CN111901218A - Message transmission method, SSLVPN proxy server, electronic device and storage medium - Google Patents
Message transmission method, SSLVPN proxy server, electronic device and storage medium Download PDFInfo
- Publication number
- CN111901218A CN111901218A CN202010581458.6A CN202010581458A CN111901218A CN 111901218 A CN111901218 A CN 111901218A CN 202010581458 A CN202010581458 A CN 202010581458A CN 111901218 A CN111901218 A CN 111901218A
- Authority
- CN
- China
- Prior art keywords
- message
- information
- domain name
- web server
- sslvpn
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 62
- 230000005540 biological transmission Effects 0.000 title claims abstract description 43
- 230000008569 process Effects 0.000 claims description 15
- 230000000694 effects Effects 0.000 abstract description 3
- 230000004044 response Effects 0.000 description 17
- 238000010586 diagram Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 5
- 238000012360 testing method Methods 0.000 description 5
- 230000009471 action Effects 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000009191 jumping Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4641—Virtual LANs, VLANs, e.g. virtual private networks [VPN]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present disclosure relates to a message transmission method, an SSLVPN proxy server, an electronic device, and a storage medium, the message transmission method being applicable to the SSLVPN proxy server, the message transmission method including: acquiring a first message from a Web server; if the first message comprises domain name information and/or IP information of an explicit WEB server, coding the first message to obtain a second message which hides the domain name information and/or IP information of the WEB server; and forwarding the second message to a client. By utilizing the technical scheme provided by the disclosure, other people cannot know the real domain name information and/or the IP information of the WEB server from the URL of the client. The problem that potential safety hazards exist in the existing message transmission scheme when intranet resources are accessed through the SSLVPN is solved, the safety of message transmission when the intranet resources are accessed through the SSLVPN is improved, and the effect that other people can be prevented from knowing the real domain name information and/or the IP information of the WEB server from the URL of the client is achieved.
Description
Technical Field
The present disclosure relates to the field of network security technologies, and in particular, to a message transmission method, an SSLVPN proxy server, an electronic device, and a storage medium.
Background
The SSLVPN is a VPN technology that establishes a remote secure access channel based on a secure socket layer protocol. The network access system has a plurality of functions such as network access, online application program and application program access, wherein the network access is the most important and marked function of the SSLVPN. In the network access, the link part in the page replaces the URL and converts the URL into a domain name request which can be resolved to the SSLVPN proxy server, so that the subsequent user interface access is still in the SSLVPN proxy environment.
When an intranet resource is accessed through the SSLVPN, the existing message transmission scheme has potential safety hazards, and therefore how to improve the security of message transmission when the intranet resource is accessed through the SSLVPN is a problem to be solved urgently at present.
Disclosure of Invention
In order to solve the above technical problem or at least partially solve the above technical problem, the present disclosure provides a message transmission method, an SSLVPN proxy server, an electronic device, and a storage medium.
In a first aspect, an embodiment of the present disclosure provides a message transmission method, where the message transmission method is applicable to an SSLVPN proxy server, and the message transmission method includes:
acquiring a first message from a Web server;
if the first message comprises domain name information and/or IP information of an explicit WEB server, coding the first message to obtain a second message which hides the domain name information and/or IP information of the WEB server;
and forwarding the second message to a client.
Further, the first packet includes domain name information and/or IP information of an explicit WEB server, including:
the body of the first message comprises hyperlinks of an absolute path; and/or the presence of a gas in the gas,
the header of the first message comprises a redirection URL.
Further, encoding the first packet to obtain a second packet hiding domain name information and/or IP information of the WEB server, including:
coding the webpage address including domain name information and/or IP information of the explicit WEB server in the first message to obtain a coded webpage address;
and replacing the webpage address in the first message with the coded webpage address to obtain a second message hiding the domain name information and/or the IP information of the WEB server.
Further, the encoding the WEB page address including the domain name information and/or the IP information of the explicit WEB server in the first packet to obtain the encoded WEB page address includes:
identifying a marking source field and a request path in a webpage address including domain name information and/or IP information of a WEB server in the first message, wherein the marking source field comprises a protocol identifier and port information, and the marking source field also comprises domain name information or IP information of the WEB server;
coding the marked source field to obtain a marked target field;
and obtaining the coded webpage address based on the marked destination field and the request path.
Further, obtaining an encoded web page address based on the labeled destination field and the request path, including:
and adding a protocol identifier before the target marking field, and adding the domain name of the SSLVPN proxy server and a request path after the target marking field to obtain the coded webpage address.
Further, adding a protocol identifier before the destination field, and adding a domain name of the SSLVPN proxy server and a request path after the destination field to obtain an encoded web page address, further comprising:
and adding a protocol identifier and a coding identifier before the target marking field, and adding a domain name and a request path of the SSLVPN proxy server after the target marking field to obtain a coded webpage address.
Further, still include:
acquiring a third message from a client, wherein the third message comprises domain name information and IP information of a hidden WEB server;
decoding the third message to obtain a fourth message comprising domain name information and/or IP information of the explicit WEB server; the decoding process is the inverse of the encoding process;
and forwarding the fourth packet to a client.
In a second aspect, an embodiment of the present disclosure further provides an SSLVPN proxy server, including:
the first message acquisition module is used for acquiring a first message from a Web server;
the encoding module is used for encoding the first message to obtain a second message which hides the domain name information and/or the IP information of the WEB server if the first message comprises the domain name information and/or the IP information of the explicit WEB server;
and the forwarding module is used for forwarding the second message to the client.
In a third aspect, an embodiment of the present disclosure further provides an electronic device, including: a processor and a memory;
the processor is configured to perform the steps of any of the methods described above by calling a program or instructions stored in the memory.
In a fourth aspect, the disclosed embodiments also provide a computer-readable storage medium storing a program or instructions for causing a computer to perform the steps of any of the above methods.
Compared with the prior art, the technical scheme provided by the embodiment of the disclosure has the following advantages:
in the technical scheme provided in the embodiment of the present disclosure, if the first packet includes domain name information and/or IP information of an explicit WEB server, the first packet is encoded to obtain a second packet hiding the domain name information and/or IP information of the WEB server; and subsequently forwarding the second message to the client. Therefore, other people cannot know the real domain name information and/or the IP information of the WEB server from the URL of the client. The problem that potential safety hazards exist in the existing message transmission scheme when intranet resources are accessed through the SSLVPN is solved, the safety of message transmission when the intranet resources are accessed through the SSLVPN is improved, and the effect that other people can be prevented from knowing the real domain name information and/or the IP information of the WEB server from the URL of the client is achieved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure.
In order to more clearly illustrate the embodiments or technical solutions in the prior art of the present disclosure, the drawings used in the description of the embodiments or prior art will be briefly described below, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive exercise.
Fig. 1 is a flowchart of a message transmission method according to an embodiment of the present disclosure;
fig. 2 is an interaction diagram of a message transmission process according to an embodiment of the present disclosure;
fig. 3 is a flowchart of another message transmission method provided by the embodiment of the present disclosure;
fig. 4 is a block diagram of an SSLVPN proxy server according to an embodiment of the present disclosure;
fig. 5 is a schematic diagram of a hardware structure of an electronic device according to an embodiment of the present disclosure.
Detailed Description
In order that the above objects, features and advantages of the present disclosure may be more clearly understood, aspects of the present disclosure will be further described below. It should be noted that the embodiments and features of the embodiments of the present disclosure may be combined with each other without conflict.
In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present disclosure, but the present disclosure may be practiced in other ways than those described herein; it is to be understood that the embodiments disclosed in the specification are only a few embodiments of the present disclosure, and not all embodiments.
As background art, currently, when an intranet resource is accessed through an SSLVPN, an existing message transmission scheme has a potential safety hazard. After the applicant fully studies the problem, it is found that an important reason causing the potential safety hazard in the existing message transmission scheme is that domain name information or IP information of the background WEB server is revealed in the URL request format of the existing scheme, so that others can easily read access information of the background WEB server.
Specifically, in the prior art, the SSLVPN proxy server receives a request packet sent by a client, parses the request packet, obtains a packet header and a packet body of the request packet, performs URL replacement on the packet header and the packet body of the request packet according to a preset uplink replacement rule, obtains a target request packet, and sends the target request packet to the WEB server, which is exemplified by:
the request message is: ck-logic-web-com.vpn.test.com/;
the target request message is: web.
The SSLVPN proxy server receives a response message sent by the WEB server, parses the response message, obtains a packet header and a packet body of the response message, and performs URL replacement on the packet header and the packet body of the message according to a preset downlink replacement rule to obtain a target response message, which is exemplified by:
the response message is: *. web.com/.,.;
the target response message is: ck-' web-com.vpn.test.com/.
From the above, it can be seen that, in the target request message and the target response message, the domain name information of the WEB server is explicitly visible, and others can directly read the real URL (for example: logic. Namely, the URL request format of the existing scheme reveals domain name information or IP information of the background WEB server.
To this end, fig. 1 is a flowchart of a message transmission method according to an embodiment of the present disclosure. The message transmission method is suitable for the SSLVPN proxy server. Referring to fig. 1, the message transmission method includes:
s110, acquiring a first message from the Web server.
S120, if the first message comprises the domain name information and/or the IP information of the explicit WEB server, the first message is coded to obtain a second message which hides the domain name information and/or the IP information of the WEB server.
The explicit domain name information and/or IP information of the WEB server refers to domain name information and/or IP information of the WEB server that can be obtained intuitively without processing (such as decoding processing). Com, for example, in the response message in the previous example, the character string (web.com) directly including the domain name information of the WEB server is the domain name information of the explicit WEB server.
There are various specific implementation methods for this step, and the present disclosure does not limit this. Illustratively, first, it is determined whether the first packet includes domain name information and IP information of an explicit WEB server. If the first message is judged to include the domain name information of the explicit WEB server, or the first message includes the IP information of the explicit WEB server, or the first message includes both the domain name information and the IP information of the explicit WEB server, the first message is encoded to obtain a second message hiding the domain name information and/or the IP information of the WEB server. That is, the second packet does not include domain name information of the explicit WEB server, nor IP information of the explicit WEB server.
Further, it is contemplated that in practice, the hyperlink and redirect URL of the absolute path will typically include explicit domain name information and/or IP information for the WEB server. Therefore, optionally, the first packet includes domain name information and/or IP information of the WEB server, including: the body of the first message comprises hyperlinks of the absolute path; and/or the header of the first message comprises a redirection URL. The setting can simplify the identification strategy of the domain name information and/or the IP information of the WEB server.
Further, there are various implementation methods for "encoding the first packet to obtain the second packet hiding the domain name information and/or the IP information of the WEB server", and the disclosure does not limit this. Optionally, encoding a WEB page address including domain name information and/or IP information of the explicit WEB server in the first message to obtain an encoded WEB page address; and replacing the webpage address in the first message by using the coded webpage address to obtain a second message hiding the domain name information and/or the IP information of the WEB server. The essence of the setting is that only the webpage address including the domain name information and/or the IP information of the explicit WEB server in the first message is replaced, so that the domain name information and/or the IP information of the WEB server is hidden, and other data are kept unchanged, and the setting can ensure that the page data finally displayed at the client is complete.
S130, forwarding the second message to the client.
In the technical scheme, if the first message comprises domain name information and/or IP information of an explicit WEB server, the first message is coded to obtain a second message which hides the domain name information and the IP information of the WEB server; and subsequently forwarding the second message to the client. Therefore, other people cannot know the real domain name information and/or the IP information of the WEB server from the URL of the client. The problem that potential safety hazards exist in the existing message transmission scheme when intranet resources are accessed through the SSLVPN is solved, the safety of message transmission when the intranet resources are accessed through the SSLVPN is improved, and the effect that other people can be prevented from knowing the real domain name information and/or the IP information of the WEB server from the URL of the client is achieved.
On the basis of the above scheme, in S120, there are various implementation methods for "encoding the WEB page address including the domain name information and/or the IP information of the WEB server in the first packet to obtain the second packet hiding the domain name information and/or the IP information of the WEB server", which is not limited in this disclosure. Optionally, identifying a tag source field and a request path in a webpage address including domain name information and/or IP information of a WEB server in the first message, where the tag source field includes a protocol identifier and port information, and the tag source field also includes domain name information or IP information of the WEB server; coding the marked source field to obtain a marked target field; and obtaining the coded webpage address based on the marked destination field and the request path.
Illustratively, the URL in the first packet body is http:// test. web. com:81/path _ 1.
The SSLVPN proxy server replaces the URL in the first message packet body with:
https://nt-xhozlcfzrw63j2hayqnb2hi4b2f4xxizltoq.vpn.com/path_1。
wherein, in the URL in the first packet, "http://" is a protocol identifier, "test. WEB. com" is domain name information of the WEB server, "81" is port information, and "path _ 1" is a request path. Web.com:81 "together constitute the markup source field. And coding the marked source field to obtain a marked destination field. The field of the label destination is "xhozlcfzrw 63j2hayqnb2hi4b2f4 xxizoq". The encoded web page address (i.e., https:// nt-xhozfzrrw63j2hayqnb2hib2f2f4xxizoq. vpn. com/path _1) is obtained based on the label destination field "xhozlcfzrw 63j2hayqnb2hi4b2f4 xxizoq" and the request path "path _ 1". And replacing http:// test.web.com:81/path _1 in the first packet by https:// nt-xhozlfrw63j2hayqnb2hi4b2f4xxizoq.vpn.com/path _ 1.
Optionally, when identifying the tag source field and the request path in the WEB page address including the domain name information and/or the IP information of the WEB server in the first packet, the identification may be performed based on a regular rule. The tag source field is encoded, and may be encoded according to a predetermined encoding rule. And how the specific encoding rules are set, the present disclosure does not limit this.
The essence of the technical scheme is that in the process of hiding the domain name, the SSLVPN proxy server extracts three information of a URL protocol, domain name information (or IP information) and a port in a WEB server response packet body into a marking source field by regular rules, encodes the extracted marking source field to obtain a marking destination field, and then uses the encoded marking destination field as a secondary domain name for logging in the SSLVPN domain name, so that the URL information of a page link part is converted into the domain name and hidden, and a new URL is generated. And the replaced URL is returned to the client and displayed, so that the user cannot know the domain name information and/or the IP information of the WEB server from the URL of the browser.
Optionally, obtaining the encoded web page address based on the labeled destination field and the request path includes: and adding a protocol identifier before a target field is marked, and adding the domain name of the SSLVPN proxy server and a request path after the target field is marked to obtain a coded webpage address. In this step, the protocol identifier refers to an identifier of a protocol that the SSLVPN proxy server needs to follow when exchanging data with the client.
Optionally, adding a protocol identifier before the destination field is marked, and after the destination field is marked, adding the domain name of the SSLVPN proxy server and the request path to obtain the encoded web address, further including: and adding a protocol identifier and a coding identifier before a target field is marked, and adding a domain name and a request path of the SSLVPN proxy server after the target field is marked to obtain a coded webpage address. The encoding identifier is used for indicating that the URL is encoded, so that the encoding state of the URL is clarified in the subsequent work.
Optionally, the message transmission method further includes: acquiring a third message from the client, wherein the third message comprises domain name information and IP information of a hidden WEB server; decoding the third message to obtain a fourth message comprising domain name information and/or IP information of the explicit WEB server; the decoding process is the inverse process of the encoding process; and forwarding the fourth message to the client.
Illustratively, the URL in the third packet body is:
https://nt-s453fmixgg33nhi4tsoinb2hi4b2f4xxizltoqy.vpn.com;
the URL in the fourth packet body is: http:// test1.web. com:999
The decoding process is to identify the label destination field of the URL in the third packet body. The destination field marked in the third message is s453fmixgg33nhi4tsoinb2hi4b2f4 xxizoqy. And decoding the marked destination field based on the inverse operation of the encoding rule to obtain http:// test1.web.com:999, and replacing the URL in the third message packet body by using the http:// test1.web.com: 999.
Fig. 2 is an interaction diagram of a message transmission process according to an embodiment of the present disclosure. Fig. 3 is a flowchart of another message transmission method according to an embodiment of the present disclosure. The following describes the message transmission method in detail with reference to fig. 2 and fig. 3.
Referring to fig. 2 and 3, the message transmission method includes:
s210, the user browser in the client initiates an HTTPS request, where the URL format in the request message (i.e., the third message) is: https:// encoding identification-tag destination field SSLVPN address/WEB server request path.
In fig. 2, illustratively, the code flag is "nt-", the tag destination field is "xhozlcfzrw 63j2hayqnb2hi4b2f4 xxizoq", the SSLVPN address is "vpn. com", and the WEB server request path is "path _ 1".
S220, the SSLVPN proxy server decodes and analyzes the marked target field of the request message to obtain the real address of the WEB server to be proxied, and further obtains a target request message (namely, a fourth message).
S230, the SSLVPN proxy server sends a target request message (i.e. a fourth message) to the WEB server.
S240, the SSLVPN proxy server receives a response message (i.e. a first message) sent by the WEB server.
S250, the SSLVPN proxy server extracts, encodes and hides the hyperlink of the absolute path in the packet body of the response message (namely, the first message) to obtain a target response message (namely, the second message). In addition, if the redirection URL exists in the header of the response message (namely, the first message), the same rule is carried out for the redirection URL of the header of the response message (namely, the first message) to carry out encoding hiding.
And S260, the SSLVPN proxy server sends the target response message (namely the second message) to the user browser of the client.
S270, the user browser of the client responds to the click operation of the user again, and the steps S210-S260 are repeated.
In the above technical solution, the method for implementing domain name coding is as follows:
the SSLVPN proxy server is initialized, the monitoring of the domain name is started, and a uniform regular rule and a replacement rule are established.
A first encoding step: matching and acquiring protocols, domain names (IP) and port information in all domain name (or IP) links (namely the URL) with the jumping capability in the response message, marking as a field src (marking source field), and reserving a request path and marking as a path uri;
and a second encoding step: encoding the field src to generate a field dst (a marked destination field);
and a third encoding step: setting a domain name tail identification, namely removing a 'x' from a monitored general domain name, wherein a new request protocol is 'https://' and a domain name coding identification 'nt-';
and a fourth encoding step: a new link is obtained, which is the new request protocol (obtained in the encoding step three) + encoding identification (obtained in the encoding step three) + field dst (obtained in the encoding step two) + "domain name tail (obtained in the encoding step three) + path uri (obtained in the encoding step one). The link can be monitored by the sslvpn proxy server in the form of a domain name;
and a fifth encoding step: and returning a target response message comprising the new link to the user browser. Thus, the user browser receives the content and completes domain name conversion.
The domain name decoding implementation steps are as follows:
the SSLVPN proxy server receives a request message initiated by a user browser, decodes host information of a request header, and the decoding rule is the inverse operation of the encoding rule.
A first decoding step: removing the tail part of the domain name matched with the monitored domain name, which is marked information, and discarding;
and a second decoding step: acquiring a coding identifier and a coded field dst;
and a third decoding step: decoding the coded field dst to obtain the protocol, domain name and port information of the WEB server;
and a fourth decoding step: and restoring the request information. The WEB server original address is the original protocol (obtained in the third decoding step) + the original domain name (obtained in the third decoding step) + the port information (obtained in the third decoding step) + uri (not processed);
and a fifth decoding step: and initiating a request to the analyzed WEB server to complete the SSLVPN agent function.
Fig. 4 is a block diagram of a structure of an SSLVPN proxy server according to an embodiment of the present disclosure. Referring to fig. 4, the SSLVPN proxy server includes:
a first message obtaining module 310, configured to obtain a first message from a Web server;
the encoding module 320 is configured to encode the first packet to obtain a second packet in which domain name information and/or IP information of the WEB server is hidden if the first packet includes explicit domain name information and/or IP information of the WEB server;
a forwarding module 330, configured to forward the second packet to the client.
Further, the first packet includes domain name information and/or IP information of an explicit WEB server, including:
the body of the first message comprises hyperlinks of an absolute path; and/or the presence of a gas in the gas,
the header of the first message comprises a redirection URL.
Further, the encoding module 320, when performing encoding on the first packet to obtain a second packet hiding domain name information and/or IP information of the WEB server, includes:
coding the webpage address including domain name information and/or IP information of the explicit WEB server in the first message to obtain a coded webpage address;
and replacing the webpage address in the first message with the coded webpage address to obtain a second message hiding the domain name information and/or the IP information of the WEB server.
Further, the encoding module 320, when performing the encoding on the WEB page address including the domain name information and/or the IP information of the explicit WEB server in the first packet to obtain the encoded WEB page address, includes:
identifying a marking source field and a request path in a webpage address including domain name information and/or IP information of a WEB server in the first message, wherein the marking source field comprises a protocol identifier and port information, and the marking source field also comprises domain name information or IP information of the WEB server;
coding the marked source field to obtain a marked target field;
and obtaining the coded webpage address based on the marked destination field and the request path.
Further, when the encoding module 320 obtains the encoded web address based on the labeled destination field and the request path, the encoding module includes:
and adding a protocol identifier before the target marking field, and adding the domain name of the SSLVPN proxy server and a request path after the target marking field to obtain the coded webpage address.
Further, the encoding module 320 adds the protocol identifier before the marking destination field, and adds the SSLVPN proxy server domain name and the request path after the marking destination field to obtain the encoded web page address, and further includes:
and adding a protocol identifier and a coding identifier before the target marking field, and adding a domain name and a request path of the SSLVPN proxy server after the target marking field to obtain a coded webpage address.
Further, the SSLVPN proxy server further includes:
the third message acquisition module is used for acquiring a third message from the client, wherein the third message comprises the domain name information and the IP information of the hidden WEB server;
the decoding module is used for decoding the third message to obtain a fourth message comprising domain name information and IP information of the explicit WEB server; the decoding process is the inverse of the encoding process;
and the forwarding module is further used for forwarding the fourth packet to the client.
The apparatus disclosed in the above embodiments can implement the processes of the methods disclosed in the above method embodiments, and has the same or corresponding beneficial effects, and for avoiding repetition, the details are not described herein again.
Fig. 5 is a schematic diagram of a hardware structure of an electronic device according to an embodiment of the present disclosure, and as shown in fig. 5, the electronic device includes:
one or more processors 301, one processor 301 being illustrated in FIG. 5;
a memory 302;
the electronic device may further include: an input device 303 and an output device 304.
The processor 301, the memory 302, the input device 303 and the output device 304 in the electronic apparatus may be connected by a bus or other means, and fig. 5 illustrates the connection by the bus as an example.
The memory 302, which is a non-transitory computer-readable storage medium, may be used to store software programs, computer-executable programs, and modules, such as program instructions/modules (e.g., the first message acquiring module 310, the encoding module 320, and the forwarding module 330 shown in fig. 4) corresponding to the message transmission method in the embodiments of the present disclosure. The processor 301 executes various functional applications of the server and data processing by running software programs, instructions and modules stored in the memory 302, that is, implements the message transmission method of the above-described method embodiment.
The memory 302 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created according to use of the electronic device, and the like. Further, the memory 302 may include high speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, memory 302 optionally includes memory located remotely from processor 301, which may be connected to a terminal device via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The input device 303 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the electronic apparatus. The output means 304 may comprise a display device such as a display screen.
Embodiments of the present disclosure also provide a computer-readable storage medium, which stores a program or instructions, where the program or instructions are used to cause a computer to execute a message transmission method, where the method includes:
acquiring a first message from a Web server;
if the first message comprises domain name information and/or IP information of an explicit WEB server, coding the first message to obtain a second message which hides the domain name information and/or IP information of the WEB server;
and forwarding the second message to a client.
Optionally, the computer-executable instruction, when executed by the computer processor, may be further configured to implement a technical solution of a message transmission method provided in any embodiment of the present disclosure.
From the above description of the embodiments, it is obvious for a person skilled in the art that the present disclosure can be implemented by software and necessary general hardware, and certainly can be implemented by hardware, but in many cases, the former is a better embodiment. Based on such understanding, the technical solutions of the present disclosure may be embodied in the form of a software product, which may be stored in a computer-readable storage medium, such as a floppy disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a FLASH Memory (FLASH), a hard disk or an optical disk of a computer, and includes several instructions for enabling a computer device (which may be a personal computer, a server, or a network device) to execute the methods according to the embodiments of the present disclosure.
It is noted that, in this document, relational terms such as "first" and "second," and the like, may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
The foregoing are merely exemplary embodiments of the present disclosure, which enable those skilled in the art to understand or practice the present disclosure. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the disclosure. Thus, the present disclosure is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (10)
1. A message transmission method is characterized in that the message transmission method is suitable for an SSLVPN proxy server, and comprises the following steps:
acquiring a first message from a Web server;
if the first message comprises domain name information and/or IP information of an explicit WEB server, coding the first message to obtain a second message which hides the domain name information and/or IP information of the WEB server;
and forwarding the second message to a client.
2. The packet transmission method according to claim 1, wherein the first packet includes domain name information and/or IP information of an explicit WEB server, and includes:
the body of the first message comprises hyperlinks of an absolute path; and/or the presence of a gas in the gas,
the header of the first message comprises a redirection URL.
3. The packet transmission method according to claim 1, wherein encoding the first packet to obtain a second packet that hides domain name information and/or IP information of a WEB server includes:
coding the webpage address including domain name information and/or IP information of the explicit WEB server in the first message to obtain a coded webpage address;
and replacing the webpage address in the first message with the coded webpage address to obtain a second message hiding the domain name information and/or the IP information of the WEB server.
4. The message transmission method according to claim 3, wherein the encoding the WEB page address including domain name information and/or IP information of an explicit WEB server in the first message to obtain an encoded WEB page address includes:
identifying a marking source field and a request path in a webpage address including domain name information and/or IP information of a WEB server in the first message, wherein the marking source field comprises a protocol identifier and port information, and the marking source field also comprises domain name information or IP information of the WEB server;
coding the marked source field to obtain a marked target field;
and obtaining the coded webpage address based on the marked destination field and the request path.
5. The message transmission method according to claim 4,
obtaining an encoded web page address based on the labeled destination field and the request path, including:
and adding a protocol identifier before the target marking field, and adding the domain name of the SSLVPN proxy server and a request path after the target marking field to obtain the coded webpage address.
6. The message transmission method according to claim 5,
adding a protocol identifier before the target marking field, and adding an SSLVPN proxy server domain name and a request path after the target marking field to obtain a coded webpage address, and further comprising:
and adding a protocol identifier and a coding identifier before the target marking field, and adding a domain name and a request path of the SSLVPN proxy server after the target marking field to obtain a coded webpage address.
7. The message transmission method according to any of claims 1-6, further comprising:
acquiring a third message from a client, wherein the third message comprises domain name information and IP information of a hidden WEB server;
decoding the third message to obtain a fourth message comprising domain name information and/or IP information of the explicit WEB server; the decoding process is the inverse of the encoding process;
and forwarding the fourth packet to a client.
8. A SSLVPN proxy server, comprising:
the first message acquisition module is used for acquiring a first message from a Web server;
the encoding module is used for encoding the first message to obtain a second message which hides the domain name information and/or the IP information of the WEB server if the first message comprises the domain name information and/or the IP information of the explicit WEB server;
and the forwarding module is used for forwarding the second message to the client.
9. An electronic device, comprising: a processor and a memory;
the processor is adapted to perform the steps of the method of any one of claims 1 to 7 by calling a program or instructions stored in the memory.
10. A computer-readable storage medium, characterized in that it stores a program or instructions for causing a computer to carry out the steps of the method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010581458.6A CN111901218A (en) | 2020-06-23 | 2020-06-23 | Message transmission method, SSLVPN proxy server, electronic device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010581458.6A CN111901218A (en) | 2020-06-23 | 2020-06-23 | Message transmission method, SSLVPN proxy server, electronic device and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111901218A true CN111901218A (en) | 2020-11-06 |
Family
ID=73206463
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010581458.6A Pending CN111901218A (en) | 2020-06-23 | 2020-06-23 | Message transmission method, SSLVPN proxy server, electronic device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111901218A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112769835A (en) * | 2021-01-13 | 2021-05-07 | 网宿科技股份有限公司 | Method for initiating access request and terminal equipment |
| CN114710314A (en) * | 2022-02-21 | 2022-07-05 | 深圳腾银信息咨询有限责任公司 | Configured software service platform access method, device, system and medium |
| CN116233060A (en) * | 2022-12-28 | 2023-06-06 | 北京六方云信息技术有限公司 | Message information hiding method and device, terminal equipment and storage medium |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101242336A (en) * | 2008-03-13 | 2008-08-13 | 杭州华三通信技术有限公司 | Method for remote access to intranet Web server and Web proxy server |
| CN101981888A (en) * | 2008-01-26 | 2011-02-23 | 思杰系统有限公司 | Policy driven fine grain URL encoding mechanism for SSL VPN clientless access |
| CN103067417A (en) * | 2011-10-19 | 2013-04-24 | 华耀(中国)科技有限公司 | Web service mapping method and system of security agent in virtual private network (VPN) |
| CN103944962A (en) * | 2014-03-24 | 2014-07-23 | 汉柏科技有限公司 | Method for Web server information hiding and gateway equipment |
| CN104954380A (en) * | 2015-06-23 | 2015-09-30 | 福建天晴数码有限公司 | Android based monitoring preventing method and system under the condition of public WIFI (wireless fidelity) |
| CN105791451A (en) * | 2014-12-22 | 2016-07-20 | 华为技术有限公司 | Message response method and device |
| CN105991564A (en) * | 2015-02-05 | 2016-10-05 | 阿里巴巴集团控股有限公司 | Message processing method and device |
| CN108965203A (en) * | 2017-05-18 | 2018-12-07 | 腾讯科技(深圳)有限公司 | A kind of resource access method and server |
| CN109495252A (en) * | 2018-12-04 | 2019-03-19 | 深圳前海环融联易信息科技服务有限公司 | Data ciphering method, device, computer equipment and storage medium |
| CN110381049A (en) * | 2019-07-12 | 2019-10-25 | 浙江智贝信息科技有限公司 | A kind of WEB dynamic security defence method and system |
| CN110602269A (en) * | 2019-10-22 | 2019-12-20 | 北京天融信网络安全技术有限公司 | Method for converting domain name |
| CN111262881A (en) * | 2020-02-26 | 2020-06-09 | 杭州云缔盟科技有限公司 | Method for hiding DNS domain name of server accessed by mobile phone APP |
-
2020
- 2020-06-23 CN CN202010581458.6A patent/CN111901218A/en active Pending
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101981888A (en) * | 2008-01-26 | 2011-02-23 | 思杰系统有限公司 | Policy driven fine grain URL encoding mechanism for SSL VPN clientless access |
| CN101242336A (en) * | 2008-03-13 | 2008-08-13 | 杭州华三通信技术有限公司 | Method for remote access to intranet Web server and Web proxy server |
| CN103067417A (en) * | 2011-10-19 | 2013-04-24 | 华耀(中国)科技有限公司 | Web service mapping method and system of security agent in virtual private network (VPN) |
| CN103944962A (en) * | 2014-03-24 | 2014-07-23 | 汉柏科技有限公司 | Method for Web server information hiding and gateway equipment |
| CN105791451A (en) * | 2014-12-22 | 2016-07-20 | 华为技术有限公司 | Message response method and device |
| CN105991564A (en) * | 2015-02-05 | 2016-10-05 | 阿里巴巴集团控股有限公司 | Message processing method and device |
| CN104954380A (en) * | 2015-06-23 | 2015-09-30 | 福建天晴数码有限公司 | Android based monitoring preventing method and system under the condition of public WIFI (wireless fidelity) |
| CN108965203A (en) * | 2017-05-18 | 2018-12-07 | 腾讯科技(深圳)有限公司 | A kind of resource access method and server |
| CN109495252A (en) * | 2018-12-04 | 2019-03-19 | 深圳前海环融联易信息科技服务有限公司 | Data ciphering method, device, computer equipment and storage medium |
| CN110381049A (en) * | 2019-07-12 | 2019-10-25 | 浙江智贝信息科技有限公司 | A kind of WEB dynamic security defence method and system |
| CN110602269A (en) * | 2019-10-22 | 2019-12-20 | 北京天融信网络安全技术有限公司 | Method for converting domain name |
| CN111262881A (en) * | 2020-02-26 | 2020-06-09 | 杭州云缔盟科技有限公司 | Method for hiding DNS domain name of server accessed by mobile phone APP |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112769835A (en) * | 2021-01-13 | 2021-05-07 | 网宿科技股份有限公司 | Method for initiating access request and terminal equipment |
| CN114710314A (en) * | 2022-02-21 | 2022-07-05 | 深圳腾银信息咨询有限责任公司 | Configured software service platform access method, device, system and medium |
| CN116233060A (en) * | 2022-12-28 | 2023-06-06 | 北京六方云信息技术有限公司 | Message information hiding method and device, terminal equipment and storage medium |
| CN116233060B (en) * | 2022-12-28 | 2023-11-03 | 北京六方云信息技术有限公司 | Message information hiding method and device, terminal equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111901218A (en) | Message transmission method, SSLVPN proxy server, electronic device and storage medium | |
| CN107145490B (en) | Webpage loading and displaying method and webpage loading and displaying device | |
| US11675868B2 (en) | Dynamic service worker code for storing information in web browser | |
| CN112272158A (en) | Data proxy method, system and proxy server | |
| CN110602269B (en) | Method for converting domain name | |
| CN101610268B (en) | Implementation method and equipment of keyword filtration | |
| JP2013210896A (en) | Proxy server device, client terminal device, remote access system, transfer control method and program, and access method and program | |
| WO2015024490A1 (en) | Monitoring nat behaviors through uri dereferences in web browsers | |
| CN103401850A (en) | Message filtering method and device | |
| CN103825772B (en) | Identifying user clicks on the method and gateway device of behavior | |
| US7512715B2 (en) | System and method for requesting a resource over at least one network with reduced overhead | |
| CN109561010B (en) | Message processing method, electronic equipment and readable storage medium | |
| CN104601649A (en) | Method and system for providing origin insight for web applications | |
| JP5112401B2 (en) | Web action history acquisition system, Web action history acquisition method, gateway device, and program | |
| WO2017088369A1 (en) | Data cross-domain request method, device and system | |
| CN103970882A (en) | Method and device for rendering page | |
| CN110708308B (en) | Cross-site script vulnerability mining method and system for cloud computing environment | |
| JP5383923B1 (en) | Information processing apparatus, information processing system, information processing method, and program | |
| CN105354269B (en) | Web applicational language Localization methodologies and system based on reverse proxy and information filtering | |
| US7406496B2 (en) | System and method for processing callback requests, which include a client port and address, included in web-based procedure calls | |
| US20040019804A1 (en) | System and method for processing callback requests included in web-based procedure calls through a firewall | |
| US9571447B2 (en) | System and method for accessing information | |
| CN114500113A (en) | JS protection method, system, electronic equipment and medium | |
| WO2018178727A1 (en) | Determining that multiple requests are received from a particular user device | |
| CN114329459A (en) | Browser protection method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201106 |