CN107634969A - Data interactive method and device - Google Patents
Data interactive method and device Download PDFInfo
- Publication number
- CN107634969A CN107634969A CN201711011216.8A CN201711011216A CN107634969A CN 107634969 A CN107634969 A CN 107634969A CN 201711011216 A CN201711011216 A CN 201711011216A CN 107634969 A CN107634969 A CN 107634969A
- Authority
- CN
- China
- Prior art keywords
- access
- access request
- network equipment
- https
- network address
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The embodiments of the invention provide a kind of data interactive method and device, it is related to Internet technical field.Method includes:Obtain access request of the user terminal by target network address access target server;Based on access request, judge whether the network equipment needs to perform access request the access protection based on HTTPS agreements;In this way, being sent to user terminal needs the feedback information based on HTTPS protocol access target network address, so that user terminal is based on HTTPS protocol access destination servers.Therefore, the access request of intercepting and capturing is judged and protected by the network equipment, no matter under what circumstances to be realized, the anti-stripping attack protection of HTTPS agreement encryptions effectively can be carried out to the access request of user.
Description
Technical field
The present invention relates to Internet technical field, in particular to a kind of data interactive method and device.
Background technology
In the epoch of nowadays network popularization, people access various nets according to the demand of oneself using various electronic equipments
Stand.
But in website visiting, people mostly with support http protocol (HyperText Transfer Protocol, surpass
Text transfer protocol) request access target website.But which is easily intercepted and captured by hacker and carries out stripping attack so that people
Have access to fishing website.On this basis, in the prior art, foundation can be used to support HTTPS agreements (Hyper Text
Transfer Protocol over Secure Socket Layer, hypertext secure transfer protocol) database, so as to will
Meet that the request of database is encrypted into HTTPS agreements, to avoid carrying out stripping attack after being intercepted and captured by hacker.But if user visits
It is when accessing first that the request asked, which is unsatisfactory for database or user, then which just can not realize that accessing website to user prevents
Peel off attack.
Therefore, how the effectively comprehensive anti-stripping attack realized to user's access website is current industry a great problem
This.
The content of the invention
In view of this, it is an object of the invention to provide a kind of data interactive method and device, to be effectively improved above-mentioned lack
Fall into.
Embodiments of the invention are realized in the following way:
In a first aspect, the embodiments of the invention provide a kind of data interactive method.Methods described includes:Obtain user terminal
Pass through the access request of target network address access target server;
Based on the access request, judge whether the network equipment needs to perform the access request and be based on HTTPS agreements
Access protection;When the network equipment as described in judging needs to perform the access request access protection based on HTTPS agreements,
Being sent to the user terminal needs the feedback information based on target network address described in the HTTPS protocol access, so that the use
Family terminal is based on destination server described in the HTTPS protocol access.
Second aspect, the embodiments of the invention provide a kind of data interaction device.Described device includes:Acquisition module, use
In acquisition access request of the user terminal by target network address access target server.Judge module is protected, for based on described
Access request, judges whether the network equipment needs to perform the access request access protection based on HTTPS agreements.Feed back mould
Block, when needing to perform the access request access protection based on HTTPS agreements for the network equipment as described in judging, to institute
Stating user terminal and sending needs the feedback information based on target network address described in the HTTPS protocol access, so that the user is whole
End group is in destination server described in the HTTPS protocol access.
The beneficial effect of the embodiment of the present invention is:
The network equipment is by the access request of the destination server where intercepting and capturing user's access target network address, so as to based on should
When access request is to judge that to perform the access based on HTTPS agreements to the access request protects, transmit for indicating the use
Family terminal needs the feedback information based on the HTTPS protocol access target network address, so that the user terminal of user is based on HTTPS
Protocol access destination server.Therefore, the access request of intercepting and capturing is judged and protected by the network equipment, realize no matter
Under what circumstances, the anti-stripping attack protection of HTTPS agreement encryptions effectively can be carried out to the access request of user.
To enable the above objects, features and advantages of the present invention to become apparent, preferred embodiment cited below particularly, and coordinate
Appended accompanying drawing, is described in detail below.
Brief description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below by embodiment it is required use it is attached
Figure is briefly described, it will be appreciated that the following drawings illustrate only certain embodiments of the present invention, therefore be not construed as pair
The restriction of scope, for those of ordinary skill in the art, on the premise of not paying creative work, can also be according to this
A little accompanying drawings obtain other related accompanying drawings.
Fig. 1 shows a kind of flow chart for data interactive method that first embodiment of the invention provides;
Fig. 2 shows the first sub-process of step S200 in a kind of data interactive method that first embodiment of the invention provides
Figure;
Fig. 3 shows the second sub-process of step S200 in a kind of data interactive method that first embodiment of the invention provides
Figure;
Fig. 4 shows a kind of first structure block diagram for data interaction device that second embodiment of the invention provides;
Fig. 5 shows the structural frames that judge module is protected in a kind of data interaction device that second embodiment of the invention provides
Figure;
Fig. 6 shows a kind of the second structured flowchart of data interaction device that second embodiment of the invention provides.
Embodiment
Below in conjunction with accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Ground describes, it is clear that described embodiment is only part of the embodiment of the present invention, rather than whole embodiments.Generally exist
The component of the embodiment of the present invention described and illustrated in accompanying drawing can be configured to arrange and design with a variety of herein.Cause
This, the detailed description of the embodiments of the invention to providing in the accompanying drawings is not intended to limit claimed invention below
Scope, but it is merely representative of the selected embodiment of the present invention.Based on embodiments of the invention, those skilled in the art are not doing
The every other embodiment obtained on the premise of going out creative work, belongs to the scope of protection of the invention.
It should be noted that:Similar label and letter represents similar terms in following accompanying drawing, therefore, once a certain Xiang Yi
It is defined, then it further need not be defined and explained in subsequent accompanying drawing in individual accompanying drawing.Term " first ", " the
Two " etc. are only used for distinguishing description, and it is not intended that instruction or hint relative importance.
First embodiment
The data interactive method that this implementation provides is applied in a network equipment, and the network equipment can be NAS device
(Network Access Server, network access server), AP equipment (Access Point, wireless network access device),
AC equipment (Access Controller, access controller), access switch.When internally network security can ensure, the network
Equipment can also be core switch, network boundary router, fire wall, network log-in management device, security gateway etc..Work as user
Terminal is interacted by the network equipment with destination server, during accessing the destination server where the target network address, net
Network equipment can intercept and capture the access request of user terminal transmission.The network equipment carries out analysis judgment to the access request, then can be achieved
By user terminal to be encrypted as based on http protocol access destination servers based on the HTTPS protocol access destination server, from
And realize the anti-stripping attack protection to user terminal.
Referring to Fig. 1, the embodiments of the invention provide a kind of data interactive method, applied to a network equipment.The data
Exchange method includes:Step S100, step S200 and step S300.
Step S100:Obtain access request of the user terminal by target network address access target server.
The network equipment can establish the link with user terminal and destination server respectively.When user terminal needs access target
During destination server where network address, user terminal needs to send an access request to destination server, and the access request is
It is for characterizing the destination server where user terminal needs access target network address.Wherein, the access request can be based on
The access request of the plaintext of http agreements, or be access request based on the encryption of HTTPS agreements etc., certainly, it can also be it
The access request of his unconventional access mode.Based on above-mentioned linking relationship, transmitted in the access request to destination server
Before, the access request can be intercepted by the network equipment.It is understood that by the intercepting and capturing of network equipment access request, have
Effect avoids user terminal when sending the access request, and the access request is directly intercepted and captured by hacker, so as to be based on the access
Request is directly initiated user to peel off attack so that user is placed directly on fishing website.
Step S200:Based on the access request, judge whether the network equipment needs to perform the access request and be based on
The access protection of HTTPS agreements.
After the network equipment intercepts the access request transmitted by user terminal, the network equipment is needed by parsing the access
Request, to judge whether that performing the access based on HTTPS agreements protects based on the access request.Specifically, the network equipment can be pressed
The access request of acquisition is parsed according to default analysis program, to get each characteristic in the access request.Net
Network equipment is judged each characteristic, is unsatisfactory for being based on when during judgement, there is any one characteristic
During the requirement of the access protection of HTTPS agreements, the network equipment then terminates the access request and performs the anti-flow for peeling off attack, so that
The user terminal and destination server direct interaction.When by judging, the judgement of each characteristic is satisfied by assisting based on HTTPS
During the requirement of the access protection of view, then the network equipment can determine that the access request meets the access protection based on HTTPS agreements.
Step S300:The network equipment as described in judging needs to perform the access based on HTTPS agreements to the access request
During protection, being sent to the user terminal needs the feedback information based on target network address described in the HTTPS protocol access, so that
The user terminal is based on destination server described in the HTTPS protocol access.
When judging that the access request meets the access protection based on HTTPS agreements such as the network equipment.The network equipment is according to pre-
If control program can feed back one feed back to send access request user terminal so that the user terminal is according to feedback
The instruction of information, by based on the destination server where the HTTPS protocol access targeted website.Specifically, the network equipment
The feedback information generated according to default control program can be to redirect code, and the redirection code can be such as 302.Work as network
Equipment will be redirected after code is sent to user terminal, and user terminal then can be by the URL in access request according to the redirection code
It is the URL based on HTTPS agreements that (Uniform Resource Locator, URLs), which redirects,.For example, user terminal
It is http based on the URL in the access request transmitted by http agreements://www.example.com/xxx.Then user terminal root
The URL in the access request is redirected according to the redirection code received and is:HTTPS://www.example.com/xxx.Enter one
Step, user terminal based on access request based on the destination server where HTTPS protocol access target network address, the stream of user
Amount will be based on HTTPS agreements and encrypt, to prevent customer flow from being attacked by stripping.
Referring to Fig. 2, in a kind of data interactive method provided in an embodiment of the present invention, step S200 method sub-process
Including:Step S210 and step S220.
Step S210:Judge each characteristic in the access request whether with corresponding default characteristic
Match somebody with somebody, obtain judged result.
The network equipment gets each characteristic in access request by parsing the access request.Specifically, network is set
Standby each characteristic that can be by parsing in the request header for obtaining access request successively.Each characteristic is used equally for characterizing
Whether the access request meets that performing the access based on HTTPS agreements to the access request protects.Wherein, the network equipment needs to obtain
Each characteristic taken includes:Requesting method data, browser type data, access times data and web page access characterize data
Deng.Afterwards, the network equipment can determine whether each characteristic in access request matches with corresponding default characteristic.
As first embodiment, after the network equipment can first obtain whole each characteristics, then perform to each feature
The judgement of data.When judging, the network equipment can be judged each characteristic, to obtain the judgement of each characteristic
As a result, the network equipment can also determine whether to next characteristic again according to the judged result judged this feature data
According to being judged.As second embodiment, the network equipment can also obtain each characteristic one by one, and according to this feature number
Determine whether to obtain next characteristic again according to the judged result judged.It is understood that to reduce the network equipment
Computational load, ensure the task performance of the network equipment, the present embodiment is chosen as the execution that second embodiment is judged.
Specifically, the characteristic that the network equipment gets in request header is requesting method data, wherein, requesting method number
According to the request type for characterizing the access request.The network equipment enters the requesting method data and default requesting method data
Row matching, to judge whether request type that the requesting method data are characterized is in a manner of Post or Get modes.It is appreciated that
Arrive, Post modes or Get modes are to meet the access mode based on HTTPS agreements.By judging whether to match, the network equipment
Obtain a judged result.When judged result is no, then the network equipment, which terminates, performs the anti-stream for peeling off attack to the access request
Journey.When judged result for when being, then the network equipment obtains next characteristic.
And then when to be, the network equipment gets the browser type data in request header, such as gets request header
In User-Agent fields, wherein, browser type data are used for which on user terminal characterize the access request to be
What browser was initiated.The network equipment is matched the browser type data with default browser type data.Due to
Preset browsing device categorical data is the categorical data of each Conventional browsers, for example, QQ browsers, UC browsers or 360 browsers
Deng, then by matching can determine whether the browser type that the browser type data are characterized is conventional browser.When sentencing
When disconnected result is no, then the network equipment, which terminates, performs the anti-flow for peeling off attack to the access request.When judged result is to be,
Then the network equipment obtains next characteristic.
And then when to be, the network equipment gets the access times data in request header, such as gets in request header
Referer fields, wherein, access times data be used for characterize whether the user terminal is to access the destination server first.
The network equipment is matched the access times data with default access times data.Because default access times data are
0, then it can determine whether that the access times data characterize whether access times are 0 by matching.When judged result is no, for example,
Access times data are not space-time, then the network equipment exits the flow that anti-stripping attack is performed to the access request, and performs it
Its flow handles the access request.When judged result for when being, for example, access times data are space-time, then the network equipment obtains
Take next characteristic.
And then in judged result for when being, the network equipment gets the web page access characterize data in request header, such as obtains
Get the accept fields in request header, wherein, web page access characterize data be used for characterize the user terminal initiate access ask
No Seeking Truth is access target network address.The network equipment carries out the web page access characterize data and default web page access characterize data
Matching.Because default web page access characterize data includes text/html data segments, then the web page access can determine whether by matching
Characterize data characterizes whether access type is web page access.When judged result is no, for example, visiting web page access characterize data
In do not include text/html data segments, then the network equipment terminate to the access request perform it is anti-peel off attack flow.Work as judgement
As a result for when being, then it represents that meet that needs perform the access based on HTTPS agreements to the access request and protected.
It should be noted that the sequential manner of acquisition and the matching of above-mentioned each characteristic is only its of the present embodiment
A kind of middle embodiment, its specific sequential manner can be adjusted according to actual performance.
Step S220:Based on the judged result, judge whether the network equipment needs to perform the access request
The access protection based on HTTPS agreements.
In above-mentioned deterministic process, the network equipment can get the judged result judged each time.Sentencing based on acquisition
Disconnected result, the network equipment judge whether the network equipment needs to perform access request according to default control program and are based on
The access protection of HTTPS agreements.Specifically, when each characteristic does not also all carry out overmatching, if acquired in the network equipment
Judged result for it is no when, then according to judged result, the network equipment, which then performs, to be obtained and judges next characteristic.As each spy
After sign data are matched, if the judged result of last characteristic acquired in the network equipment is when being, network sets
It is standby to judge that each characteristic matches with corresponding default characteristic, and then the judged result is based on, judge the network equipment
Need to perform access request the access protection based on HTTPS agreements.It is understood that judging that each characteristic is successively
In no matching process, if judging to some characteristic to mismatch, terminate and anti-stripping attack is performed to the access request
Flow.
Referring to Fig. 3, in a kind of data interactive method provided in an embodiment of the present invention, step S200 method sub-process
Also include:Step S230, step S240 and step S250.
Step S230:Judging that it is described to access request execution based on HTTPS agreements that the network equipment needs
When accessing protection, the access request is encrypted, so that the access request is based on destination service described in HTTPS protocol access
Device.
In step S220:When judging to need to perform the access request access protection based on HTTPS agreements, used to improve
Access Success Rate of the family terminal based on HTTPS protocol access, the network equipment in advance by the access request encrypt to meet HTTPS assist
View, and the access request is based on HTTPS protocol access destination servers.For example, the access request accessed by the network equipment
In URL be http://www.example.com/.Then the network equipment is using URL as HTTPS://www.example.com/ is gone
It is HTTPS to access network address in advance:Destination server where //www.example.com/.
Step S240:Judge to access whether the destination server succeeds.
After access request is based on HTTPS protocol access destination servers by the network equipment, the network equipment can obtain target clothes
The returning result conditional code that business device returns.The network equipment can then be sentenced by judging the particular state of the returning result conditional code
Whether disconnected access target server accesses success.For example, when returning result conditional code includes 2XX, the network equipment then can determine that
Access successfully;When returning result conditional code includes 3XX, the network equipment then judges to need to perform the weight to access target server
Orientation.Further, when the network equipment judges that then the network equipment needs further to judge the destination service when needing to redirect
Whether device supports HTTPS access.The network equipment can get the location field in returning result conditional code, for example,
Location fields.The network equipment by judging whether URL behind in the location field is the URL that meets http agreements,
For example,:htttp://www.example.com/xxx.When being judged to being, then characterize the destination server and do not support HTTPS
Agreement, and then may also be characterized as accessing failure.When being determined as no, then characterize the destination server and support HTTPS agreements, and then
It may also be characterized as accessing successfully, but need to perform redirection.When returning to other conditional codes or connection failure, it may also be characterized as
Access failure.
Step S250:As described in judging to access during destination server success, step is performed:Being sent to the user terminal needs
Will the feedback information based on target network address described in the HTTPS protocol access.
When the network equipment is according to step S240 judged result, when being judged as accessing failure, then termination is to the access request
Perform the anti-flow for peeling off attack.When being judged as accessing successfully, then the network equipment can perform step S300, so that user terminal
Based on the destination server where HTTPS protocol access target network address.
As a kind of embodiment, ensure protective success ratio when, further to reduce network equipment computational load, net
Each default network address has been prestored in network equipment.Each default network address can be stored in a database;Or in each default network address
A part is stored in the first database, and another part is stored in the second database.Optionally, each default network address can deposit respectively
Store up in the first database and the second database, wherein, presetting network address in the first database and the second database can real-time online
Or offline renewal, for example, each door network address that the default network address in the first database can be updated by administrative staff, the second database
In the private network address of each user that can voluntarily be updated by user of default network address.
After step S100 is performed, the network equipment will need the target network address and first that accesses in the access request of acquisition
Each default network address matching in database, matched with determining whether that a target presets network address with the default network address.When being determined as
When being, then illustrate that the destination server corresponding to the access request supports the access of HTTPS agreements, and then the network equipment performs step
Rapid S300.When being determined as no, then the network equipment matches target network address with each default network address in the second database.When second
When the matching of database is determined as no, then illustrate the access request without performing protection, thus terminate and perform to the access request
Access protection based on HTTPS agreements, so that user terminal voluntarily interacts with destination server.When being judged to being, that is, judge
Need to perform access request the access protection based on HTTPS agreements, and then the network equipment performs step S200.
Second embodiment
Referring to Fig. 4, the embodiments of the invention provide a kind of data interaction device 100, the data interaction device 100 is applied
In the network equipment.The data interaction device 100 includes:
Acquisition module 110, for obtaining access request of the user terminal by target network address access target server.
Judge module 120 is protected, for based on the access request, judging whether the network equipment needs to ask the access
Ask and perform the access protection based on HTTPS agreements.
Feedback module 130, need to be based on HTTPS agreements to access request execution for the network equipment as described in judging
Access protection when, to the user terminal send need the feedback letter based on target network address described in the HTTPS protocol access
Breath, so that the user terminal is based on destination server described in the HTTPS protocol access.
Referring to Fig. 5, in a kind of data interaction device 100 provided in an embodiment of the present invention, protection judge module 120 wraps
Include:
Protect judging unit 121, for judge each characteristic in the access request whether with it is corresponding pre-
If characteristic matches, a judged result is obtained.
Execution unit 122 is fed back, for based on the judged result, judging whether the network equipment is needed to the visit
Ask that request performs the access protection based on HTTPS agreements.
Access unit 123, for judging the network equipment needs to being based on HTTPS described in access request execution
During the access protection of agreement, the access request is encrypted, so that the access request is based on target described in HTTPS protocol access
Server.
Judging unit 124 is accessed, for judging to access whether the destination server succeeds.
Step execution unit 125, when accessing successfully for the destination server as described in judging to access, perform step:To institute
Stating user terminal and sending needs the feedback information based on target network address described in the HTTPS protocol access.
Referring to Fig. 6, in a kind of data interaction device 100 provided in an embodiment of the present invention, data interaction device 100 is also
Including:
Matching judgment module 140, after obtaining the access request, the network equipment judges prestoring
It whether there is the target to match with the target network address in each default network address and preset network address.
Protection judges execution module 150, for such as judging exist and the target in each default network address prestored
When the target that network address matches presets network address, step is performed:Based on the access request, judge whether the network equipment is needed to institute
State access request and perform the access protection based on HTTPS agreements.
It should be noted that due to it is apparent to those skilled in the art that, convenience and letter for description
It is clean, the specific work process of the system of foregoing description, device and unit, it may be referred to corresponding in preceding method embodiment
Journey, it will not be repeated here.
In summary, the embodiments of the invention provide a kind of data interactive method and device.Method includes:It is whole to obtain user
The access request that end passes through target network address access target server;Based on access request, judge that the network equipment needs to ask to accessing
Ask perform based on HTTPS agreements access protection when, to user terminal send need based on HTTPS protocol access target network address
Feedback information, so that user terminal is based on HTTPS protocol access destination servers.Therefore, visit of the network equipment to intercepting and capturing is passed through
Ask that request is judged and protected, no matter under what circumstances to realize, effectively the access request of user can be carried out
The anti-stripping attack protection of HTTPS agreements encryption.
The preferred embodiments of the present invention are these are only, are not intended to limit the invention, for those skilled in the art
For member, the present invention can have various modifications and variations.Any modification within the spirit and principles of the invention, being made,
Equivalent substitution, improvement etc., should be included in the scope of the protection.It should be noted that:Similar label and letter are under
Similar terms is represented in the accompanying drawing in face, therefore, once be defined in a certain Xiang Yi accompanying drawing, then need not in subsequent accompanying drawing
It is further defined and explained.
More than, it is only embodiment of the invention, but protection scope of the present invention is not limited thereto, and it is any to be familiar with
Those skilled in the art the invention discloses technical scope in, change or replacement can be readily occurred in, should all be covered
Within protection scope of the present invention.Therefore, protection scope of the present invention should be defined by scope of the claims.
Claims (10)
1. a kind of data interactive method, it is characterised in that methods described includes:
Obtain access request of the user terminal by target network address access target server;
Based on the access request, judge whether the network equipment needs to perform the visit based on HTTPS agreements to the access request
Ask protection;
The network equipment as described in judging needs to perform access based on HTTPS agreements to the access request when protecting, to described
User terminal, which is sent, needs the feedback information based on target network address described in the HTTPS protocol access, so that the user terminal
Based on destination server described in the HTTPS protocol access.
2. data interactive method according to claim 1, it is characterised in that it is described to be based on the access request, judge net
Whether network equipment needs to perform the access request access protection based on HTTPS agreements, including:
Judge whether each characteristic in the access request matches with corresponding default characteristic, obtain and judge knot
Fruit;
Based on the judged result, judge whether the network equipment is needed to being based on HTTPS described in access request execution
The access protection of agreement.
3. data interactive method according to claim 2, it is characterised in that each characteristic includes:Requesting method data,
Browser type data or access times data.
4. the data interactive method according to Claims 2 or 3, it is characterised in that it is described to be based on the judged result, judge
Whether the network equipment is needed after the access protection based on HTTPS agreements is performed to the access request, the side
Method also includes:
, will when judging that the network equipment needs to protect the access request execution access based on HTTPS agreements
The access request encryption, so that the access request is based on destination server described in HTTPS protocol access;
Judge to access whether the destination server succeeds;
As described in judging to access during destination server success, step is performed:Being sent to the user terminal needs based on described
The feedback information of target network address described in HTTPS protocol access.
5. data interactive method according to claim 1, it is characterised in that it is described to be based on the access request, judge net
Before whether network equipment needs to perform the access request access protection based on HTTPS agreements, in addition to:
After obtaining the access request, the network equipment judges to whether there is and institute in each default network address prestored
State the target that target network address matches and preset network address;
During as judged that the target to match with the target network address in each default network address prestored be present presets network address, hold
Row step:Based on the access request, judge whether the network equipment needs that the access request is performed based on HTTPS agreements
Access protection.
6. a kind of data interaction device, it is characterised in that described device includes:
Acquisition module, for obtaining access request of the user terminal by target network address access target server;
Judge module is protected, for based on the access request, judging whether the network equipment needs to perform the access request
Access protection based on HTTPS agreements;
Feedback module, need to perform the access based on HTTPS agreements to the access request for the network equipment as described in judging
During protection, being sent to the user terminal needs the feedback information based on target network address described in the HTTPS protocol access, so that
The user terminal is based on destination server described in the HTTPS protocol access.
7. data interaction device according to claim 6, it is characterised in that the protection judge module includes:
Protect judging unit, for judge each characteristic in the access request whether with corresponding default characteristic
According to matching, judged result is obtained;
Execution unit is fed back, for based on the judged result, judging whether the network equipment is needed to the access request
Perform the access protection based on HTTPS agreements.
8. data interaction device according to claim 7, it is characterised in that each characteristic includes:Requesting method data,
Browser type data or access times data.
9. the data interaction device according to claim 7 or 8, it is characterised in that the protection judge module also includes:
Access unit, for judging that it is described to access request execution based on HTTPS agreements that the network equipment needs
When accessing protection, the access request is encrypted, so that the access request is based on destination service described in HTTPS protocol access
Device;
Judging unit is accessed, for judging to access whether the destination server succeeds;
Step execution unit, when accessing successfully for the destination server as described in judging to access, perform step:It is whole to the user
End, which is sent, needs the feedback information based on target network address described in the HTTPS protocol access.
10. data interaction device according to claim 6, it is characterised in that described device also includes:
Matching judgment module, after obtaining the access request, the network equipment judges each default what is prestored
It whether there is the target to match with the target network address in network address and preset network address;
Protection judges execution module, for such as judging exist and the target network address phase in each default network address prestored
When the target matched somebody with somebody presets network address, step is performed:Based on the access request, judge whether the network equipment needs to ask the access
Ask and perform the access protection based on HTTPS agreements.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711011216.8A CN107634969B (en) | 2017-10-26 | 2017-10-26 | Data interaction method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711011216.8A CN107634969B (en) | 2017-10-26 | 2017-10-26 | Data interaction method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107634969A true CN107634969A (en) | 2018-01-26 |
CN107634969B CN107634969B (en) | 2020-07-10 |
Family
ID=61105147
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711011216.8A Active CN107634969B (en) | 2017-10-26 | 2017-10-26 | Data interaction method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107634969B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109981779A (en) * | 2019-03-27 | 2019-07-05 | 掌阅科技股份有限公司 | Service providing method, server and computer storage medium |
CN111988317A (en) * | 2020-08-20 | 2020-11-24 | 郑州昂视信息科技有限公司 | Judgment method and device based on network information analysis result |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070189303A1 (en) * | 2006-02-10 | 2007-08-16 | Fuji Xerox Co., Ltd. | Storage medium having stored therein data management program, computer data signal, device and method for management of data, protocol switching device and method, and storage medium having stored therein protocol switching program |
CN101119274A (en) * | 2007-09-12 | 2008-02-06 | 杭州华三通信技术有限公司 | Method for improving treatment efficiency of SSL gateway and SSL gateway |
US7610400B2 (en) * | 2004-11-23 | 2009-10-27 | Juniper Networks, Inc. | Rule-based networking device |
CN101594261A (en) * | 2008-05-28 | 2009-12-02 | 北京百问百答网络技术有限公司 | A kind of forgery website monitoring method and system thereof |
CN102196434A (en) * | 2010-03-10 | 2011-09-21 | 中国移动通信集团公司 | Authentication method and system for wireless local area network terminal |
CN106961439A (en) * | 2017-03-31 | 2017-07-18 | 杭州迪普科技股份有限公司 | A kind of HTTPS encrypted transmission methods and device |
-
2017
- 2017-10-26 CN CN201711011216.8A patent/CN107634969B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7610400B2 (en) * | 2004-11-23 | 2009-10-27 | Juniper Networks, Inc. | Rule-based networking device |
US20070189303A1 (en) * | 2006-02-10 | 2007-08-16 | Fuji Xerox Co., Ltd. | Storage medium having stored therein data management program, computer data signal, device and method for management of data, protocol switching device and method, and storage medium having stored therein protocol switching program |
CN101119274A (en) * | 2007-09-12 | 2008-02-06 | 杭州华三通信技术有限公司 | Method for improving treatment efficiency of SSL gateway and SSL gateway |
CN101594261A (en) * | 2008-05-28 | 2009-12-02 | 北京百问百答网络技术有限公司 | A kind of forgery website monitoring method and system thereof |
CN102196434A (en) * | 2010-03-10 | 2011-09-21 | 中国移动通信集团公司 | Authentication method and system for wireless local area network terminal |
CN106961439A (en) * | 2017-03-31 | 2017-07-18 | 杭州迪普科技股份有限公司 | A kind of HTTPS encrypted transmission methods and device |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109981779A (en) * | 2019-03-27 | 2019-07-05 | 掌阅科技股份有限公司 | Service providing method, server and computer storage medium |
CN109981779B (en) * | 2019-03-27 | 2022-02-22 | 掌阅科技股份有限公司 | Service providing method, server and computer storage medium |
CN111988317A (en) * | 2020-08-20 | 2020-11-24 | 郑州昂视信息科技有限公司 | Judgment method and device based on network information analysis result |
CN111988317B (en) * | 2020-08-20 | 2023-03-14 | 郑州昂视信息科技有限公司 | Judgment method and device based on network information analysis result |
Also Published As
Publication number | Publication date |
---|---|
CN107634969B (en) | 2020-07-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103825881B (en) | The reorientation method and device of WLAN user are realized based on wireless access controller AC | |
CN102065141B (en) | Method and system for realizing single sign-on of cross-application and browser | |
CN100544289C (en) | Be mapped to its system and method with encrypting the HTTPS network packet through the copy of deciphering | |
US20140086056A1 (en) | Selective internet priority service | |
CN103701805A (en) | Method and device for detecting weak password in network | |
CN107222561A (en) | A kind of transport layer reverse proxy method | |
US20140041012A1 (en) | System for the management of access points | |
US11281730B1 (en) | Direct leg access for proxy web scraping | |
CN105991640B (en) | Handle the method and device of HTTP request | |
CN110351288A (en) | An a kind of product contains the data push method of multiple columns | |
CN107634969A (en) | Data interactive method and device | |
WO2015123990A1 (en) | Page push method, device, server and system | |
WO2007078037A1 (en) | Web page protection method employing security appliance and set-top box having the security appliance built therein | |
CN106789413A (en) | A kind of method and apparatus for detecting proxy surfing | |
CN107786489A (en) | Access request verification method and device | |
CN107026828A (en) | A kind of anti-stealing link method cached based on internet and internet caching | |
US20050108397A1 (en) | Reducing number of messages processed by control processor by bundling control and data messages and offloading the TCP connection setup and termination messages | |
CN107070947A (en) | A kind of method and system of the access network based on access authentication | |
US20030217147A1 (en) | Directing a client computer to a least network latency server site | |
CN104168337B (en) | A kind of accelerated method of network access | |
EP4227829A1 (en) | Web scraping through use of proxies, and applications thereof | |
EP2605480B1 (en) | Apparatus and method for HTTP analysis | |
US20230018983A1 (en) | Traffic counting for proxy web scraping | |
CN101217532B (en) | An anti-network attack data transmission method and system | |
JP5632429B2 (en) | Service authentication method and system for building a closed communication environment in an open communication environment |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |