CN109600379A - The noise-reduction method and device that HTTPS is redirected - Google Patents

The noise-reduction method and device that HTTPS is redirected Download PDF

Info

Publication number
CN109600379A
CN109600379A CN201811551927.9A CN201811551927A CN109600379A CN 109600379 A CN109600379 A CN 109600379A CN 201811551927 A CN201811551927 A CN 201811551927A CN 109600379 A CN109600379 A CN 109600379A
Authority
CN
China
Prior art keywords
request message
tcp request
tcp
address
source
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811551927.9A
Other languages
Chinese (zh)
Other versions
CN109600379B (en
Inventor
李宁
尹威
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ruijie Networks Co Ltd
Original Assignee
Ruijie Networks Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ruijie Networks Co Ltd filed Critical Ruijie Networks Co Ltd
Priority to CN201811551927.9A priority Critical patent/CN109600379B/en
Publication of CN109600379A publication Critical patent/CN109600379A/en
Application granted granted Critical
Publication of CN109600379B publication Critical patent/CN109600379B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/161Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
    • H04L69/162Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/16Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
    • H04L69/163In-band adaptation of TCP data exchange; In-band control procedures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Information Transfer Between Computers (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses noise-reduction methods and device that a kind of HTTPS is redirected, this method comprises: receiving the first TCP request message that first terminal is sent;Obtain source IP address, purpose IP address, source port and destination port that the first TCP request message carries;Determine the 2nd TCP request message of the carrying source IP address, the destination IP address and the destination port that setting quantity whether was received in the setting duration before the time of reception of the first TCP request message;If it is determined that receiving the 2nd TCP request message of the setting quantity in the setting duration, it is determined that whether the source port that the source port and the 2nd TCP request message that the first TCP request message carries carry is according to setting rule variation;If it is determined that the source port that source port and the 2nd TCP request message that the first TCP request message carries carry then abandons the first TCP request message according to setting rule variation.Filtering HTTPS noise may be implemented in the program.

Description

The noise-reduction method and device that HTTPS is redirected
Technical field
The present invention relates to field of communication technology, noise-reduction method and device that espespecially a kind of HTTPS is redirected.
Background technique
Hypertext transfer protocol (Hyper Text Transfer Protocol over based on Secure Socket Layer Secure Socket Layer, HTTPS) it is safely for the hypertext transfer protocol of target (Hyper Text Transfer Protocol over Secure Socket Layer, HTTP) channel is briefly the safe version of HTTP.Add under http Enter secure socket layer protocol (Secure Sockets Layer, SSL), SSL is the foundation for security of HTTPS.
HTTPS redirecting technique is that authenticating device intercepts the HTTPS request message that terminal is initiated, then counterfeit mesh Website and terminal carry out transmission control protocol (Transmission Control Protocol, TCP) shakes hands, SSL shakes hands, It establishes after connection and redirects pushing certification page to terminal.
Currently, can also also be initiated largely there are many application program in addition to the HTTPS request message initiated by browser HTTPS request message, for the HTTPS request message that these are initiated by non-browser, authenticating device also will do it interception weight Orientation is actually invalid HTTPS request message by the HTTPS request message that non-browser is initiated, it can be assumed that being HTTPS Noise, even if authenticating device pushing certification page, application program can not also be shown, and these invalid HTTPS request messages can disappear The vast resources of authenticating device is consumed, or even will affect the processing of normal HTTPS request message.Therefore, a kind of HTTPS is needed at present The noise-reduction method of redirection, to filter out the HTTPS noise in HTTPS request message.
Summary of the invention
The embodiment of the present invention provides a kind of noise-reduction method and device that HTTPS is redirected, to realize that filtering out HTTPS asks The HTTPS noise in message is sought, HTTPS is redirected and carries out noise reduction.
According to embodiments of the present invention, the noise-reduction method for providing a kind of HTTPS redirection is applied in authenticating device, comprising:
Receive the first transmission control protocol TCP request message that first terminal is sent;
Obtain source internet protocol IP address, purpose IP address, source port and mesh that the first TCP request message carries Port;
It determines in the setting duration before the time of reception of the first TCP request message and whether received setting quantity The carrying source IP address, the destination IP address and the destination port the 2nd TCP request message;
If it is determined that receiving the 2nd TCP request message of the setting quantity in the setting duration, it is determined that described Whether the source port that the source port and the 2nd TCP request message that the first TCP request message carries carry is according to setting rule Variation;
If it is determined that the source that source port and the 2nd TCP request message that the first TCP request message carries carry Mouth then abandons the first TCP request message according to setting rule variation.
Optionally, further includes:
If it is determined that not receiving the 2nd TCP request message of the setting quantity, then Xiang Suoshu in the setting duration First terminal sends TCP response message corresponding with the first TCP request message;
When recording source IP address, purpose IP address, source port, destination port and the reception of the first TCP request message It carves.
Optionally, after discarding the first TCP request message, further includes:
When recording source IP address, purpose IP address, source port, destination port and the reception of the first TCP request message It carves.
Optionally, further includes:
Receive the security sockets SSL protocol request message that second terminal is sent;
Obtain the uniform resource locator URL and/or protocol type carried in the SSL request message;
Determine whether the URL matches with pre-set URL feature database, and/or, determine the protocol type whether be Specified protocol type;
If it is determined that the URL and the URL feature storehouse matching or the protocol type are the specified protocol types, then Abandon the SSL request message.
According to embodiments of the present invention, a kind of denoising device that HTTPS is redirected also is provided, applies in authenticating device, wraps It includes:
Receiving module, for receiving the first transmission control protocol TCP request message of first terminal transmission;
Module is obtained, for obtaining source internet protocol IP address, destination IP that the first TCP request message carries Location, source port and destination port;
Determining module, for determine in setting duration before the time of reception of the first TCP request message whether Received the carrying source IP address of setting quantity, the 2nd TCP request report of the destination IP address and the destination port Text;If it is determined that receiving the 2nd TCP request message of the setting quantity in the setting duration, it is determined that described first Whether the source port that the source port and the 2nd TCP request message that TCP request message carries carry is according to setting rule variation;
Discard module, for if it is determined that the source port and the 2nd TCP request report that the first TCP request message carries The source port that text carries then abandons the first TCP request message according to setting rule variation.
It optionally, further include sending module and the first logging modle, in which:
The sending module, for if it is determined that not receiving the 2nd TCP of the setting quantity in the setting duration Request message then sends TCP response message corresponding with the first TCP request message to the first terminal;
First logging modle, for recording source IP address, the purpose IP address, source of the first TCP request message Port, destination port and the time of reception.
Optionally, further include the second logging modle, be used for:
After the discard module abandons the first TCP request message, the source IP of the first TCP request message is recorded Address, purpose IP address, source port, destination port and the time of reception.
Optionally, further includes:
The receiving module is also used to receive the security sockets SSL protocol request message of second terminal transmission;
The acquisition module, be also used to obtain the uniform resource locator URL carried in the SSL request message and/or Protocol type;
The determining module, is also used to determine whether the URL matches with pre-set URL feature database, and/or, really Whether the fixed protocol type is specified protocol type;
The discard module is also used to if it is determined that the URL is with the URL feature storehouse matching or the protocol type The specified protocol type then abandons the SSL request message.
The present invention has the beneficial effect that:
The embodiment of the present invention provides a kind of noise-reduction method and device that HTTPS is redirected, and is sent by receiving first terminal The first TCP request message;Obtain source internet protocol IP address, purpose IP address that the first TCP request message carries, Source port and destination port;Determine whether receive in the setting duration before the time of reception of the first TCP request message Cross the carrying source IP address of setting quantity, the 2nd TCP request message of the destination IP address and the destination port;If Determine the 2nd TCP request message that the setting quantity was received in the setting duration, it is determined that the first TCP request Whether the source port that the source port and the 2nd TCP request message that message carries carry is according to setting rule variation;If it is determined that The source port that the source port and the 2nd TCP request message that the first TCP request message carries carry is according to setting rule Variation, then abandon the first TCP request message.In the program, can the TCP directly in HTTPS redirection process shake hands Stage carries out noise reduction, and after TCP request message abandons, HTTPS redirection process is terminated, so as to realize that filtering HTTPS makes an uproar Sound.
Detailed description of the invention
Fig. 1 is a kind of flow chart for the noise-reduction method that HTTPS redirection is carried out based on TCP in the embodiment of the present invention;
Fig. 2 is the flow chart for the noise-reduction method that another kind carries out HTTPS redirection based on SSL in the embodiment of the present invention;
Fig. 3 is a kind of structural schematic diagram for the denoising device that HTTPS corresponding with Fig. 1 is redirected in the embodiment of the present invention;
Fig. 4 is the structural representation for the denoising device that another HTTPS corresponding with Fig. 2 is redirected in the embodiment of the present invention Figure.
Specific embodiment
In order to realize the HTTPS noise filtered out in HTTPS request message, HTTPS is redirected and carries out noise reduction, inventor Very in-depth study has been carried out, has been found:
For HTTPS redirection for, only user clicks manually or system foreground automatic trigger can respond again The HTTPS request message of orientation is not just HTTPS noise, is normal HTTPS request, remaining HTTPS request message can be by It is defined as HTTPS noise.
According to user behavior, the following table 1 list HTTPS request message generation and HTTPS request message whether HTTPS The identification of noise.
Table 1
According to network stratified structure, it may be considered that the feature of different levels is to the processing of HTTPS noise analysis, such as the following table 2 institute Show.
Table 2
For the feasibility analysis of data link layer noise reduction:
For data link layer, main active media access control (the Media Access of the information that can be perceived Control Address, MAC) address, target MAC (Media Access Control) address, frame data type, HTTPS request report cannot be distinguished according to this three Wen Yufei HTTPS request message just let alone further analyzes HTTPS noise, so the noise reduction of data link layer is capable not It is logical.
For the feasibility analysis of network layer noise reduction:
For network layer, the main source IP address of the information that can be perceived, purpose IP address, transport layer protocol number, HTTPS request message and non-HTTPS request message cannot be distinguished according to this three, just let alone further analysis HTTPS makes an uproar Sound, so the noise reduction of network layer is unworkable.
For the feasibility analysis of transport layer noise reduction:
For transport layer, the information that can be perceived is mainly the specific data of transport layer, source port, mesh such as TCP Port, only also HTTPS noise can not be identified and be judged by these.But it is analyzed according to the packet capturing of early period, browsing Device is at accessing united resource positioning symbol (Uniform Resource Locator, URL), in order to ensure the page can be quick It is presented to the user, a plurality of HTTPS request message can be initiated simultaneously, it is only necessary to which part can be responded, then the page is just It can be presented out.The wherein HTTPS request of remainder can be abandoned directly, therefore being in link layer progress noise reduction can Capable.
For the feasibility analysis of session layer noise reduction:
For session layer, SSL is in this level, and SSL shakes hands, calculates and needs to occupy a large amount of central processing unit (Central Processing Unit, CPU) resource, the available information abundant enough of SSL, therefore carried out in session layer Noise reduction is feasible.
For the feasibility analysis of application layer noise reduction:
For application layer, upper-layer service is after openssl agency, it can be seen that actual HTTP message, HTTP stem has partial information to can use as noise reduction point, such as user-agent, but most CPU meter in fact Calculation has been consumed in SSL shakes hands, this is in, and to do noise reduction use little.
Taking into account the above, noise reduction process can be carried out in terms of two: carrying out noise reduction based on TCP and based on SSL.In HTTPS In redirection process, first to carry out TCP and shake hands carrying out SSL again and shaking hands, HTTP request then be carried out again, therefore, if being based on TCP Noise reduction, the subsequent SSL that do not have shake hands and HTTP request, so that reaching HTTPS redirects noise reduction;If being not based on TCP noise reduction, and It is to be based on SSL noise reduction, it is subsequent not have HTTP request, so that reaching HTTPS redirects noise reduction.Therefore, TCP drop can be based only on SSL noise reduction is made an uproar or be based only on, SSL noise reduction first can also be based on based on TCP noise reduction again.It introduces and is carried out based on TCP separately below The noise-reduction method that HTTPS is redirected and the noise-reduction method based on SSL progress HTTPS redirection.
The noise-reduction method for carrying out HTTPS redirection based on TCP is introduced first, can be applied in authenticating device, such as Fig. 1 institute Show, steps are as follows for specific execution:
S11: the first TCP request message that first terminal is sent is received.
S12: source IP address, purpose IP address, source port and destination port that the first TCP request message carries are obtained.
S13: determine in the setting duration before the time of reception of the first TCP request message whether received setting quantity Carry source IP address, purpose IP address and destination port the 2nd TCP request message.
S14: if it is determined that receiving the 2nd TCP request message of setting quantity within the set duration, it is determined that the first TCP is asked Whether the source port that the source port and the 2nd TCP request message for asking message to carry carry is according to setting rule variation.
S15: if it is determined that the source port that source port and the 2nd TCP request message that the first TCP request message carries carry is pressed According to setting rule variation, then the first TCP request message is abandoned.
Browser is when accessing URL, in order to ensure the page can be quickly presented to the user, can initiate simultaneously a plurality of HTTPS request message, it is only necessary to which part can be responded, then the page can be presented out.Wherein remainder The HTTPS request divided, can directly abandon.Reaction in TCP request message, be exactly within the set time, TCP request message Source IP address, purpose IP address and destination port are constant, and source port changes according to setting rule, this can be considered same TCP that terminal is repeatedly sent request, at this point, the only TCP request message of response setting quantity, it is subsequent receive again can Directly to abandon.
Wherein, setting duration and setting quantity can be set according to actual needs, and setting rule can be, but not limited to It is incremented by successively according to sequencing is received for port numbers.
In the program, can TCP handshake phase directly in HTTPS redirection process carry out noise reduction, when TCP requests to report After text abandons, HTTPS redirection process is terminated, so as to realize filtering HTTPS noise.
Optionally, the above method further include:
If it is determined that not receiving the 2nd TCP request message of setting quantity within the set duration, then sent to first terminal TCP response message corresponding with the first TCP request message;Record the source IP address of the first TCP request message, purpose IP address, Source port, destination port and the time of reception.For within the set duration not receiving the 2nd TCP request message of setting quantity Situation, illustrating, which can also continue to, responds, and can send TCP response message, and record the first TCP request message source IP address, Purpose IP address, source port, destination port and the time of reception continue noise reduction in order to subsequent.
Optionally, after abandoning the first TCP request message in above-mentioned S15, the above method further include:
Record source IP address, purpose IP address, source port, destination port and the time of reception of the first TCP request message.By In subsequent it is also possible to receive that source IP address, purpose IP address, destination port are identical, the different TCP request message of source port, because This, can recorde source IP address, purpose IP address, source port, destination port and the time of reception of the first TCP request message, with Continue noise reduction convenient for subsequent.
The noise-reduction method for carrying out HTTPS redirection based on TCP is described above, can apply in authenticating device, below The noise-reduction method for carrying out HTTPS redirection based on SSL is introduced, can be applied in authenticating device, as shown in Fig. 2, specific execute Steps are as follows:
S21: the SSL request message that second terminal is sent is received.
S22: the URL and/or protocol type carried in SSL request message is obtained.
S23: determining whether URL matches with pre-set URL feature database, and/or, determine whether protocol type is specified Protocol type.
S24: if it is determined that URL and URL feature storehouse matching or protocol type are specified protocol types, then SSL request is abandoned Message.
The essential process for the terminal that one complete SSL handshake phase is related to be ClientHello, ClientKeyExchange, ChangeCipherSpec and Finished do following specific point below for each process Analysis:
For ClientHello: terminal starts the new function of shaking hands, and itself is supported and gives certification, supports as follows Field shown in table 3:
Table 3
The noise reduction for being conducive to HTTPS redirection in above-mentioned field is as shown in table 4 below, other fields will not enumerate.
Table 4
For ClientKeyExchange: terminal sends additional information required for generating master key;The password negotiated External member influences, and content is different with different external members.This part is that agreement is related, unrelated with user behavior, can not be as spy Sign extracts.
For ChangeCipherSpec: terminal switching cipher mode simultaneously notifies authenticating device;This part is that agreement is related, It is unrelated with user behavior, it can not go out as feature extraction.
For Finished: terminal calculates the MAC Address of the handshaking information sent and received and transmission;This part is association View is related, unrelated with user behavior, can not go out as feature extraction.
To sum up, there are two features can be used for HTTPS noise identification: the URL of terminal access and support for SSL handshake phase Agreement (can be used as specified protocol type).
For the URL of terminal access, it is contemplated that the form for generating HTTPS noise is varied, using increase URL feature database It is matched, URL feature database can be the library white list URL or the library blacklist URL.
The setting method in the library white list URL is as follows:
It is redirected for the URL for being positioned as non-HTTPS noise, the URL for being positioned as HTTPS noise is held in SSL The hand stage just directly blocks, white list URL can for well-known website etc., such as use ALEXA (http: // Www.alexa.cn/ website seniority among brothers and sisters), the website seniority among brothers and sisters of navigation website, navigation page website of mobile phone top ten list etc., white list The library URL is supported to periodically update, to strain current fast changing situation.
The library blacklist URL considers:
Blacklist library is added for the URL for being expressly defined as HTTPS noise to be blocked, not in the library blacklist URL URL can be redirected.Blacklist URL can needle collect clearly be HTTPS noise URL feature, i.e. manual operation will not visit The URL asked, such as the URL (citing: Sina weibo APP access api.weibo.cn) of similar access interface can be initiated in APP, be System updates URL of access etc. (citing: mdk system update accesses mtepodownload.mdiatek.com).The library blacklist URL Support periodically updates, to strain current fast changing situation.
For the agreement that terminal is supported, instantly in most cases destination port 443 be http1.x flow, can be with But it is not limited to http1.x.
In the program, can SSL handshake phase directly in HTTPS redirection process carry out noise reduction, when SSL request report After text abandons, HTTPS redirection process is terminated, so as to realize filtering HTTPS noise.
Based on the same inventive concept, the embodiment of the present invention provides a kind of denoising device that HTTPS is redirected, with such as Fig. 1 institute The method shown is corresponding, applies in authenticating device, and the structure of the device is as shown in Figure 3, comprising:
Receiving module 31, for receiving the first TCP request message of first terminal transmission;
Obtain module 32, for obtains the first TCP request message carry source IP address, purpose IP address, source port and Destination port;
Determining module 33, for determining in the setting duration before the time of reception of the first TCP request message whether connect Received the 2nd TCP request message for carrying source IP address, purpose IP address and destination port of setting quantity;If it is determined that setting The 2nd TCP request message of setting quantity was received in duration, it is determined that the source port and second that the first TCP request message carries Whether the source port that TCP request message carries is according to setting rule variation;
Discard module 34, for if it is determined that the source port and the 2nd TCP request message that the first TCP request message carries carry Source port according to setting rule variation, then abandon the first TCP request message.
In the program, can SSL handshake phase directly in HTTPS redirection process carry out noise reduction, when SSL request report After text abandons, HTTPS redirection process is terminated, so as to realize filtering HTTPS noise.
It optionally, further include sending module and the first logging modle, in which:
Sending module, for if it is determined that within the set duration do not received setting quantity the 2nd TCP request message, then to First terminal sends TCP response message corresponding with the first TCP request message;
First logging modle, for recording source IP address, purpose IP address, the source port, purpose of the first TCP request message Port and the time of reception.
Optionally, further include the second logging modle, be used for:
After discard module abandons the first TCP request message, source IP address, the destination IP of the first TCP request message are recorded Address, source port, destination port and the time of reception.
Optionally, further includes:
Receiving module is also used to receive the security sockets SSL protocol request message of second terminal transmission;
Module is obtained, is also used to obtain the uniform resource locator URL and/or protocol type carried in SSL request message;
Determining module, is also used to whether determining URL matches with pre-set URL feature database, and/or, determine protocol class Whether type is specified protocol type;
Discard module is also used to if it is determined that URL and URL feature storehouse matching or protocol type are specified protocol types, then Abandon SSL request message.
Based on the same inventive concept, the embodiment of the present invention provides a kind of denoising device that HTTPS is redirected, with such as Fig. 2 institute The method shown is corresponding, applies in authenticating device, and the structure of the device is as shown in Figure 4, comprising:
Receiving module 41, for receiving the SSL request message of second terminal transmission;
Module 42 is obtained, for obtaining the uniform resource locator URL and/or protocol type that carry in SSL request message;
Determining module 43, for determining whether URL matches with pre-set URL feature database, and/or, determine protocol class Whether type is specified protocol type;
Discard module 44, for if it is determined that URL and URL feature storehouse matching or protocol type are specified protocol types, then Abandon SSL request message.
In the program, can SSL handshake phase directly in HTTPS redirection process carry out noise reduction, when SSL request report After text abandons, HTTPS redirection process is terminated, so as to realize filtering HTTPS noise.
The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates, Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one The step of function of being specified in a box or multiple boxes.
Although alternative embodiment of the invention has been described, created once a person skilled in the art knows basic Property concept, then additional changes and modifications may be made to these embodiments.So the following claims are intended to be interpreted as include can It selects embodiment and falls into all change and modification of the scope of the invention.
Obviously, those skilled in the art can carry out various modification and variations without departing from this hair to the embodiment of the present invention The spirit and scope of bright embodiment.In this way, if these modifications and variations of the embodiment of the present invention belong to the claims in the present invention And its within the scope of equivalent technologies, then the present invention is also intended to include these modifications and variations.

Claims (8)

1. a kind of noise-reduction method that the hypertext transfer protocol HTTPS based on Secure Socket Layer is redirected, is applied in authenticating device In characterized by comprising
Receive the first transmission control protocol TCP request message that first terminal is sent;
Obtain source internet protocol IP address, purpose IP address, source port and destination that the first TCP request message carries Mouthful;
Determine taking for setting quantity whether was received in the setting duration before the time of reception of the first TCP request message The 2nd TCP request message with the source IP address, the destination IP address and the destination port;
If it is determined that receiving the 2nd TCP request message of the setting quantity in the setting duration, it is determined that described first Whether the source port that the source port and the 2nd TCP request message that TCP request message carries carry is according to setting rule variation;
If it is determined that the source port that source port and the 2nd TCP request message that the first TCP request message carries carry is pressed According to setting rule variation, then the first TCP request message is abandoned.
2. the method as described in claim 1, which is characterized in that further include:
If it is determined that not receiving the 2nd TCP request message of the setting quantity in the setting duration, then to described first Terminal sends TCP response message corresponding with the first TCP request message;
Record source IP address, purpose IP address, source port, destination port and the time of reception of the first TCP request message.
3. the method as described in claim 1, which is characterized in that after discarding the first TCP request message, further includes:
Record source IP address, purpose IP address, source port, destination port and the time of reception of the first TCP request message.
4. method a method according to any one of claims 1-3, which is characterized in that further include:
Receive the security sockets SSL protocol request message that second terminal is sent;
Obtain the uniform resource locator URL and/or protocol type carried in the SSL request message;
Determine whether the URL matches with pre-set URL feature database, and/or, determine whether the protocol type is specified Protocol type;
If it is determined that the URL and the URL feature storehouse matching or the protocol type are the specified protocol types, then abandon The SSL request message.
5. the denoising device that a kind of HTTPS is redirected, is applied in authenticating device characterized by comprising
Receiving module, for receiving the first transmission control protocol TCP request message of first terminal transmission;
Obtain module, for obtain source internet protocol IP address, purpose IP address that the first TCP request message carries, Source port and destination port;
Determining module, for determining in the setting duration before the time of reception of the first TCP request message whether receive Cross the carrying source IP address of setting quantity, the 2nd TCP request message of the destination IP address and the destination port;If Determine the 2nd TCP request message that the setting quantity was received in the setting duration, it is determined that the first TCP request Whether the source port that the source port and the 2nd TCP request message that message carries carry is according to setting rule variation;
Discard module, for if it is determined that the source port and the 2nd TCP request message that the first TCP request message carries are taken The source port of band then abandons the first TCP request message according to setting rule variation.
6. device as claimed in claim 5, which is characterized in that further include:
Sending module, for if it is determined that it is described setting duration in do not received it is described setting quantity the 2nd TCP request message, Then TCP response message corresponding with the first TCP request message is sent to the first terminal;
First logging modle, for recording source IP address, purpose IP address, the source port, purpose of the first TCP request message Port and the time of reception.
7. device as claimed in claim 5, which is characterized in that further include the second logging modle, be used for:
After the discard module abandons the first TCP request message, with recording the source IP of the first TCP request message Location, purpose IP address, source port, destination port and the time of reception.
8. the device as described in claim 5-7 is any, which is characterized in that further include:
The receiving module is also used to receive the security sockets SSL protocol request message of second terminal transmission;
The acquisition module is also used to obtain the uniform resource locator URL carried in the SSL request message and/or agreement Type;
The determining module, is also used to determine whether the URL matches with pre-set URL feature database, and/or, determine institute State whether protocol type is specified protocol type;
The discard module is also used to if it is determined that the URL with the URL feature storehouse matching or the protocol type is described Specified protocol type then abandons the SSL request message.
CN201811551927.9A 2018-12-19 2018-12-19 Noise reduction method and device for HTTPS redirection Active CN109600379B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811551927.9A CN109600379B (en) 2018-12-19 2018-12-19 Noise reduction method and device for HTTPS redirection

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811551927.9A CN109600379B (en) 2018-12-19 2018-12-19 Noise reduction method and device for HTTPS redirection

Publications (2)

Publication Number Publication Date
CN109600379A true CN109600379A (en) 2019-04-09
CN109600379B CN109600379B (en) 2021-08-17

Family

ID=65963878

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811551927.9A Active CN109600379B (en) 2018-12-19 2018-12-19 Noise reduction method and device for HTTPS redirection

Country Status (1)

Country Link
CN (1) CN109600379B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1731784A (en) * 2004-08-06 2006-02-08 华为技术有限公司 Safety management method for hyper text transport protocol service
KR20100136708A (en) * 2009-06-19 2010-12-29 주식회사 케이티 The rate control method based on flow information and the network apparatus using the said method
US20130282868A1 (en) * 2012-04-23 2013-10-24 Jae Chung Integral Controller Based Pacing for HTTP Pseudo-streaming
CN105357209A (en) * 2015-11-20 2016-02-24 福建星网锐捷网络有限公司 WEB authentication method and WEB authentication device
CN108011850A (en) * 2017-12-18 2018-05-08 北京百度网讯科技有限公司 The recombination method and device of data packet, computer equipment and computer-readable recording medium
CN108965263A (en) * 2018-06-26 2018-12-07 新华三技术有限公司 Network attack defence method and device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1731784A (en) * 2004-08-06 2006-02-08 华为技术有限公司 Safety management method for hyper text transport protocol service
KR20100136708A (en) * 2009-06-19 2010-12-29 주식회사 케이티 The rate control method based on flow information and the network apparatus using the said method
US20130282868A1 (en) * 2012-04-23 2013-10-24 Jae Chung Integral Controller Based Pacing for HTTP Pseudo-streaming
CN105357209A (en) * 2015-11-20 2016-02-24 福建星网锐捷网络有限公司 WEB authentication method and WEB authentication device
CN108011850A (en) * 2017-12-18 2018-05-08 北京百度网讯科技有限公司 The recombination method and device of data packet, computer equipment and computer-readable recording medium
CN108965263A (en) * 2018-06-26 2018-12-07 新华三技术有限公司 Network attack defence method and device

Also Published As

Publication number Publication date
CN109600379B (en) 2021-08-17

Similar Documents

Publication Publication Date Title
CN104580192B (en) The treating method and apparatus of the network access request of application program
US9294458B2 (en) Managing identity provider (IdP) identifiers for web real-time communications (WebRTC) interactive flows, and related methods, systems, and computer-readable media
Elkhatib et al. Can SPDY really make the web faster?
CN104158808B (en) Portal authentication method and its device based on APP applications
US9124629B1 (en) Using secure connections to identify systems
US11196833B1 (en) Proxy server synchronizer
WO2015043455A1 (en) Data transmission method, device, and system
US20140019957A1 (en) Method, apparatus, and system for sharing software among terminals
CN110505188B (en) Terminal authentication method, related equipment and authentication system
CN108390955A (en) Domain Name acquisition method, Website access method and server
CN111212156B (en) Network connection method and device
US9712621B1 (en) Information sharing endpoint
CN102710559B (en) A kind of reversed proxy server realizes the method for Digital Document Resource gateway
CN105871853A (en) Portal authenticating method and system
JP2009100064A (en) Communication method and communication system for wireless lan
CN105991518B (en) Network access verifying method and device
CN103997479B (en) A kind of asymmetric services IP Proxy Methods and equipment
US20230129305A1 (en) Secure identity provider authentication for native application to access web service
CN102404345A (en) Distributed attack prevention method and device
EP2813051A1 (en) Dynamic sharing of a webservice
CN109951487A (en) A kind of portal authentication method and device
CN108366112A (en) Data transmission method and system, the medium and computing device of client
WO2012097728A1 (en) Method and device for proxy access of open platform
CN110225135B (en) Server connection method and device, electronic equipment and storage medium
CN107395582A (en) Portal authentication devices and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant