CN112039888A - Access method, device, equipment and medium for domain name access control - Google Patents
Access method, device, equipment and medium for domain name access control Download PDFInfo
- Publication number
- CN112039888A CN112039888A CN202010897707.2A CN202010897707A CN112039888A CN 112039888 A CN112039888 A CN 112039888A CN 202010897707 A CN202010897707 A CN 202010897707A CN 112039888 A CN112039888 A CN 112039888A
- Authority
- CN
- China
- Prior art keywords
- domain name
- list
- server
- access control
- domain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
The invention provides an access method, device, equipment and medium for domain name access control. The invention changes the IP conversion relation of the domain name from the traditional deployment mode of controlling the gateway equipment into the gateway and the server intercommunicating with the external network, and also brings the external link IP related in the domain name website webpage into the target IP of the control strategy and brings the target IP in the whole request process into the IP set. Through the operation, the invention solves the great problem that the domain name access control is invalid under the scene that the upstream and downstream flow of the firewall is deployed in two layers or deployed in three layers and the management port is an intranet IP, simultaneously the generated IP set is more comprehensive, and the problem that the domain name generated by js dynamic generation of partial outer links is omitted due to the defects of the crawling technology is reduced.
Description
Technical Field
The invention belongs to the technical field of firewall domain name access control, and particularly relates to an access method, device, equipment and medium for domain name access control.
Background
With the increase of the demand of the market for domain access control, a unit manages the internet behavior of an intranet user in the working time period, and the access to the internet irrelevant to work is prohibited in the working time period. Only work-related internet sites are allowed to be accessible. However, in order to increase the compression resistance of the internet website and improve the service stability, these internet websites often have a plurality of servers in an infeasible province, and an optimal IP is dynamically selected and fed back to the user according to load balance. The access control is carried out by configuring the destination IP address, which can cause the phenomenon that the manual configuration strategy workload of a network administrator is large, and the website to be accessed by the intranet is not communicated when the server IP is not updated in time after being changed. With the development of internet websites, the web pages of websites are developed from static pages into a mode of mixing static pages and dynamic pages, resources refer to resources of other websites in large quantity, or a mode of cooperative work of multiple servers, such as zol.com.cn, refers to resources such as pos.baidu.com, g.cn.miaozhen.com, google apis.com, and even some websites embed other websites with specified IP addresses, such as CSDN blogs, which often refer to blog links on other IP servers directly, and the access of the resources cannot be accessed through wildcard matching in advance. If the zol.com.cn is released independently, the content of the webpage is lost, and if all the reference resources are manually configured, the problems of large workload, untimely change and the like are caused.
Taking an example of accessing a zol.com.cn first page, as shown in fig. 1, a browser is opened to input a domain name, and an out-link domain name involved in accessing the zol.com.cn first page is shown in fig. 2; the relevant sub-pages in the visited main page are then shown in figure 3 and the relevant domain names for which the sub-pages are involved are shown in figure 4. If the operations as described above in fig. 1 to 4 are performed, the web page content of the child web page is lost, and if all the reference resources are manually configured, the problems of large workload, untimely change and the like may occur.
In the prior art, as described in the patent "a method and an apparatus for access control, CN 109600385 a", although the access control is implemented by calculating a domain name corresponding to an IP set by simulating a user internet access behavior, the following disadvantages are present:
(1) the website home page analysis and extraction of the domain name corresponding request are placed in the gateway device, only in the scene of deploying the uplink and downlink network flow and then deploying the firewall three-in-one interface, and the deployment is very limited aiming at the network scene. If the gateway product is deployed in a two-layer environment, a management port of the gateway product is also limited in a local area network for the purpose of network security of the gateway product, and the gateway product is isolated from the whole external network environment and cannot access to a website corresponding to a domain name to request;
(2) adding no external link IP carried in the webpage into the finally formed IP set;
(3) the destination IP requested by the whole user simulation process is not included in the IP set, and it is possible that the js dynamically generated domain name of the partial external chain is missed because the crawling technology is defective.
Disclosure of Invention
The invention provides a domain name access control access method, device, equipment and medium, aiming at the defect that a gateway product in the prior art cannot access to a website corresponding to a domain name to the outside in an isolated state in the whole external network environment. The invention changes the IP conversion relation of the domain name from the traditional deployment mode of controlling the gateway equipment into the gateway and the server intercommunicating with the external network, and also brings the external link IP related in the domain name website webpage into the target IP of the control strategy and brings the target IP in the whole request process into the IP set. Through the operation, the invention solves the great problem that the domain name access control is invalid under the scene that the upstream and downstream flow of the firewall is deployed in two layers or deployed in three layers and the management port is an intranet IP, simultaneously the generated IP set is more comprehensive, and the problem that the domain name generated by js dynamic generation of partial outer links is omitted due to the defects of the crawling technology is reduced.
The specific implementation content of the invention is as follows:
the invention has proposed the access method of a domain name access control, dispose network management apparatus and intranet intercommunication and server that can communicate with outer net at first, then turn into the domain name message that users want to control and place on the server and analyze and produce the domain name tabulation, imitate the operation that users visit the domain name normally by the server, obtain the webpage content of the website that the domain name corresponds to, and extract domain name and outer chain domain name in the webpage content, get the first domain name set and first IP set; then, the first domain name set is analyzed to generate a second IP set; then, acquiring a destination address list of an opposite terminal communicated by the server as a source address to generate a third IP set; and finally, combining the first IP set, the second IP set and the third IP set to form a new IP set for domain name access control and management.
In order to better implement the present invention, further, the specific operation of obtaining the first domain name set and the first IP set is:
step 1: configuring access control of a domain name to be controlled on gateway equipment, and simultaneously sending a domain name message to be controlled to a server through a management port;
step 2: receiving a domain name message by a script on a server, starting an analysis script to generate a domain name list, selecting a domain name to be controlled in the domain name list, and simulating user behavior to initiate a normal client request;
and step 3: after a webpage corresponding to a domain name to be controlled is logged in, webpage content is obtained, and the domain name and an outer chain domain name in the webpage content are extracted through a crawler technology;
and 4, step 4: and generating a first IP set according to the domain name of the webpage content and the outer link domain name.
In order to better implement the present invention, further, step 4 specifically includes the following:
step 4.1: extracting domain names and outer chain domain names in webpage contents by a crawler technology, and combining the domain names and the outer chain domain names into a domain name set N in sequence; then, simulating user behavior to initiate normal client request operation on the domain name elements in the domain name set N in sequence;
step 4.2: extracting a domain name, an outer chain domain name and an outer chain IP in the webpage content from the webpage requested to operate and log in by the client in the step 4.1, and generating a domain name set Y;
step 4.3: simulating user behavior to initiate normal client request operation on the domain name elements in the domain name set Y to obtain the domain name, the outer link domain name and the outer link IP in the webpage content of the corresponding webpage and generate a domain name set H;
step 4.4: simulating user behavior to initiate normal client request operation on the domain name set H to obtain a domain name, an outer link domain name and an outer link IP in the webpage content of the corresponding webpage, and generating a domain name set G;
if there is no domain name field in the web page corresponding to any one of the steps 4.1 to 4.4 or after the step 4.4, performing the step 4.5: and combining all the domain name sets and all the IP elements in the steps 4.1-4.4 to obtain a first domain name set and a first IP set.
In order to better implement the present invention, further, the generating of the third IP set specifically includes the following steps:
step 6: acquiring a list of opposite end destination addresses communicated by the server as source addresses to generate a third IP set:
step 6.1: acquiring a message in the whole session process by using a packet capturing tool;
step 6.2: extracting all IP addresses in the acquired message;
step 6.3: and removing the local area network address, the broadcast and multicast address and the local loopback address in all the extracted IP addresses to obtain a third IP set.
In order to better implement the invention, further, when the first IP set, the second IP set and the third IP set are combined to form a new IP set, repeated IP addresses are removed.
In order to better implement the present invention, further, the domain name access control and management specifically includes the following operations:
and 8: associating the domain name requested by the first client in the initial domain name list with a new IP set;
and step 9: similarly, a list is generated by associating the domain names in the domain name list with the corresponding new IP sets.
In order to better implement the present invention, further, after completing domain name access control and management, periodically executing operations including step 9 before step 9, ensuring that the corresponding IP set in the domain name list is updated in time, generating a new list in step 9 after each update, and comparing the results of the new list with the list generated by executing step 9 last time; after the comparison, the changed domain name elements in the domain name list and the corresponding new IP set are sent to the gateway device, and when the gateway device receives the changed domain name elements in the domain name list and the corresponding new IP set, the access control strategy and the black-and-white list control strategy are regenerated.
The invention also provides an access device for domain name access control, which is used for operating the method and comprises gateway equipment and a server;
the network management equipment is connected with the server, and can realize the following functions:
(1) sending the domain name list to a server through network communication;
(2) updating the domain name elements in the domain name list and the corresponding IP set relation according to the received domain name and the new IP set;
(3) regenerating access control and black and white list control related to the domain name;
the server is a server which is communicated with the internal network and the external network, and can realize the following functions:
(1) monitoring IP of network management equipment and a well-defined domain name message of a network communication port;
(2) resolving the domain name message to obtain a domain name list;
(3) converting the domain name list into a domain name set corresponding to the IP set;
(4) and sending the domain name set corresponding to the IP set to the network management equipment.
The invention also provides an electronic device, which comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein the processor realizes the steps of the domain name access control access method when executing the program.
The invention also proposes a computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the above-mentioned domain name access controlled access method.
Compared with the prior art, the invention has the following advantages and beneficial effects:
(1) in the deployment mode: the user of domain name access is simulated on an external network intercommunication server outside the gateway access control strategy equipment, and the gateway product is adaptive to a two-layer or three-layer environment aiming at an uplink and downlink flow deployment mode;
(2) the website browsing behavior of the simulation user cannot be intercepted by the anti-crawler software;
(3) after the simulation user requests the domain name, extracting relevant key information from the website home page content, wherein the domain name website requested by the HTTPS protocol is also suitable for reaching the domain name and the outer link IP in the website content of the SSL encrypted flow, and the outer link domain name also achieves the purpose of management and control;
(4) all the target IP addresses and the external link IP addresses in the webpage content are brought into the target IP set in the process of simulating the user request;
(5) carrying out recursion simulation on the related outer chain domain name to extract a user request and a webpage content domain name and carrying out domain name resolution, so that the resolution is more comprehensive;
(6) the method comprises the steps of periodically requesting and analyzing a domain name under secondary control, issuing a change update of a domain name object once if an IP set calculated by the domain name is changed, and managing a corresponding IP set by the domain name object without any treatment if the domain name is not changed, so that not only can an access control strategy refer to the domain name, but also other schemes such as a black and white list can carry out access control on the domain name.
Drawings
FIG. 1 is an exemplary diagram of entering a domain name for user access;
FIG. 2 is an exemplary diagram of an out-domain name referenced by a home page of a web page accessing a domain name;
FIG. 3 is an exemplary diagram of a sub-page accessed by clicking any quick connect after entering a home page of a web page;
FIG. 4 is an exemplary diagram of an out-domain name involved in accessing the sub-page of FIG. 3;
FIG. 5 is a schematic diagram of a three-tier deployment scenario;
FIG. 6 is a schematic diagram of a two-tier deployment scenario;
FIG. 7 is a schematic flow chart of the present invention.
Detailed Description
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it should be understood that the described embodiments are only a part of the embodiments of the present invention, and not all embodiments, and therefore should not be considered as a limitation to the scope of protection. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention.
In the description of the present invention, it is to be noted that, unless otherwise explicitly specified or limited, the terms "disposed," "connected," and "connected" are to be construed broadly, and may be, for example, fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meanings of the above terms in the present invention can be understood in specific cases to those skilled in the art.
Example 1:
this embodiment provides an access method for domain name access control, as shown in fig. 1, fig. 2, fig. 3, fig. 4, fig. 5, fig. 6, and fig. 7, first of all, a network management device and an intranet are deployed and a server that can be interworked with an extranet is deployed, and then the following operations are performed:
step 1: configuring access control of a domain name to be controlled on gateway equipment, and simultaneously sending a domain name message to be controlled to a server through a management port;
step 2: script reception on a serverDomain name messages, and enables resolution script resolution such as www.zol.com.cn,www.baidu.com,www.tencent.com]generating a domain name list, selecting a domain name needing to be controlled in the domain name list, such as www.zol.com.cn, and simulating user behavior to initiate a normal client request;
and step 3: after a webpage corresponding to a domain name to be controlled is logged in, webpage content is obtained, and the domain name and an outer chain domain name in the webpage content are extracted through a crawler technology;
and 4, step 4: generating a first IP set according to the domain name of the webpage content and the external link domain name:
step 4.1: extracting domain names and outer chain domain names in webpage contents by a crawler technology, and combining the domain names and the outer chain domain names into a domain name set N in sequence; then, simulating user behavior to initiate normal client request operation on the domain name elements in the domain name set N in sequence;
step 4.2: extracting a domain name, an outer chain domain name and an outer chain IP in the webpage content from the webpage requested to operate and log in by the client in the step 4.1, and generating a domain name set Y;
step 4.3: simulating user behavior to initiate normal client request operation on the domain name elements in the domain name set Y to obtain the domain name, the outer link domain name and the outer link IP in the webpage content of the corresponding webpage and generate a domain name set H;
step 4.4: simulating user behavior to initiate normal client request operation on the domain name set H to obtain a domain name, an outer link domain name and an outer link IP in the webpage content of the corresponding webpage, and generating a domain name set G;
if there is no domain name field in the web page corresponding to any one of the steps 4.1 to 4.4 or after the step 4.4, performing the step 4.5: and combining all the domain name sets and all the IP elements in the steps 4.1-4.4 to obtain a first domain name set and a first IP set.
And 5: and resolving the first domain name set to generate a second IP set, for example:
[www.g.cn.miaozhen.com,www.pos.baidu.com,www.googleapis.com]->[49.233.98.203,120.53.212.88,180.149.145.246,216.58.200.36];
step 6: acquiring a list of opposite end destination addresses communicated by the server as source addresses to generate a third IP set:
step 6.1: acquiring a message in the whole session process by using a pcap packet grabbing tool, a python sniff tool or a python scapy message sniffing tool;
step 6.2: extracting all IP addresses in the acquired message;
step 6.3: and removing local area network addresses (such as 192.168.1.1, 10.10.3.3), broadcast and multicast addresses (such as 255.255.255.255, 218.6.200.255) and local loopback addresses (such as 127.x.x.x) in all the extracted IP addresses to obtain a third IP set.
And 7: merging the first IP set, the second IP set and the third IP set, and removing repeated IP addresses to form a new IP set; for example:
[49.233.98.203,49.233.98.203,120.53.212.88,180.149.145.246,216.58.200.36,216.58.200.36]->[49.233.98.203,120.53.212.88,180.149.145.246,216.58.200.36]
and 8: associating the domain name requested by the first client in the initial domain name list with a new IP set; for example:
[www.zol.com.cn:[49.233.98.203,120.53.212.88,180.149.145.246,216.58.200.36]];
and step 9: similarly, the domain names in the domain name list are associated with the corresponding new IP sets to generate a list, and the list is compared with the result of the last execution.
Step 10: after the domain name access control and management is completed, periodically executing the operations including the step 9 before the step 9, ensuring that the corresponding IP set in the domain name list is updated in time, generating a new list in the step 9 after each update, and comparing the results of the new list with the list generated by executing the step 9 last time; for example:
{[www.zol.com.cn:[49.233.98.203,120.53.212.88,180.149.145.246,216.58.200.36]],
[www.baidu.com:[220.181.38.148,39.156.69.79]],
[www.tencent.com:[112.19.7.64,118.212.226.69,112.25.105.32,117.169.101,44,112.132.32.30,121.51.142.185,59.49.91.119,118.180.31.221]]}
the basis of comparison is as follows:
a. the domain name object is changed by user configuration, namely the web resolution server receives the message of the domain name resolution request of the client
b. The server addresses of some domain names are changed, namely after periodic calculation, the domain names ip of some websites are found to be changed, and the server ip addresses of the operating mechanism are changed.
Such as: the result of the last calculation is:
{[www.zol.com.cn:[49.233.98.203,120.53.212.88,180.149.145.246,216.58.200.36]],[www.tencent.com:[112.19.7.64]]};
this indicates that a change in the result requires a message to be sent to the gateway device.
After the comparison, the changed domain name elements in the domain name list and the corresponding new IP set are sent to the gateway device, and when the gateway device receives the changed domain name elements in the domain name list and the corresponding new IP set, the access control strategy and the black-and-white list control strategy are regenerated.
The working principle is as follows: an exemplary operation of performing simulated access on web page content and accessing a sub-web page in the web page content is shown in fig. 1-4, a deployment manner of three layers and two layers is shown in fig. 5 and 6, and a specific flowchart of the present invention is shown in fig. 7.
Example 2:
the embodiment also provides an access device for domain name access control, which is used for operating the method, and the device comprises gateway equipment and a server;
the network management equipment is connected with the server, and can realize the following functions:
(1) sending the domain name list to a server through network communication;
(2) updating the domain name elements in the domain name list and the corresponding IP set relation according to the received domain name and the new IP set;
(3) regenerating access control and black and white list control related to the domain name;
the server is a server which is communicated with the internal network and the external network, and can realize the following functions:
(1) monitoring IP of network management equipment and a well-defined domain name message of a network communication port;
(2) resolving the domain name message to obtain a domain name list;
(3) converting the domain name list into a domain name set corresponding to the IP set;
and sending the domain name set corresponding to the IP set to the network management equipment.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the present invention in any way, and all simple modifications and equivalent variations of the above embodiments according to the technical spirit of the present invention are included in the scope of the present invention.
Claims (10)
1. An access method for domain name access control is characterized in that a server which is communicated with a gateway device and an internal network and can be communicated with an external network is deployed, then a domain name generation domain name message which a user wants to control is placed on the server to be analyzed to generate a domain name list, the server simulates the operation of the user for normally accessing the domain name to obtain the webpage content of a website corresponding to the domain name, and the domain name and an external chain domain name in the webpage content are extracted to obtain a first domain name set and a first IP set; then, the first domain name set is analyzed to generate a second IP set; then, acquiring a destination address list of an opposite terminal communicated by the server as a source address to generate a third IP set; and finally, combining the first IP set, the second IP set and the third IP set to form a new IP set for domain name access control and management.
2. The access method for domain name access control according to claim 1, wherein the specific operation of obtaining the first domain name set and the first IP set is:
step 1: configuring access control of a domain name to be controlled on gateway equipment, and simultaneously sending a domain name message to be controlled to a server through a management port;
step 2: receiving a domain name message by a script on a server, starting an analysis script to generate a domain name list, selecting a domain name to be controlled in the domain name list, and simulating user behavior to initiate a normal client request;
and step 3: after a webpage corresponding to a domain name to be controlled is logged in, webpage content is obtained, and the domain name and an outer chain domain name in the webpage content are extracted through a crawler technology;
and 4, step 4: and generating a first IP set according to the domain name of the webpage content and the outer link domain name.
3. The access method for domain name access control according to claim 2, wherein the step 4 specifically includes the following contents:
step 4.1: extracting domain names and outer chain domain names in webpage contents by a crawler technology, and combining the domain names and the outer chain domain names into a domain name set N in sequence; then, simulating user behavior to initiate normal client request operation on the domain name elements in the domain name set N in sequence;
step 4.2: extracting a domain name, an outer chain domain name and an outer chain IP in the webpage content from the webpage requested to operate and log in by the client in the step 4.1, and generating a domain name set Y;
step 4.3: simulating user behavior to initiate normal client request operation on the domain name elements in the domain name set Y to obtain the domain name, the outer link domain name and the outer link IP in the webpage content of the corresponding webpage and generate a domain name set H;
step 4.4: simulating user behavior to initiate normal client request operation on the domain name set H to obtain a domain name, an outer link domain name and an outer link IP in the webpage content of the corresponding webpage, and generating a domain name set G;
if there is no domain name field in the web page corresponding to any one of the steps 4.1 to 4.4 or after the step 4.4, performing the step 4.5: and combining all the domain name sets and all the IP elements in the steps 4.1-4.4 to obtain a first domain name set and a first IP set.
4. The access method for domain name access control according to claim 1, wherein the generation of the third IP set specifically includes the following steps:
step 6: acquiring a list of opposite end destination addresses communicated by the server as source addresses to generate a third IP set:
step 6.1: acquiring a message in the whole session process by using a packet capturing tool;
step 6.2: extracting all IP addresses in the acquired message;
step 6.3: and removing the local area network address, the broadcast and multicast address and the local loopback address in all the extracted IP addresses to obtain a third IP set.
5. The method of claim 1, wherein duplicate IP addresses are removed when the first IP set, the second IP set, and the third IP set are merged to form a new IP set.
6. The access method of domain name access control according to claim 1, wherein the domain name access control and management specifically includes the following operations:
and 8: associating the domain name requested by the first client in the initial domain name list with a new IP set;
and step 9: similarly, a list is generated by associating the domain names in the domain name list with the corresponding new IP sets.
7. The access method of domain name access control according to claim 6, wherein after completing domain name access control and management, periodically executing the operations including step 9 before step 9, ensuring that the corresponding IP set in the domain name list is updated in time, and after each update, generating a new list in step 9, comparing the results of the new list with the results of the list generated by executing step 9 last time; after the comparison, the changed domain name elements in the domain name list and the corresponding new IP set are sent to the gateway device, and when the gateway device receives the changed domain name elements in the domain name list and the corresponding new IP set, the access control strategy and the black-and-white list control strategy are regenerated.
8. A domain name access controlled access device for performing the method of any one of claims 1 to 7, comprising a gateway apparatus and a server;
the network management equipment is connected with the server, and can realize the following functions:
sending the domain name list to a server through network communication;
updating the domain name elements in the domain name list and the corresponding IP set relation according to the received domain name and the new IP set;
regenerating access control and black and white list control related to the domain name;
the server is a server which is communicated with the internal network and the external network, and can realize the following functions:
monitoring IP of gateway equipment and a domain name message of a well-defined network communication port;
resolving the domain name message to obtain a domain name list;
converting the domain name list into a domain name set corresponding to the IP set;
and sending the domain name set corresponding to the IP set to the gateway equipment.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of the domain name access controlled access method of any of claims 1-7 when executing the program.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the domain name access controlled access method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010897707.2A CN112039888B (en) | 2020-08-31 | 2020-08-31 | Domain name access control access method, device, equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010897707.2A CN112039888B (en) | 2020-08-31 | 2020-08-31 | Domain name access control access method, device, equipment and medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112039888A true CN112039888A (en) | 2020-12-04 |
| CN112039888B CN112039888B (en) | 2023-06-02 |
Family
ID=73586462
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010897707.2A Active CN112039888B (en) | 2020-08-31 | 2020-08-31 | Domain name access control access method, device, equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112039888B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114285627A (en) * | 2021-12-21 | 2022-04-05 | 安天科技集团股份有限公司 | Flow detection method and device, electronic equipment and computer readable storage medium |
| WO2022179353A1 (en) * | 2021-02-25 | 2022-09-01 | 上海哔哩哔哩科技有限公司 | Domain name resolution method and apparatus, and computer device |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6973505B1 (en) * | 1999-09-01 | 2005-12-06 | Eric Schneider | Network resource access method, product, and apparatus |
| US20080005342A1 (en) * | 1999-07-15 | 2008-01-03 | Eric Schneider | Method, product, and apparatus for enhancing resolution services, registration services, and search services |
| CN105100294A (en) * | 2014-05-20 | 2015-11-25 | 阿里巴巴集团控股有限公司 | Webpage acquiring method, system, network server, browser and GSLB |
| CN106301928A (en) * | 2016-08-22 | 2017-01-04 | 深圳市茁壮网络股份有限公司 | A kind of web analysis, acquisition methods and device |
| US20170237706A1 (en) * | 2014-07-18 | 2017-08-17 | Zte Corporation | Method and apparatus for setting network rule entry |
| CN111143722A (en) * | 2019-12-23 | 2020-05-12 | 杭州安恒信息技术股份有限公司 | Method, device, equipment and medium for detecting webpage hidden link |
-
2020
- 2020-08-31 CN CN202010897707.2A patent/CN112039888B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080005342A1 (en) * | 1999-07-15 | 2008-01-03 | Eric Schneider | Method, product, and apparatus for enhancing resolution services, registration services, and search services |
| US6973505B1 (en) * | 1999-09-01 | 2005-12-06 | Eric Schneider | Network resource access method, product, and apparatus |
| CN105100294A (en) * | 2014-05-20 | 2015-11-25 | 阿里巴巴集团控股有限公司 | Webpage acquiring method, system, network server, browser and GSLB |
| US20170237706A1 (en) * | 2014-07-18 | 2017-08-17 | Zte Corporation | Method and apparatus for setting network rule entry |
| CN106301928A (en) * | 2016-08-22 | 2017-01-04 | 深圳市茁壮网络股份有限公司 | A kind of web analysis, acquisition methods and device |
| CN111143722A (en) * | 2019-12-23 | 2020-05-12 | 杭州安恒信息技术股份有限公司 | Method, device, equipment and medium for detecting webpage hidden link |
Non-Patent Citations (5)
| Title |
|---|
| G.ZHAO: "Detecting APT Malware Infections Based on Malicious DNS and Traffic Analysis", 《IEEE ACCESS ( VOLUME: 3)》 * |
| 张文娟等: "基于内、外网访问的DNS安全设置", 《科技信息》 * |
| 王辉: "基于DNS的感染主机分布监测技术研究", 《信息安全研究》 * |
| 范渊: "Web应用风险扫描的研究与应用", 《信息安全与技术》 * |
| 蒋国明等: "基于私有云集群部署开源智能DNS的创新与实践", 《中国教育信息化》 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2022179353A1 (en) * | 2021-02-25 | 2022-09-01 | 上海哔哩哔哩科技有限公司 | Domain name resolution method and apparatus, and computer device |
| CN114285627A (en) * | 2021-12-21 | 2022-04-05 | 安天科技集团股份有限公司 | Flow detection method and device, electronic equipment and computer readable storage medium |
| CN114285627B (en) * | 2021-12-21 | 2023-12-22 | 安天科技集团股份有限公司 | Flow detection method and device, electronic equipment and computer readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112039888B (en) | 2023-06-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8667147B2 (en) | Monitoring related content requests | |
| US7958230B2 (en) | Test driven deployment and monitoring of heterogeneous network systems | |
| WO2018121331A1 (en) | Attack request determination method, apparatus and server | |
| WO2022056996A1 (en) | Method and device for securely accessing intranet application | |
| CN112272158A (en) | Data proxy method, system and proxy server | |
| CN102752300B (en) | Dynamic antitheft link system and dynamic antitheft link method | |
| WO2017152050A1 (en) | Deterministic reproduction of client/server computer state or output sent to one or more client computers | |
| WO2022242023A1 (en) | Resource acquisition method and system, webvpn proxy server and server | |
| CN101631108A (en) | Method and system for generating regular file for firewall of network server | |
| CN107133161B (en) | Method and device for generating client performance test script | |
| CN112671553A (en) | Industrial control network topological graph generation method based on active and passive detection | |
| CN108718347A (en) | A kind of domain name analytic method, system, device and storage medium | |
| CN112039888A (en) | Access method, device, equipment and medium for domain name access control | |
| CN103701928B (en) | It is applied to the method that load equalizer improves server and SSL gateway operational efficiency | |
| JP2008116998A (en) | Terminal device management system, data relay device, inter-network connection device, and method for quarantining terminal device | |
| CN101136834B (en) | SSL VPN based link rewriting method and apparatus | |
| CN104040538B (en) | A kind of the Internet, applications exchange method, apparatus and system | |
| CN103902534B (en) | A kind of method and apparatus of web page program triggering local operation | |
| CN110099129A (en) | A kind of data transmission method and equipment | |
| CN1750486A (en) | Network measuring system structure and its realizing method | |
| US20200210584A1 (en) | Deterministic Reproduction of Client/Server Computer State or Output Sent to One or More Client Computers | |
| CN112104715A (en) | Link tracking method and system based on microservice log | |
| WO2015029195A1 (en) | Simulation device, information generation device, simulation method, and simulation program | |
| CN105279156B (en) | Network information communication means and network information browsing apparatus | |
| CN102271331B (en) | Method and system for detecting reliability of service provider (SP) site |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |