CN106101063A - Certification reorientation method and certification redirection device - Google Patents
Certification reorientation method and certification redirection device Download PDFInfo
- Publication number
- CN106101063A CN106101063A CN201610354956.0A CN201610354956A CN106101063A CN 106101063 A CN106101063 A CN 106101063A CN 201610354956 A CN201610354956 A CN 201610354956A CN 106101063 A CN106101063 A CN 106101063A
- Authority
- CN
- China
- Prior art keywords
- http request
- request message
- message
- target terminal
- certification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Abstract
The present invention is about a kind of certification reorientation method and certification redirection device, and the method may include that to be set up after TCP is connected with target terminal, when receiving the HTTP request message of target terminal transmission, resolves described HTTP request message;Judge whether described HTTP request message is message identifying according to analysis result;If described HTTP request message is message identifying, then transmits redirection message to described target terminal, otherwise, disconnect and being connected with the TCP of described target terminal.By technical scheme, the HTTP request message to not being message identifying can be avoided to redirect, thus avoid flow and the waste of access device performance.
Description
Technical field
The present invention relates to communication technical field, particularly relate to a kind of certification reorientation method and certification redirection device.
Background technology
Web (webpage) certification is also commonly referred to as Portal (door) certification, needs user legal in user terminal input
User profile just can make the user terminal certification by access device, thus obtains Internet resources by user terminal.With
Before family terminal is not by the certification of access device, when user terminal sends the HTTP request message for obtaining Internet resources,
Access device can force user terminal to be first authenticated, and also will be redirected to the web authentication page by user terminal.
Along with the application installed on user terminal gets more and more, widely apply after may being simultaneously run in user terminal
Platform.But, before user terminal is not by the certification of access device, some background program (such as antivirus software, input method,
Audio frequency and video software etc.) may send for obtaining the HTTP request message of Internet resources to access device concomitantly, these by
The HTTP request message that background program sends at user end certification by front frequent triggering authentication flow process, thus can waste access
The process performance of equipment.
Summary of the invention
The present invention provides a kind of certification reorientation method and certification redirection device, to solve the deficiency in correlation technique.
First aspect according to embodiments of the present invention, it is provided that a kind of certification reorientation method, including:
Setting up with target terminal after TCP is connected, when receiving the HTTP request message that described target terminal sends, resolving
Described HTTP request message;
Judge whether described HTTP request message is message identifying according to analysis result;
If described HTTP request message is message identifying, then transmits redirection message to described target terminal, otherwise, disconnect
It is connected with the TCP of described target terminal.
Alternatively, according to analysis result, described step judges whether described HTTP request message is to include for message identifying:
Judge that whether there is language in described HTTP request message supports attribute according to described analysis result;
If described HTTP request message existing language support attribute, then judge that described HTTP request message is as certification report
Literary composition.
Alternatively, according to analysis result, described step judges whether described HTTP request message is to include for message identifying:
Judge according to described analysis result whether the content of described HTTP request message request comprises catalogue;
If the content of described HTTP request message request comprises catalogue, then judge that described HTTP request message is as certification report
Literary composition.
Alternatively, said method also includes:
In the case of described HTTP request message is non-authentication message, transmit information to described target terminal.
Second aspect according to embodiments of the present invention, it is provided that a kind of certification redirection device, including:
Resolution unit, is setting up with target terminal after TCP is connected, is receiving the HTTP request report that described target terminal sends
Wen Shi, resolves described HTTP request message;
According to analysis result, judging unit, judges whether described HTTP request message is message identifying;
Redirect unit, in the case of described HTTP request message is message identifying, to described target terminal transmission weight
Orientation message;
Switching units, in the case of described HTTP request message is non-authentication message, disconnects and described target terminal
TCP connects.
Alternatively, described judging unit includes:
Attributive judgment subelement, judges whether there is language support in described HTTP request message according to described analysis result
Attribute, if there is language in described HTTP request message to support attribute, then judges that described HTTP request message is as message identifying.
Alternatively, described judging unit includes:
Catalogue judgment sub-unit, judges according to described analysis result whether the content of described HTTP request message request comprises
Catalogue, if the content of described HTTP request message request comprises catalogue, then judges that described HTTP request message is as message identifying.
Alternatively, said apparatus also includes:
Tip element, in the case of described HTTP request message is non-authentication message, carries to the transmission of described target terminal
Show information.
From above-described embodiment, the present invention is by resolving HTTP request message, and judges according to analysis result
Need HTTP request message is redirected, thus only when HTTP request message is message identifying, just pass to target terminal
Defeated redirection message, it is to avoid the HTTP request message not being message identifying is redirected, thus avoid waste flow and
The process performance of access device.
It should be appreciated that it is only exemplary and explanatory, not that above general description and details hereinafter describe
The present invention can be limited.
Accompanying drawing explanation
Accompanying drawing herein is merged in description and constitutes the part of this specification, it is shown that meet the enforcement of the present invention
Example, and for explaining the principle of the present invention together with description.
Fig. 1 is the application scenarios schematic diagram that the application present invention implements certification reorientation method.
Fig. 2 is the flow chart according to a kind of certification reorientation method shown in an exemplary embodiment.
Fig. 3 is the detail flowchart according to a kind of certification reorientation method shown in an exemplary embodiment.
Fig. 4 is to judge that whether HTTP request message is the flow process of message identifying according to a kind of shown in an exemplary embodiment
Figure.
Fig. 5 is to judge that whether HTTP request message is the stream of message identifying according to another shown in an exemplary embodiment
Cheng Tu.
Fig. 6 is the flow chart according to another the certification reorientation method shown in an exemplary embodiment.
Fig. 7 is a kind of hardware structure diagram illustrating certification redirection device place equipment according to an exemplary embodiment.
Fig. 8 is the block diagram according to a kind of certification redirection device shown in an exemplary embodiment.
Fig. 9 is according to the block diagram of judging unit in the certification redirection device shown in an exemplary embodiment.
Figure 10 is the block diagram according to another the certification redirection device shown in an exemplary embodiment.
Detailed description of the invention
Here will illustrate exemplary embodiment in detail, its example represents in the accompanying drawings.Explained below relates to
During accompanying drawing, unless otherwise indicated, the same numbers in different accompanying drawings represents same or analogous key element.Following exemplary embodiment
Described in embodiment do not represent all embodiments consistent with the present invention.On the contrary, they are only with the most appended
The example of the apparatus and method that some aspects that described in detail in claims, the present invention are consistent.
See Fig. 1, implement the application scenarios schematic diagram of certification reorientation method for the application present invention:
As it is shown in figure 1, user terminal is connected to access device, access device is connected to the Internet.Do not lead at user terminal
Before crossing the certification of access device, when user terminal sends HTTP request message request to access device, access device can be forced
User terminal is authenticated, and user terminal transmission redirection message, by user terminal HTTP request message redirecting to web authentication
The page.When user by user terminal after the web authentication page legal user profile of input, access device certification user is eventually
End, after user terminal is by the certification of access device, can obtain Internet resources by access device from the Internet.
Fig. 2 is the flow chart according to a kind of certification reorientation method shown in an exemplary embodiment, and this embodiment is permissible
In access device, comprise the following steps:
S202, is setting up with target terminal after TCP is connected, when receiving the HTTP request message that target terminal sends, is solving
Analysis HTTP request message;
According to analysis result, S204, judges whether HTTP request message is message identifying;
S206, if HTTP request message is message identifying, then transmits redirection message to target terminal, otherwise, performs
S208;
S208, disconnects and being connected with the TCP of target terminal.
According to the present embodiment, when receiving the HTTP request message of target terminal, access device will not be directly to HTTP
Request message carries out processing and returning redirection message, but first resolves HTTP request message, then according to resolving knot
Fruit judges whether HTTP request message is message identifying, and when HTTP request message is message identifying, just returns and redirect report
Literary composition, to redirect HTTP request message;And when HTTP request message is non-authentication message, disconnect and target terminal
TCP connects.Thus avoid the HTTP request message to not being message identifying to redirect, and then avoid wasting flow and connecing
Enter the process performance of equipment.
In correlation technique, access device, can be directly to target terminal when receiving the HTTP request message of target terminal
Feeding back ACK (confirmation) message, then transmits redirection message to target terminal, to redirect HTTP request message.So
And application sends to access device in HTTP request message is by target terminal, HTTP request message is not certification
Message, user is not the most authenticated operation, so target terminal does not open browser, recognizes so Web cannot be redirected to
The card page.Even if target terminal opens browser in this case, and HTTP request message has been redirected to Web and has recognized
The card page, but owing to this authentication operation non-user are initiated, user may close this page.So at HTTP request message being
Being sent to access device by application in target terminal, this HTTP request message not message identifying, is without right
HTTP request message redirects.And access device is to the HTTP request of application in target terminal in the related
Message has been also carried out redirecting, and wastes the performance of flow and access device.
According to the present embodiment, access device is receiving the HTTP request message of target terminal (such as HTTP GET message)
Time, first this message can be resolved, and judge, according to analysis result, the situation that HTTP request message is message identifying
Lower ability is to target terminal feeding back ACK (confirmation) message, and to target terminal transmission redirection message, (such as HTTP resets further
To message), HTTP head Location (address) label of redirection message carries the URL of certification page.Target terminal is receiving
After redirection message, can be forced to ask above-mentioned URL, then access device and target terminal complete four times and wave, and terminate weight
The TCP flow of directional operation.Target terminal is after asking above-mentioned URL, then completes three-way handshake with access device, and then obtains certification
Page info, thus open certification page.User can input username and password in certification page, and access device judges should
Username and password is the most legal, if legal, then certification is passed through, and adds the source IP of target terminal to white list, and then user
Network can be accessed by target terminal and obtain Internet resources.
Fig. 3 is the flow chart according to the another kind of certification reorientation method shown in an exemplary embodiment, this embodiment pair
The overall flow that certification of the present invention redirects is described in detail, and may include steps of:
S301, is setting up with target terminal after TCP is connected, is receiving SYN message (the HTTP request message that target terminal sends
In a kind of for TCP/IP set up connect time use handshake);
S302, obtains source IP and purpose IP of target terminal from SYN message, according to source IP and/or the judgement of purpose IP is
No needs are authenticated, and in the case of if desired certification, then perform S303;
S303, owing to purpose IP is generally external network server, and now user terminal is not yet connected to the Internet, Ye Jiwu
Method accesses external network server, and therefore access device can be acted on behalf of external network server and send SYN-ACK message to target terminal, thus
Set up TCP (Transmission Control Protocol transmission control protocol) with target terminal to connect;
S304, receives the ACK message of target terminal, completes three-way handshake;
S305, when receiving the HTTP request message of target terminal, resolves HTTP request message;
According to analysis result, S306, judges whether HTTP request message is message identifying, if message identifying, then performs step
Rapid 307, otherwise, perform S308;
S307, transmits redirection message to target terminal, performs step 309;
S308, carries out four times with target terminal and waves, and disconnects and being connected with the TCP of target terminal;
S309, receives the ACK message of target terminal, transmits redirection message to target terminal;
S310, carries out four times with target terminal and waves, and disconnects and being connected with the TCP of target terminal;
S311, owing to the HTTP head Location label of redirection message carries the URL of certification page, so that user
This URL of terminal mandatory requirement, opens the web authentication page, and access device carries out three-way handshake again with user terminal, receives user
Terminal obtains the request message of certification page, and user terminal, after getting the information of certification page, can be beaten in a browser
Open certification page, for user in web authentication page input authentication information;
According to authentication information, S312, judges that user terminal, whether by certification, if by certification, then says that source IP adds in vain
List, when user terminal sends HTTP request message, according to white list, access device determines that user terminal has passed through certification, from
And allow user terminal to obtain Internet resources.
According to the present embodiment, when receiving the HTTP request message of target terminal, access device will not be directly to HTTP
Request message carries out processing and returning redirection message, but first resolves HTTP request message, then according to resolving knot
Fruit judges whether HTTP request message is message identifying, and just returns redirection report when HTTP request message is message identifying
Literary composition, to redirect HTTP request message, and when HTTP request message is non-authentication message, disconnects and target terminal
TCP connects.Thus realize only the HTTP request message being message identifying being redirected, it is to avoid to being non-message identifying
HTTP request message redirects, and then avoids flow and the waste of access device process performance.
Fig. 4 is the flow chart according to the another kind of certification reorientation method shown in an exemplary embodiment, and this embodiment exists
On the basis of embodiment illustrated in fig. 2, show in detail and a kind of judge that whether HTTP request message is the process of message identifying, optional
Ground, S204 may include that
According to analysis result, S2042, judges that whether there is language in HTTP request message supports attribute;
S2044, if there is language in HTTP request message to support attribute, then judges that HTTP request message is as message identifying.
In one example, when HTTP request message existing language and supporting attribute (Accept-Language), HTTP
The form of request message can be as follows:
GET/main2_pannel.html?Pi=1&index=1&type=http&_=
20150729134621HTTP/1.1
X-Requested-with:XMLHttpRequest
Accept:application/json, text/javascript, */*;Q=0.01
Referer:http: //www.duba.com/?F=dbsj&db_99_52
Accept-language:zh-cn
Accept-Encoding:gzip, deflate
User-Agent:Mozilla/5.0 (comlatible;MSIE 9.0;Windows NT 6.1;Trident/
5.0)
Host:www.duba.com
Connettion:Keep-Alive
Cookie:t_web_page=1;CNZZDATA30069637=cnzz_eid%3D1459839025-
1436761307-%26ntime%3D1438146342
_ _ kp=44572e7ag889rjfpqfenkeoatvvo;_ _ kt=1436765592;_ _ dbsg=ij7t5md
fksda8fksdafka19b04cef36a;Shuffle1=1
HTTP/1.1 200OK
Data:Wed, 29,Ju1 2015 05:47:30GMT
Server:nginx/1.8.0
Content-Type:application/json
Transfer-Encoding:chunked
Content-Ecoding:gzip
Age:1897
X-CaChe:HIT from cache.51cdn.com
X-Via:1.1muyuan31:8107 (Cdn Cache Server V2.0), 1.1ywt10:1 (Cdn Cache
Server V2.0)
Set-Cookie:_dbsg=ij7t5mdfksda8fksadafka19b04cef36a;path/;Expires=
12Dec2050 23:55:55GMT;
This HTTP request message is the HTTP message to http://www.duba.com/ request resource, wherein comprises language
Support attribute, Accept-language:zh-cn, namely support Chinese, such as, support French, then language supports that attribute is
Accept-language:fr-FR.
Due to target terminal initiate the HTTP request message for certification in generally there are language support attribute rather than
The most there is not language and support attribute in the HTTP request message for certification, therefore can judge HTTP request report according to analysis result
Whether literary composition exists language and supports attribute, to judge that whether HTTP request message is as message identifying exactly.
Fig. 5 is the flow chart according to the another kind of certification reorientation method shown in an exemplary embodiment, and this embodiment exists
On the basis of embodiment illustrated in fig. 2, show in detail another and judge that whether HTTP request message is the process of message identifying, can
Selection of land, S204 may include that
S2046, judges according to analysis result whether the content of HTTP request message request comprises catalogue;
S2048, if the content of HTTP request message request comprises catalogue, then judges that HTTP request message is as message identifying.
In one example, when the content of HTTP request message comprises catalogue, the form of HTTP request message can be as
Shown in lower:
GET/HTTP/1.1
Accept:text/html, application/xhtml+xml, */*
Accept-language:zh-cn
User-Agent:Mozilla/5.0 (compatible:MISE 9.0;windows NT 6.1;Trident/
5.0)
Accept-Encoding:gzip, deflate
Host:sports.qq.com
Connetion:Keep-Alive
HTTP/1.1 200OK
Server:squid/3.4.1
Data:Thu, 30,Ju1 2015 12:12:57GMT
Content-Type:text/html;Charset=GB2312
Connection:keep-alive
Vary:Accept-Encoding
Expires:Thu, 30,Ju1 2015 12:13:57GMT
Cacha-Control:max-age=60
Vary:Accept-Encoding
Content-Encoding:gzip
Vary:Accept-Encoding
X-Cache:EXPIRED from shenzhen.qq.com
This HTTP request message is the HTTP message to http://sports.qq.com/ request resource, wherein asks
"/" is the root of this URL.It should be noted that the present embodiment is not limited to judge according to root, please at HTTP
The content seeking message request comprises other catalogues, such as time "/nba " (namely catalogue of entitled nba under root), it is also possible to sentence
This HTTP request message fixed is message identifying.
Due to the catalogue of meeting request server general in the HTTP request message for certification that target terminal is initiated, and not
It is then to ask the concrete file under catalogue for the HTTP request message of certification, therefore can judge according to analysis result
Whether the content of HTTP request message request comprises catalogue, to judge that whether HTTP request message is as message identifying exactly.
It should be noted that S2046 and S2048 in the embodiment of the method shown in above-mentioned Fig. 5 can also be included in aforementioned
In the embodiment of the method for Fig. 4, this present invention is not limited.
Such as can judge that whether there is language in HTTP request message supports attribute according to judged result, and judge
Whether the content of HTTP request message request comprises catalogue;
If HTTP request message existing language support attribute, and the content of HTTP request message request comprising catalogue, then
Can be determined that HTTP request message is message identifying.
According to this embodiment, it can the situation that not only there is language support attribute but also comprise catalogue in HTTP request message
Under, just judge to need to HTTP request message as message identifying, thus improved by two conditions and judge that HTTP request message is
The no accuracy rate for message identifying.
Except " judging that HTTP request message is as message identifying " by the way of being illustrated by earlier figures 4 and Fig. 5, it is also possible to pass through
In the following manner " judges that HTTP request message is as non-authentication message ":
In one example, support attribute when HTTP request message does not exist language, and the content of request does not comprises
During catalogue, it is possible to determine that HTTP request message is non-authentication message, and now the form of HTTP request message can be as follows:
GET/360game/360game_setup.exe HTTP/1.1
Accept:*/*
User-Agent:Mozilla/4.0 (compatiable;MSIE 6.0;Windows NT 5.1;SV1)
Host:down.360safe.com
Range:bytes=3670016-7324783
Connection:Close
Cache-Control:no-cache
HTTP/1.1 206Partial Content
Server:nginx
Date:Wed, 29,Ju1 2015 07:02:22GMT
Content-Type:application/octet-stream
Content-Length:3654768
Last-Modified:Sat, 25,Ju1 2015 13:01:33GMT
Connection:close
Expires:Wed, 29,Ju1 2015 13:01:33GMT
Cache-Control:max-age=28800
Content-Range:bytes 3670016-7324783/7324784
This HTTP request message is that 360 security guards report to the HTTP of server request 360game_setup.exe file
, the most there is not language and support attribute, and the content of request does not the most comprise catalogue, therefore can be determined that this HTTP request message in literary composition
For non-authentication message, therefore need not this HTTP request message is redirected.
In another example, the embodiment of the present invention can also be by judging that HTTP request message is to server request content
Type judge whether HTTP request message is message identifying, such as above-mentioned HTTP request message is to the class of server request content
Type is .exe file, it is possible to determine that HTTP request message is non-authentication message.Other application, such as chat application be likely to
The forward direction access device that family is authenticated sends the front end of message, the such as chat application HTTP request message to server request
" GET/qqfile/pic/we b.png " can be comprised, namely chat application is to server request picture file, it is possible to determine that
HTTP request message is non-authentication message.According to the two example, at HTTP request message to server request content
When type is file, it is possible to determine that HTTP request message is non-authentication message, it is not necessary to this HTTP request message is reset
To.
Fig. 6 is the flow chart according to another the certification reorientation method shown in an exemplary embodiment, and this embodiment exists
On the basis of embodiment illustrated in fig. 2, after step 208, may further include following steps:
In S210, in the case of HTTP request message is non-authentication message, transmit information to target terminal.
According to the present embodiment, when judging that HTTP request message is non-authentication message, although now user is not yet carried out
Certification, but may determine that current target terminal is in the state that may connect to the Internet, therefore can transmit to target terminal
Information, prompts the user whether to be authenticated, in order to user is by being authenticated according to prompting, thus quickly networks.
The embodiment of certification redirection device of the present invention can be applied on network devices.Device embodiment can be by soft
Part realizes, it is also possible to realize by the way of hardware or software and hardware combining.As a example by implemented in software, as a logical meaning
On device, being the processor by its place equipment reads computer program instructions corresponding in nonvolatile memory
Internal memory runs formation.For hardware view, as it is shown in fig. 7, be the one of certification redirection device place of the present invention equipment
Plant hardware structure diagram, in addition to the processor shown in Fig. 7, network interface, internal memory and nonvolatile memory, in embodiment
The equipment at device place generally can also include other hardware, such as the forwarding chip etc. of responsible process message;From hardware configuration
This equipment from the point of view of on, it is also possible that distributed equipment, potentially includes multiple interface card, in order to carry out at message at hardware view
The extension of reason.
Fig. 8 is according to a kind of certification redirection device block diagram shown in an exemplary embodiment.With reference to Fig. 8, this device 80
Including:
Resolution unit 81, is setting up with target terminal after TCP is connected, is receiving the HTTP request message that target terminal sends
Time, resolve HTTP request message;
According to analysis result, judging unit 82, judges whether HTTP request message is message identifying;
Redirect unit 83, in the case of HTTP request message is message identifying, redirect report to target terminal transmission
Literary composition;
Switching units 84, in the case of HTTP request message is non-authentication message, disconnects the TCP with target terminal even
Connect.
As it is shown in figure 9, Fig. 9 is according to the frame of judging unit 82 in the certification redirection device shown in an exemplary embodiment
Figure, this embodiment is on the basis of aforementioned embodiment illustrated in fig. 8, alternatively, it is judged that unit 82 includes:
According to analysis result, attributive judgment subelement 821, judges that whether there is language in HTTP request message supports attribute,
If HTTP request message existing language support attribute, then judge that HTTP request message is as message identifying.
As it is shown in figure 9, Fig. 9 is according to the frame of judging unit 82 in the certification redirection device shown in an exemplary embodiment
Figure, this embodiment is on the basis of aforementioned embodiment illustrated in fig. 8, alternatively, it is judged that unit 82 includes:
Catalogue judgment sub-unit 822, judges according to analysis result whether the content of HTTP request message request comprises catalogue,
If the content of HTTP request message request comprises catalogue, then judge that HTTP request message is as message identifying.
As shown in Figure 10, Figure 10 is the block diagram according to another the certification redirection device shown in an exemplary embodiment,
This embodiment is on the basis of aforementioned embodiment illustrated in fig. 8, and alternatively, said apparatus 80 also includes:
Tip element 85, in the case of HTTP request message is non-authentication message, transmits information to target terminal.
About the device in above-described embodiment, wherein modules performs the concrete mode of operation in relevant the method
Embodiment in be described in detail, explanation will be not set forth in detail herein.
For device embodiment, owing to it corresponds essentially to embodiment of the method, so relevant part sees method in fact
The part executing example illustrates.Device embodiment described above is only schematically, wherein said as separating component
The unit illustrated can be or may not be physically separate, and the parts shown as unit can be or can also
It not physical location, i.e. may be located at a place, or can also be distributed on multiple NE.Can be according to reality
Need to select some or all of module therein to realize the purpose of the present invention program.Those of ordinary skill in the art are not paying
In the case of going out creative work, i.e. it is appreciated that and implements.
Those skilled in the art, after considering description and putting into practice disclosure disclosed herein, will readily occur to its of the present invention
Its embodiment.It is contemplated that contain any modification, purposes or the adaptations of the present invention, these modification, purposes or
Person's adaptations is followed the general principle of the present invention and includes the undocumented common knowledge in the art of the present invention
Or conventional techniques means.Description and embodiments is considered only as exemplary, and true scope and spirit of the invention are by following
Claim is pointed out.
It should be appreciated that the invention is not limited in precision architecture described above and illustrated in the accompanying drawings, and
And various modifications and changes can carried out without departing from the scope.The scope of the present invention is only limited by appended claim.
Claims (8)
1. a certification reorientation method, it is characterised in that including:
Setting up with target terminal after TCP is connected, when receiving the HTTP request message that described target terminal sends, resolving described
HTTP request message;
Judge whether described HTTP request message is message identifying according to analysis result;
If described HTTP request message is message identifying, then transmits redirection message to described target terminal, otherwise, disconnect and institute
The TCP stating target terminal connects.
Method the most according to claim 1, it is characterised in that described step judges described HTTP request according to analysis result
Whether message is that message identifying includes:
Judge that whether there is language in described HTTP request message supports attribute according to described analysis result;
If described HTTP request message existing language support attribute, then judge that described HTTP request message is as message identifying.
Method the most according to claim 1, it is characterised in that described step judges described HTTP request according to analysis result
Whether message is that message identifying includes:
Judge according to described analysis result whether the content of described HTTP request message request comprises catalogue;
If the content of described HTTP request message request comprises catalogue, then judge that described HTTP request message is as message identifying.
The most according to the method in any one of claims 1 to 3, it is characterised in that also include:
In the case of described HTTP request message is non-authentication message, transmit information to described target terminal.
5. a certification redirection device, it is characterised in that including:
Resolution unit, is setting up after TCP is connected with target terminal, when receiving the HTTP request message that described target terminal sends,
Resolve described HTTP request message;
According to analysis result, judging unit, judges whether described HTTP request message is message identifying;
Redirect unit, in the case of described HTTP request message is message identifying, redirect to the transmission of described target terminal
Message;
Switching units, in the case of described HTTP request message is non-authentication message, disconnects the TCP with described target terminal even
Connect.
Device the most according to claim 5, it is characterised in that described judging unit includes:
According to described analysis result, attributive judgment subelement, judges that whether there is language support in described HTTP request message belongs to
Property, if described HTTP request message existing language support attribute, then judge that described HTTP request message is as message identifying.
Device the most according to claim 5, it is characterised in that described judging unit includes:
Catalogue judgment sub-unit, judges according to described analysis result whether the content of described HTTP request message request comprises mesh
Record, if the content of described HTTP request message request comprises catalogue, then judges that described HTTP request message is as message identifying.
8. according to the device according to any one of claim 5 to 7, it is characterised in that also include:
Tip element, in the case of described HTTP request message is non-authentication message, to described target terminal transmission prompting letter
Breath.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610354956.0A CN106101063A (en) | 2016-05-25 | 2016-05-25 | Certification reorientation method and certification redirection device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610354956.0A CN106101063A (en) | 2016-05-25 | 2016-05-25 | Certification reorientation method and certification redirection device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN106101063A true CN106101063A (en) | 2016-11-09 |
Family
ID=57230075
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610354956.0A Pending CN106101063A (en) | 2016-05-25 | 2016-05-25 | Certification reorientation method and certification redirection device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106101063A (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102710667A (en) * | 2012-06-25 | 2012-10-03 | 杭州华三通信技术有限公司 | Method for realizing Portal authentication server attack prevention and broadband access server |
| CN103825881A (en) * | 2013-12-13 | 2014-05-28 | 福建三元达通讯股份有限公司 | Method and apparatus for realizing redirection of WLAN user based on wireless access controller (AC) |
| US20140366117A1 (en) * | 2012-06-07 | 2014-12-11 | Vivek R. KUMAR | Method and system of managing a captive portal with a router |
-
2016
- 2016-05-25 CN CN201610354956.0A patent/CN106101063A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140366117A1 (en) * | 2012-06-07 | 2014-12-11 | Vivek R. KUMAR | Method and system of managing a captive portal with a router |
| CN102710667A (en) * | 2012-06-25 | 2012-10-03 | 杭州华三通信技术有限公司 | Method for realizing Portal authentication server attack prevention and broadband access server |
| CN103825881A (en) * | 2013-12-13 | 2014-05-28 | 福建三元达通讯股份有限公司 | Method and apparatus for realizing redirection of WLAN user based on wireless access controller (AC) |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110300117B (en) | IOT device and user binding authentication method, device and medium | |
| CN109067914B (en) | web service proxy method, device, equipment and storage medium | |
| CN106131079B (en) | Authentication method, system and proxy server | |
| US8356336B2 (en) | System and method for double-capture/double-redirect to a different location | |
| CN104158808B (en) | Portal authentication method and its device based on APP applications | |
| CN103825881B (en) | The reorientation method and device of WLAN user are realized based on wireless access controller AC | |
| KR101095447B1 (en) | Apparatus and method for preventing distributed denial of service attack | |
| US20130055384A1 (en) | Dealing with web attacks using cryptographically signed http cookies | |
| CN102368768B (en) | Identification method, equipment and system as well as identification server | |
| US8056125B2 (en) | Recording medium storing control program and communication system | |
| CN107566429A (en) | Base station, the response method of access request, apparatus and system | |
| US9654575B1 (en) | Pass-through web traffic systems and methods | |
| US6785705B1 (en) | Method and apparatus for proxy chaining | |
| CN105871853A (en) | Portal authenticating method and system | |
| CN105635073A (en) | Access control method and device and network access equipment | |
| CN105991640A (en) | Method for processing HTTP (hypertext transfer protocol) request and apparatus for processing HTTP (hypertext transfer protocol) request | |
| WO2018036415A1 (en) | Authentication proxy method, apparatus and device | |
| CA2912774C (en) | Providing single sign-on for wireless devices | |
| WO2017211302A1 (en) | Application program development method, apparatus and system | |
| EP2813051A1 (en) | Dynamic sharing of a webservice | |
| EP4236409A1 (en) | Data information acquisition methods and apparatus, related device, and medium | |
| CN110674436B (en) | Data processing method and device based on browser | |
| WO2017020597A1 (en) | Resource cache method and apparatus | |
| KR101349201B1 (en) | Apparatus for interoperability between Web-browser and Local-resources in the Mobile Device and method thereof | |
| EP3332562B1 (en) | Optimizing setup for wireless devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building Applicant after: Hangzhou Dipu Polytron Technologies Inc Address before: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building Applicant before: Hangzhou Dipu Technology Co., Ltd. |
|
| CB02 | Change of applicant information | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20161109 |
|
| RJ01 | Rejection of invention patent application after publication |