CN110392022A - A kind of network resource access method, computer equipment, storage medium - Google Patents
A kind of network resource access method, computer equipment, storage medium Download PDFInfo
- Publication number
- CN110392022A CN110392022A CN201810355317.5A CN201810355317A CN110392022A CN 110392022 A CN110392022 A CN 110392022A CN 201810355317 A CN201810355317 A CN 201810355317A CN 110392022 A CN110392022 A CN 110392022A
- Authority
- CN
- China
- Prior art keywords
- resource
- session information
- server
- session
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
The embodiment of the present application discloses a kind of network resource access method and device.The described method includes: obtaining the first session information of preservation corresponding with the server identification of Resource Server, first session information is added to network resource request, and network resource request is initiated according to resource address, server is allowed to determine whether access Internet resources according to the first session information, then when resource address is stolen, if there is no the first session information in network resource request, or first session information show that resource content request end and resource address requests end are not same, Internet resources can not be just accessed, that is, it may determine whether to allow to access Internet resources according to the first entrained session information, the injurious act that Internet resources can be usurped by resource address is prevented, avoid the waste of server resource.
Description
Technical field
This application involves technical field of data processing, and in particular to a kind of network resource access method, one kind, Internet resources
Processing method, a kind of computer equipment, a kind of computer readable storage medium.
Background technique
With the development of internet technology, the resources such as video, the picture that user can obtain from network are more and more.And it provides
When the supplier in source provides a user these resources, need to expend storage resource, bandwidth resources etc..
Applicant it has been investigated that, there is a kind of " stealing chain " behavior, by the resource stolen to final on the website of oneself
User provides." stealing chain " server itself does not provide the resources such as video, picture, but passes through technological means from the net for possessing resource
Link is stolen in standing, and provides the resource of aggrieved website to end user on the website of oneself, gains the browsing of end user by cheating
And click, and " stealing chain " server does not provide resource or provides seldom resource." stealing chain " behavior provides money to real for user
The supplier in source causes to seriously affect.
The prior art lacks the technical solution of effectively discovery " stealing chain " behavior.
Summary of the invention
In view of the above problems, it proposes on the application overcomes the above problem or at least be partially solved in order to provide one kind
State network resource access method, network resource processing method and computer equipment, the computer readable storage medium of problem.
According to the one aspect of the application, a kind of network resource access method is provided, comprising:
The first session information of preservation corresponding with the server identification of Resource Server is obtained, first session information is used
In the first session for marking the Resource Server and resource content request end;
First session information is added to network resource request, to be according to entrained the first session information determination
It is no to allow to access Internet resources;
The network resource request is initiated according to resource address.
Optionally, before first session information for obtaining preservation corresponding with the server identification of Resource Server,
The method also includes:
The second session information that resource address and Resource Server provide is obtained, second session information is for marking
Second session at the Resource Server and resource address requests end and target resource, the resource address requests end include money
Source contents request end or intermediate server.
Optionally, before the network resource request according to resource address initiation, the method also includes:
Second session information is added to the network resource request, in conjunction with first session information and second
Session information determines whether access Internet resources.
Optionally, before first session information for obtaining preservation corresponding with the server identification of Resource Server,
The method also includes:
Obtain the third session information that Resource Server provides, wherein the third session information is for marking the money
Second session of source server and resource address requests end.
Optionally, the resource address requests end includes resource content request end or intermediate server, when the resource
When location request end includes resource content request end, the third session information is identical as the first session information, when the resource
When location request end includes intermediate server, the third session information is different from the first session information.
Optionally, the method also includes:
By third session information preservation corresponding with the server identification that resource address provides end, the resource address is mentioned
It include intermediate server or Resource Server for end.
Optionally, the server identification includes domain name, and the third session information carries information write instruction, described to incite somebody to action
The third session information provides corresponding save of the server identification at end with resource address
The resource address is written into the third session information by the execution information write instruction, the domain at end is provided
The corresponding storage location of name.
Optionally, the information write instruction includes set cookie instruction.
Correspondingly, according to the another aspect of the application, a kind of network resource processing method is additionally provided, comprising:
Receive network resource request;
The first session information that the network resource request carries is obtained, first session information takes for markup resources
The server identification of first session of business device and resource content request end, first session information and the Resource Server exists
The resource content request end is corresponding to be saved;
Access Internet resources are determined whether according to first session information.
Optionally, described to determine whether that access Internet resources include: according to first session information
Determine whether first session information is non-empty information, if so, allowing to access Internet resources.
Optionally, the network resource request also carries the second session information, and second session information is for marking institute
State the second session of Resource Server Yu resource address requests end, the resource address requests end include resource content request end or
Intermediate server;
It is described to determine whether that access Internet resources include: according to first session information
Identify whether first session information matches with the second session information.
Optionally, second session information includes the resource identification of Internet resources, identification the first session letter
Cease with whether the second session information matches and includes:
The 4th session information is generated according to resource identification and the second session information;
Determine whether the 4th session information and the first session information are consistent.
Optionally, the method also includes:
Identify whether second session information meets presupposed information rule.
Optionally, before receiving network resource request, the method also includes:
Receive resource address acquisition request;
It generates the second session information and is supplied to resource address requests end.
Optionally, the second session information of the generation includes:
Second session information is determined according to resource address requests client information and target resource identifier.
Correspondingly, according to the another aspect of the application, a kind of computer equipment, including memory, processor are additionally provided
And store the computer program that can be run on a memory and on a processor, which is characterized in that described in the processor executes
The method such as above-mentioned one or more is realized when computer program.
Correspondingly, according to the another aspect of the application, a kind of computer readable storage medium is additionally provided, is stored thereon with
Computer program, which is characterized in that the method such as above-mentioned one or more is realized when the program is executed by processor.
According in the embodiment of the present application, pass through the first session of acquisition preservation corresponding with the server identification of Resource Server
First session information is added to network resource request, and initiates network resource request according to resource address by information, so that
Server can determine whether access Internet resources according to the first session information, then when resource address is stolen,
If there is no the first session information or the first session information to show resource content request end and resource address in network resource request
Request end be not it is same, Internet resources can not be just accessed, that is to say, that can be true according to the first entrained session information
It is fixed whether to allow to access Internet resources, the injurious act that can usurp Internet resources by resource address has been prevented, has been avoided
The waste of server resource.
Further, by the way that the second session information is added to network resource request, in conjunction with first session information and
Second session information determines whether access Internet resources, realizes and compares resource content request end and resource address requests end
It is whether same, if it is same, then the case where stealing resource address there is no intermediate server, then allow to access network
Resource further ensures that the case where there is no steal resource address, improves prevention when the first session information is not empty data
Usurp the accuracy of the injurious act of Internet resources.
Above description is only the general introduction of technical scheme, in order to better understand the technological means of the application,
And it can be implemented in accordance with the contents of the specification, and in order to allow above and other objects, features and advantages of the application can
It is clearer and more comprehensible, below the special specific embodiment for lifting the application.
Detailed description of the invention
By reading the following detailed description of the preferred embodiment, various other advantages and benefits are common for this field
Technical staff will become clear.The drawings are only for the purpose of illustrating a preferred embodiment, and is not considered as to the application
Limitation.And throughout the drawings, the same reference numbers will be used to refer to the same parts.In the accompanying drawings:
Fig. 1 shows the schematic diagram of network resource accession process;
Fig. 2 shows the flow charts according to a kind of network resource access method embodiment of the embodiment of the present application one;
Fig. 3 shows a kind of flow chart of network resource access method embodiment according to the embodiment of the present application two;
Fig. 4 shows a kind of flow chart of network resource processing method embodiment according to the embodiment of the present application three;
Fig. 5 shows a kind of flow chart of network resource processing method embodiment according to the embodiment of the present application four;
Fig. 6 shows the schematic diagram that Internet resources are accessed when being stolen there is no resource address;
Fig. 7 shows the schematic diagram that Internet resources are accessed when being stolen there are resource address;
Fig. 8 shows the schematic diagram of the treatment process of Internet resources;
Fig. 9 shows vod server to the schematic diagram of the treatment process of Internet resources;
Figure 10 shows CDN server to the schematic diagram of the treatment process of Internet resources;
Figure 11 shows a kind of structural block diagram of network resource accession Installation practice according to the embodiment of the present application five;
Figure 12 shows a kind of structural block diagram of Internet resources processing device embodiment according to the embodiment of the present application six;
Figure 13 shows the exemplary system that can be used for realizing each embodiment described in the disclosure.
Specific embodiment
Exemplary embodiments of the present disclosure are described in more detail below with reference to accompanying drawings.Although showing the disclosure in attached drawing
Exemplary embodiment, it being understood, however, that may be realized in various forms the disclosure without should be by embodiments set forth here
It is limited.On the contrary, these embodiments are provided to facilitate a more thoroughly understanding of the present invention, and can be by the scope of the present disclosure
It is fully disclosed to those skilled in the art.
To make those skilled in the art more fully understand the application, below to this application involves concept be illustrated:
Internet resources include the resource of the diversified forms such as video, picture, text, sound, can specifically include arbitrary form
Network on various resources, the embodiment of the present application is without limitation.For example, the various programs provided in video-on-demand platform
Video resource.
Internet resources can be acquired by resource address, and resource address is used to establish connection transport network resources, for example,
When video on demand, the actual play address of program video.In this application, requested Internet resources are denoted as target resource.
Internet resources are provided by Resource Server onto network.Resource Server includes providing the service of Internet resources
Device, or the server of the resource address of Internet resources is provided.The server of Internet resources is provided and the money of Internet resources is provided
The server of source address can be the same server, be also possible to different servers.For example, in video on demand scene, visitor
Family end is the resource address that program video is obtained from the server (i.e. Resource Server) of video on demand website, but video is practical deposits
On CDN (Content Delivery Network, content distributing network) server, program video is from CDN server for storage
It is transferred to client, wherein Resource Server only provides the resource address of Internet resources, and accessible according to resource address
CDN server obtains the Internet resources stored thereon.
The client or server of Internet resources will be requested access to, is denoted as resource content request end.For example, video on demand field
Jing Zhong, accesses the client of Internet resources according to resource address or server is resource content request end.It is worth noting that depositing
In some " stealing chain website " for the website for possessing Internet resources, " stealing chain website " itself does not provide Internet resources, passes through skill
Art means steal resource address from the website for possessing Internet resources, and provide a user Internet resources on " stealing chain website ".In
In this case, the web site requests resource address of Xiang Yongyou Internet resources be " steal chain website " server, and according to resource
What address accessed Internet resources is the client of user, i.e. resource content request end.This " stealing chain " means are to data source website
Caused by loss include: the bandwidth resources for wasting server, storage resource has invaded its copyright, has reduced and brought by resource
Advertising income etc..
Network resource request is initiated according to resource address in resource content request end, and network resource request can be to resource service
Device is initiated, and can also initiate to the server of actual storage Internet resources or any other applicable server, the application are real
It is without limitation to apply example.For example, client obtains the resource address of program video, if resource address in video on demand scene
It is Resource Server address, then client initiates the network resource request of program video according to resource address to Resource Server,
To obtaining Internet resources, if resource address is the address of the server of actual storage Internet resources in CDN, client according to
Resource address initiates the network resource request of program video to CDN server, to obtain Internet resources.
It is worth noting that provide resource address server and provide Internet resources server can be it is same,
Or the server for the server and offer Internet resources for providing resource address is the different server under same domain name, Huo Zheti
The server of server and offer Internet resources for resource address is the different server under different domain names, in above-mentioned scene
Under, if there is no the first session information in verifying network resource request, if being asked according to the first session information verifying resource content
It asks end and resource address requests end different, then finds there is " stealing chain " behavior, do not allow to provide Internet resources, otherwise can mention
For Internet resources.
In a kind of alternative embodiment of the application, relative to Resource Server, the requesting terminal of resource address will be requested
Or request server, it is denoted as resource address requests end.Resource address requests end includes resource content request end or intermediate server.
Wherein, by the server between Resource Server and resource content request end, it is denoted as intermediate server, in other words, in resource
Hold request end and request resource address to intermediate server, intermediate server requests resource address to Resource Server again.For example, view
Frequency point is broadcast in scene, if client is that when obtaining the resource address of program video by video on demand website, resource is taken
It is engaged in for device, resource address requests end is exactly client, if but client is to obtain program video by " stealing chain website "
When resource address, then for Resource Server, resource address requests end is exactly the server of " stealing chain website ", i.e., intermediate clothes
Business device.
In a kind of alternative embodiment of the application, relative to resource content request end, it will thus provide the service of resource address
Device is denoted as resource address and provides end.It includes intermediate server or Resource Server that resource address, which provides end,.Work as resource content request
End is when directly acquiring resource address from Resource Server, and it is exactly Resource Server that resource address, which provides end, when resource content is asked
Asking end is when obtaining resource address by intermediate server, and for resource content request end, resource address provides end and is exactly
Intermediate server.For example, in video on demand scene, if client is from the resource for being video on demand website acquisition program video
When location, then for resource content request end, resource address provide end be exactly Resource Server, if but client be from
When " stealing chain website " obtains the resource address of program video, then for resource content request end, resource address provides end just
It is the server of " stealing chain website ", i.e. intermediate server.
Session may include this acquisition process that client is directed to Internet resources.It or also may include a client
With the entire interactive process between a server, one has been begun to when a user end to server sends a request
Session, when client clearly terminates session or server within a predefined time limit not from any request of client receiving
When, session just finishes.If direct interactive process is not present between client and server, between client and server not
There are sessions.
In the application, session between Resource Server and resource content request end is denoted as the first session.Resource Server
With the session between resource address requests end, it is denoted as the second session.It is worth noting that when resource content request end and resource
When location request end is same, the first session is exactly that the second session, otherwise the first session and the second session are different two meetings
Words.
For example, opening a net of video on demand website on browser (resource content request end) in video on demand scene
Page is to the whole process for closing the webpage, i.e., a session between browser and the Resource Server of video on demand website, i.e.,
First session;If intermediate server is not present between resource content request end and Resource Server, that is to say, that resource content is asked
Ask end and resource address requests end be it is same, then the first session is exactly the second session, if but resource content request end and resource
There are intermediate servers between server, i.e., the webpage that intermediate server provides are opened on browser, intermediate server is again
Resource address is requested to Resource Server, then the interactive process between intermediate server and Resource Server is a session,
That is session is then not present in the second session between browser and Resource Server.
Session information for one session of one session of label or label and target resource or it is any other can
The information of session is marked, the embodiment of the present application is without limitation.Session information is by Resource Server according to directly communicating with
Client or server between the session that occurs generate, and feed back to resource content request end, if there is intermediate server, then
It is that resource content request end is fed back to by intermediate server.
For example, client opens a webpage of video on demand website in video on demand scene, a session is opened,
To the resource address of the server request program video of video on demand website, server is believed according to the user of the client received
The mark of breath and program video generates the first session information to mark current session.
In this application, the first session information is used for the first session of label, and the second session information is used for the second session of label
And target resource, third session information are used for the second session of label.
In order to mark the source of session information, needed when storing session information corresponding with the server identification of origin server
It saves.Server identification includes that domain name, unique identification or any other applicable mark, the embodiment of the present application do not do this
Limitation.
In a kind of alternative embodiment of the application, need through execution information write instruction, session information is written.Letter
Breath write instruction includes mode, the position of write-in etc. of write-in, and the embodiment of the present application is without limitation.For example, by third meeting
It talks about information write-in resource address and the corresponding storage location of domain name at end is provided.
In a kind of alternative embodiment of the application, set cookie instruction includes the finger write data into cookie
It enables.Cookie is certain websites to distinguish user identity, conversate status tracking and be stored on user local terminal
Data (generally go through encryption).For example, executing set cookie instruction, it can make the first session information that Resource Server pair be written
In cookie under the domain name answered.
According to a kind of embodiment of the application, for the Internet resources that Resource Server possesses, " link network is stolen there are some
Stand ", resource address is stolen from Resource Server, and provide a user Internet resources on " stealing chain website ".Net as shown in Figure 1
The schematic diagram of network resource access process, this application provides a kind of network resource accession mechanism at resource content request end, pass through
First session information is added to network money by the first session information for obtaining preservation corresponding with the server identification of Resource Server
Source request initiates network resource request according to resource address, then when resource address is stolen, if not having in network resource request
Have the first session information or the first session information show resource content request end and resource address requests end be not it is same,
Internet resources can not be just accessed, that is to say, that may determine whether to allow to access net according to the first entrained session information
Network resource has prevented the injurious act that Internet resources can be usurped by resource address, avoids the waste of server resource.
The application is applicable in but is not limited to above-mentioned application scenarios.
Referring to Fig. 2, a kind of flow chart of network resource access method embodiment according to the embodiment of the present application one is shown,
This method can specifically include following steps:
Step 101, the first session information of preservation corresponding with the server identification of Resource Server is obtained.
In the embodiment of the present application, the first session information is for markup resources server and the first of resource content request end
Session, the first session information are save corresponding with the server identification of Resource Server.
In the access process of Internet resources, resource address, resource are first requested to Resource Server in resource content request end
Resource address and the first session information are returned to resource content request end by server, take resource on resource content request end
The server identification of business device is corresponding with the first session information to be saved.
Wherein, the first session information, which can be, is generated by Resource Server according to the identification information at resource content request end
, such as user information, the unique identification at resource content request end etc., the server for being also possible to provide Internet resources can verify that
Other information, but session that need to be different using different information flags, for example, one generated when Session Time, session with
First session information of mark and random number of machine number or Internet resources etc. or any other service form, the application are real
It is without limitation to apply example.
In the embodiment of the present application, the first session is the session between Resource Server and resource content request end, resource
Content requests end can only be saved the first session information is corresponding with the server identification of Resource Server, without will be with other
The session information that server conversates is corresponding with the server identification of Resource Server to be saved.
For example, in video on demand scene, resource of the resource content request end to Resource Server request Internet resources
Location, then by the preservation corresponding with the server identification of Resource Server of the first session information, so as to the first session of subsequent follow-up letter
Breath determines whether access Internet resources.
Step 102, first session information is added to network resource request, according to entrained the first session letter
Breath determines whether access Internet resources.
In the embodiment of the present application, after getting the first session information, the first session information is added to Internet resources and is asked
It asks.Network resource request is from resource content request end to the CDN server or Resource Server for distribution network resource
It sends.First session information can be according to network resource request from resource content request end to CDN server or resource
Server is sent or CDN server or Resource Server are read according to network resource request from resource content request end
's.When practical operation, there are two kinds of situations to need to be illustrated respectively:
It is if the first session information can not be got, i.e., corresponding with the server identification of Resource Server to protect in a kind of situation
The content deposited is empty data, then then is determining whether to visit just without carrying the first session information in network resource request
When asking Internet resources, you can't get permissions.For example, resource content request end is not directly to money under video on demand scene
Source server requests the resource address of Internet resources, but intermediate server requests resource address to Resource Server, then in
Between server resource address is transmitted to resource content request end, since resource content request end is not turned on Resource Server
First session is obtaining first after the first session information that preservation corresponding with the server identification of Resource Server may be not present
When session information, the first session information can not be got.
In another case, showing that resource content request end and Resource Server are opened if getting the first session information
The first session is crossed, then the first session information is just carried in network resource request, then according to the actual content of the first session information
To determine whether that the second session information is added to Internet resources for example, obtaining the second session information by access Internet resources
In request, Resource Server or CDN server identify whether the first session information and the second session information match, if matching,
Resource address requests end and resource content request end be it is same, then the first session is exactly the second session, that is to say, that resource
The case where location request end is not intermediate server, steals resource address there is no " stealing chain website ", then allows to access network money
Source.
Step 103, the network resource request is initiated according to resource address.
In the embodiment of the present application, the server where Internet resources, resource content can be found according to resource address
Request end network resource request is initiated according to resource address.If Internet resources are stored in Resource Server, resource address is resource
The address of server or Resource Server cluster, then network resource request is sent to Resource Server, if Internet resources store
The address of CDN server in CDN server, resource address, then network resource request is sent to CDN server.By resource
Server or CDN server determine whether to access Internet resources according to the first session information.
According in the embodiment of the present application, pass through the first session of acquisition preservation corresponding with the server identification of Resource Server
First session information is added to network resource request, and initiates network resource request according to resource address by information, so that
Server can determine whether access Internet resources according to the first session information, then when resource address is stolen,
If there is no the first session information or the first session information to show resource content request end and resource address in network resource request
Request end be not it is same, Internet resources can not be just accessed, that is to say, that can be true according to the first entrained session information
It is fixed whether to allow to access Internet resources, the injurious act that can usurp Internet resources by resource address has been prevented, has been avoided
The waste of server resource.
In a kind of embodiment of the application, optionally, save corresponding with the server identification of Resource Server is being obtained
The first session information before, can also include: the second session information for obtaining resource address and Resource Server and providing.
Wherein, the second session information is used for the second session and target of markup resources server and resource address requests end
Resource, resource address requests end include resource content request end or intermediate server.For Resource Server, resource content
Request end or intermediate server all may be resource address requests end.If resource address requests end is same with resource content request end
At one, then the second session is exactly the first session, if but resource address requests end when being intermediate server, just and in resource
It is not same for holding request end, then the second session is not just same with the first session.
In one implementation, the second session information can also only markup resources server and resource address requests end
Second session, and in addition the label of target resource can be sent between resource content request end and Resource Server.
It is not this request Internet resources there is also the first session information when the first session information obtained is not sky data
Shi Baocun's or the first session information be not the case where Resource Server is sent, then need according to the first session information
Access Internet resources are determined whether with whether the second session information matches.
In the access process of Internet resources, resource content request end needs to obtain resource address, and from Resource Server
Obtain the second session information, to initiate network resource request according to resource address later, and according to the first session information and
Second session information determines whether access Internet resources.
In a kind of embodiment of the application, optionally, before initiating the network resource request according to resource address,
It can also include: that the second session information is added to network resource request, in conjunction with first session information and the second session
Information determines whether access Internet resources.
First session information is sent to Resource Server or CDN server by resource content request end, it is also necessary to by second
Session information is added to network resource request, is sent to Resource Server or CDN server.Resource Server or CDN server
After receiving the second session information, access network money can be determined whether in conjunction with the first session information and the second session information
Source specifically can determine resource content request end according to the first session information, determine that resource address is asked according to the second session information
It asks end, compares resource content request end and whether resource address requests end is same, if it is same, then taken there is no intermediate
The case where business device steals resource address then allows to access Internet resources, when the first session information is not empty data, further
Ensure the case where there is no steal resource address, improves the accuracy for preventing the injurious act for usurping Internet resources.
Referring to Fig. 3, a kind of flow chart of network resource access method embodiment according to the embodiment of the present application two is shown,
This method can specifically include following steps:
Step 201, the third session information that Resource Server provides is obtained.
In the embodiment of the present application, third session information is for markup resources server and the second of resource address requests end
Session.Third session information is that Resource Server provides, but resource content request end may be directly to obtain from Resource Server
Take third session information, it is also possible to forward to obtain third session information through intermediate server.
For example, under video on demand scene, steal the injurious act of resource address if it does not exist, resource content request end to
The Resource Server of video on demand website requests resource address, first to Resource Server have sent user information (User) and
The mark (RID) of required target resource.Resource Server carries out Hash calculation to user information (User), generates third meeting
It talks about information KeyCookie=hash (User), then to the mark of target resource (RID) and third session information KeyCookie
Etc. information encrypted, obtain the second session information KeyQuery=encode (RID+KeyCookie), find target resource
Identify (RID) corresponding resource address (URL).Then Resource Server is by resource address (URL), third session information
KeyCookie value and the second session information KeyQuery value are sent to resource content request end.Resource content request termination receives
After third session information KeyCookie, third session information KeyCookie value is stored under the domain name of video on demand website
In browser cookie.
In another example under video on demand scene, steal the injurious act of resource address if it exists, resource content request end to
Intermediate server requests resource address, and intermediate server requests resource address to Resource Server again, and intermediate server is to resource
Server has sent the mark (RID) of intermediate server information (EvilServer) and required target resource.Resource clothes
Device be engaged in intermediate server info (EvilServer) progress Hash calculation, generates third session information KeyCookieEvil=
Hash (EvilServer), then to the information such as the mark of target resource (RID) and third session information KeyCookieEvil into
Row encryption, obtains the second session information KeyQueryEvil=encode (RID+KeyCookieEvil), finds target resource
Identify (RID) corresponding resource address (URL).Then Resource Server is by resource address (URL), third session information
KeyCookieEvil value and the second session information KeyQueryEvil value are sent to intermediate server.Intermediate server forwards again
After giving resource content request end, resource content request termination to receive third session information KeyCookieEvil, third session is believed
Breath KeyCookieEvil value is stored in the browser cookie under the domain name of intermediate server.
In a kind of embodiment of the application, optionally, resource address requests end includes resource content request end or centre
Server, when resource address requests end includes resource content request end, third session information is identical as the first session information, when
When resource address requests end includes intermediate server, third session information is different from the first session information.
When resource address requests end and resource content request end are same, the second session is exactly the first session, so
Third session information and the first session information are same.When resource address requests end and intermediate server are same, the
Two sessions are different from the first session, so third session information is different from the first session information.
It can also include: by the third session information and resource address optionally in a kind of embodiment of the application
The corresponding preservation of server identification at end is provided.
It includes intermediate server or Resource Server that resource address, which provides end,.For resource content request end, resource
When address offer end is Resource Server, just by the preservation corresponding with the server identification of Resource Server of third session information, money
When source address offer end is intermediate server, just by the preservation corresponding with the server identification of intermediate server of third session information.
When practical operation, using the origin policy (Same origin policy) of browser, browser is according to homologous plan
Agreement slightly will be corresponding with the server identification of Resource Server for the third session information that Resource Server is sent
It saves, for the third session information that intermediate server is sent, corresponding with the server identification of intermediate server will save.
In a kind of embodiment of the application, optionally, server identification includes domain name, and third session information carries information
Save corresponding with the server identification that resource address provides end of the third session information be may include: to pass through by write instruction
It executes the information write instruction resource address is written into the third session information and the corresponding storage of domain name at end is provided
Position.
When resource content request end obtains third session information, corresponding information write instruction, execution information are also obtained
Third session information is written to resource address and provides the corresponding storage location of domain name at end by write instruction.It is worth noting that
Information write instruction from Resource Server corresponding can only deposit the domain name that Resource Server is written in third session information
Storage space is set, and third session information can only be written to the domain name of intermediate server from the information write instruction of intermediate server
Corresponding storage location.
Step 202, the first session information of preservation corresponding with the server identification of Resource Server is obtained.
In the embodiment of the present application, when resource address requests end and resource content request end are same, the first session
Information is exactly third session information, and available to the first session information, that is to say acquisition is third session information.If can not
Obtain the first session information, then illustrate the third session information obtained in step 201 not with the server mark of Resource Server
Know corresponding save.
In the embodiment of the present application, the specific implementation of this step may refer to the description in previous embodiment, herein
It does not repeat separately.
Step 203, first session information is added to network resource request, according to entrained the first session letter
Breath determines whether access Internet resources.
In the embodiment of the present application, the specific implementation of this step may refer to the description in previous embodiment, herein
It does not repeat separately.
Step 204, the network resource request is initiated according to resource address.
In the embodiment of the present application, the specific implementation of this step may refer to the description in previous embodiment, herein
It does not repeat separately.
According in the embodiment of the present application, the third session information provided by obtaining Resource Server is obtained and is taken with resource
Corresponding the first session information saved of the server identification of business device, is added to network resource request for first session information,
And network resource request is initiated according to resource address, due to being same when resource address requests end and resource content request end
When, third session information is exactly the first session information, and server is determined whether according to the first session information
Internet resources are accessed, then when resource address is stolen, if there is no the first session information or first in network resource request
Session information show resource content request end and resource address requests end be not it is same, Internet resources can not be just accessed,
That is may determine whether to allow to access Internet resources according to the first entrained session information, prevent by resource
Location can usurp the injurious act of Internet resources, avoid the waste of server resource.
Referring to Fig. 4, a kind of flow chart of network resource processing method embodiment according to the embodiment of the present application three is shown,
This method can specifically include following steps:
Step 301, network resource request is received.
In the embodiment of the present application, the server of resource address instruction receives network resource request, can specifically include
Resource Server, CDN server or any other applicable server, the embodiment of the present application are without limitation.
Step 302, the first session information that the network resource request carries is obtained.
In the embodiment of the present application, the first session information can be with network resource request by Resource Server or CDN service
Device obtains, and is also possible to Resource Server or CDN server according to reading in network resource request to resource content request end.
Step 303, access Internet resources are determined whether according to first session information.
In the embodiment of the present application, Resource Server or CDN server can determine whether to permit according to the first session information
Perhaps Internet resources are accessed, if it is determined that allow to access Internet resources, then transmit Internet resources to resource content request end, if really
It is fixed not allow to access Internet resources, then not to resource content request end transport network resources.
According in the embodiment of the present application, by receiving network resource request, obtain that the network resource request carries the
One session information determines whether access Internet resources according to first session information, allows server according to the
One session information come determine whether access Internet resources, then when resource address is stolen, if in network resource request
Show that resource content request end and resource address requests end are not same without the first session information or the first session information
A, Internet resources can not be just accessed, that is to say, that may determine whether to allow to access according to the first entrained session information
Internet resources have prevented the injurious act that Internet resources can be usurped by resource address, avoid the wave of server resource
Take.
It can also include: to receive before receiving network resource request optionally in a kind of embodiment of the application
Resource address acquisition request;It generates the second session information and is supplied to resource address requests end.
For Resource Server, in the access process of Internet resources, need first to receive resource address acquisition request,
According to resource address acquisition request, the second session information is generated for resource address requests end, and be supplied to resource address requests end.
If resource address requests end is resource content request end, the second session information will be supplied to resource content request end, if resource
Address requests end is intermediate server, and the second session information will be supplied to intermediate server.Certain intermediate server may also
Second session information is transmitted to resource content request end.
In a kind of embodiment of the application, optionally, a kind of implementation for generating the second session information may include:
The second session information is determined according to resource address requests client information and target resource identifier.
For example, Resource Server receives user information (User) and target resource identifier (RID), Resource Server pair
User information (User) carries out Hash calculation, generates third session information KeyCookie=hash (User), then provides to target
The information such as the mark (RID) in source and third session information KeyCookie are encrypted, and the second session information KeyQuery=is obtained
encode(RID+KeyCookie)。
Referring to Fig. 5, a kind of flow chart of network resource processing method embodiment according to the embodiment of the present application four is shown,
This method can specifically include following steps:
Step 401, network resource request is received.
In the embodiment of the present application, the specific implementation of this step may refer to the description in previous embodiment, herein
It does not repeat separately.
Step 402, the first session information that the network resource request carries is obtained.
In the embodiment of the present application, the specific implementation of this step may refer to the description in previous embodiment, herein
It does not repeat separately.
Step 403, determine whether first session information is non-empty information, if so, allowing to access Internet resources.
In the embodiment of the present application, if the first session information is non-empty information, allow to access Internet resources, otherwise not permit
Perhaps Internet resources are accessed.
It is being that non-empty information can be with when obtaining determining result to allow to access Internet resources according to the first session information
Step 404 and/or step 405 are executed, is continued to whether allowing to access Internet resources and determine.
Step 404, identify whether second session information meets presupposed information rule.
In the embodiment of the present application, presupposed information rule includes the rule of preset processing information, for example, encryption information
Encryption rule, processing rule that two kinds of information are mixed etc. or any other applicable rule, the embodiment of the present application
It is without limitation.
Second session information is handled according to presupposed information rule, for example, to the mark of target resource
(RID) it is encrypted with the information such as third session information KeyCookie, obtains the second session information KeyQuery=encode
(RID+KeyCookie).Presupposed information rule includes the rule of encryption.
In the embodiment of the present application, whether the second session information of identification meets a kind of implementation packet of presupposed information rule
Include: presupposed information rule can specify that the mode that processing and inversely processing are carried out to message, carry out inversely processing to the second session information,
If inversely processing is available as a result, showing that the second session information meets presupposed information rule.Another implementation includes: pre-
If rule information includes that the format etc. of the information obtained after handling shows the second session if the format of the second session information is consistent
Information meets presupposed information rule.Any suitable mode be can specifically include to identify it is default whether the second session information meets
Rule information, the embodiment of the present application are without limitation.
Step 405, identify whether first session information matches with the second session information.
In the embodiment of the present application, when the first session information is non-empty information, step 404 can be executed and execute step again later
Rapid 405, the identification of step 404 can not also be executed, directly execution step 405, to determine whether access Internet resources.If
First session information is matched with the second session information, it is determined that allows to access Internet resources, if the first session information and the second meeting
It talks about information to mismatch, does not then allow to access Internet resources.
The match condition of first session information and the second session information may include: that the first session information and the second session are believed
Manner of breathing is same, then matches or after the first session information handled, the information obtained after processing is identical as the second session information,
It then matches or after the second session information handled, the information obtained after processing is identical as the first session information, then match,
It can specifically include any suitable mode, the embodiment of the present application is without limitation.
In a kind of embodiment of the application, optionally, second session information includes the resource identification of Internet resources,
Identify that first session information and a kind of whether matched implementation of the second session information may include: according to resource identification
The 4th session information is generated with the second session information;Determine whether the 4th session information and the first session information are consistent.If
4th session information is consistent with the first session information, then the first session information is matched with the second session information.
For example, under video on demand scene, the injurious act of resource address is stolen if it does not exist, Resource Server is from network
The second session information KeyQuery value is obtained in resource request, is obtained from the browser Cookie under the domain name of video on demand website
Take the first session information (i.e. third session information) KeyCookie value, whether the second session information KeyQuery value of identification can be with
Be decrypted, do not allow if it can not be decrypted access Internet resources, if can be decrypted decode (KeyQuery)=RID,
KeyCookieDecode then obtains the mark (RID) and the 4th session information KeyCookieDecode of target resource, judges
Whether four session information KeyCookieDecode and the first session information KeyCookie are equal, first session information if equal
It matches with the second session information, otherwise mismatches.
According in the embodiment of the present application, by receiving network resource request, obtain that the network resource request carries the
One session information determines whether first session information is non-empty information, if so, allowing to access Internet resources, identification second
Whether session information meets presupposed information rule, and whether the first session information of identification matches with the second session information, if matching
Determining allows to access Internet resources, and server is allowed to determine whether access network money according to the first session information
Source, then when resource address is stolen, if not having the first session information or the first session information table in network resource request
Bright resource content request end with resource address requests end be not it is same, Internet resources can not be just accessed, that is to say, that according to
The first entrained session information may determine whether to allow to access Internet resources, and having prevented can be usurped by resource address
The injurious act of Internet resources avoids the waste of server resource.
To make those skilled in the art more fully understand the application, below by way of specific example to a kind of reality of the application
Existing mode is illustrated.
The schematic diagram as shown in FIG. 6 that Internet resources are accessed when being stolen there is no resource address.
Wherein, user is resource content request end, and server (a.com) is Resource Server, is stored in CDN server
Internet resources specifically comprise the following steps:
Step 1, the request of the mark (RID) of carrying Internet resources is initiated with user orientation server (a.com).
Step 2, RID and user information (User) are sent to server (a.com).
Step 3, after server (a.com) receives, Hash calculation is carried out to user information (User), obtains third session letter
It ceases KeyCookie=hash (User), then KeyCookie and RID is encrypted, obtain the second session information KeyQuery
=encode (RID+KeyCookie).
Step 4, server (a.com) sends resource link (i.e. resource address) and KeyQuery and KeyCookie
To user, wherein KeyCookie is sent by way of set cookie.
Step 5, KeyCookie is recorded under local a.com domain name in cookie.
Step 6, CDN server receives KeyQuery, reads KeyCookie under the a.com domain name of user browser.
Step 7, whether CDN server judges whether KeyQuery is legal, i.e., can be successfully decrypted.If it is illegal (i.e.
Can not decrypt), 12 are thened follow the steps, does not send Internet resources to user, and terminate.
Step 8, CDN server to KeyQuery be decrypted decode (KeyQuery)=RID,
KeyCookieDecode obtains RID and KeyCookieDecode.
Step 9, judge whether KeyCookieDecode is equal to KeyCookie, if being not equal to, then follow the steps 12, not to
User sends Internet resources, and terminates.If being equal to, 10 are thened follow the steps.
Step 10, the corresponding Internet resources of RID are sent to resource content request end by CDN server.
Step 11, resource is showed into user, and terminated.
Step 12, Internet resources are not sent to user, and terminated.
The schematic diagram that Internet resources are accessed when being stolen there are resource address as shown in Figure 7.
Wherein, stealing chain server (evil.com) is intermediate server, is specifically comprised the following steps:
Step 1, request of the user to the mark (RID) for stealing chain server (evil.com) initiation carrying Internet resources.
Step 2, RID is sent to robber chain server (evil.com).
Step 3, it steals chain server (evil.com) and requests Internet resources RID to server (a.com).
Step 4, chain server (evil.com) is stolen to send RID to server (a.com) and steal chain server info
(EvilServer)。
Step 5, after server (a.com) receives, Hash calculation is carried out to chain server info (EvilServer) is stolen, is obtained
To third session information KeyCookieEvil=hash (EvilServer), then KeyCookieEvil and RID are added
It is close, obtain the second session information KeyQuery=encode (RID+KeyCookieEvil).
Step 6, resource address and KeyQuery and KeyCookieEvil are sent to by server (a.com) steals chain clothes
It is engaged in device (evil.com), wherein KeyCookieEvil is sent by way of set cookie.
Step 7, it steals chain server (evil.com) KeyCookieEvil is recorded under local a.com domain name
In cookie.
Step 8, chain server (evil.com) is stolen by resource address, KeyQuery is sent to resource content request end, with
And KeyCookieEvil is sent to resource content request end by way of set cookie.
Step 9, KeyCookieEvil is recorded in the cookie under local evil.com domain name by resource content request end
In.
Step 10, CDN server receives KeyQuery, reads under the a.com domain name of user browser
KeyCookieUser。
Step 11, whether CDN server judges whether KeyQuery is legal, i.e., can be successfully decrypted.If it is illegal (i.e.
Can not decrypt), 14 are thened follow the steps, does not send Internet resources to user, and terminate.
Step 12, CDN server to KeyQuery be decrypted decode (KeyQuery)=RID,
KeyCookieDecode obtains RID and KeyCookieDecode.
Step 13, KeyCookieDecode is equal to KeyCookieEvil, is not equal to KeyCookieUser, executes step
14。
Step 14, Internet resources are not sent to user, and terminated.
The schematic diagram of the treatment process of Internet resources as shown in Figure 8.
Step 1, vod server (Resource Server) receives the web-page requests that client (resource content request end) is sent.
Step 2, vod server generates two Key:KeyCookie and KeyQuery, together together with network resources address
It is sent to client, wherein KeyCookie must be sent in a manner of set cookie.
Step 3, KeyCookie is written in the cookie under the vod server domain name client.
Step 4, client sends network resource request to CDN server.
Step 5, CDN server reads KeyQuery from client request, reads from client cookie
KeyCookie, is authenticated and (determines whether access Internet resources).
The schematic diagram of vod server as shown in Figure 9 to the treatment process of Internet resources.
Step 1, vod server generates KeyCookie.
Step 2, vod server generates KeyQuery=encode (KeyCookie, RID).
Step 3, KeyCookie, KeyQuery and resource address are sent client by vod server together, wherein
KeyCookie must be sent in a manner of set cookie, and KeyQuery can be sent in any way.
The schematic diagram of CDN server as shown in Figure 10 to the treatment process of Internet resources.
Step 1, CDN server reads KeyQuery from the request of client.
Step 2, judge whether KeyQuery is legal, i.e., whether can be successfully decrypted.It (can not decrypt) if it is illegal,
Then follow the steps 6.
Step 3, CDN server reads KeyCookie from the cookie of client.
Step 4, CDN server judges whether encode (KeyCookie, RID) is equal to KeyQuery and holds if being equal to
Row step 5, if not equal to thening follow the steps 6.
Step 5, Internet resources are sent to client.
Step 6, Internet resources are not sent to client, and terminated.
Referring to Fig.1 1, show a kind of structural frames of network resource accession Installation practice according to the embodiment of the present application five
Figure, can specifically include:
The first information obtains module 501, for obtaining the first meeting of preservation corresponding with the server identification of Resource Server
Information is talked about, first session information is used to mark the first session of the Resource Server Yu resource content request end;
First information adding module 502, for first session information to be added to network resource request, according to institute
The first session information carried determines whether access Internet resources;
Initiation module 503 is requested, for initiating the network resource request according to resource address.
In a kind of embodiment of the application, optionally, described device further include:
Second data obtaining module, for obtaining first saved corresponding with the server identification of Resource Server described
Before session information, the second session information that resource address and Resource Server provide is obtained, second session information is used
In the second session and target resource that mark the Resource Server and resource address requests end, the resource address requests end
Including resource content request end or intermediate server.
In a kind of embodiment of the application, optionally, described device further include:
Second information adding module is used for before the network resource request according to resource address initiation, by institute
It states the second session information and is added to the network resource request, to be determined in conjunction with first session information and the second session information
Whether allow to access Internet resources.
In a kind of embodiment of the application, optionally, described device further include:
Third data obtaining module, for obtaining first saved corresponding with the server identification of Resource Server described
Before session information, the third session information that Resource Server provides is obtained, wherein the third session information is for marking institute
State the second session of Resource Server Yu resource address requests end.
In a kind of embodiment of the application, optionally, the resource address requests end include resource content request end or
Intermediate server, when the resource address requests end includes resource content request end, the third session information and the first meeting
It is identical to talk about information, when the resource address requests end includes intermediate server, the third session information and the first session are believed
Breath is different.
In a kind of embodiment of the application, optionally, described device further include:
Preserving module, for by the third session information it is corresponding with the server identification that resource address provides end save,
It includes intermediate server or Resource Server that the resource address, which provides end,.
In a kind of embodiment of the application, optionally, the server identification includes domain name, the third session information
Information write instruction is carried, the preserving module includes:
Implementation sub-module, for the resource to be written in the third session information by executing the information write instruction
The corresponding storage location of domain name at address offer end.
In a kind of embodiment of the application, optionally, the information write instruction includes set cookie instruction.
According in the embodiment of the present application, pass through the first session of acquisition preservation corresponding with the server identification of Resource Server
First session information is added to network resource request, and initiates network resource request according to resource address by information, so that
Server can determine whether access Internet resources according to the first session information, then when resource address is stolen,
If there is no the first session information or the first session information to show resource content request end and resource address in network resource request
Request end be not it is same, Internet resources can not be just accessed, that is to say, that can be true according to the first entrained session information
It is fixed whether to allow to access Internet resources, the injurious act that can usurp Internet resources by resource address has been prevented, has been avoided
The waste of server resource.
Referring to Fig.1 2, show a kind of structural frames of Internet resources processing device embodiment according to the embodiment of the present application six
Figure, can specifically include:
Request receiving module 601, for receiving network resource request;
The first information obtains module 602, the first session information carried for obtaining the network resource request, and described the
One session information be used for markup resources server and resource content request end the first session, first session information with it is described
The server identification of Resource Server is in the corresponding preservation in the resource content request end;
Determining module 603, for determining whether access Internet resources according to first session information.
In a kind of embodiment of the application, optionally, the determining module includes:
Non-empty decision sub-module, for determining whether first session information is non-empty information, if so, allowing to access net
Network resource.
In a kind of embodiment of the application, optionally, the network resource request also carries the second session information, described
Second session information is used to mark the second session of the Resource Server Yu resource address requests end, the resource address requests
End includes resource content request end or intermediate server;
The determining module includes:
Match cognization submodule, whether first session information matches with the second session information for identification.
In a kind of embodiment of the application, optionally, second session information includes the resource identification of Internet resources,
The match cognization submodule includes:
4th information generating unit, for generating the 4th session information according to resource identification and the second session information;
Consistent judging unit, for determining whether the 4th session information and the first session information are consistent.
In a kind of embodiment of the application, optionally, described device further include:
Regular identification module, whether second session information meets presupposed information rule for identification.
In a kind of embodiment of the application, optionally, described device further include:
Request receiving module, for receiving resource address acquisition request before receiving network resource request;
Information generating module, for generating the second session information and being supplied to resource address requests end.
In a kind of embodiment of the application, optionally, the information generating module includes:
Information determines submodule, for determining described second according to resource address requests client information and target resource identifier
Session information.
According in the embodiment of the present application, by receiving network resource request, obtain that the network resource request carries the
One session information determines whether access Internet resources according to first session information, allows server according to the
One session information come determine whether access Internet resources, then when resource address is stolen, if in network resource request
Show that resource content request end and resource address requests end are not same without the first session information or the first session information
A, Internet resources can not be just accessed, that is to say, that may determine whether to allow to access according to the first entrained session information
Internet resources have prevented the injurious act that Internet resources can be usurped by resource address, avoid the wave of server resource
Take.
For device embodiment, since it is basically similar to the method embodiment, related so being described relatively simple
Place illustrates referring to the part of embodiment of the method.
Embodiment of the disclosure can be implemented as using any suitable hardware, firmware, software, or and any combination thereof into
The system of the desired configuration of row.Figure 13, which is schematically shown, can be used for realizing showing for each embodiment described in the disclosure
Example property system (or device) 700.
For one embodiment, Figure 13 shows exemplary system 700, the system have one or more processors 702,
It is coupled to the system control module (chipset) 704 of at least one of (one or more) processor 702, is coupled to and be
The system storage 706 for control module 704 of uniting is coupled to the nonvolatile memory (NVM) of system control module 704/deposit
Storage equipment 708 is coupled to one or more input-output apparatus 710 of system control module 704, and is coupled to and is
The network interface 712 for control module 706 of uniting.
Processor 702 may include one or more single or multiple core processors, processor 702 may include general processor or
Any combination of application specific processor (such as graphics processor, application processor, Baseband processor etc.).In some embodiments,
System 700 can be as the browser described in the embodiment of the present application.
In some embodiments, system 700 may include with instruction one or more computer-readable mediums (for example,
System storage 706 or NVM/ store equipment 708) and mutually merge with the one or more computer-readable medium and be configured as
Execute instruction the one or more processors 702 to realize module thereby executing movement described in the disclosure.
For one embodiment, system control module 704 may include any suitable interface controller, with to (one or
It is multiple) at least one of processor 702 and/or any suitable equipment or component that communicate with system control module 704 mentions
For any suitable interface.
System control module 704 may include Memory Controller module, to provide interface to system storage 706.Storage
Device controller module can be hardware module, software module and/or firmware module.
System storage 706 can be used for for example, load of system 700 and storing data and/or instruction.For a reality
Example is applied, system storage 706 may include any suitable volatile memory, for example, DRAM appropriate.In some embodiments
In, system storage 706 may include four Synchronous Dynamic Random Access Memory of Double Data Rate type (DDR4SDRAM).
For one embodiment, system control module 704 may include one or more i/o controllers, with to
NVM/ stores equipment 708 and (one or more) input-output apparatus 710 provides interface.
For example, NVM/ storage equipment 708 can be used for storing data and/or instruction.NVM/ storage equipment 708 may include appointing
It anticipates nonvolatile memory appropriate (for example, flash memory) and/or to may include that any suitable (one or more) is non-volatile deposit
Equipment is stored up (for example, one or more hard disk drives (HDD), one or more CD (CD) drivers and/or one or more
Digital versatile disc (DVD) driver).
NVM/ storage equipment 708 may include a part for the equipment being physically mounted on as system 700
Storage resource or its can by the equipment access without a part as the equipment.For example, NVM/ storage equipment 708 can
It is accessed by network via (one or more) input-output apparatus 710.
(one or more) input-output apparatus 710 can be provided for system 700 interface with other any equipment appropriate
Communication, input-output apparatus 710 may include communication component, audio component, sensor module etc..Network interface 712 can be
System 700 provides interfaces with by one or more network communications, system 700 can according to one or more wireless network standards and/
Or arbitrary standards in agreement and/or agreement are carried out wireless communication with the one or more components of wireless network, such as are accessed
Wireless network based on communication standard, such as WiFi, 2G or 3G or their combination carry out wireless communication.
For one embodiment, at least one of (one or more) processor 702 can be with system control module 704
The logic of one or more controllers (for example, Memory Controller module) is packaged together.For one embodiment, (one
Or multiple) at least one of processor 702 can be encapsulated in the logic of one or more controllers of system control module 704
Together to form system in package (SiP).For one embodiment, at least one of (one or more) processor 702 can
It is integrated on same mold with the logic of one or more controllers of system control module 704.For one embodiment, (one
It is a or multiple) at least one of processor 702 can be integrated with the logic of one or more controllers of system control module 704
To form system on chip (SoC) on same mold.
In various embodiments, system 700 can be, but not limited to be: browser, work station, desk-top calculating equipment or movement
It calculates equipment (for example, lap-top computing devices, handheld computing device, tablet computer, net book etc.).In various embodiments,
System 700 can have more or fewer components and/or different frameworks.For example, in some embodiments, system 700 includes
One or more video cameras, keyboard, liquid crystal display (LCD) screen (including touch screen displays), nonvolatile memory port,
Mutiple antennas, graphic chips, specific integrated circuit (ASIC) and loudspeaker.
Wherein, if display includes touch panel, display screen may be implemented as touch screen displays, be used by oneself with receiving
The input signal at family.Touch panel includes one or more touch sensors to sense the hand on touch, slide, and touch panel
Gesture.The touch sensor can not only sense the boundary of a touch or slide action, but also detect and the touch or sliding
Operate relevant duration and pressure.
The embodiment of the present application also provides a kind of non-volatile readable storage medium, be stored in the storage medium one or
Multiple modules (programs) when the one or more module is used in terminal device, can make the terminal device execute
The instruction (instructions) of various method steps in the embodiment of the present application.
Provide a kind of computer equipment in one example, including memory, processor and storage are on a memory simultaneously
The computer program that can be run on a processor, which is characterized in that the processor is realized such as when executing the computer program
The method of the embodiment of the present application.
A kind of computer readable storage medium is additionally provided in one example, is stored thereon with computer program, it is special
Sign is, one or more methods such as the embodiment of the present application are realized when which is executed by processor.
The embodiment of the present application discloses a kind of network resource access method and device, and example 1 includes that a kind of Internet resources are visited
Ask method, comprising:
The first session information of preservation corresponding with the server identification of Resource Server is obtained, first session information is used
In the first session for marking the Resource Server and resource content request end;
First session information is added to network resource request, to be according to entrained the first session information determination
It is no to allow to access Internet resources;
The network resource request is initiated according to resource address.
Example 2 may include method described in example 1, wherein in the server identification pair of the acquisition and Resource Server
Before the first session information that should be saved, the method also includes:
The second session information that resource address and Resource Server provide is obtained, second session information is for marking
Second session at the Resource Server and resource address requests end and target resource, the resource address requests end include money
Source contents request end or intermediate server.
Example 3 may include method described in example 1 and/or example 2, wherein it is described initiated according to resource address described in
Before network resource request, the method also includes:
Second session information is added to the network resource request, in conjunction with first session information and second
Session information determines whether access Internet resources.
Example 4 may include method described in 3 one or more of example 1- example, wherein in the acquisition and resource service
Before corresponding the first session information saved of the server identification of device, the method also includes:
Obtain the third session information that Resource Server provides, wherein the third session information is for marking the money
Second session of source server and resource address requests end.
Example 5 may include method described in 4 one or more of example 1- example, wherein the resource address requests end packet
Resource content request end or intermediate server are included, when the resource address requests end includes resource content request end, described
Three session informations are identical as the first session information, when the resource address requests end includes intermediate server, the third meeting
It is different from the first session information to talk about information.
Example 6 may include method described in 5 one or more of example 1- example, wherein the method also includes:
By third session information preservation corresponding with the server identification that resource address provides end, the resource address is mentioned
It include intermediate server or Resource Server for end.
Example 7 may include method described in 6 one or more of example 1- example, wherein the server identification includes domain
Name, the third session information carries information write instruction, described to provide the third session information and resource address to end
Server identification corresponds to save
The resource address is written into the third session information by the execution information write instruction, the domain at end is provided
The corresponding storage location of name.
Example 8 may include method described in 7 one or more of example 1- example, wherein the information write instruction includes
Set cookie instruction.
Example 9 includes a kind of network resource processing method, comprising:
Receive network resource request;
The first session information that the network resource request carries is obtained, first session information takes for markup resources
The server identification of first session of business device and resource content request end, first session information and the Resource Server exists
The resource content request end is corresponding to be saved;
Access Internet resources are determined whether according to first session information.
Example 10 may include method described in example 9, wherein described to be determined whether according to first session information
Accessing Internet resources includes:
Determine whether first session information is non-empty information, if so, allowing to access Internet resources.
Example 11 may include method described in example 9 and/or example 10, wherein the network resource request also carries
Two session informations, second session information are used to mark the second session of the Resource Server Yu resource address requests end,
The resource address requests end includes resource content request end or intermediate server;
It is described to determine whether that access Internet resources include: according to first session information
Identify whether first session information matches with the second session information.
Example 12 may include method described in 11 one or more of example 9- example, wherein the second session information packet
The resource identification of Internet resources is included, identification first session information includes: with whether the second session information matches
The 4th session information is generated according to resource identification and the second session information;
Determine whether the 4th session information and the first session information are consistent.
Example 13 may include method described in 12 one or more of example 9- example, wherein the method also includes:
Identify whether second session information meets presupposed information rule.
Example 14 may include method described in 13 one or more of example 9- example, wherein receive network resource request
Before, the method also includes:
Receive resource address acquisition request;
It generates the second session information and is supplied to resource address requests end.
Example 15 may include method described in 14 one or more of example 9- example, wherein the second session of generation letter
Breath includes:
Second session information is determined according to resource address requests client information and target resource identifier.
Example 16 includes a kind of network resource accession device, comprising:
The first information obtains module, and the first session for obtaining preservation corresponding with the server identification of Resource Server is believed
Breath, first session information are used to mark the first session of the Resource Server Yu resource content request end;
First information adding module, for first session information to be added to network resource request, with according to being taken
First session information of band determines whether access Internet resources;
Initiation module is requested, for initiating the network resource request according to resource address.
Example 17 may include device described in example 16, wherein described device further include:
Second data obtaining module, for obtaining first saved corresponding with the server identification of Resource Server described
Before session information, the second session information that resource address and Resource Server provide is obtained, second session information is used
In the second session and target resource that mark the Resource Server and resource address requests end, the resource address requests end
Including resource content request end or intermediate server.
Example 18 may include device described in example 16 and/or example 17, wherein described device further include:
Second information adding module is used for before the network resource request according to resource address initiation, by institute
It states the second session information and is added to the network resource request, to be determined in conjunction with first session information and the second session information
Whether allow to access Internet resources.
Example 19 may include device described in 18 one or more of example 16- example, wherein described device further include:
Third data obtaining module, for obtaining first saved corresponding with the server identification of Resource Server described
Before session information, the third session information that Resource Server provides is obtained, wherein the third session information is for marking institute
State the second session of Resource Server Yu resource address requests end.
Example 20 may include device described in 19 one or more of example 16- example, wherein the resource address requests end
It is described when the resource address requests end includes resource content request end including resource content request end or intermediate server
Third session information is identical as the first session information, when the resource address requests end includes intermediate server, the third
Session information is different from the first session information.
Example 21 may include device described in 20 one or more of example 16- example, wherein described device further include:
Preserving module, for by the third session information it is corresponding with the server identification that resource address provides end save,
It includes intermediate server or Resource Server that the resource address, which provides end,.
Example 22 may include device described in 20 one or more of example 16- example, wherein the server identification includes
Domain name, the third session information carry information write instruction, and the preserving module includes:
Implementation sub-module, for the resource to be written in the third session information by executing the information write instruction
The corresponding storage location of domain name at address offer end.
Example 23 may include device described in 22 one or more of example 16- example, wherein the information write instruction packet
Include set cookie instruction.
Example 24 includes a kind of Internet resources processing unit, comprising:
Request receiving module, for receiving network resource request;
The first information obtains module, the first session information carried for obtaining the network resource request, and described first
Session information is used for the first session of markup resources server and resource content request end, first session information and the money
The server identification of source server is in the corresponding preservation in the resource content request end;
Determining module, for determining whether access Internet resources according to first session information.
Example 25 may include device described in example 24, wherein the determining module includes:
Non-empty decision sub-module, for determining whether first session information is non-empty information, if so, allowing to access net
Network resource.
Example 26 may include device described in example 24 and/or example 25, wherein the network resource request also carries
Two session informations, second session information are used to mark the second session of the Resource Server Yu resource address requests end,
The resource address requests end includes resource content request end or intermediate server;
The determining module includes:
Match cognization submodule, whether first session information matches with the second session information for identification.
Example 27 may include device described in 26 one or more of example 24- example, wherein the second session information packet
The resource identification of Internet resources is included, the match cognization submodule includes:
4th information generating unit, for generating the 4th session information according to resource identification and the second session information;
Consistent judging unit, for determining whether the 4th session information and the first session information are consistent.
Example 28 may include device described in 27 one or more of example 24- example, wherein described device further include:
Regular identification module, whether second session information meets presupposed information rule for identification.
Example 29 may include device described in 28 one or more of example 24- example, wherein described device further include:
Request receiving module, for receiving resource address acquisition request before receiving network resource request;
Information generating module, for generating the second session information and being supplied to resource address requests end.
Example 30 may include device described in 29 one or more of example 24- example, wherein the information generating module packet
It includes:
Information determines submodule, for determining described second according to resource address requests client information and target resource identifier
Session information.
Example 31 includes a kind of computer equipment, including memory, processor and storage on a memory and can handled
The computer program run on device, the processor are realized when executing the computer program as example 1-15 is one or more
Method.
Example 32 includes a kind of computer readable storage medium, is stored thereon with computer program, the program is by processor
The method such as example 1-15 one or more is realized when execution.
Although some embodiments are various substitutions, and/or equivalent implementation for the purpose of illustrating and describing
Scheme calculates to reach same purpose and implement the realization for exemplifying and describing, and does not depart from the practical range of the application.This Shen
It please be intended to cover any modification or variation of the embodiment being discussed herein.It is, therefore, apparent that embodiment described herein only by right
It is required that being limited with their equivalent.
Claims (17)
1. a kind of network resource access method characterized by comprising
The first session information of preservation corresponding with the server identification of Resource Server is obtained, first session information is for marking
Remember the first session of the Resource Server Yu resource content request end;
First session information is added to network resource request, to determine whether to permit according to the first entrained session information
Perhaps Internet resources are accessed;
The network resource request is initiated according to resource address.
2. the method according to claim 1, wherein in the server identification pair of the acquisition and Resource Server
Before the first session information that should be saved, the method also includes:
The second session information that resource address and Resource Server provide is obtained, second session information is described for marking
Second session at Resource Server and resource address requests end and target resource, the resource address requests end includes in resource
Hold request end or intermediate server.
3. according to the method described in claim 2, it is characterized in that, being asked described according to the resource address initiation Internet resources
Before asking, the method also includes:
Second session information is added to the network resource request, in conjunction with first session information and the second session
Information determines whether access Internet resources.
4. the method according to claim 1, wherein in the server identification pair of the acquisition and Resource Server
Before the first session information that should be saved, the method also includes:
Obtain the third session information that Resource Server provides, wherein the third session information is for marking the resource to take
Second session of business device and resource address requests end.
5. according to the method described in claim 4, it is characterized in that, the resource address requests end includes resource content request end
Or intermediate server, when the resource address requests end includes resource content request end, the third session information and first
Session information is identical, when the resource address requests end includes intermediate server, the third session information and the first session
Information is different.
6. according to the method described in claim 4, it is characterized in that, the method also includes:
By third session information preservation corresponding with the server identification that resource address provides end, the resource address provides end
Including intermediate server or Resource Server.
7. according to the method described in claim 6, it is characterized in that, the server identification includes domain name, the third session
Information carries information write instruction, described by third session information guarantor corresponding with the server identification that resource address provides end
It deposits and includes:
The resource address is written into the third session information by the execution information write instruction, the domain name pair at end is provided
The storage location answered.
8. the method according to the description of claim 7 is characterized in that the information write instruction includes set cookie instruction.
9. a kind of network resource processing method characterized by comprising
Receive network resource request;
The first session information that the network resource request carries is obtained, first session information is used for markup resources server
With first session at resource content request end, the server identification of first session information and the Resource Server is described
Resource content request end is corresponding to be saved;
Access Internet resources are determined whether according to first session information.
10. according to the method described in claim 9, it is characterized in that, described determine whether to permit according to first session information
Perhaps access Internet resources include:
Determine whether first session information is non-empty information, if so, allowing to access Internet resources.
11. according to the method described in claim 9, it is characterized in that, the network resource request also carries the second session information,
Second session information is used to mark the second session of the Resource Server Yu resource address requests end, the resource address
Request end includes resource content request end or intermediate server;
It is described to determine whether that access Internet resources include: according to first session information
Identify whether first session information matches with the second session information.
12. according to the method for claim 11, which is characterized in that second session information includes the resource of Internet resources
Mark, identification first session information include: with whether the second session information matches
The 4th session information is generated according to resource identification and the second session information;
Determine whether the 4th session information and the first session information are consistent.
13. according to the method for claim 11, which is characterized in that the method also includes:
Identify whether second session information meets presupposed information rule.
14. according to the method for claim 11, which is characterized in that before receiving network resource request, the method is also
Include:
Receive resource address acquisition request;
It generates the second session information and is supplied to resource address requests end.
15. according to the method for claim 14, which is characterized in that the second session information of the generation includes:
Second session information is determined according to resource address requests client information and target resource identifier.
16. a kind of computer equipment including memory, processor and stores the meter that can be run on a memory and on a processor
Calculation machine program, which is characterized in that the processor realizes such as claim 1-15 mono- or more when executing the computer program
A method.
17. a kind of computer readable storage medium, is stored thereon with computer program, which is characterized in that the program is by processor
The method such as claim 1-15 one or more is realized when execution.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810355317.5A CN110392022B (en) | 2018-04-19 | 2018-04-19 | Network resource access method, computer equipment and storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810355317.5A CN110392022B (en) | 2018-04-19 | 2018-04-19 | Network resource access method, computer equipment and storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110392022A true CN110392022A (en) | 2019-10-29 |
CN110392022B CN110392022B (en) | 2022-04-05 |
Family
ID=68283838
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810355317.5A Active CN110392022B (en) | 2018-04-19 | 2018-04-19 | Network resource access method, computer equipment and storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110392022B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113839936A (en) * | 2021-09-14 | 2021-12-24 | 网宿科技股份有限公司 | Anti-theft method, electronic device and computer-readable storage medium |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2001090912A1 (en) * | 2000-05-25 | 2001-11-29 | Qmgn, Inc. | Enhanced downloading from a computer network and profiling of a user of a computer network |
CN102685086A (en) * | 2011-04-14 | 2012-09-19 | 天脉聚源(北京)传媒科技有限公司 | File access method and system |
CN102857575A (en) * | 2012-09-21 | 2013-01-02 | 深圳市宜搜科技发展有限公司 | Download method and system for Internet resources |
CN103067409A (en) * | 2013-01-21 | 2013-04-24 | 中国科学院信息工程研究所 | World wide web (WEB) hotlinking protection method and gateway system thereof |
CN105187397A (en) * | 2015-08-11 | 2015-12-23 | 北京思特奇信息技术股份有限公司 | WEB system page integration anti-hotlinking method and system |
WO2016155411A1 (en) * | 2015-03-31 | 2016-10-06 | 北京京东尚科信息技术有限公司 | Method and device for restricting massive service requests |
CN106101133A (en) * | 2016-07-14 | 2016-11-09 | 观止云(北京)信息技术有限公司 | A kind of method and system of Streaming Media door chain |
CN107911336A (en) * | 2017-10-09 | 2018-04-13 | 西安交大捷普网络科技有限公司 | A kind of WEB steals chain means of defence |
-
2018
- 2018-04-19 CN CN201810355317.5A patent/CN110392022B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2001090912A1 (en) * | 2000-05-25 | 2001-11-29 | Qmgn, Inc. | Enhanced downloading from a computer network and profiling of a user of a computer network |
CN102685086A (en) * | 2011-04-14 | 2012-09-19 | 天脉聚源(北京)传媒科技有限公司 | File access method and system |
CN102857575A (en) * | 2012-09-21 | 2013-01-02 | 深圳市宜搜科技发展有限公司 | Download method and system for Internet resources |
CN103067409A (en) * | 2013-01-21 | 2013-04-24 | 中国科学院信息工程研究所 | World wide web (WEB) hotlinking protection method and gateway system thereof |
WO2016155411A1 (en) * | 2015-03-31 | 2016-10-06 | 北京京东尚科信息技术有限公司 | Method and device for restricting massive service requests |
CN105187397A (en) * | 2015-08-11 | 2015-12-23 | 北京思特奇信息技术股份有限公司 | WEB system page integration anti-hotlinking method and system |
CN106101133A (en) * | 2016-07-14 | 2016-11-09 | 观止云(北京)信息技术有限公司 | A kind of method and system of Streaming Media door chain |
CN107911336A (en) * | 2017-10-09 | 2018-04-13 | 西安交大捷普网络科技有限公司 | A kind of WEB steals chain means of defence |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113839936A (en) * | 2021-09-14 | 2021-12-24 | 网宿科技股份有限公司 | Anti-theft method, electronic device and computer-readable storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN110392022B (en) | 2022-04-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11218460B2 (en) | Secure authentication for accessing remote resources | |
US11159626B2 (en) | Session transfer between resources | |
US11777906B2 (en) | Media distribution system with manifest-based entitlement enforcement | |
US10785201B2 (en) | Synchronizing authentication sessions between applications | |
US11792458B2 (en) | Managing concurrent content playback | |
US9218813B2 (en) | Voice and/or facial recognition based service provision | |
CN109683936B (en) | Gray scale distribution method and device, storage medium and electronic equipment | |
US8959583B2 (en) | Access to vaulted credentials using login computer and mobile computing device | |
US20120324552A1 (en) | System and Method for Securing Embedded Media | |
US9232012B1 (en) | Method and system for data usage accounting in a computing device | |
US20120167233A1 (en) | Email trust service | |
CN102238007A (en) | Method, device and system for acquiring session token of user by third-party application | |
US20210075832A1 (en) | Collaborative browsing service using a cloud-based browser | |
US8984612B1 (en) | Method of identifying an electronic device by browser versions and cookie scheduling | |
CN109862560A (en) | A kind of bluetooth authentication method, apparatus, equipment and medium | |
JP2024508595A (en) | System and method for evaluating trust of client devices in a distributed computing system | |
US10218700B2 (en) | Authorizations for computing devices to access a protected resource | |
CN111949959A (en) | Authorization authentication method and device in Oauth protocol | |
CN113572763B (en) | Data processing method and device, electronic equipment and storage medium | |
US20150074826A1 (en) | Authorization information management system, electronic device and method for managing authorization information | |
CN106790697A (en) | Safe Realization of Storing and device | |
CN110392022A (en) | A kind of network resource access method, computer equipment, storage medium | |
US20130036374A1 (en) | Method and apparatus for providing a banner on a website | |
US10602094B1 (en) | Entitlement access token | |
US10965781B2 (en) | Method and server for displaying access content |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40016196 Country of ref document: HK |
|
GR01 | Patent grant | ||
GR01 | Patent grant |