CN109861951A

CN109861951A - A kind of Website access method, device, system

Info

Publication number: CN109861951A
Application number: CN201711244469.XA
Authority: CN
Inventors: 不公告发明人
Original assignee: Beijing Anyun Century Technology Co Ltd
Current assignee: Beijing Anyun Century Technology Co Ltd
Priority date: 2017-11-30
Filing date: 2017-11-30
Publication date: 2019-06-07

Abstract

The embodiment of the invention provides a kind of Website access method, device, systems, this method comprises: receiving the access request of access originator website in security server；The configuration information of the source website is inquired according to the access request；When the configuration information includes having turned on the security protection mode of the source website, accession page is searched from the Backup Data of the source website according to the access request；Access response is generated using the accession page；The access response is sent.On the one hand, the corresponding page is accessed by Backup Data, guarantees the normal access for source website and webpage, on the other hand, source website is kept apart with external by access Backup Data, so that source website can isolate extraneous attack, guarantee the normal operation of server, effectively prevention unauthorized access.

Description

A kind of Website access method, device, system

Technical field

The present invention relates to fields of communication technology, more particularly to a kind of Website access method based on mobile terminal, one kind Website visiting device, a kind of website visiting system based on mobile terminal and a kind of mobile terminal based on mobile terminal.

Background technique

With more and more extensive, the life item such as the daily work of people, study and amusement of application of net, very much It is all carried out on each website, therefore, the safety of website is closely bound up with people's lives.

However, website is faced there is various security risks, for example, COOKIE poisoning, application program buffering are overflow Out, cross-site scripting attack, known security flaw etc., during especially enterprises and institutions hold large-scale activity, criminal is attacked The probability for hitting website is very high, and risk is very big.

In order to improve the safe coefficient of website, allows user using safe website, currently provide to present in website Loophole is detected, and repairs website webmaster to loophole existing for website in time.

But due to combination difference, the upgrading factors such as iteration between each application in website, so that the loophole layer of website goes out Not poor, website still has higher probability under fire, and in the case where under attack, website is a greater impact, may It is unable to operate normally.

Summary of the invention

In view of the above problems, it proposes on the present invention overcomes the above problem or at least be partially solved in order to provide one kind State problem a kind of Website access method based on mobile terminal and a kind of corresponding website visiting device based on mobile terminal, A kind of website visiting system based on mobile terminal and a kind of mobile terminal.

In a first aspect, providing a kind of Website access method based on mobile terminal in the embodiment of the present invention, comprising:

The access request of mobile terminal accessing source website is received in security server；

The configuration information of the source website is inquired according to the access request；

When the configuration information includes having turned on the security protection mode of the source website, according to the access request from Accession page is searched in the Backup Data of the source website；

Access response is generated using the accession page；

The access response is sent to the mobile terminal.

Second aspect provides a kind of Website access method based on mobile terminal in the embodiment of the present invention, comprising:

The access request of access originator website is generated in the terminal；

Access response is generated using the accession page；

The access response is parsed, to load the accession page.

The third aspect provides a kind of website visiting device based on mobile terminal in the embodiment of the present invention, is located at safety In server, comprising:

Access request receiving module, for receiving the access request of mobile terminal accessing source website；

Configuration information enquiry module, for inquiring the configuration information of the source website according to the access request；

Backup Data searching module, for including the security protection mode for having turned on the source website when the configuration information When, accession page is searched from the Backup Data of the source website according to the access request；

Access response generation module, for generating access response using the accession page；

Access response return module, for the access response to be sent to the mobile terminal.

Fourth aspect provides a kind of website visiting device based on mobile terminal in the embodiment of the present invention, is located at movement In terminal, comprising:

Access request generation module, for generating the access request of access originator website；

Access response parsing module, for parsing the access response, to load the accession page.

In terms of 5th, a kind of website visiting system based on mobile terminal, the system are provided in the embodiment of the present invention Including in mobile terminal and security server, the mobile terminal includes access request generation module, access response parsing module, The security server includes configuration information enquiry module, Backup Data searching module, access response generation module, access response Return module；

Access response return module, for the access response to be sent to the mobile terminal；

In terms of 6th, a kind of mobile terminal, including processor and memory are provided in the embodiment of the present invention；

The memory is used to store the program for supporting to execute the Website access method based on mobile terminal；

The processor is configured to for executing the program stored in the memory.

In terms of 7th, a kind of computer storage medium is provided in the embodiment of the present invention, it is above-mentioned mobile whole for being stored as End computer software instructions used, it includes be program designed by mobile terminal for executing above-mentioned aspect.

In the embodiment of the present invention, the access request of mobile terminal accessing source website is received in security server, foundation should The configuration information of access request query source website, the backup if having turned on the security protection mode of source website, from source website Corresponding accession page is searched in data, access response is generated using the accession page and returns to mobile terminal, on the one hand, mobile The corresponding page can be accessed in terminal by Backup Data, guarantee the normal access of mobile terminal, on the other hand, pass through access Backup Data keeps apart source website with external, so that source website can isolate extraneous attack, guarantees the normal of server Operation, effectively prevention unauthorized access.

In the embodiment of the present invention, the access request of access originator website is generated in the terminal, is looked into according to the access request If the configuration information of inquiry source website is searched from the Backup Data of source website have turned on the security protection mode of source website Accession page generates access response using accession page, access response is parsed, to load accession page, on the one hand, mobile terminal The corresponding page can be accessed by Backup Data, guarantee the normal access of mobile terminal, on the other hand, backed up by access Data keep apart source website with external, so that source website can isolate extraneous attack, guarantee the normal operation of server, Effectively prevention unauthorized access.

The aspects of the invention or other aspects can more straightforwards in the following description.

Detailed description of the invention

By reading the following detailed description of the preferred embodiment, various other advantages and benefits are common for this field Technical staff will become clear.The drawings are only for the purpose of illustrating a preferred embodiment, and is not considered as to the present invention Limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings:

Fig. 1 shows a kind of configuration diagram of security server according to an embodiment of the invention；

Fig. 2 shows a kind of Website access method embodiments based on mobile terminal according to an embodiment of the invention Flow chart of steps；

Fig. 3 shows another Website access method embodiment based on mobile terminal according to an embodiment of the invention Step flow chart；

Fig. 4 shows another Website access method embodiment based on mobile terminal according to an embodiment of the invention Step flow chart；

Fig. 5 shows another Website access method embodiment based on mobile terminal according to an embodiment of the invention Step flow chart；

Fig. 6 shows another Website access method embodiment based on mobile terminal according to an embodiment of the invention Step flow chart；

Fig. 7 shows a kind of website visiting Installation practice based on mobile terminal according to an embodiment of the invention Structural block diagram；

Fig. 8 shows another website visiting Installation practice based on mobile terminal according to an embodiment of the invention Structural block diagram；

Fig. 9 shows a kind of website visiting system embodiment based on mobile terminal according to an embodiment of the invention Structural block diagram；And

Figure 10 shows the block diagram of the part-structure of mobile phone relevant to mobile terminal provided in an embodiment of the present invention.

Specific embodiment

Exemplary embodiments of the present disclosure are described in more detail below with reference to accompanying drawings.Although showing the disclosure in attached drawing Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here It is limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure It is fully disclosed to those skilled in the art.

Referring to Fig.1, a kind of configuration diagram of security server according to an embodiment of the invention is shown.

As shown in Figure 1, the security server 100 can be distributed system, independently of source website 150 (such as Web site), Including security node 110, mirror-image system 120, storage system 130, management system 140, to be prevented safely source website 150 Shield.

Wherein, security node 110 includes Virtual Service system 111, Web application guard system (Web Application Firewall, WAF) 112, caching system (cache) 113.

Virtual Service system 111 may include LVS (Linux Virtual Server, Linux virtual server) etc., can To provide flow cleaning service.

Web application guard system 112 can be a series of for HTTP (Hyper Text Transport by executing Protocol, hypertext transfer protocol)/HTTPS (Hyper Text Transfer Protocol over Secure Socket Layer, safely for the channel HTTP of target) security strategy come exclusively for Web application protection is provided.

Caching system 113 can provide data buffer service.

Mirror-image system 120 can provide mirroring service.

Storage system 130 may include ES (embedded storage, embedded storage system) distributed memory system Deng storage service can be provided.

Management system 140 can be used for managing security node 110, mirror-image system 120, storage system 130, transport to it Capable configuration, instruction, and, receive its operation report.

Referring to Fig. 2, it is real to show a kind of Website access method based on mobile terminal according to an embodiment of the invention The step flow chart for applying example, can specifically include following steps:

Step 201, configuration information is arranged to the source website.

In embodiments of the present invention, it can be directed to security node in the management system of security server, mirror-image system, deposit The configuration information protected to source website is arranged in storage system.

In the concrete realization, which may include website backup parameter and/or page processing mode.

Wherein, backup parameter in website is used to back up source website, can specifically include following at least one:

Website BACKUP TIME, website protection time, website backup level, website blacklist, website white list.

Page processing mode is used for processing mode when not searching corresponding accession page in the Backup Data of source website.

Certainly, above-mentioned configuration information is intended only as example, in implementing the embodiments of the present invention, can set according to the actual situation Set other configurations information, such as, if open security protection mode, certification access user, etc., the embodiment of the present invention to this not It limits.In addition, those skilled in the art can also use other configurations according to actual needs other than above-mentioned configuration information Information, the embodiment of the present invention are also without restriction to this.

Step 202, website data is grabbed from the source website according to the website backup parameter, as Backup Data.

In the concrete realization, it can star web crawlers Spider, grabbed from the website of source according to the website backup parameter Website data, using the website data as the Backup Data of source website.

For example, for website BACKUP TIME, can when reaching the website BACKUP TIME, start web crawlers Spider from Source grabs website data in website.

In another example for the website protection time web crawlers Spider can be started from source within the website protection time Website data is grabbed in website.

In another example can star web crawlers Spider from source net for website backup level (such as link number of hops) It stands the website data grabbed in the website backup level.

In another example web crawlers Spider can be forbidden to grab the source net in the blacklist of website website blacklist The website data stood.

In another example can permit web crawlers Spider for website white list and grab the source net in the white list of website The website data stood.

Certainly, above-mentioned website backup parameter and its grasp mode are intended only as example, in implementing the embodiments of the present invention, can Other website backup parameters and its grasp mode to be arranged according to the actual situation, the embodiments of the present invention are not limited thereto.Separately Outside, other than above-mentioned website backup parameter and its grasp mode, those skilled in the art can also use it according to actual needs Its website backup parameter and its grasp mode, the embodiment of the present invention are also without restriction to this.

It should be noted that web crawlers Spider can be arranged in security node, can also be set in mirror-image system Web crawlers Spider is set, the embodiments of the present invention are not limited thereto.

It step 203, will be in the storage system of the backup data store to the security server.

For the website data of the source website of web crawlers Spider crawl, can store to the storage system of security server In system.

Step 204, mirror image is created in the mirror-image system of the security server.

Step 205, the Backup Data of the source website is read from the storage system.

Step 206, the Backup Data is loaded onto the mirror image, the mirror site as the source website.

For source website to be protected, then it is slow that corresponding mirror image can be created to it in the mirror-image system of security server It deposits, mirror-image system reads at least partly Backup Data of the source website from storage system, is loaded onto the mirror cache, generates The mirror site of the source website.

Referring to Fig. 3, another Website access method based on mobile terminal according to an embodiment of the invention is shown The step flow chart of embodiment, can specifically include following steps:

Step 301, the access request of mobile terminal accessing source website is received in security server.

In embodiments of the present invention, the embodiment of the present invention can be applied in security server.

Can install in the terminal browser, immediate communication tool, reader etc. application, user in this application into Row operation, triggers the access request of access originator website.

For example, user can load a page by clicking certain linking request, alternatively, inputting network address in address field to ask Seek one page of load, etc..

Wherein, access request may include the mark of the page of user's request of loading and/or the feature of the page.Page iden-tity It can be the information that can represent the page that one uniquely determines, for example, uniform resource identifier (Uniform Resource Identifier, URI), uniform resource identifier can specifically include uniform resource locator (Uniform Resource again Locator, URL) or uniform resource name (Uniform Resource Name, URN) etc..

Application in mobile terminal can be parsed by DNS (Domain Name System, domain name analysis system) searches Domain name (Domain Name) mapped IP (Internet Protocol, the association interconnected between network in page URL View) address.After obtaining IP address success, the application in mobile terminal can request to connect to the server where the IP address It connects.After the server being successfully connected where the IP address, the application in mobile terminal can pass through request header information Server where from http protocol to this IP address initiates access request.

In embodiments of the present invention, it can be modified in DNS by the URL mapped IP address of source website from source website For server, so that the security node of security server can receive the access request of mobile terminal accessing source website.

Step 302, the configuration information of the source website is inquired according to the access request.

In embodiments of the present invention, the access request of mobile terminal is handled in the security node of security server, At this point it is possible to the configuration information of query source website, it is determined whether to enable the security protection modes of source website.

So-called security protection mode can refer to according to preset configuration, protect source website by access Backup Data Access module.

In one embodiment of the invention, it can be configured configuration information individually for source website, it is useful in face of Family is applicable in the configuration information.

In another embodiment of the present invention, configuration information can be arranged to source website for user, in face of different User is applicable in different configuration informations.

In this embodiment, step 302 may include following sub-step:

Sub-step S11 extracts physiological characteristic data from the access request.

Mobile terminal can acquire the physiological characteristic data of user when generating access request, for example, finger print data, sound The physiological characteristic data is encapsulated into access request, is sent to security service by line data, iris data, intravenous data, etc. Device.

Sub-step S12 carries out authentication using the physiological characteristic data.

Security server by some user configuration be certification access user (user that is i.e. authenticated, possessing access authority), When authentication management user (user that is i.e. authenticated, possessing administration authority), certification access user, authentication management can be acquired in advance The physiological characteristic data of user, as fixed reference feature data, by the physiological characteristic data of current mobile terminal and fixed reference feature number According to being matched.

If successful match, it can be confirmed the user of current mobile terminal access for certification access user, authentication management User.

If it fails to match, it can be confirmed that the user of current mobile terminal access is unauthorized access user, authentication management User.

Sub-step S13 inquires the certification access user and permits when the result of the authentication is certification access user Perhaps the website accessed.

Sub-step S14, when the website includes the source website, inquiry for it is described certification access user setting, The configuration information of the source website.

If it is determined that the user of current mobile terminal access is certification access user, that is, it is legal to access, then can inquire pre- It first configures, which accesses the access website that user allows.

If current source website belongs to the website that access registrar user allows to access, it can further inquire and recognize for this Card access user setting, source website configuration information.

Sub-step S15 allows the authentication management user to set when the result of the authentication is authentication management user Set configuration information and the certification access user of the source website.

If it is determined that the user of current mobile terminal access is authentication management user, that is, it is legal to access, current mobile terminal The user of access can be configured the configuration information of source website and (such as allow to execute above-mentioned steps 201), furthermore, it is possible to by certain A user configuration is that may have access to the certification access user of the source website.

Step 303, when the configuration information includes having turned on the security protection mode of the source website, according to the visit Ask that request searches accession page from the Backup Data of the source website.

Step 304, access response is generated using the accession page.

If having had been switched on the security protection mode of source website, can will be moved in the case where caching system is opened The access request of dynamic terminal is transmitted to caching system, searches corresponding visit from the Backup Data of source website in the caching system It asks the page, and generates access response.

In one embodiment of the invention, the Backup Data of source website load mirror site in security server, Storage system of the backup data store of source website in security server；Then in embodiments of the present invention, step 304 can wrap Include following sub-step:

Sub-step S21 searches accession page from the mirror site according to the access request.

Sub-step S22 caches the accession page when finding accession page from the mirror site.

In embodiments of the present invention, access parameter can be extracted from the access request of mobile terminal (such as in caching system URL), the corresponding accession page of access parameter is searched from mirror site and is cached.

Sub-step S23, when not finding the accession page from the mirror site, according to the access request from The accession page is searched in the storage system.

Sub-step S24 caches the accession page when finding the accession page from the storage system.

If not finding relevant accession page in mirror site, access ginseng can be searched from storage system The corresponding accession page of number is simultaneously cached.

Sub-step S25 reads preset page processing when not finding the accession page from the storage system Mode.

Sub-step S26 grabs the corresponding access page of the access request according to the processing mode from the source website Face, alternatively, being accession page by error message page setup, alternatively, being accession page by specified processing page setup.

If not finding relevant accession page within the storage system, preconfigured page processing side can be read Formula grabs the corresponding accession page of access parameter from source website, alternatively, the error message page (404 page) is returned, alternatively, Jump to the specific processing page.

In another embodiment of the present invention, step 304 can also include following sub-step:

Sub-step S27 carries out the access request according to accession page is searched from the Backup Data of the source website Safety detection.

Sub-step S28 intercepts the access request if the access request is exception request.

In embodiments of the present invention, mirror site can be monitored in caching system, if it find that for access Request has abnormality processing, such as order execution, SQL injection, etc., then can be marked non-exception request, intercepted to it.

Step 305, the access response is sent to the mobile terminal.

Access response is returned to mobile terminal by security server, and mobile terminal parses the access response, and display is corresponding Accession page.

Under http protocol, mobile terminal can receive HTML (Hypertext Markup from security server Language, hypertext markup language) type document, parse the html document, generate the object of tree, i.e. DOM (Document Object Model, document dbject model), each object are a nodes on DOM, and these objects can be with Represent the page resources such as text, picture.Mobile terminal can start to show this html document, and obtain wherein embedded page money The address in source, then the application in mobile terminal initiates request to security server again to obtain these page resources, and is moving It is shown in the html document of dynamic terminal.

Referring to Fig. 4, another Website access method based on mobile terminal according to an embodiment of the invention is shown The step flow chart of embodiment, can specifically include following steps:

Step 401, the access request of mobile terminal accessing source website is received in security server.

Step 402, station address is extracted from the access request.

Step 403, judge whether the station address is preset secure address；If so, 405 are thened follow the steps, if it is not, Then follow the steps 404.

Step 404, the access request is intercepted.

In embodiments of the present invention, safety can be set by the address of the website of certain certifications in advance in security server Address (such as URL), for example, army website, government bodies website, public institution website, personal website, group website etc..

If receiving the access request of mobile terminal, its station address (such as URL) can be extracted, is carried out with secure address Comparison.

If the two is identical, allows to execute browsing process and otherwise it is intercepted.

Step 405, flow cleaning processing is carried out to the access request.

For the access request of mobile terminal, flow cleaning processing can be carried out to it in Virtual Service system.

In the concrete realization, flow cleaning processing can monitor the data traffic of entrance in real time, and discovery includes DoS (Denial of Service, refusal service), DDoS (Distributed Denial of Service, distribution refusal clothes Business) attack including abnormal flow wash abnormal flow under the premise of not influencing regular traffic.

In one embodiment, flow cleaning includes following three step:

The first step carries out analysis monitoring to user traffic using dedicated detection device.

Second step, when user is by ddos attack, detection device is reported to dedicated business management system and generates clearly Task is washed, customer flow is drawn to flow cleaning center.

Third step, the customer flow that flow cleaning center comes to traction clean, and the user after cleaning is legal Flow re-injection, while cleaning log being reported to generate report to business management system.

Step 406, Web application protective treatment is carried out to the access request.

If the access request of mobile terminal is handled by flow cleaning, belong to normal flow, then it can be by movement end The access request at end is transmitted to Web application guard system, carries out Web application protective treatment to it in Web application guard system.

In the concrete realization, the work of Web application guard system is in application layer, to from each of web application client Class request carries out content detection and verifying, it is ensured that and its safety and legitimacy give real-time blocking to illegal request, block, To carry out effective protection to all kinds of web-sites.

In the concrete realization, Web application guard system may include following at least one function:

1, audit device

Following event relevant for system security generates record of the audit:

(1) operation behavior carried out after administrator logs in；

(2) operation behaviors such as it is added, modifies, deleting to security strategy；

(3) management role increased, deleted and the operation behaviors such as attribute modification；

(4) behaviors such as the setting to other security function configuration parameters or update.

2, access control apparatus

For controlling the access to Web application, both including active safety mode or including passive security mode.

3, framework/network design tool

When operating in reverse proxy mode, they are used to distribution function, centralized control, virtual infrastructure etc..

4, Web application reinforcement tools

The safety that the enhancing of these functions is applied by protection Web, it can not only shield Web using intrinsic weakness, and Security risk caused by Web application programming mistake can be protected.

It should be pointed out that Web application guard system can be designed according to actual needs, not every kind of Web application Guard system all has the function of above four kinds simultaneously.

Meanwhile Web application guard system also has the characteristics that versatility, for example, from the perspective of network invasion monitoring Web application guard system can be regarded as IDS (Intrusion Detection Systems, the invasion operated on HTTP layer Detection system) equipment；From the point of view of slave firewall angle, Web application guard system is a kind of functional module, etc. of firewall.

Step 407, the configuration information of the source website is inquired according to the access request.

Step 408, when the configuration information includes not opening the security protection mode of the source website, by the access Request is sent to the source website.

Step 409, access response that the source website is returned for the access request, carrying accession page is received.

Step 410, the access response is sent to the mobile terminal.

If not opening the security protection mode (including not opening caching system) of source website, can be applied in Web Access request is sent to source website in guard system, source website handles the access request, based on corresponding access page Face generates access response, returns to server, and server returns again to mobile terminal.

Referring to Fig. 5, another Website access method based on mobile terminal according to an embodiment of the invention is shown The step flow chart of embodiment, can specifically include following steps:

Step 501, the access request of access originator website is generated in the terminal.

In the concrete realization, the embodiment of the present invention can be applied in mobile terminal, for example, mobile phone, tablet computer, individual Digital assistants, wearable device (such as glasses, wrist-watch) etc..

The operating system of these mobile terminals may include Android (Android), IOS, WindowsPhone, Windows Etc..

The application such as browser, immediate communication tool, reader, Yong Hu can be installed in the operating system of mobile terminal It is operated in the application, triggers the access request of access originator website.

Wherein, access request may include the mark of the page of user's request of loading and/or the feature of the page.Page iden-tity It can be the information that can represent the page that one uniquely determines, for example, uniform resource identifier URI, uniform resource identifier It can specifically include uniform resource position mark URL or uniform resource name URN etc. again.

Application in mobile terminal can search the domain name mapped IP address in page URL by dns resolution.? After obtaining IP address success, the application in mobile terminal can request to connect to the server where the IP address.In success After connecting the server where the IP address, application in mobile terminal can by request header information by http protocol to this Server where IP address initiates access request.

In embodiments of the present invention, it can be modified in DNS by the URL mapped IP address of source website from source website For server, so that the access request of mobile terminal is sent to security server.

Step 502, the configuration information of the source website is inquired according to the access request.

In embodiments of the present invention, security component can be installed, which carries out network communication in mobile terminal Safety detection, if detecting that source website to be visited is website to be protected, the available access request is handled, At this point it is possible to the configuration information of query source website, it is determined whether to enable the security protection modes of source website.

In this embodiment, step 502 may include following sub-step:

Sub-step S31 extracts physiological characteristic data from the access request.

Mobile terminal can acquire the physiological characteristic data of user when generating access request, for example, finger print data, sound Line data, iris data, intravenous data, etc. encapsulate the physiological characteristic data into access request.

Sub-step S32 carries out authentication using the physiological characteristic data.

Security server by some user configuration be certification access user (user that is i.e. authenticated, possessing access authority), When authentication management user (user that is i.e. authenticated, possessing administration authority), certification access user, authentication management can be acquired in advance The physiological characteristic data of user, as fixed reference feature data.

The physiological characteristic data currently acquired can be sent in security server by mobile terminal, with fixed reference feature data It is matched, after security server matching, matched result is returned into mobile terminal.

Alternatively, security server can be by the corresponding fixed reference feature data-pushing of the user currently logged in the terminal To the security component of mobile terminal, by the physiological characteristic data currently acquired and the progress of fixed reference feature data in security component Match.

Sub-step S33 inquires the certification access user and permits when the result of the authentication is certification access user Perhaps the website accessed.

Sub-step S34, when the website includes the source website, inquiry for it is described certification access user setting, The configuration information of the source website.

Sub-step S35 allows the authentication management user to set when the result of the authentication is authentication management user Set configuration information and the certification access user of the source website.

If it is determined that the user of current mobile terminal access is authentication management user, that is, it is legal to access, current mobile terminal The user of access can be configured the configuration information of source website and (such as allow to execute step 610,611), furthermore, it is possible to by certain A user configuration is that may have access to the certification access user of the source website.

Step 503, when the configuration information includes having turned on the security protection mode of the source website, according to the visit Ask that request searches accession page from the Backup Data of the source website.

Step 504, access response is generated using the accession page.

It, can be in security component from the backup number of source website if having had been switched on the security protection mode of source website Corresponding accession page is searched according to middle, and generates access response.

In one embodiment of the invention, the Backup Data of source website load mirror site in security server, Storage system of the backup data store of source website in security server；Then in embodiments of the present invention, step 504 can wrap Include following sub-step:

Sub-step S41 searches accession page from the mirror site according to the access request.

Sub-step S42 caches the accession page when finding accession page from the mirror site.

In embodiments of the present invention, access parameter can be extracted from the access request of mobile terminal (such as in security component URL), the corresponding accession page of access parameter is searched from mirror site and is cached.

Sub-step S43, when not finding the accession page from the mirror site, according to the access request from The accession page is searched in the storage system.

Sub-step S44 caches the accession page when finding the accession page from the storage system.

Sub-step S45 reads preset page processing when not finding the accession page from the storage system Mode.

Sub-step S46 grabs the corresponding access page of the access request according to the processing mode from the source website Face, alternatively, being accession page by error message page setup, alternatively, being accession page by specified processing page setup.

In another embodiment of the present invention, step 504 can also include following sub-step:

Sub-step S47 carries out the access request according to accession page is searched from the Backup Data of the source website Safety detection；

Sub-step S48 intercepts the access request if the access request is exception request.

In embodiments of the present invention, mirror site can be monitored in security component, if it find that for access Request has abnormality processing, such as order execution, SQL injection, etc., then can be marked non-exception request, intercepted to it.

Step 505, the access response is parsed, to load the accession page.

In embodiments of the present invention, mobile terminal can parse the access response, show corresponding accession page.

Referring to Fig. 6, another Website access method based on mobile terminal according to an embodiment of the invention is shown The step flow chart of embodiment, can specifically include following steps:

Step 601, the access request of access originator website is generated in the terminal.

Step 602, station address is extracted from the access request.

Step 603, judge whether the station address is preset secure address；If so, step 605, if it is not, then holding Row step 604.

Step 604, the access request is intercepted.

If the security component of mobile terminal has intercepted access request, its station address (such as URL) can be extracted, by the net Station address is sent to security server, compares with secure address, and after security server comparison, the result of comparison is returned Mobile terminal

Alternatively, secure address can be pushed to the security component of mobile terminal by security server, it will in security component The station address currently extracted is compared with secure address.

Step 605, the access request is sent to security server, to carry out at flow cleaning to the access request Reason and/or Web application protective treatment.

In embodiments of the present invention, access request can be sent to security server and set by the security component of mobile terminal Set time-out time.

Security server carries out flow cleaning processing and/or Web application protective treatment to the access request, and flow is clear The result for washing processing and/or Web application protective treatment returns to mobile terminal.

The security component of mobile terminal is permitted when the result is by flow cleaning processing and/or Web application protective treatment Permitted to continue to execute browsing process；It is not by flow cleaning processing and/or Web application protective treatment, alternatively, super in the result When the time in when not receiving result, intercept the access request.

Step 606, the configuration information of the source website is inquired according to the access request.

Step 607, when the configuration information includes not opening the security protection mode of the source website, by the access Request is sent to the source website.

Step 608, access response that the source website is returned for the access request, carrying accession page is received.

If not opening the security protection mode (including not opening caching system) of source website, the safety of mobile terminal Access request can be sent to source website by component, and source website handles the access request, be based on corresponding accession page Access response is generated, mobile terminal is returned.

Step 609, the access response is parsed, to load the accession page.

Step 610, configuration information is arranged to the source website.

In embodiments of the present invention, authentication management user can be directed in the security component of mobile terminal security component, The configuration information that security server protects source website.

Step 611, the configuration information is sent to security server, with according to the website backup parameter from the source Website data is grabbed in website, as Backup Data, and is stored into the storage system of the security server.

In embodiments of the present invention, if authentication management user completes the setting of configuration information, security component can be sent To security server.

Security server configures the configuration information, and starts web crawlers Spider according to the configuration information, from source website Middle crawl website data, using the website data as the Backup Data of source website.

In addition, the Backup Data in storage system is also used to be loaded onto the mirror image in the mirror-image system creation of security server In, the mirror site as source website.

For embodiment of the method, for simple description, therefore, it is stated as a series of action combinations, but this field Technical staff should be aware of, and embodiment of that present invention are not limited by the describe sequence of actions, because implementing according to the present invention Example, some steps may be performed in other sequences or simultaneously.Secondly, those skilled in the art should also know that, specification Described in embodiment belong to preferred embodiment, the actions involved are not necessarily necessary for embodiments of the present invention.

Referring to Fig. 7, it is real to show a kind of website visiting device based on mobile terminal according to an embodiment of the invention The structural block diagram of example is applied, which is located in security server, it can specifically include following module:

Access request receiving module 701, for receiving the access request of mobile terminal accessing source website；

Configuration information enquiry module 702, for inquiring the configuration information of the source website according to the access request；

Backup Data searching module 703, for including the security protection for having turned on the source website when the configuration information When mode, accession page is searched from the Backup Data of the source website according to the access request；

Access response generation module 704, for generating access response using the accession page；

Access response return module 705, for the access response to be sent to the mobile terminal.

In one embodiment of the invention, further includes:

Flow cleaning module, for carrying out flow cleaning processing to the access request；

And/or

Web application protection module, for carrying out Web application protective treatment to the access request.

In one embodiment of the invention, further includes:

Station address extraction module, for extracting station address from the access request；

Secure address judgment module, for judging whether the station address is preset secure address；If so, calling The flow cleaning module and/or the Web application protection module；If it is not, then call request blocking module；

Blocking module is requested, for intercepting the access request.

In one embodiment of the invention, further includes:

Access request forwarding module, for including the security protection mode for not opening the source website when the configuration information When, the access request is sent to the source website；

Access response receiving module, for receiving the source website is returned for the access request, carrying access page The access response in face.

In one embodiment of the invention, the configuration information enquiry module 702 includes:

Physiological characteristic data extracting sub-module, for extracting physiological characteristic data from the access request；

Authentication submodule, for carrying out authentication using the physiological characteristic data；

Query site submodule, for inquiring the certification when the result of the authentication is certification access user Access user allows the website accessed；

User configuration inquires submodule, for when the website includes the source website, inquiry to be visited for the certification Ask user setting, the source website configuration information.

In one embodiment of the invention, the Backup Data of the source website loads the mirror in the security server As website；

The Backup Data searching module 703 includes:

Mirror site searches submodule, for searching accession page from the mirror site according to the access request；

First cache sub-module, for when finding accession page from the mirror site, caching the access page Face.

In one embodiment of the invention, backup data store the depositing in the security server of the source website Storage system；

The Backup Data searching module 703 further include:

Storage system searches submodule, for when not finding the accession page from the mirror site, according to The access request searches the accession page from the storage system；

Second cache sub-module, for caching the visit when finding the accession page from the storage system Ask the page.

In one embodiment of the invention, the Backup Data searching module 703 further include:

Page processing mode reading submodule, for when not finding the accession page from the storage system, Read preset page processing mode；

Page processing mode handles submodule, for grabbing the access from the source website according to the processing mode Corresponding accession page is requested, alternatively, being accession page by error message page setup, alternatively, the specified processing page is set It is set to accession page.

Safety detection submodule, for according to from the Backup Data of the source website search accession page to the access Request carries out safety detection；

It is abnormal to intercept submodule, if being exception request for the access request, intercept the access request.

In one embodiment of the invention, further includes:

Administration authority confirmation module, for being recognized described in permission when the result of the authentication is authentication management user The configuration information of source website described in card management user setting and certification access user.

In one embodiment of the invention, further includes:

Configuration information setup module, for configuration information to be arranged to the source website, the configuration information includes that website is standby Part parameter and/or page processing mode；

Website data handling module, for grabbing website data from the source website according to the website backup parameter, As Backup Data；

Backup data store module, for will be in the storage system of the backup data store to the security server；

Wherein, the backup parameter includes following at least one:

In one embodiment of the invention, further includes:

Mirror image creation module, for creating mirror image in the mirror-image system of the security server；

Backup Data read module, for reading the Backup Data of the source website from the storage system；

Backup Data loading module, for the Backup Data to be loaded onto the mirror image, as the source website Mirror site.

Referring to Fig. 8, another website visiting device based on mobile terminal according to an embodiment of the invention is shown The structural block diagram of embodiment, the device are located in mobile terminal, can specifically include following module:

Access request generation module 801, for generating the access request of access originator website；

Configuration information enquiry module 802, for inquiring the configuration information of the source website according to the access request；

Backup Data searching module 803, for including the security protection for having turned on the source website when the configuration information When mode, accession page is searched from the Backup Data of the source website according to the access request；

Access response generation module 804, for generating access response using the accession page；

Access response parsing module 805, for parsing the access response, to load the accession page.

In one embodiment of the invention, further includes:

Access request sending module, for the access request to be sent to security server, to the access request Carry out flow cleaning processing and/or Web application protective treatment.

In one embodiment of the invention, further includes:

Secure address judgment module, for judging whether the station address is preset secure address；If so, calling The access request sending module；If it is not, then call request blocking module；

Blocking module is requested, for intercepting the access request.

In one embodiment of the invention, further includes:

In one embodiment of the invention, the configuration information enquiry module 802 includes:

In one embodiment of the invention, the Backup Data of the source website loads the mirror image net in security server It stands；

The Backup Data searching module 803 includes:

The Backup Data searching module 803 further include:

In one embodiment of the invention, the Backup Data searching module 803 further include:

In one embodiment of the invention, further includes:

Configuration information sending module, for the configuration information to be sent to security server, with standby according to the website Part parameter grabs website data from the source website, as Backup Data, and stores to the storage system of the security server In system；

Wherein, the backup parameter includes following at least one:

In one embodiment of the invention, the Backup Data in the storage system is also used to be loaded onto the safety In the mirror image of the mirror-image system creation of server, the mirror site as the source website.

Referring to Fig. 9, it is real to show a kind of website visiting system based on mobile terminal according to an embodiment of the invention The structural block diagram for applying example, the system comprises in mobile terminal 910 and security server 920, the mobile terminal 910 includes visiting Ask that request generation module 911, access response parsing module 912, the security server 920 include configuration information enquiry module 921, Backup Data searching module 922, access response generation module 923, access response return module 924；

Access request generation module 911, for generating the access request of access originator website；

Configuration information enquiry module 921, for inquiring the configuration information of the source website according to the access request；

Backup Data searching module 922, for including the security protection for having turned on the source website when the configuration information When mode, accession page is searched from the Backup Data of the source website according to the access request；

Access response generation module 923, for generating access response using the accession page；

Access response return module 924, for the access response to be sent to the mobile terminal；

Access response parsing module 912, for parsing the access response, to load the accession page.

In one embodiment of the invention, the server 920 further include:

And/or

In one embodiment of the invention, the server 920 further include:

Blocking module is requested, for intercepting the access request.

In one embodiment of the invention, the server 920 further include:

In one embodiment of the invention, the configuration information enquiry module 921 includes:

The Backup Data searching module 922 includes:

The Backup Data searching module 922 further include:

In one embodiment of the invention, the Backup Data searching module 922 further include:

In one embodiment of the invention, the server 920 further include:

Wherein, the backup parameter includes following at least one:

In one embodiment of the invention, the server 920 further include:

For, system and device embodiment, since it is basically similar to the method embodiment, so the comparison of description is simple Single, the relevent part can refer to the partial explaination of embodiments of method.

The embodiment of the invention also provides mobile terminals, as shown in Figure 10, for ease of description, illustrate only and the present invention The relevant part of embodiment, it is disclosed by specific technical details, please refer to present invention method part.The mobile terminal can Think including mobile phone, tablet computer, PDA (Personal Digital Assistant, personal digital assistant), POS (Point Of Sales, point-of-sale terminal), any terminal device such as vehicle-mounted computer, by taking mobile terminal is mobile phone as an example:

Figure 10 shows the block diagram of the part-structure of mobile phone relevant to terminal provided in an embodiment of the present invention.With reference to figure 10, mobile phone includes: radio frequency (Radio Frequency, RF) circuit 1010, memory 1020, input unit 1030, display unit 1040, sensor 1050, voicefrequency circuit 1060, Wireless Fidelity (wireless fidelity, WiFi) module 1070, processor The components such as 1080 and power supply 1090.It will be understood by those skilled in the art that handset structure shown in Figure 10 is not constituted pair The restriction of mobile phone may include perhaps combining certain components or different component cloth than illustrating more or fewer components It sets.

It is specifically introduced below with reference to each component parts of the Figure 10 to mobile phone:

RF circuit 1010 can be used for receiving and sending messages or communication process in, signal sends and receivees, particularly, by base station After downlink information receives, handled to processor 1080；In addition, the data for designing uplink are sent to base station.In general, RF circuit 1010 include but is not limited to antenna, at least one amplifier, transceiver, coupler, low-noise amplifier (Low Noise Amplifier, LNA), duplexer etc..In addition, RF circuit 1010 can also be logical with network and other equipment by wireless communication Letter.Any communication standard or agreement, including but not limited to global system for mobile communications (Global can be used in above-mentioned wireless communication System of Mobile communication, GSM), general packet radio service (General Packet Radio Service, GPRS), CDMA (Code Division Multiple Access, CDMA), wideband code division multiple access (Wideband Code Division Multiple Access, WCDMA), long term evolution (Long Term Evolution, LTE), Email, short message service (Short Messaging Service, SMS) etc..

Memory 1020 can be used for storing software program and module, and processor 1080 is stored in memory by operation 1020 software program and module, thereby executing the various function application and data processing of mobile phone.Memory 1020 can be led It to include storing program area and storage data area, wherein storing program area can be needed for storage program area, at least one function Application program (such as sound-playing function, image player function etc.) etc.；Storage data area, which can be stored, uses institute according to mobile phone Data (such as audio data, phone directory etc.) of creation etc..In addition, memory 1020 may include high random access storage Device, can also include nonvolatile memory, and a for example, at least disk memory, flush memory device or other volatibility are solid State memory device.

Input unit 1030 can be used for receiving the number or character information of input, and generate with the user setting of mobile phone with And the related key signals input of function control.Specifically, input unit 1030 may include touch panel 1031 and other inputs Equipment 1032.Touch panel 1031, also referred to as touch screen collect touch operation (such as the user of user on it or nearby Use the behaviour of any suitable object or attachment such as finger, stylus on touch panel 1031 or near touch panel 1031 Make), and corresponding attachment device is driven according to preset formula.Optionally, touch panel 1031 may include touch detection Two parts of device and touch controller.Wherein, the touch orientation of touch detecting apparatus detection user, and detect touch operation band The signal come, transmits a signal to touch controller；Touch controller receives touch information from touch detecting apparatus, and by it It is converted into contact coordinate, then gives processor 1080, and order that processor 1080 is sent can be received and executed.In addition, Touch panel 1031 can be realized using multiple types such as resistance-type, condenser type, infrared ray and surface acoustic waves.In addition to touch surface Plate 1031, input unit 1030 can also include other input equipments 1032.Specifically, other input equipments 1032 may include But in being not limited to physical keyboard, function key (such as volume control button, switch key etc.), trace ball, mouse, operating stick etc. It is one or more.

Display unit 1040 can be used for showing information input by user or be supplied to user information and mobile phone it is each Kind menu.Display unit 1040 may include display panel 1041, optionally, can use liquid crystal display (Liquid Crystal Display, LCD), the forms such as Organic Light Emitting Diode (Organic Light-Emitting Diode, OLED) To configure display panel 1041.Further, touch panel 1031 can cover display panel 1041, when touch panel 1031 detects After arriving touch operation on it or nearby, processor 1080 is sent to determine the type of touch event, is followed by subsequent processing device 1080 provide corresponding visual output according to the type of touch event on display panel 1041.Although in Figure 10, touch surface Plate 1031 and display panel 1041 are the input and input function for realizing mobile phone as two independent components, but certain In embodiment, can be integrated by touch panel 1031 and display panel 1041 and that realizes mobile phone output and input function.

Mobile phone may also include at least one sensor 1050, such as optical sensor, motion sensor and other sensors. Specifically, optical sensor may include ambient light sensor and proximity sensor, wherein ambient light sensor can be according to ambient light Light and shade adjust the brightness of display panel 1041, proximity sensor can close display panel when mobile phone is moved in one's ear 1041 and/or backlight.As a kind of motion sensor, accelerometer sensor can detect in all directions (generally three axis) and add The size of speed can detect that size and the direction of gravity when static, can be used to identify application (such as the horizontal/vertical screen of mobile phone posture Switching, dependent game, magnetometer pose calibrating), Vibration identification correlation function (such as pedometer, tap) etc.；Also as mobile phone The other sensors such as configurable gyroscope, barometer, hygrometer, thermometer, infrared sensor, details are not described herein.

Voicefrequency circuit 1060, loudspeaker 1061, microphone 1062 can provide the audio interface between user and mobile phone.Audio Electric signal after the audio data received conversion can be transferred to loudspeaker 1061, be converted by loudspeaker 1061 by circuit 1060 For voice signal output；On the other hand, the voice signal of collection is converted to electric signal by microphone 1062, by voicefrequency circuit 1060 Audio data is converted to after reception, then by after the processing of audio data output processor 1080, through RF circuit 1010 to be sent to ratio Such as another mobile phone, or audio data is exported to memory 1020 to be further processed.

WiFi belongs to short range wireless transmission technology, and mobile phone can help user's transceiver electronics postal by WiFi module 1070 Part, browsing webpage and access streaming video etc., it provides wireless broadband internet access for user.Although Figure 10 is shown WiFi module 1070, but it is understood that, and it is not belonging to must be configured into for mobile phone, it can according to need do not changing completely Become in the range of the essence of invention and omits.

Processor 1080 is the control centre of mobile phone, using the various pieces of various interfaces and connection whole mobile phone, By running or execute the software program and/or module that are stored in memory 1020, and calls and be stored in memory 1020 Interior data execute the various functions and processing data of mobile phone, to carry out integral monitoring to mobile phone.Optionally, processor 1080 may include one or more processing units；Preferably, processor 1080 can integrate application processor and modulation /demodulation processing Device, wherein the main processing operation system of application processor, user interface and application program etc., modem processor is mainly located Reason wireless communication.It is understood that above-mentioned modem processor can not also be integrated into processor 1080.

Mobile phone further includes the power supply 1090 (such as battery) powered to all parts, it is preferred that power supply can pass through power supply Management system and processor 1080 are logically contiguous, to realize management charging, electric discharge and power consumption pipe by power-supply management system The functions such as reason.

Although being not shown, mobile phone can also include camera, bluetooth module etc., and details are not described herein.

In embodiments of the present invention, processor 1080 included by the mobile terminal is also with the following functions:

The access request of access originator website is generated in the terminal；

Access response is generated using the accession page；

The access response is parsed, to load the accession page.

Optionally, processor 1080 included by the mobile terminal is also with the following functions:

The access request is sent to security server, with to the access request carry out flow cleaning processing and/or Web application protective treatment.

Station address is extracted from the access request；

Judge whether the station address is preset secure address；

If so, execution is described to be sent to security server for the access request, to flow to the access request Measure cleaning treatment and/or Web application protective treatment；

If it is not, then intercepting the access request.

When the configuration information includes not opening the security protection mode of the source website, the access request is sent To the source website；

Receive access response that the source website is returned for the access request, carrying accession page.

Physiological characteristic data is extracted from the access request；

Authentication is carried out using the physiological characteristic data；

When the result of the authentication is certification access user, the net that the certification access user allows to access is inquired It stands；

When the website includes the source website, inquiry is for the certification access user setting, described source website Configuration information.

Optionally, the Backup Data of the source website loads the mirror site in security server；The mobile terminal institute Including processor 1080 it is also with the following functions:

Accession page is searched from the mirror site according to the access request；

When finding accession page from the mirror site, the accession page is cached.

Optionally, storage system of the backup data store of the source website in the security server；The movement is whole The included processor 1080 in end is also with the following functions:

When not finding the accession page from the mirror site, it is from the storage according to the access request The accession page is searched in system；

When finding the accession page from the storage system, the accession page is cached.

When not finding the accession page from the storage system, preset page processing mode is read；

The corresponding accession page of the access request is grabbed from the source website according to the processing mode, alternatively, will Error message page setup is accession page, alternatively, being accession page by specified processing page setup.

Safety detection is carried out to the access request according to accession page is searched from the Backup Data of the source website；

If the access request is exception request, the access request is intercepted.

When the result of the authentication is authentication management user, allow source net described in the authentication management user setting The configuration information stood and certification access user.

Configuration information is arranged to the source website, the configuration information includes website backup parameter and/or page processing side Formula；

The configuration information is sent to security server, to grab from the source website according to the website backup parameter Website data is taken, as Backup Data, and is stored into the storage system of the security server；

Wherein, the backup parameter includes following at least one:

Optionally, the Backup Data in the storage system is also used to be loaded onto the mirror-image system in the security server Mirror site in the mirror image of creation, as the source website.

It is apparent to those skilled in the art that for convenience and simplicity of description, the system of foregoing description, The specific work process of device and unit, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.

In several embodiments provided by the present invention, it should be understood that disclosed system, device and method can be with It realizes by another way.For example, the apparatus embodiments described above are merely exemplary, for example, the unit It divides, only a kind of logical function partition, there may be another division manner in actual implementation, such as multiple units or components It can be combined or can be integrated into another system, or some features can be ignored or not executed.Another point, it is shown or The mutual coupling, direct-coupling or communication connection discussed can be through some interfaces, the indirect coupling of device or unit It closes or communicates to connect, can be electrical property, mechanical or other forms.

The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.

It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list Member both can take the form of hardware realization, can also realize in the form of software functional units.

Those of ordinary skill in the art will appreciate that all or part of the steps in the various methods of above-described embodiment is can It is completed with instructing relevant hardware by program, which can be stored in a computer readable storage medium, storage Medium may include: read-only memory (ROM, Read Only Memory), random access memory (RAM, Random Access Memory), disk or CD etc..

Those of ordinary skill in the art will appreciate that implement the method for the above embodiments be can be with Relevant hardware is instructed to complete by program, the program can store in a kind of computer readable storage medium, on Stating the storage medium mentioned can be read-only memory, disk or CD etc..

Above to a kind of Website access method based on mobile terminal provided by the present invention, a kind of based on mobile terminal Website visiting device, a kind of website visiting system based on mobile terminal and a kind of mobile terminal are described in detail, for Those of ordinary skill in the art, thought according to an embodiment of the present invention, have in specific embodiments and applications Change place, in conclusion the contents of this specification are not to be construed as limiting the invention.

The embodiment of the invention discloses A1, a kind of Website access method based on mobile terminal, comprising: in security server The middle access request for receiving mobile terminal accessing source website；The configuration information of the source website is inquired according to the access request； When the configuration information includes having turned on the security protection mode of the source website, according to the access request from the source net Accession page is searched in the Backup Data stood；Access response is generated using the accession page；The access response is sent to The mobile terminal.A2, method as described in a1, in the visit for receiving mobile terminal accessing source website in security server After asking request, the method also includes: flow cleaning processing is carried out to the access request；And/or to the access request Carry out Web application protective treatment.A3, as described in A2 method, further includes: extract station address from the access request；Sentence Whether the station address that breaks is preset secure address；If so, executing described to access request progress flow cleaning Processing, and/or, it is described that Web application protective treatment is carried out to the access request；If it is not, then intercepting the access request.A4, Method as described in a1, further includes: when the configuration information includes not opening the security protection mode of the source website, by institute It states access request and is sent to the source website；Receive the source website is returned for the access request, carrying accession page Access response.A5, method as described in a1, the configuration information that the source website is inquired according to the access request, packet It includes: extracting physiological characteristic data from the access request；Authentication is carried out using the physiological characteristic data；When the body The result of part certification is when authenticating access user, and the inquiry certification access user allows the website of access；When the website is wrapped When including the source website, configuration information of the inquiry for the certification access user setting, described source website.A6, such as A1 institute The Backup Data of the method stated, the source website loads the mirror site in the security server；It is described according to the visit Ask that request searches accession page from the Backup Data of the source website, comprising: according to the access request from the mirror image net Accession page is searched in standing；When finding accession page from the mirror site, the accession page is cached.A7, such as A6 The method, storage system of the backup data store of the source website in the security server；Described in the foundation Access request searches accession page from the Backup Data of the source website, further includes: when not searching from the mirror site When to the accession page, the accession page is searched from the storage system according to the access request；It is deposited when from described When finding the accession page in storage system, the accession page is cached.A8, the method as described in A7, described in the foundation Access request searches accession page from the Backup Data of the source website, further includes: when not searching from the storage system When to the accession page, preset page processing mode is read；Institute is grabbed from the source website according to the processing mode The corresponding accession page of access request is stated, alternatively, being accession page by error message page setup, alternatively, by specified processing Page setup is accession page.A9, the method as described in A6, it is described according to the access request from the backup number of the source website According to middle lookup accession page, further includes: asked according to accession page is searched from the Backup Data of the source website to the access Seek carry out safety detection；If the access request is exception request, the access request is intercepted.A10, side as described in a5 Method, further includes: when the result of the authentication is authentication management user, allow source described in the authentication management user setting The configuration information of website and certification access user.The described in any item methods of A11, such as A1-A10, further includes: to the source website Configuration information is set, and the configuration information includes website backup parameter and/or page processing mode；It backs up and joins according to the website Number grabs website data from the source website, as Backup Data；By the backup data store to the security server Storage system in；Wherein, the backup parameter includes following at least one: website BACKUP TIME, website protection time, net It stands backup level, website blacklist, website white list.A12, the method as described in A11, further includes: in the security server Mirror-image system in create mirror image；The Backup Data of the source website is read from the storage system；By the Backup Data It is loaded onto the mirror image, the mirror site as the source website.

The embodiment of the invention also discloses B13, a kind of Website access method based on mobile terminal, comprising: mobile whole The access request of access originator website is generated in end；The configuration information of the source website is inquired according to the access request；When described Configuration information includes when having turned on the security protection mode of the source website, according to the access request from the standby of the source website Accession page is searched in part data；Access response is generated using the accession page；The access response is parsed, described in load Accession page.B14, the method as described in B13, further includes: the access request is sent to security server, to the visit Ask that request carries out flow cleaning processing and/or Web application protective treatment.B15, the method as described in B14, further includes: from described Station address is extracted in access request；Judge whether the station address is preset secure address；It will if so, execution is described The access request is sent to security server, to carry out flow cleaning processing and/or Web application protection to the access request Processing；If it is not, then intercepting the access request.B16, the method as described in B13, further includes: when the configuration information includes not When opening the security protection mode of the source website, the access request is sent to the source website；Receive the source website Access response being returned for the access request, carrying accession page.B17, the method as described in B13, it is described according to institute State the configuration information that access request inquires the source website, comprising: extract physiological characteristic data from the access request；Using The physiological characteristic data carries out authentication；When the result of the authentication is certification access user, recognize described in inquiry The website that card access user allows to access；When the website includes the source website, inquiry accesses user for the certification The configuration information of the source be arranged, described website.The Backup Data load of B18, the method as described in B13, the source website are being pacified Mirror site in full server；It is described to search access page from the Backup Data of the source website according to the access request Face, comprising: search accession page from the mirror site according to the access request；It is found when from the mirror site When accession page, the accession page is cached.B19, the method as described in B18, the backup data store of the source website is in institute State the storage system in security server；It is described to search access from the Backup Data of the source website according to the access request The page, further includes: when not finding the accession page from the mirror site, deposited according to the access request from described The accession page is searched in storage system；When finding the accession page from the storage system, the access is cached The page.B20, the method as described in B19, it is described to search access from the Backup Data of the source website according to the access request The page, further includes: when not finding the accession page from the storage system, read preset page processing mode； The corresponding accession page of the access request is grabbed from the source website according to the processing mode, alternatively, by error message Page setup is accession page, alternatively, being accession page by specified processing page setup.B21, the method as described in B18, institute It states and searches accession page from the Backup Data of the source website according to the access request, further includes: according to from the source net Accession page is searched in the Backup Data stood, and safety detection is carried out to the access request；If the access request is abnormal asks It asks, then intercepts the access request.B22, the method as described in B17, further includes: when the result of the authentication is certification pipe When managing user, allow configuration information and the certification access user of source website described in the authentication management user setting.B23, such as The described in any item methods of B13-B22, further includes: configuration information is arranged to the source website, the configuration information includes website Backup parameter and/or page processing mode；The configuration information is sent to security server, is joined with being backed up according to the website Number grabs website data from the source website, as Backup Data, and stores into the storage system of the security server； Wherein, the backup parameter includes following at least one: website BACKUP TIME, website protection time, website backup level, net It stands blacklist, website white list.B24, the method as described in B23, the Backup Data in the storage system are also used to be loaded onto Mirror site in the mirror image that the mirror-image system of the security server creates, as the source website.

The embodiment of the invention also discloses C25, a kind of website visiting device based on mobile terminal, are located at security server In, comprising: access request receiving module, for receiving the access request of mobile terminal accessing source website；Configuration information inquires mould Block, for inquiring the configuration information of the source website according to the access request；Backup Data searching module, for matching when described Confidence breath includes when having turned on the security protection mode of the source website, according to the access request from the backup of the source website Accession page is searched in data；Access response generation module, for generating access response using the accession page；Access response Return module, for the access response to be sent to the mobile terminal.C26, the device as described in C25, further includes: flow Cleaning module, for carrying out flow cleaning processing to the access request；And/or Web application protection module, for described Access request carries out Web application protective treatment.C27, the device as described in C26, further includes: station address extraction module is used for Station address is extracted from the access request；Secure address judgment module, for judging whether the station address is default Secure address；If so, calling the flow cleaning module and/or the Web application protection module；It is asked if it is not, then calling Seek blocking module；Blocking module is requested, for intercepting the access request.C28, the device as described in C25, further includes: access Forwarding module is requested, for when the configuration information includes not opening the security protection mode of the source website, by the visit Ask that request is sent to the source website；Access response receiving module is returned for receiving the source website for the access request Access response returning, carrying accession page.C29, the device as described in C25, the configuration information enquiry module includes: physiology Characteristic extracting sub-module, for extracting physiological characteristic data from the access request；Authentication submodule, for adopting Authentication is carried out with the physiological characteristic data；Query site submodule is certification for the result when the authentication When accessing user, the website that the certification access user allows to access is inquired；User configuration inquires submodule, for working as the net When standing including the source website, configuration information of the inquiry for the certification access user setting, described source website.C30, such as The Backup Data of device described in C25, the source website loads the mirror site in the security server；The backup number It include: that mirror site searches submodule according to searching module, for searching visit from the mirror site according to the access request Ask the page；First cache sub-module, for when finding accession page from the mirror site, caching the access page Face.C31, the device as described in C30, storage system of the backup data store of the source website in the security server； The Backup Data searching module further include: storage system searches submodule, does not find from the mirror site for working as When the accession page, the accession page is searched from the storage system according to the access request；Second caching submodule Block, for caching the accession page when finding the accession page from the storage system.C32, as described in C31 Device, the Backup Data searching module further include: page processing mode reading submodule, for when from the storage system In when not finding the accession page, read preset page processing mode；Page processing mode handles submodule, for pressing The corresponding accession page of the access request is grabbed from the source website according to the processing mode, alternatively, by error message page Face is set as accession page, alternatively, being accession page by specified processing page setup.C33, the device as described in C30, it is described Backup Data searching module further include: safety detection submodule, for according to the lookup visit from the Backup Data of the source website Ask that the page carries out safety detection to the access request；It is abnormal to intercept submodule, if being exception request for the access request, Then intercept the access request.C34, the device as described in C29, further includes: administration authority confirmation module, for working as the identity When the result of certification is authentication management user, allow configuration information and the certification of source website described in the authentication management user setting Access user.The described in any item devices of C35, such as C25-C34, further includes: configuration information setup module, for the source net It stands and configuration information is set, the configuration information includes website backup parameter and/or page processing mode；Website data grabs mould Block, for grabbing website data from the source website according to the website backup parameter, as Backup Data；Backup Data is deposited Module is stored up, for will be in the storage system of the backup data store to the security server；Wherein, the backup parameter packet Include following at least one: website BACKUP TIME, website protection time, website backup level, website blacklist, the white name in website It is single.C36, the device as described in C35, further includes: mirror image creation module, for being created in the mirror-image system of the security server Build mirror image；Backup Data read module, for reading the Backup Data of the source website from the storage system；Backup Data Loading module, the mirror site for the Backup Data to be loaded onto the mirror image, as the source website.

The embodiment of the invention also discloses D37, a kind of website visiting device based on mobile terminal, are located at mobile terminal In, comprising: access request generation module, for generating the access request of access originator website；Configuration information enquiry module, for according to The configuration information of the source website is inquired according to the access request；Backup Data searching module, for working as the configuration information packet When including the security protection mode for having turned on the source website, looked into from the Backup Data of the source website according to the access request Look for accession page；Access response generation module, for generating access response using the accession page；Access response parses mould Block, for parsing the access response, to load the accession page.D38, the device as described in D37, further includes: access is asked Sending module is sought, for the access request to be sent to security server, to carry out at flow cleaning to the access request Reason and/or Web application protective treatment.D39, the device as described in D38, further includes: station address extraction module is used for from described Station address is extracted in access request；Secure address judgment module, for judging whether the station address is preset safety Address；If so, calling the access request sending module；If it is not, then call request blocking module；Blocking module is requested, is used In the interception access request.D40, the device as described in D37, further includes: access request forwarding module, for working as the configuration Information includes that the access request is sent to the source website when not opening the security protection mode of the source website；Access Receiving module is responded, for receiving access response that the source website is returned for the access request, carrying accession page. D41, the device as described in D37, the configuration information enquiry module include: physiological characteristic data extracting sub-module, are used for from institute It states and extracts physiological characteristic data in access request；Authentication submodule, for carrying out identity using the physiological characteristic data Certification；Query site submodule, for inquiring the certification access when the result of the authentication is certification access user User allows the website accessed；User configuration inquires submodule, for when the website includes the source website, inquiry to be directed to The configuration information of the certification access user setting, described source website.D42, the device as described in D37, the source website Backup Data loads the mirror site in security server；The Backup Data searching module includes: that mirror site searches son Module, for searching accession page from the mirror site according to the access request；First cache sub-module, for when from When finding accession page in the mirror site, the accession page is cached.D43, the device as described in D42, the source net Storage system of the backup data store stood in the security server；The Backup Data searching module further include: storage System searching submodule, for when not finding the accession page from the mirror site, according to the access request The accession page is searched from the storage system；Second cache sub-module is found from the storage system for working as When the accession page, the accession page is cached.D44, the device as described in D43, the Backup Data searching module are also wrapped It includes: page processing mode reading submodule, it is pre- for reading when not finding the accession page from the storage system If page processing mode；Page processing mode handles submodule, for grabbing from the source website according to the processing mode The corresponding accession page of the access request is taken, alternatively, being accession page by error message page setup, alternatively, by specified Processing page setup is accession page.D45, the device as described in D42, the Backup Data searching module further include: safety inspection Submodule is surveyed, for carrying out safe inspection to the access request according to searching accession page from the Backup Data of the source website It surveys；It is abnormal to intercept submodule, if being exception request for the access request, intercept the access request.D46, such as D41 institute The device stated, further includes: administration authority confirmation module, for permitting when the result of the authentication is authentication management user Perhaps the configuration information of source website described in the described authentication management user setting and certification access user.D47, any one of such as D37-D46 The device, further includes: configuration information setup module, for configuration information, the configuration information to be arranged to the source website Including website backup parameter and/or page processing mode；Configuration information sending module, for the configuration information to be sent to peace Full server as Backup Data, and is stored with grabbing website data from the source website according to the website backup parameter Into the storage system of the security server；Wherein, the backup parameter includes following at least one: when website is backed up Between, website protection time, website backup level, website blacklist, website white list.D48, the device as described in D47, it is described to deposit Backup Data in storage system is also used to be loaded onto the mirror image of the mirror-image system creation of the security server, as described The mirror site of source website.

The embodiment of the invention also discloses E49, a kind of website visiting system based on mobile terminal, and the system comprises shiftings In dynamic terminal and security server, the mobile terminal includes access request generation module, access response parsing module, the peace Full server includes configuration information enquiry module, Backup Data searching module, access response generation module, access response return mould Block；Access request generation module, for generating the access request of access originator website；Configuration information enquiry module, for according to institute State the configuration information that access request inquires the source website；Backup Data searching module, for including when the configuration information When opening the security protection mode of the source website, visit is searched from the Backup Data of the source website according to the access request Ask the page；Access response generation module, for generating access response using the accession page；Access response return module is used In the access response is sent to the mobile terminal；Access response parsing module, for parsing the access response, to add Carry the accession page.E50, the system as described in E49, the server further include: flow cleaning module, for the visit Ask that request carries out flow cleaning processing；And/or Web application protection module, it is anti-for carrying out Web application to the access request Shield processing.E51, the system as described in E50, the server further include: station address extraction module, for being asked from the access Seek middle extraction station address；Secure address judgment module, for judging whether the station address is preset secure address；If It is then to call the flow cleaning module and/or the Web application protection module；If it is not, then call request blocking module；Please Blocking module is sought, for intercepting the access request.E52, the system as described in E49, the server further include: access request Forwarding module, for when the configuration information includes not opening the security protection mode of the source website, the access to be asked It asks and is sent to the source website；Access response receiving module, for receive the source website for the access request return, Carry the access response of accession page.E53, the system as described in E49, the configuration information enquiry module includes: physiological characteristic Data extracting sub-module, for extracting physiological characteristic data from the access request；Authentication submodule, for using institute It states physiological characteristic data and carries out authentication；Query site submodule is certification access for the result when the authentication When user, the website that the certification access user allows to access is inquired；User configuration inquires submodule, for wrapping when the website When including the source website, configuration information of the inquiry for the certification access user setting, described source website.E54, such as E49 The Backup Data of the system, the source website loads the mirror site in the security server；The Backup Data Searching module includes: that mirror site searches submodule, for searching access from the mirror site according to the access request The page；First cache sub-module, for caching the accession page when finding accession page from the mirror site. E55, the system as described in E54, storage system of the backup data store of the source website in the security server；It is described Backup Data searching module further include: storage system searches submodule, for described when not finding from the mirror site When accession page, the accession page is searched from the storage system according to the access request；Second cache sub-module is used When finding the accession page in storage system described in Yu Dangcong, the accession page is cached.E56, it is as described in E55 System, the Backup Data searching module further include: page processing mode reading submodule, for working as from the storage system not When finding the accession page, preset page processing mode is read；Page processing mode handles submodule, for according to institute It states processing mode and grabs the corresponding accession page of the access request from the source website, alternatively, the error message page is set It is set to accession page, alternatively, being accession page by specified processing page setup.E57, the system as described in E54, the backup Data search module further include: safety detection submodule, for according to the lookup access page from the Backup Data of the source website Safety detection is carried out in face of the access request；It is abnormal to intercept submodule, if being exception request for the access request, block Cut the access request.E58, the system as described in E53, the server further include: administration authority confirmation module, for working as institute When the result for stating authentication is authentication management user, allow the configuration information of source website described in the authentication management user setting User is accessed with certification.The described in any item systems of E59, such as E49-E58, the server further include: mould is arranged in configuration information Block, for configuration information to be arranged to the source website, the configuration information includes website backup parameter and/or page processing side Formula；Website data handling module, for grabbing website data from the source website according to the website backup parameter, as standby Part data；Backup data store module, for will be in the storage system of the backup data store to the security server；Its In, the backup parameter includes following at least one: website BACKUP TIME, website protection time, website backup level, website Blacklist, website white list.E60, the device as described in E59, the server further include: mirror image creation module, in institute It states and creates mirror image in the mirror-image system of security server；Backup Data read module, for reading institute from the storage system State the Backup Data of source website；Backup Data loading module, for the Backup Data to be loaded onto the mirror image, as institute State the mirror site of source website.

The embodiment of the invention also discloses F61, a kind of mobile terminal, including processor and memory；The memory is used The program of the Website access method based on mobile terminal described in execution B13 to B24 is supported in storage；The processor is matched It is set to for executing the program stored in the memory.

Claims

1. a kind of Website access method based on mobile terminal, comprising:

When the configuration information includes having turned on the security protection mode of the source website, according to the access request from described Accession page is searched in the Backup Data of source website；

Access response is generated using the accession page；

The access response is sent to the mobile terminal.

2. the method as described in claim 1, which is characterized in that receive mobile terminal accessing source in security server described After the access request of website, the method also includes:

Flow cleaning processing is carried out to the access request；

And/or

Web application protective treatment is carried out to the access request.

3. method according to claim 2, which is characterized in that further include:

Station address is extracted from the access request；

Judge whether the station address is preset secure address；

If so, execute it is described to the access request carry out flow cleaning processing, and/or, it is described to the access request into Row Web application protective treatment；

If it is not, then intercepting the access request.

4. the method as described in claim 1, which is characterized in that further include:

When the configuration information includes not opening the security protection mode of the source website, the access request is sent to institute State source website；

5. the method as described in claim 1, which is characterized in that described to inquire matching for the source website according to the access request Confidence breath, comprising:

Physiological characteristic data is extracted from the access request；

Authentication is carried out using the physiological characteristic data；

When the result of the authentication is certification access user, the website that the certification access user allows to access is inquired；

When the website includes the source website, inquiry accesses user setting, the source website match for the certification Confidence breath.

6. a kind of Website access method based on mobile terminal, comprising:

The access request of access originator website is generated in the terminal；

Access response is generated using the accession page；

The access response is parsed, to load the accession page.

7. a kind of website visiting device based on mobile terminal is located in security server, comprising:

Backup Data searching module, for when the configuration information includes having turned on the security protection mode of the source website, Accession page is searched from the Backup Data of the source website according to the access request；

8. a kind of website visiting device based on mobile terminal is located in mobile terminal, comprising:

It is described the system comprises in mobile terminal and security server 9. a kind of website visiting system based on mobile terminal Mobile terminal includes access request generation module, access response parsing module, and the security server includes configuration information inquiry Module, Backup Data searching module, access response generation module, access response return module；

10. a kind of mobile terminal, including processor and memory；

The memory is used to store the journey for supporting perform claim to require the Website access method based on mobile terminal described in 6 Sequence；

The processor is configured to for executing the program stored in the memory.