transport protocol) redirecting method and routing equipment |
| CN105578466A (en) * | 2015-12-23 | 2016-05-11 | 成都云晖航空科技股份有限公司 | In-flight entertainment file transmission method |
| CN105554511A (en) * | 2015-12-24 | 2016-05-04 | 成都云晖航空科技股份有限公司 | Encryption transmission method of onboard audio and video files |
| CN105635127A (en) * | 2015-12-24 | 2016-06-01 | 成都云晖航空科技股份有限公司 | Airborne audio and video file transmission system |
| CN105610690A (en) * | 2015-12-25 | 2016-05-25 | 成都云晖航空科技股份有限公司 | Method for constructing aerial internet social contact platform |
| CN105610689A (en) * | 2015-12-25 | 2016-05-25 | 成都云晖航空科技股份有限公司 | Aerial internet social contact system |
| CN105391625A (en) * | 2015-12-25 | 2016-03-09 | 成都云晖航空科技股份有限公司 | Safe operation method of aerial Internet social platform |
| WO2017166806A1 (en) * | 2016-03-29 | 2017-10-05 | 上海斐讯数据通信技术有限公司 | Browser-based method for jumping to access authentication page, and user terminal |
| CN105872766A (en) * | 2016-03-31 | 2016-08-17 | 乐视控股(北京)有限公司 | Display control method and device |
| CN108933794A (en) * | 2018-08-22 | 2018-12-04 | 广州视源电子科技股份有限公司 | A kind of method, apparatus, equipment and server that business strategy is added |
| CN109041101A (en) * | 2018-08-24 | 2018-12-18 | 北京小米移动软件有限公司 | WIFI cutout processing method, terminal, server and storage medium |
| CN109041101B (en) * | 2018-08-24 | 2022-03-18 | 北京小米移动软件有限公司 | WIFI cut-off processing method, terminal, server and storage medium |
| CN110891056A (en) * | 2019-11-20 | 2020-03-17 | 杭州迪普科技股份有限公司 | HTTPS request authentication method and device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104811462B (en) | 2018-05-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104811462A (en) | Access gateway redirection method and access gateway | |
| EP3013086B1 (en) | Method, apparatus and electronic device for connection management | |
| CN103152400B (en) | The method, system and the cloud server that log in is carried out by mobile terminal | |
| US8448233B2 (en) | Dealing with web attacks using cryptographically signed HTTP cookies | |
| CN101702717B (en) | Method, system and equipment for authenticating Portal | |
| CN107086979B (en) | User terminal verification login method and device | |
| US10237271B2 (en) | Access terminal | |
| CN107508822B (en) | Access control method and device | |
| CN112291271B (en) | Method, system and medium for automatically logging in server by mobile equipment | |
| CN104580553B (en) | Method and device for identifying network address translation equipment | |
| CN105554098A (en) | Device configuration method, server and system | |
| CN103796278A (en) | Mobile terminal wireless network access control method | |
| CN105873055B (en) | Wireless network access authentication method and device | |
| CN104821940A (en) | Method and equipment for sending portal redirected address | |
| EP2999250A1 (en) | Method and apparatus for interconnection between terminal device and gateway device | |
| US20160234307A1 (en) | Data transmission method, device, and system | |
| CN105450614A (en) | Server account login method, apparatus and system | |
| CN103905399A (en) | Account registration management method and apparatus | |
| EP3206422A1 (en) | Method and device for creating subscription resource | |
| CN104837134A (en) | Web authentication user registration method, device and system | |
| CN106060072A (en) | Authentication method and device | |
| US20130268662A1 (en) | Hypertext transfer protocol http stream association method and device | |
| CN104936177A (en) | Access authentication method and access authentication system | |
| CN104935556B (en) | A kind of network security processing method, apparatus and system | |
| CN107800715B (en) | portal authentication method and access equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| EXSB | Decision made by sipo to initiate substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |