CN109600379A - The noise-reduction method and device that HTTPS is redirected - Google Patents
The noise-reduction method and device that HTTPS is redirected Download PDFInfo
- Publication number
- CN109600379A CN109600379A CN201811551927.9A CN201811551927A CN109600379A CN 109600379 A CN109600379 A CN 109600379A CN 201811551927 A CN201811551927 A CN 201811551927A CN 109600379 A CN109600379 A CN 109600379A
- Authority
- CN
- China
- Prior art keywords
- request message
- tcp request
- tcp
- address
- source
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/161—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields
- H04L69/162—Implementation details of TCP/IP or UDP/IP stack architecture; Specification of modified or new header fields involving adaptations of sockets based mechanisms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/163—In-band adaptation of TCP data exchange; In-band control procedures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Information Transfer Between Computers (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses noise-reduction methods and device that a kind of HTTPS is redirected, this method comprises: receiving the first TCP request message that first terminal is sent;Obtain source IP address, purpose IP address, source port and destination port that the first TCP request message carries;Determine the 2nd TCP request message of the carrying source IP address, the destination IP address and the destination port that setting quantity whether was received in the setting duration before the time of reception of the first TCP request message;If it is determined that receiving the 2nd TCP request message of the setting quantity in the setting duration, it is determined that whether the source port that the source port and the 2nd TCP request message that the first TCP request message carries carry is according to setting rule variation;If it is determined that the source port that source port and the 2nd TCP request message that the first TCP request message carries carry then abandons the first TCP request message according to setting rule variation.Filtering HTTPS noise may be implemented in the program.
Description
Technical field
The present invention relates to field of communication technology, noise-reduction method and device that espespecially a kind of HTTPS is redirected.
Background technique
Hypertext transfer protocol (Hyper Text Transfer Protocol over based on Secure Socket Layer
Secure Socket Layer, HTTPS) it is safely for the hypertext transfer protocol of target (Hyper Text Transfer
Protocol over Secure Socket Layer, HTTP) channel is briefly the safe version of HTTP.Add under http
Enter secure socket layer protocol (Secure Sockets Layer, SSL), SSL is the foundation for security of HTTPS.
HTTPS redirecting technique is that authenticating device intercepts the HTTPS request message that terminal is initiated, then counterfeit mesh
Website and terminal carry out transmission control protocol (Transmission Control Protocol, TCP) shakes hands, SSL shakes hands,
It establishes after connection and redirects pushing certification page to terminal.
Currently, can also also be initiated largely there are many application program in addition to the HTTPS request message initiated by browser
HTTPS request message, for the HTTPS request message that these are initiated by non-browser, authenticating device also will do it interception weight
Orientation is actually invalid HTTPS request message by the HTTPS request message that non-browser is initiated, it can be assumed that being HTTPS
Noise, even if authenticating device pushing certification page, application program can not also be shown, and these invalid HTTPS request messages can disappear
The vast resources of authenticating device is consumed, or even will affect the processing of normal HTTPS request message.Therefore, a kind of HTTPS is needed at present
The noise-reduction method of redirection, to filter out the HTTPS noise in HTTPS request message.
Summary of the invention
The embodiment of the present invention provides a kind of noise-reduction method and device that HTTPS is redirected, to realize that filtering out HTTPS asks
The HTTPS noise in message is sought, HTTPS is redirected and carries out noise reduction.
According to embodiments of the present invention, the noise-reduction method for providing a kind of HTTPS redirection is applied in authenticating device, comprising:
Receive the first transmission control protocol TCP request message that first terminal is sent;
Obtain source internet protocol IP address, purpose IP address, source port and mesh that the first TCP request message carries
Port;
It determines in the setting duration before the time of reception of the first TCP request message and whether received setting quantity
The carrying source IP address, the destination IP address and the destination port the 2nd TCP request message;
If it is determined that receiving the 2nd TCP request message of the setting quantity in the setting duration, it is determined that described
Whether the source port that the source port and the 2nd TCP request message that the first TCP request message carries carry is according to setting rule
Variation;
If it is determined that the source that source port and the 2nd TCP request message that the first TCP request message carries carry
Mouth then abandons the first TCP request message according to setting rule variation.
Optionally, further includes:
If it is determined that not receiving the 2nd TCP request message of the setting quantity, then Xiang Suoshu in the setting duration
First terminal sends TCP response message corresponding with the first TCP request message;
When recording source IP address, purpose IP address, source port, destination port and the reception of the first TCP request message
It carves.
Optionally, after discarding the first TCP request message, further includes:
When recording source IP address, purpose IP address, source port, destination port and the reception of the first TCP request message
It carves.
Optionally, further includes:
Receive the security sockets SSL protocol request message that second terminal is sent;
Obtain the uniform resource locator URL and/or protocol type carried in the SSL request message;
Determine whether the URL matches with pre-set URL feature database, and/or, determine the protocol type whether be
Specified protocol type;
If it is determined that the URL and the URL feature storehouse matching or the protocol type are the specified protocol types, then
Abandon the SSL request message.
According to embodiments of the present invention, a kind of denoising device that HTTPS is redirected also is provided, applies in authenticating device, wraps
It includes:
Receiving module, for receiving the first transmission control protocol TCP request message of first terminal transmission;
Module is obtained, for obtaining source internet protocol IP address, destination IP that the first TCP request message carries
Location, source port and destination port;
Determining module, for determine in setting duration before the time of reception of the first TCP request message whether
Received the carrying source IP address of setting quantity, the 2nd TCP request report of the destination IP address and the destination port
Text;If it is determined that receiving the 2nd TCP request message of the setting quantity in the setting duration, it is determined that described first
Whether the source port that the source port and the 2nd TCP request message that TCP request message carries carry is according to setting rule variation;
Discard module, for if it is determined that the source port and the 2nd TCP request report that the first TCP request message carries
The source port that text carries then abandons the first TCP request message according to setting rule variation.
It optionally, further include sending module and the first logging modle, in which:
The sending module, for if it is determined that not receiving the 2nd TCP of the setting quantity in the setting duration
Request message then sends TCP response message corresponding with the first TCP request message to the first terminal;
First logging modle, for recording source IP address, the purpose IP address, source of the first TCP request message
Port, destination port and the time of reception.
Optionally, further include the second logging modle, be used for:
After the discard module abandons the first TCP request message, the source IP of the first TCP request message is recorded
Address, purpose IP address, source port, destination port and the time of reception.
Optionally, further includes:
The receiving module is also used to receive the security sockets SSL protocol request message of second terminal transmission;
The acquisition module, be also used to obtain the uniform resource locator URL carried in the SSL request message and/or
Protocol type;
The determining module, is also used to determine whether the URL matches with pre-set URL feature database, and/or, really
Whether the fixed protocol type is specified protocol type;
The discard module is also used to if it is determined that the URL is with the URL feature storehouse matching or the protocol type
The specified protocol type then abandons the SSL request message.
The present invention has the beneficial effect that:
The embodiment of the present invention provides a kind of noise-reduction method and device that HTTPS is redirected, and is sent by receiving first terminal
The first TCP request message;Obtain source internet protocol IP address, purpose IP address that the first TCP request message carries,
Source port and destination port;Determine whether receive in the setting duration before the time of reception of the first TCP request message
Cross the carrying source IP address of setting quantity, the 2nd TCP request message of the destination IP address and the destination port;If
Determine the 2nd TCP request message that the setting quantity was received in the setting duration, it is determined that the first TCP request
Whether the source port that the source port and the 2nd TCP request message that message carries carry is according to setting rule variation;If it is determined that
The source port that the source port and the 2nd TCP request message that the first TCP request message carries carry is according to setting rule
Variation, then abandon the first TCP request message.In the program, can the TCP directly in HTTPS redirection process shake hands
Stage carries out noise reduction, and after TCP request message abandons, HTTPS redirection process is terminated, so as to realize that filtering HTTPS makes an uproar
Sound.
Detailed description of the invention
Fig. 1 is a kind of flow chart for the noise-reduction method that HTTPS redirection is carried out based on TCP in the embodiment of the present invention;
Fig. 2 is the flow chart for the noise-reduction method that another kind carries out HTTPS redirection based on SSL in the embodiment of the present invention;
Fig. 3 is a kind of structural schematic diagram for the denoising device that HTTPS corresponding with Fig. 1 is redirected in the embodiment of the present invention;
Fig. 4 is the structural representation for the denoising device that another HTTPS corresponding with Fig. 2 is redirected in the embodiment of the present invention
Figure.
Specific embodiment
In order to realize the HTTPS noise filtered out in HTTPS request message, HTTPS is redirected and carries out noise reduction, inventor
Very in-depth study has been carried out, has been found:
For HTTPS redirection for, only user clicks manually or system foreground automatic trigger can respond again
The HTTPS request message of orientation is not just HTTPS noise, is normal HTTPS request, remaining HTTPS request message can be by
It is defined as HTTPS noise.
According to user behavior, the following table 1 list HTTPS request message generation and HTTPS request message whether HTTPS
The identification of noise.
Table 1
According to network stratified structure, it may be considered that the feature of different levels is to the processing of HTTPS noise analysis, such as the following table 2 institute
Show.
Table 2
For the feasibility analysis of data link layer noise reduction:
For data link layer, main active media access control (the Media Access of the information that can be perceived
Control Address, MAC) address, target MAC (Media Access Control) address, frame data type, HTTPS request report cannot be distinguished according to this three
Wen Yufei HTTPS request message just let alone further analyzes HTTPS noise, so the noise reduction of data link layer is capable not
It is logical.
For the feasibility analysis of network layer noise reduction:
For network layer, the main source IP address of the information that can be perceived, purpose IP address, transport layer protocol number,
HTTPS request message and non-HTTPS request message cannot be distinguished according to this three, just let alone further analysis HTTPS makes an uproar
Sound, so the noise reduction of network layer is unworkable.
For the feasibility analysis of transport layer noise reduction:
For transport layer, the information that can be perceived is mainly the specific data of transport layer, source port, mesh such as TCP
Port, only also HTTPS noise can not be identified and be judged by these.But it is analyzed according to the packet capturing of early period, browsing
Device is at accessing united resource positioning symbol (Uniform Resource Locator, URL), in order to ensure the page can be quick
It is presented to the user, a plurality of HTTPS request message can be initiated simultaneously, it is only necessary to which part can be responded, then the page is just
It can be presented out.The wherein HTTPS request of remainder can be abandoned directly, therefore being in link layer progress noise reduction can
Capable.
For the feasibility analysis of session layer noise reduction:
For session layer, SSL is in this level, and SSL shakes hands, calculates and needs to occupy a large amount of central processing unit
(Central Processing Unit, CPU) resource, the available information abundant enough of SSL, therefore carried out in session layer
Noise reduction is feasible.
For the feasibility analysis of application layer noise reduction:
For application layer, upper-layer service is after openssl agency, it can be seen that actual HTTP message,
HTTP stem has partial information to can use as noise reduction point, such as user-agent, but most CPU meter in fact
Calculation has been consumed in SSL shakes hands, this is in, and to do noise reduction use little.
Taking into account the above, noise reduction process can be carried out in terms of two: carrying out noise reduction based on TCP and based on SSL.In HTTPS
In redirection process, first to carry out TCP and shake hands carrying out SSL again and shaking hands, HTTP request then be carried out again, therefore, if being based on TCP
Noise reduction, the subsequent SSL that do not have shake hands and HTTP request, so that reaching HTTPS redirects noise reduction;If being not based on TCP noise reduction, and
It is to be based on SSL noise reduction, it is subsequent not have HTTP request, so that reaching HTTPS redirects noise reduction.Therefore, TCP drop can be based only on
SSL noise reduction is made an uproar or be based only on, SSL noise reduction first can also be based on based on TCP noise reduction again.It introduces and is carried out based on TCP separately below
The noise-reduction method that HTTPS is redirected and the noise-reduction method based on SSL progress HTTPS redirection.
The noise-reduction method for carrying out HTTPS redirection based on TCP is introduced first, can be applied in authenticating device, such as Fig. 1 institute
Show, steps are as follows for specific execution:
S11: the first TCP request message that first terminal is sent is received.
S12: source IP address, purpose IP address, source port and destination port that the first TCP request message carries are obtained.
S13: determine in the setting duration before the time of reception of the first TCP request message whether received setting quantity
Carry source IP address, purpose IP address and destination port the 2nd TCP request message.
S14: if it is determined that receiving the 2nd TCP request message of setting quantity within the set duration, it is determined that the first TCP is asked
Whether the source port that the source port and the 2nd TCP request message for asking message to carry carry is according to setting rule variation.
S15: if it is determined that the source port that source port and the 2nd TCP request message that the first TCP request message carries carry is pressed
According to setting rule variation, then the first TCP request message is abandoned.
Browser is when accessing URL, in order to ensure the page can be quickly presented to the user, can initiate simultaneously a plurality of
HTTPS request message, it is only necessary to which part can be responded, then the page can be presented out.Wherein remainder
The HTTPS request divided, can directly abandon.Reaction in TCP request message, be exactly within the set time, TCP request message
Source IP address, purpose IP address and destination port are constant, and source port changes according to setting rule, this can be considered same
TCP that terminal is repeatedly sent request, at this point, the only TCP request message of response setting quantity, it is subsequent receive again can
Directly to abandon.
Wherein, setting duration and setting quantity can be set according to actual needs, and setting rule can be, but not limited to
It is incremented by successively according to sequencing is received for port numbers.
In the program, can TCP handshake phase directly in HTTPS redirection process carry out noise reduction, when TCP requests to report
After text abandons, HTTPS redirection process is terminated, so as to realize filtering HTTPS noise.
Optionally, the above method further include:
If it is determined that not receiving the 2nd TCP request message of setting quantity within the set duration, then sent to first terminal
TCP response message corresponding with the first TCP request message;Record the source IP address of the first TCP request message, purpose IP address,
Source port, destination port and the time of reception.For within the set duration not receiving the 2nd TCP request message of setting quantity
Situation, illustrating, which can also continue to, responds, and can send TCP response message, and record the first TCP request message source IP address,
Purpose IP address, source port, destination port and the time of reception continue noise reduction in order to subsequent.
Optionally, after abandoning the first TCP request message in above-mentioned S15, the above method further include:
Record source IP address, purpose IP address, source port, destination port and the time of reception of the first TCP request message.By
In subsequent it is also possible to receive that source IP address, purpose IP address, destination port are identical, the different TCP request message of source port, because
This, can recorde source IP address, purpose IP address, source port, destination port and the time of reception of the first TCP request message, with
Continue noise reduction convenient for subsequent.
The noise-reduction method for carrying out HTTPS redirection based on TCP is described above, can apply in authenticating device, below
The noise-reduction method for carrying out HTTPS redirection based on SSL is introduced, can be applied in authenticating device, as shown in Fig. 2, specific execute
Steps are as follows:
S21: the SSL request message that second terminal is sent is received.
S22: the URL and/or protocol type carried in SSL request message is obtained.
S23: determining whether URL matches with pre-set URL feature database, and/or, determine whether protocol type is specified
Protocol type.
S24: if it is determined that URL and URL feature storehouse matching or protocol type are specified protocol types, then SSL request is abandoned
Message.
The essential process for the terminal that one complete SSL handshake phase is related to be ClientHello,
ClientKeyExchange, ChangeCipherSpec and Finished do following specific point below for each process
Analysis:
For ClientHello: terminal starts the new function of shaking hands, and itself is supported and gives certification, supports as follows
Field shown in table 3:
Table 3
The noise reduction for being conducive to HTTPS redirection in above-mentioned field is as shown in table 4 below, other fields will not enumerate.
Table 4
For ClientKeyExchange: terminal sends additional information required for generating master key;The password negotiated
External member influences, and content is different with different external members.This part is that agreement is related, unrelated with user behavior, can not be as spy
Sign extracts.
For ChangeCipherSpec: terminal switching cipher mode simultaneously notifies authenticating device;This part is that agreement is related,
It is unrelated with user behavior, it can not go out as feature extraction.
For Finished: terminal calculates the MAC Address of the handshaking information sent and received and transmission;This part is association
View is related, unrelated with user behavior, can not go out as feature extraction.
To sum up, there are two features can be used for HTTPS noise identification: the URL of terminal access and support for SSL handshake phase
Agreement (can be used as specified protocol type).
For the URL of terminal access, it is contemplated that the form for generating HTTPS noise is varied, using increase URL feature database
It is matched, URL feature database can be the library white list URL or the library blacklist URL.
The setting method in the library white list URL is as follows:
It is redirected for the URL for being positioned as non-HTTPS noise, the URL for being positioned as HTTPS noise is held in SSL
The hand stage just directly blocks, white list URL can for well-known website etc., such as use ALEXA (http: //
Www.alexa.cn/ website seniority among brothers and sisters), the website seniority among brothers and sisters of navigation website, navigation page website of mobile phone top ten list etc., white list
The library URL is supported to periodically update, to strain current fast changing situation.
The library blacklist URL considers:
Blacklist library is added for the URL for being expressly defined as HTTPS noise to be blocked, not in the library blacklist URL
URL can be redirected.Blacklist URL can needle collect clearly be HTTPS noise URL feature, i.e. manual operation will not visit
The URL asked, such as the URL (citing: Sina weibo APP access api.weibo.cn) of similar access interface can be initiated in APP, be
System updates URL of access etc. (citing: mdk system update accesses mtepodownload.mdiatek.com).The library blacklist URL
Support periodically updates, to strain current fast changing situation.
For the agreement that terminal is supported, instantly in most cases destination port 443 be http1.x flow, can be with
But it is not limited to http1.x.
In the program, can SSL handshake phase directly in HTTPS redirection process carry out noise reduction, when SSL request report
After text abandons, HTTPS redirection process is terminated, so as to realize filtering HTTPS noise.
Based on the same inventive concept, the embodiment of the present invention provides a kind of denoising device that HTTPS is redirected, with such as Fig. 1 institute
The method shown is corresponding, applies in authenticating device, and the structure of the device is as shown in Figure 3, comprising:
Receiving module 31, for receiving the first TCP request message of first terminal transmission;
Obtain module 32, for obtains the first TCP request message carry source IP address, purpose IP address, source port and
Destination port;
Determining module 33, for determining in the setting duration before the time of reception of the first TCP request message whether connect
Received the 2nd TCP request message for carrying source IP address, purpose IP address and destination port of setting quantity;If it is determined that setting
The 2nd TCP request message of setting quantity was received in duration, it is determined that the source port and second that the first TCP request message carries
Whether the source port that TCP request message carries is according to setting rule variation;
Discard module 34, for if it is determined that the source port and the 2nd TCP request message that the first TCP request message carries carry
Source port according to setting rule variation, then abandon the first TCP request message.
In the program, can SSL handshake phase directly in HTTPS redirection process carry out noise reduction, when SSL request report
After text abandons, HTTPS redirection process is terminated, so as to realize filtering HTTPS noise.
It optionally, further include sending module and the first logging modle, in which:
Sending module, for if it is determined that within the set duration do not received setting quantity the 2nd TCP request message, then to
First terminal sends TCP response message corresponding with the first TCP request message;
First logging modle, for recording source IP address, purpose IP address, the source port, purpose of the first TCP request message
Port and the time of reception.
Optionally, further include the second logging modle, be used for:
After discard module abandons the first TCP request message, source IP address, the destination IP of the first TCP request message are recorded
Address, source port, destination port and the time of reception.
Optionally, further includes:
Receiving module is also used to receive the security sockets SSL protocol request message of second terminal transmission;
Module is obtained, is also used to obtain the uniform resource locator URL and/or protocol type carried in SSL request message;
Determining module, is also used to whether determining URL matches with pre-set URL feature database, and/or, determine protocol class
Whether type is specified protocol type;
Discard module is also used to if it is determined that URL and URL feature storehouse matching or protocol type are specified protocol types, then
Abandon SSL request message.
Based on the same inventive concept, the embodiment of the present invention provides a kind of denoising device that HTTPS is redirected, with such as Fig. 2 institute
The method shown is corresponding, applies in authenticating device, and the structure of the device is as shown in Figure 4, comprising:
Receiving module 41, for receiving the SSL request message of second terminal transmission;
Module 42 is obtained, for obtaining the uniform resource locator URL and/or protocol type that carry in SSL request message;
Determining module 43, for determining whether URL matches with pre-set URL feature database, and/or, determine protocol class
Whether type is specified protocol type;
Discard module 44, for if it is determined that URL and URL feature storehouse matching or protocol type are specified protocol types, then
Abandon SSL request message.
In the program, can SSL handshake phase directly in HTTPS redirection process carry out noise reduction, when SSL request report
After text abandons, HTTPS redirection process is terminated, so as to realize filtering HTTPS noise.
The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product
Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions
The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs
Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce
A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real
The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates,
Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or
The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one
The step of function of being specified in a box or multiple boxes.
Although alternative embodiment of the invention has been described, created once a person skilled in the art knows basic
Property concept, then additional changes and modifications may be made to these embodiments.So the following claims are intended to be interpreted as include can
It selects embodiment and falls into all change and modification of the scope of the invention.
Obviously, those skilled in the art can carry out various modification and variations without departing from this hair to the embodiment of the present invention
The spirit and scope of bright embodiment.In this way, if these modifications and variations of the embodiment of the present invention belong to the claims in the present invention
And its within the scope of equivalent technologies, then the present invention is also intended to include these modifications and variations.
Claims (8)
1. a kind of noise-reduction method that the hypertext transfer protocol HTTPS based on Secure Socket Layer is redirected, is applied in authenticating device
In characterized by comprising
Receive the first transmission control protocol TCP request message that first terminal is sent;
Obtain source internet protocol IP address, purpose IP address, source port and destination that the first TCP request message carries
Mouthful;
Determine taking for setting quantity whether was received in the setting duration before the time of reception of the first TCP request message
The 2nd TCP request message with the source IP address, the destination IP address and the destination port;
If it is determined that receiving the 2nd TCP request message of the setting quantity in the setting duration, it is determined that described first
Whether the source port that the source port and the 2nd TCP request message that TCP request message carries carry is according to setting rule variation;
If it is determined that the source port that source port and the 2nd TCP request message that the first TCP request message carries carry is pressed
According to setting rule variation, then the first TCP request message is abandoned.
2. the method as described in claim 1, which is characterized in that further include:
If it is determined that not receiving the 2nd TCP request message of the setting quantity in the setting duration, then to described first
Terminal sends TCP response message corresponding with the first TCP request message;
Record source IP address, purpose IP address, source port, destination port and the time of reception of the first TCP request message.
3. the method as described in claim 1, which is characterized in that after discarding the first TCP request message, further includes:
Record source IP address, purpose IP address, source port, destination port and the time of reception of the first TCP request message.
4. method a method according to any one of claims 1-3, which is characterized in that further include:
Receive the security sockets SSL protocol request message that second terminal is sent;
Obtain the uniform resource locator URL and/or protocol type carried in the SSL request message;
Determine whether the URL matches with pre-set URL feature database, and/or, determine whether the protocol type is specified
Protocol type;
If it is determined that the URL and the URL feature storehouse matching or the protocol type are the specified protocol types, then abandon
The SSL request message.
5. the denoising device that a kind of HTTPS is redirected, is applied in authenticating device characterized by comprising
Receiving module, for receiving the first transmission control protocol TCP request message of first terminal transmission;
Obtain module, for obtain source internet protocol IP address, purpose IP address that the first TCP request message carries,
Source port and destination port;
Determining module, for determining in the setting duration before the time of reception of the first TCP request message whether receive
Cross the carrying source IP address of setting quantity, the 2nd TCP request message of the destination IP address and the destination port;If
Determine the 2nd TCP request message that the setting quantity was received in the setting duration, it is determined that the first TCP request
Whether the source port that the source port and the 2nd TCP request message that message carries carry is according to setting rule variation;
Discard module, for if it is determined that the source port and the 2nd TCP request message that the first TCP request message carries are taken
The source port of band then abandons the first TCP request message according to setting rule variation.
6. device as claimed in claim 5, which is characterized in that further include:
Sending module, for if it is determined that it is described setting duration in do not received it is described setting quantity the 2nd TCP request message,
Then TCP response message corresponding with the first TCP request message is sent to the first terminal;
First logging modle, for recording source IP address, purpose IP address, the source port, purpose of the first TCP request message
Port and the time of reception.
7. device as claimed in claim 5, which is characterized in that further include the second logging modle, be used for:
After the discard module abandons the first TCP request message, with recording the source IP of the first TCP request message
Location, purpose IP address, source port, destination port and the time of reception.
8. the device as described in claim 5-7 is any, which is characterized in that further include:
The receiving module is also used to receive the security sockets SSL protocol request message of second terminal transmission;
The acquisition module is also used to obtain the uniform resource locator URL carried in the SSL request message and/or agreement
Type;
The determining module, is also used to determine whether the URL matches with pre-set URL feature database, and/or, determine institute
State whether protocol type is specified protocol type;
The discard module is also used to if it is determined that the URL with the URL feature storehouse matching or the protocol type is described
Specified protocol type then abandons the SSL request message.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811551927.9A CN109600379B (en) | 2018-12-19 | 2018-12-19 | Noise reduction method and device for HTTPS redirection |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811551927.9A CN109600379B (en) | 2018-12-19 | 2018-12-19 | Noise reduction method and device for HTTPS redirection |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109600379A true CN109600379A (en) | 2019-04-09 |
CN109600379B CN109600379B (en) | 2021-08-17 |
Family
ID=65963878
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811551927.9A Active CN109600379B (en) | 2018-12-19 | 2018-12-19 | Noise reduction method and device for HTTPS redirection |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109600379B (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1731784A (en) * | 2004-08-06 | 2006-02-08 | 华为技术有限公司 | Safety management method for hyper text transport protocol service |
KR20100136708A (en) * | 2009-06-19 | 2010-12-29 | 주식회사 케이티 | The rate control method based on flow information and the network apparatus using the said method |
US20130282868A1 (en) * | 2012-04-23 | 2013-10-24 | Jae Chung | Integral Controller Based Pacing for HTTP Pseudo-streaming |
CN105357209A (en) * | 2015-11-20 | 2016-02-24 | 福建星网锐捷网络有限公司 | WEB authentication method and WEB authentication device |
CN108011850A (en) * | 2017-12-18 | 2018-05-08 | 北京百度网讯科技有限公司 | The recombination method and device of data packet, computer equipment and computer-readable recording medium |
CN108965263A (en) * | 2018-06-26 | 2018-12-07 | 新华三技术有限公司 | Network attack defence method and device |
-
2018
- 2018-12-19 CN CN201811551927.9A patent/CN109600379B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1731784A (en) * | 2004-08-06 | 2006-02-08 | 华为技术有限公司 | Safety management method for hyper text transport protocol service |
KR20100136708A (en) * | 2009-06-19 | 2010-12-29 | 주식회사 케이티 | The rate control method based on flow information and the network apparatus using the said method |
US20130282868A1 (en) * | 2012-04-23 | 2013-10-24 | Jae Chung | Integral Controller Based Pacing for HTTP Pseudo-streaming |
CN105357209A (en) * | 2015-11-20 | 2016-02-24 | 福建星网锐捷网络有限公司 | WEB authentication method and WEB authentication device |
CN108011850A (en) * | 2017-12-18 | 2018-05-08 | 北京百度网讯科技有限公司 | The recombination method and device of data packet, computer equipment and computer-readable recording medium |
CN108965263A (en) * | 2018-06-26 | 2018-12-07 | 新华三技术有限公司 | Network attack defence method and device |
Also Published As
Publication number | Publication date |
---|---|
CN109600379B (en) | 2021-08-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104580192B (en) | The treating method and apparatus of the network access request of application program | |
US9294458B2 (en) | Managing identity provider (IdP) identifiers for web real-time communications (WebRTC) interactive flows, and related methods, systems, and computer-readable media | |
Elkhatib et al. | Can SPDY really make the web faster? | |
CN104158808B (en) | Portal authentication method and its device based on APP applications | |
US9124629B1 (en) | Using secure connections to identify systems | |
US11196833B1 (en) | Proxy server synchronizer | |
WO2015043455A1 (en) | Data transmission method, device, and system | |
US20140019957A1 (en) | Method, apparatus, and system for sharing software among terminals | |
CN110505188B (en) | Terminal authentication method, related equipment and authentication system | |
CN108390955A (en) | Domain Name acquisition method, Website access method and server | |
CN111212156B (en) | Network connection method and device | |
US9712621B1 (en) | Information sharing endpoint | |
CN102710559B (en) | A kind of reversed proxy server realizes the method for Digital Document Resource gateway | |
CN105871853A (en) | Portal authenticating method and system | |
JP2009100064A (en) | Communication method and communication system for wireless lan | |
CN105991518B (en) | Network access verifying method and device | |
CN103997479B (en) | A kind of asymmetric services IP Proxy Methods and equipment | |
US20230129305A1 (en) | Secure identity provider authentication for native application to access web service | |
CN102404345A (en) | Distributed attack prevention method and device | |
EP2813051A1 (en) | Dynamic sharing of a webservice | |
CN109951487A (en) | A kind of portal authentication method and device | |
CN108366112A (en) | Data transmission method and system, the medium and computing device of client | |
WO2012097728A1 (en) | Method and device for proxy access of open platform | |
CN110225135B (en) | Server connection method and device, electronic equipment and storage medium | |
CN107395582A (en) | Portal authentication devices and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |