CN112272158A - Data proxy method, system and proxy server - Google Patents

Data proxy method, system and proxy server Download PDF

Info

Publication number
CN112272158A
CN112272158A CN202010973585.0A CN202010973585A CN112272158A CN 112272158 A CN112272158 A CN 112272158A CN 202010973585 A CN202010973585 A CN 202010973585A CN 112272158 A CN112272158 A CN 112272158A
Authority
CN
China
Prior art keywords
domain name
intranet
server
information
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010973585.0A
Other languages
Chinese (zh)
Inventor
陈加伟
谢文伟
王力鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xiamen Wangsu Co Ltd
Original Assignee
Xiamen Wangsu Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xiamen Wangsu Co Ltd filed Critical Xiamen Wangsu Co Ltd
Priority to CN202010973585.0A priority Critical patent/CN112272158A/en
Priority to PCT/CN2020/122547 priority patent/WO2022057000A1/en
Publication of CN112272158A publication Critical patent/CN112272158A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/46Interconnection of networks
    • H04L12/4641Virtual LANs, VLANs, e.g. virtual private networks [VPN]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/50Address allocation
    • H04L61/5007Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0263Rule management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses a data proxy method, a system and a proxy server, wherein the method comprises the following steps: receiving an access request sent by a client, wherein a destination IP address in the access request points to a proxy server, and an access domain name in the access request is a virtual domain name generated by rewriting based on an original intranet domain name; reducing the access domain name in the access request into the original intranet domain name, and initiating a resource acquisition request to an intranet server pointed by the original intranet domain name; receiving response data fed back by the intranet server according to the resource acquisition request, replacing the domain name information with a virtual domain name under the condition that the response data contains the domain name information and the domain name information meets replacement rules, wherein the universal domain name of the virtual domain name is a proxy domain name, and feeding back the response data containing the virtual domain name to a client. The technical scheme provided by the application can effectively distinguish the target of the actual access requested by the user.

Description

Data proxy method, system and proxy server
Technical Field
The present invention relates to the field of internet technologies, and in particular, to a data proxy method, system, and proxy server.
Background
With the increasing seriousness of Network security, more and more enterprises and organizations limit the service in the internal Network and prohibit the access from the external Network in order to block the attack from the external Network, however, many times the internal personnel of the organization need to access the internal application from the external Network, and the VPN (Virtual Private Network) technology is brought forward.
WebVPN provides web-based intranet application access control, allowing users to access web applications that are only open to internal networks. Different from the traditional VPN technology, the WebVPN does not need a user to install client software or a browser plug-in, and the user can directly access the login page through the browser to perform identity authentication, so that the use threshold of the VPN technology is greatly reduced, and the user experience is improved. However, in the existing WebVPN system, the user request first passes through the VPN proxy server, so that the domain name in the user request all points to the proxy domain name, and how the proxy server effectively distinguishes the target of actual access of the user request becomes a big problem in the WebVPN technology.
Disclosure of Invention
The application aims to provide a data proxy method, a data proxy system and a proxy server, which can effectively distinguish the target of actual access requested by a user.
To achieve the above object, an aspect of the present application provides a data proxy method, including: receiving an access request sent by a client, wherein a destination IP address in the access request points to a proxy server; reducing the access domain name in the access request into an original intranet domain name, and initiating a resource acquisition request to an intranet server pointed by the original intranet domain name; receiving response data fed back by the intranet server according to the resource acquisition request, replacing the domain name information with a virtual domain name under the condition that the response data contains the domain name information and the domain name information meets replacement rules, wherein the universal domain name of the virtual domain name is a proxy domain name, and feeding back the response data containing the virtual domain name to the client.
In one implementation, the destination IP address in the access request is obtained by being directly resolved by a public DNS (domain Name system) server, or obtained by being resolved by an intelligent DNS server, where the intelligent DNS server receives a domain Name resolution request forwarded by the public DNS server, and responds a resolution result to the client through the public DNS server.
In one implementation, the method further comprises: receiving authorization response data responded by the authentication server; and under the condition that the authorization response data contains domain name information and the domain name information meets a replacement rule, replacing the domain name information with a virtual domain name, and feeding back the authorization response data containing the virtual domain name to the client.
In an implementation, the client generates the access request based on the received authorization response data or the response data.
In one implementation, the resource acquisition request is obtained based on the access request.
In one implementation, the restoring the access domain name in the access request to the original intranet domain name includes: recognizing a rewriting rule when the original intranet domain name is rewritten, and extracting the access domain name in the access request; and restoring the access domain name into the original intranet domain name according to the rewriting rule.
In one implementation, the compliance of the domain name information with the replacement rule includes: and matching the domain name information in a domain name white list, and judging that the domain name information accords with a replacement rule if a target domain name matched with the domain name information exists.
In one implementation, replacing the domain name information with a virtual domain name includes: and rewriting the domain name information into a virtual domain name according to a rewriting rule when the original intranet domain name is rewritten, and replacing the corresponding domain name information in the response data by using the virtual domain name.
In one implementation, the method further comprises: and judging whether the response data contains a cookie setting item, if so, rewriting the authority domain name in the domain information in the cookie setting item into the virtual domain name, and caching the association relationship between the cookie information and the authority domain name.
In one implementation, the method further comprises: when the intranet access request sent by the client is received again, if the access domain name of the intranet access request is restored to obtain an original intranet domain name containing the authority domain name in the association relationship, cookie information corresponding to the authority domain name is carried when a resource acquisition request is sent to an intranet server pointed to by the original intranet domain name.
In order to achieve the above object, another aspect of the present application further provides a proxy server, which includes a memory and a processor, wherein the memory is used for storing a computer program, and the computer program, when executed by the processor, implements the above data proxy method.
In order to achieve the above object, another aspect of the present application further provides a data proxy system, where the data proxy system includes a proxy server, a public DNS server, an intelligent DNS server, and an intranet server, where: the public DNS server is used for receiving a domain name resolution request sent by a client, and directly responding to the domain name resolution request based on the IP address of the proxy server or forwarding the domain name resolution request to the intelligent DNS server when recognizing that the domain name in the domain name resolution request contains a specified universal domain name; the intelligent DNS server is used for generating a destination IP address corresponding to the domain name resolution request and feeding back the destination IP address to the client so that the client initiates an access request to a proxy server pointed by the destination IP address; the proxy server is used for reducing the access domain name in the access request into an original intranet domain name and initiating a resource acquisition request to an intranet server pointed by the original intranet domain name; receiving response data fed back by the intranet server according to the resource acquisition request, replacing the domain name information with a virtual domain name under the condition that the response data contains the domain name information and the domain name information meets replacement rules, wherein the universal domain name of the virtual domain name is a proxy domain name, and feeding back the response data containing the virtual domain name to the client.
As can be seen from the above, according to the technical scheme provided by the application, when the public DNS server receives a domain name resolution request carrying a specified domain name, the domain name resolution request can be directly responded to based on the IP address of the proxy server, or the domain name resolution request can be forwarded to the intelligent DNS server. The intelligent DNS server may resolve the IP address of the corresponding proxy server and provide the IP address to the client, so that the client can initiate an access request to the corresponding proxy server. Thus, even if a new sub-domain name under the domain name appears, the new sub-domain name can be guided to the proxy server by the determination method of the domain name.
The proxy server receives an access request initiated by the client, and can restore the corresponding original intranet domain name according to the access domain name in the access request. The proxy server can identify the corresponding intranet server according to the original intranet domain name, so as to initiate a resource acquisition request to the intranet server. After the proxy server receives the response data fed back by the intranet server, if the response data contains domain name information and the domain name information meets the replacement rule, the proxy server indicates that the representation of the domain name information is the intranet domain name. The proxy server may replace the domain name information with a virtual domain name and feed back response data including the virtual domain name to the client, so that an access domain name in a new access request subsequently issued by the client based on the response data is the virtual domain name.
As can be seen from the above, since the intranet domain cannot be directly accessed through the public network, the virtual domain sent and received by the client may be processed. After being processed by the proxy server, the virtual domain name can be converted into a corresponding original intranet domain name and a real domain name of intranet application, so that the actually requested intranet application is identified by the proxy server, intranet resources requested by a client are obtained from the corresponding intranet server, and a data proxy process is completed.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a block diagram of a data proxy system according to an embodiment of the present invention;
FIG. 2 is a schematic diagram illustrating steps of a data proxy method according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a proxy server in the embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail with reference to the accompanying drawings.
The present application provides a data proxy method that can be applied to the system architecture shown in fig. 1. Referring to fig. 1, the system architecture may include a client, a proxy server, an authentication server, a public DNS server, an intelligent DNS server, and an intranet server.
The client may be a terminal device of a user, and the user may send an access request through a browser installed in the client.
The public DNS server is generally a DNS server deployed by a network operator, a DNS analysis request sent by a client can be received by the public DNS server, the public DNS server has small operation configuration authority opened to the outside, and generally only allows simple configuration.
The intelligent DNS server is generally deployed by a network service provider, and a developer of the network service provider can freely configure a relevant operation rule on the intelligent DNS server, and can receive a DNS resolution request forwarded by a public DNS server and resolve the DNS resolution request according to a preset rule.
The authentication server can be used for authenticating the user identity to determine whether the user identity is legal or not and issuing the corresponding intranet resource access authority.
The proxy server can be used as a VPN gateway, receives the access request of the client, establishes communication connection with the intranet server through a VPN network, forwards the access request sent by the client to the corresponding intranet server, receives response data of the intranet server aiming at the access request, and further sends the response data to the client. And the proxy server can realize data proxy between the client and the intranet server.
The intranet server may be a source station server deployed in an intranet environment, running an application program providing a service, and configured to respond to the access request.
It is noted that, in one embodiment, the proxy server establishes a communication connection with the intranet server through a VPN Network, wherein the VPN Network used in the embodiment may be implemented based on an SD-WAN (Software-Defined Wide Area Network) Network architecture.
In one embodiment, when the client needs to access the intranet resource, the authority authentication may be performed through the authentication server. Specifically, the client may initiate a login request to the proxy server, the proxy server forwards the login request to the authentication server for permission verification, the authentication server may perform verification according to the user permission of the user information, and after the user permission passes the verification, feedback authorization response data, where the authorization response data may include a page for accessing an intranet resource, for example, a function index page. In the index page, jump entries for accessing each intranet resource can be included. For example, the index page may include access entries of various branches in the enterprise, and may also include data support entries of various services, and the like. In the index page to which the authentication server responds, the links of these access portals are all written into the page code, and the links may contain the domain name of the corresponding intranet resource, i.e. the original intranet domain name, for example, the original intranet domain name of shanghai branch office may be sh. However, if the index page containing these original intranet domain names is directly exposed to the client, when the client sends out an access request based on these original intranet domain names, the access request cannot be received by the proxy server, and thus the intranet resources cannot be accessed through the proxy server, which may result in an access failure. In view of this, after receiving the authorization response data fed back by the authentication server, the proxy server may rewrite the original intranet domain name in the index page, so as to guide, through the rewritten access link, the access request initiated by the client based on the index page to the proxy server for processing.
In one embodiment, the proxy server may follow a preset rewrite rule when rewriting the original intranet domain name.
First, a designated domain name can be preset, and the rewritten original intranet domain name needs to include the designated domain name. For example, if the original intranet domain name may be, for example, sh.wangsu.com, the specified generic domain name may be set to be wsvpn.com, where the specified generic domain name may be a proxy domain name, i.e., a domain name pointing to a VPN proxy service, and the rewritten original intranet domain name includes the proxy domain name, so that an access request sent based on the rewritten domain name may be directed to a proxy server through DNS scheduling.
Secondly, when the original intranet domain name is rewritten, the original intranet domain name can be converted into a corresponding character string through a hash algorithm or other coding algorithms, then the character string can be used as a prefix, and the proxy domain name can be used as a suffix to jointly form the rewritten original intranet domain name, which can also be called a virtual domain name. For example, after sh.wangsu.com is subjected to hash operation, a character string key1 can be obtained, and then key1.wsvpn.com can be used as a virtual domain name obtained by rewriting based on an original intranet domain name. It should be noted that when the original intranet domain name is converted into the corresponding character string, the setting may be performed based on other rules, and it is only necessary to ensure that the character strings corresponding to different original intranet domain names are different, so that the proxy server may identify the corresponding original intranet domain name based on the character string.
In an embodiment, the proxy server may locally store a mapping relationship between the original intranet domain name and the character string, and is configured to identify the original intranet domain name based on the mapping relationship when receiving an access request from the client.
In an embodiment, if the character string corresponding to the original intranet domain name is obtained based on a preset algorithm, the proxy server may reduce the character string to the original intranet domain name based on an inverse operation.
In an embodiment, when the proxy server rewrites the original intranet domain name in the index page, other identification information may be further added to the virtual domain name, for example, the virtual domain name may further include enterprise information for distinguishing the enterprises to which the client belongs, so that when the network service provider provides proxy services for a plurality of different enterprises, traffic scheduling may be performed according to the enterprise information in the virtual domain name, which will be described in detail below. In this embodiment, other identification information may be combined with the character string corresponding to the original intranet domain name to form a new character string, so as to form the Key1.
In an embodiment, after the proxy server completes rewriting of the original intranet domain name in the index page, the proxy server may respond the index page to the client, so that the client may access the corresponding intranet resource based on the index page. After receiving the response information, the client displays the index page, and generates a corresponding access request based on the selection of the user, before generating the access request, the client needs to acquire a destination address of the access request, and specifically, the client can acquire the destination address by sending a domain name resolution request to the public DNS server. Because the original intranet domain name in the index page has been rewritten into a corresponding virtual domain name, the access domain name in the domain name resolution request sent by the client is the virtual domain name.
In an embodiment, after receiving a domain name resolution request sent by a client, a public DNS server may forward the domain name resolution request to an intelligent DNS server when recognizing that a domain name in the domain name resolution request includes a specified generic domain name. In this embodiment, a simple forwarding policy may be configured in advance in the public DNS server to implement forwarding of the domain name resolution request specifying the domain name to the intelligent DNS server. As described above, the public DNS server is generally deployed by a network operator, and has fewer configuration rights opened to the outside, so that it is not possible to directly configure an analysis rule on the public DNS server, so that a domain name including a specified generic domain name can be directly analyzed as an address of a proxy server, and thus, by configuring a simple forwarding policy, an analysis request including the specified generic domain name is forwarded to be processed by the intelligent DNS server. It is understood that, if the resolution policy can be directly configured on the public DNS server, the functions implemented by the intelligent DNS server in the embodiment of the present invention can be implemented by the public DNS server.
In this embodiment, the intelligent DNS server may be an additionally deployed DNS server, and the intelligent DNS server may be dedicated to processing the domain name resolution request carrying the virtual domain name. In the intelligent DNS server, a mapping table specifying the domain name and the proxy server IP address may be stored. Therefore, after the intelligent DNS server receives the domain name resolution request forwarded by the public DNS server, the IP address of the proxy server can be obtained through resolution by identifying the general domain name in the domain name resolution request.
In one embodiment, since more than one enterprise needs to perform data proxy at the same time, a dedicated proxy server may be provided on each enterprise side, and in order to direct an access request to the corresponding proxy server, a mapping relationship between the enterprise and the proxy server may be configured in the intelligent DNS server. In this way, when receiving the domain name resolution request, the intelligent DNS server may extract the enterprise information in the domain name resolution request, as described above, the virtual domain name may include the enterprise information, and query the proxy server matching the extracted enterprise information in the mapping relationship table. The IP address of the matching proxy server may then be identified as the response IP.
In this embodiment, after the intelligent DNS server obtains the IP address of the proxy server by resolution, the IP address can be fed back to the client through the public DNS server. Therefore, the client can complete the process of domain name resolution, so that an access request can be constructed and sent to the corresponding proxy server. The access request may be a request conforming to a network communication protocol, for example, five tuple information may be included in the access request. Wherein, the IP address of the proxy server can be used as the destination IP address.
In one embodiment, in order to enable the proxy server to normally process the access request sent by the client, a proxy domain name may be configured in the proxy server in advance, and a generic domain name certificate for supporting the proxy domain name may be configured together. The proxy domain name may be the above-mentioned specified domain name. For example, the proxy domain name may be wsvpn.com, and the certificate of the domain name may be configured in the proxy server, thereby supporting access to the domain name.
In an embodiment, after receiving an access request sent by a client, a proxy server may extract an access domain name therein, and may restore the access domain name to a corresponding original intranet domain name, thereby initiating a resource acquisition request to an intranet server to which the original intranet domain name points. For example, the access request received by the proxy server is http:// key1.wsvpn.com, where key1.wsvpn.com is a virtual domain name rewritten by an original intranet domain name, and wsvpn.com is a corresponding proxy domain name. At this time, the proxy server may extract the key1 in the virtual domain name (access domain name) from the access request, and recognize a rewrite rule when the original intranet domain name is rewritten, which may be, for example, the above-mentioned hash algorithm or another encoding algorithm. Then, the proxy server may perform an inverse operation on the extracted key1 according to the rewrite rule, thereby restoring the visited domain name to a corresponding original intranet domain name, which may be, for example, sh.
After the original intranet domain name is obtained, the proxy server can rewrite the access request to generate a resource acquisition request, and sends the resource acquisition request to a target intranet server pointed by the original intranet domain name to acquire intranet resources. The method for rewriting the access request may include rewriting a virtual domain name in a URL of the access request to an original intranet domain name to obtain a new URL, and the proxy server generating a resource acquisition request addressed to the target intranet server based on the new URL.
In this embodiment, after receiving the resource acquisition request from the proxy server, the intranet server may feed back the corresponding resource as response data to the proxy server. Because the response data may include a response page, that is, a new page displayed in response to the access request, and there is a high possibility that other access links are included in the response page data, that is, the response page may include the original intranet domain name, in this case, the proxy server also needs to rewrite the response page, so as to ensure that the access request generated by the client based on the response page can be received by the proxy server, and the proxy server can identify the intranet domain name of the real request of the user, wherein the rewriting method of the response page by the proxy server may refer to the rewriting method of the index page, which is not described herein again.
It should be noted that, in an embodiment, the proxy server does not need to rewrite all domain names in the index page or the response page, because some domain names do not need to perform data proxy, in this scenario, the proxy server may first determine whether domain name information included in the page meets the replacement rule in the process of rewriting the page. The judgment can be based on whether the domain name information is in the generic domain name white list of the proxy server. If yes, the domain name information accords with the replacement rule, and domain name rewriting and replacement are needed. If the domain name information is not in the general domain name white list, the domain name information does not need to be rewritten and replaced. For example, the response data includes a domain name a and a domain name B, where the domain name a is a domain name already existing in the public network or a domain name pointing to another resource server, and the domain name a can be directly accessed by the client, and the domain name a is not stored in the general domain white list, so that it does not need to be rewritten or replaced. The domain name B points to the intranet server of the enterprise, and therefore, in order to enable a subsequent client to normally access the intranet server through the domain name B, the subsequent client needs to be rewritten and replaced.
In order to prevent access abnormality caused by incomplete cookie information carried in the access request, the proxy server may bind the authority domain name and the cookie information and cache an association relationship, so that the cookie information that the access request should carry can be queried based on the association relationship.
In an embodiment of the present application, since the response data fed back by the intranet server may include set-cookie, the domain value may be an intranet domain name, that is, an authority domain name corresponding to the cookie information, that is, when the client initiates an access request for the authority domain name, the client needs to carry corresponding cookie information for the intranet server to verify.
However, in the embodiment provided by the present invention, the access request initiated by the client is issued based on the rewritten virtual domain name, so the domain value of the set-cookie in the response data needs to be modified to the corresponding virtual domain name by the proxy server, so that the client automatically carries the cookie information when sending the access request based on the virtual domain name. It is noted that in other embodiments of the present invention, the information in the domain field may be deleted directly.
Meanwhile, the proxy server can locally bind the cookie information with the authority domain name and cache the association relationship between the cookie information and the authority domain name, when the intranet access request sent by the client is received again, after the access domain name is restored, whether the restored original intranet domain name contains the authority domain name stored in the association relationship can be judged, if yes, the cookie information corresponding to the authority domain name can be obtained according to the stored association relationship, and the cookie information corresponding to the authority domain name is carried when the resource acquisition request is sent to the intranet server pointed by the original intranet domain name. Based on the method, the resource acquisition request sent to the intranet server can be ensured to correctly carry the required cookie information, and the intranet server is prevented from refusing access due to incomplete cookie information.
Specifically, in this embodiment, after receiving response data fed back by the intranet server, the proxy server may determine whether the response data includes a cookie setting item (set-cookie), and after identifying that the response data includes the cookie setting item, may detect domain information therein, where the domain information may carry an authority domain name bound to cookie information, generally an original intranet domain name, and the authority domain name needs to be rewritten into a corresponding virtual domain name, so that when the client locally generates cookie information according to the set-cookie, the client associates the cookie information with the authority domain name, and establishes an association relationship between the authority domain name and the cookie information, so that the proxy server may query the association relationship based on the original intranet domain name restored by accessing the domain name, and determine whether there is corresponding cookie information. Specifically, the rewriting and restoring manner of the intranet domain name can refer to the foregoing description, and is not repeated here.
In the embodiment, after the authority domain name in the domain information is replaced by the corresponding virtual domain name, when the client can locally set the corresponding cookie information based on the received set-cookie, the client can subsequently find the corresponding cookie information according to the virtual domain name in the access request and carry the cookie information to access the resource, in practical applications, the authority domain name in the domain information may be a complete domain name, or may be an extensive domain name, that is, when the authority domain name is the general domain name, the client needs to carry the cookie information when sending the request to each sub-domain name under the general domain name, however, the virtual domain name obtained by rewriting cannot embody the association relationship, therefore, the proxy server needs to further confirm the cookie information, so that the resource acquisition request sent to the intranet server carries the correct cookie information, thereby preventing access abnormality.
For example, there may be two sub-domain names www.baidu.com and tieba. In this way, when the proxy server receives the access request sent by the client, if the original intranet domain name restored by the access domain name in the access request has the domain name, the proxy server can carry cookie information associated with the domain name and send a resource acquisition request to the intranet server.
Based on the above description, one embodiment of the present application provides a data proxy method applied to a proxy server, please refer to fig. 2, where the method includes:
s1: receiving an access request sent by a client, wherein a destination IP address in the access request points to a proxy server;
based on the above embodiment, it can be known that the request sent by the client and received by the proxy server is generated by the client based on the authorization response information or the response information fed back by the proxy server, so that the access domain name in the access request is the virtual domain name rewritten by the proxy server, and through DNS resolution, the virtual domain name is resolved into an IP address pointing to the proxy server, so that the destination IP in the access request points to the proxy server, and the access request is received by the proxy server.
S3: reducing the access domain name in the access request into the original intranet domain name, and initiating a resource acquisition request to an intranet server pointed by the original intranet domain name;
s5: receiving response data fed back by the intranet server according to the resource acquisition request, replacing the domain name information with a virtual domain name under the condition that the response data contains the domain name information and the domain name information meets replacement rules, wherein the universal domain name of the virtual domain name is a proxy domain name, and feeding back the response data containing the virtual domain name to a client.
In summary, in the data proxy method provided in the embodiment of the present invention, the original intranet domain name in the page information sent to the client for operation is rewritten into the virtual domain name, so that the intranet resource access request sent by the client can be received by the proxy server, and the proxy server can identify the target intranet application actually requested by the client based on the virtual domain name, thereby distinguishing different intranet applications; furthermore, because the format of the virtual domain name is the normal format of the domain name, when the domain name format check or other processing logic exists in the page, the abnormal check condition cannot occur due to the unchanged format, and the problem that the page logic cannot be normally executed due to rewriting is avoided.
Referring to fig. 3, the present application further provides a proxy server, where the proxy server includes a memory and a processor, the memory is used for storing a computer program, and the computer program, when executed by the processor, can implement the data proxy method described above.
Based on the same inventive concept, the application also provides a data proxy system, which comprises a proxy server, a public DNS server, an intelligent DNS server and an intranet server, wherein:
the public DNS server is used for receiving a domain name resolution request sent by a client, and directly responding to the domain name resolution request based on the IP address of the proxy server or forwarding the domain name resolution request to the intelligent DNS server when recognizing that the domain name in the domain name resolution request contains a specified universal domain name;
the intelligent DNS server is used for generating a destination IP address corresponding to the domain name resolution request and feeding back the destination IP address to the client so that the client initiates an access request to a proxy server pointed by the destination IP address;
the proxy server is used for reducing the access domain name in the access request into the original intranet domain name and initiating a resource acquisition request to the intranet server pointed by the original intranet domain name; receiving response data fed back by the intranet server according to the resource acquisition request, replacing the domain name information with a virtual domain name under the condition that the response data contains the domain name information and the domain name information meets replacement rules, wherein the universal domain name of the virtual domain name is a proxy domain name, and feeding back the response data containing the virtual domain name to a client.
In one embodiment, the intelligent DNS server is configured with a mapping table of enterprise information and a proxy server, and includes:
an enterprise information matching unit, configured to extract enterprise information in the domain name resolution request, and query, in the mapping relationship table, a proxy server matched with the extracted enterprise information;
and the IP address feedback unit is used for feeding back the IP address of the matched proxy server as a target IP address to the client.
In one embodiment, the proxy server comprises:
the intranet domain name information extraction unit is used for identifying a rewriting rule when the original intranet domain name is rewritten and extracting the access domain name in the access request;
and the rewriting unit is used for reducing the access domain name into the original intranet domain name according to the rewriting rule.
In one embodiment, the proxy server further comprises:
and the domain information rewriting unit is used for judging whether the response data contains a cookie setting item, rewriting the authority domain name in the domain information in the cookie setting item into a virtual domain name if the response data contains the cookie setting item, and establishing an association relationship between the cookie information and the authority domain name.
In one embodiment, the domain information rewriting unit includes:
the cache module is used for caching the incidence relation between the authority domain name and the cookie information;
and the cookie query module is used for carrying cookie information corresponding to the authority domain name when sending a resource acquisition request to an intranet server pointed by the original intranet domain name if the authority domain name in the association relationship is contained in the original intranet domain name obtained after the reduction of the access domain name of the intranet access request when receiving the intranet access request sent by the client again.
In one embodiment, the system further comprises an authentication server, wherein the authentication server is used for receiving the login request forwarded by the proxy server and feeding back authorization response information to the proxy server after the authority of the client is verified; and the proxy server replaces the domain name information with a virtual domain name under the condition that the authorization response data contains the domain name information and the domain name information meets a replacement rule.
As can be seen from the above, according to the technical scheme provided by the application, when the public DNS server receives the domain name resolution request carrying the specified domain name, the public DNS server can directly respond to the domain name resolution request based on the IP of the proxy server, or forward the domain name resolution request to the intelligent DNS server. The intelligent DNS server may resolve the IP address of the corresponding proxy server and provide the IP address to the client, so that the client can initiate an access request to the corresponding proxy server. Thus, even if a new sub-domain name under the domain name appears, the new sub-domain name can be guided to the proxy server by the determination method of the domain name.
The access domain name in the access request initiated by the client is a virtual domain name obtained by rewriting based on the original intranet domain name, and the virtual domain name can be restored to the corresponding original intranet domain name after being processed by the proxy server. The proxy server can identify the corresponding intranet server according to the original intranet domain name, so as to initiate a resource acquisition request to the intranet server. After the proxy server receives the response data fed back by the intranet server, if the response data contains domain name information and the domain name information meets the replacement rule, the proxy server indicates that the representation of the domain name information is the intranet domain name. The proxy server may replace the domain name information with a virtual domain name and feed back response data including the virtual domain name to the client, so that an access domain name in a new access request subsequently issued by the client based on the response data is the virtual domain name.
As can be seen from the above, since the intranet domain cannot be directly accessed through the public network, the virtual domain sent and received by the client may be processed. The virtual domain name can be converted into a corresponding intranet domain name after being processed by the proxy server, so that the actually requested intranet application is identified by the proxy server, intranet resources requested by the client are obtained from the corresponding intranet server, and a data proxy process is completed.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments can be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for both the system and the proxy server embodiments, reference may be made to the introduction of embodiments of the method described above.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.

Claims (17)

1. A data proxy method, the method comprising:
receiving an access request sent by a client, wherein a destination IP address in the access request points to a proxy server;
reducing the access domain name in the access request into an original intranet domain name, and initiating a resource acquisition request to an intranet server pointed by the original intranet domain name;
receiving response data fed back by the intranet server according to the resource acquisition request, replacing domain name information with a virtual domain name under the condition that the response data contains the domain name information and the domain name information meets replacement rules, wherein the general domain name of the virtual domain name is a proxy domain name, and feeding back the response data containing the virtual domain name to the client.
2. The method according to claim 1, wherein the destination IP address in the access request is resolved directly by a public DNS server or by an intelligent DNS server, wherein the intelligent DNS server receives the domain name resolution request forwarded by the public DNS server and responds the resolution result to the client through the public DNS server.
3. The method of claim 1, further comprising:
receiving authorization response data responded by the authentication server;
and under the condition that the authorization response data contains domain name information and the domain name information meets a replacement rule, replacing the domain name information with a virtual domain name, and feeding back the authorization response data containing the virtual domain name to the client.
4. A method according to claim 1 or 3, wherein the client generates the access request based on the received authorisation response data or the response data.
5. The method of claim 1, wherein the resource acquisition request is rewritten based on the access request.
6. The method according to claim 1, wherein reducing the access domain name in the access request to the original intranet domain name comprises:
recognizing a rewriting rule when the original intranet domain name is rewritten, and extracting the access domain name in the access request;
and restoring the access domain name into the original intranet domain name according to the rewriting rule.
7. The method of claim 1, wherein the domain name information meeting the replacement rule comprises:
and matching the domain name information in a domain name white list, and judging that the domain name information accords with a replacement rule if a target domain name matched with the domain name information exists.
8. The method of claim 1 or 7, wherein replacing the domain name information with a virtual domain name comprises:
and rewriting the domain name information into a virtual domain name according to a rewriting rule when the original intranet domain name is rewritten, and replacing the corresponding domain name information in the response data by using the virtual domain name.
9. The method of claim 1, further comprising:
and judging whether the response data contains a cookie setting item, if so, rewriting the authority domain name in the domain information in the cookie setting item into the virtual domain name, and caching the association relationship between the cookie information and the authority domain name.
10. The method of claim 9, further comprising:
when the intranet access request sent by the client is received again, if the access domain name of the intranet access request is restored to obtain an original intranet domain name containing the authority domain name in the association relationship, cookie information corresponding to the authority domain name is carried when a resource acquisition request is sent to an intranet server pointed to by the original intranet domain name.
11. A proxy server, characterized in that it comprises a memory for storing a computer program which, when executed by a processor, implements the method according to any one of claims 1 to 10, and a processor.
12. A data agent system, characterized in that, the data agent system includes agent server, public DNS server, intelligent DNS server and intranet server, wherein:
the public DNS server is used for receiving a domain name resolution request sent by a client, and directly responding to the domain name resolution request based on the IP address of the proxy server when recognizing that the domain name in the domain name resolution request contains a specified universal domain name, or forwarding the domain name resolution request to the intelligent DNS server;
the intelligent DNS server is used for generating a destination IP address corresponding to the domain name resolution request and feeding back the destination IP address to the client so that the client initiates an access request to a proxy server pointed by the destination IP address;
the proxy server is used for reducing the access domain name in the access request into an original intranet domain name and initiating a resource acquisition request to an intranet server pointed by the original intranet domain name; receiving response data fed back by the intranet server according to the resource acquisition request, replacing the domain name information with a virtual domain name under the condition that the response data contains the domain name information and the domain name information meets replacement rules, wherein the universal domain name of the virtual domain name is a proxy domain name, and feeding back the response data containing the virtual domain name to a client.
13. The system according to claim 12, wherein the intelligent DNS server is configured with a mapping table of enterprise information and a proxy server, and the intelligent DNS server comprises:
an enterprise information matching unit, configured to extract enterprise information in the domain name resolution request, and query, in the mapping relationship table, a proxy server matched with the extracted enterprise information;
and the IP address feedback unit is used for feeding back the IP address of the matched proxy server as a target IP address to the client.
14. The system of claim 12, wherein the proxy server comprises:
the intranet domain name information extraction unit is used for identifying a rewriting rule when the original intranet domain name is rewritten and extracting the access domain name in the access request;
and the rewriting unit is used for reducing the access domain name into the original intranet domain name according to the rewriting rule.
15. The system of claim 12, wherein the proxy server further comprises:
and the domain information rewriting unit is used for judging whether the response data contains a cookie setting item, rewriting the authority domain name in the domain information in the cookie setting item into a proxy domain name if the response data contains the cookie setting item, and establishing an association relationship between the cookie information and the authority domain name.
16. The system according to claim 15, wherein the domain information rewriting unit comprises:
the cache module is used for caching the incidence relation between the authority domain name and the cookie information;
and the cookie query module is used for carrying cookie information corresponding to the authority domain name when sending a resource acquisition request to an intranet server pointed by the original intranet domain name if the authority domain name in the association relationship is contained in the original intranet domain name obtained after the reduction of the access domain name of the intranet access request when receiving the intranet access request sent by the client again.
17. The system of claim 12, further comprising an authentication server, wherein the authentication server is configured to receive the login request forwarded by the proxy server, and after the right of the client is verified, feed back authorization response information to the proxy server; and under the condition that the authorization response data contains domain name information and the domain name information meets a replacement rule, the proxy server replaces the domain name information with a virtual domain name.
CN202010973585.0A 2020-09-16 2020-09-16 Data proxy method, system and proxy server Pending CN112272158A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202010973585.0A CN112272158A (en) 2020-09-16 2020-09-16 Data proxy method, system and proxy server
PCT/CN2020/122547 WO2022057000A1 (en) 2020-09-16 2020-10-21 Data proxy method and system and proxy server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010973585.0A CN112272158A (en) 2020-09-16 2020-09-16 Data proxy method, system and proxy server

Publications (1)

Publication Number Publication Date
CN112272158A true CN112272158A (en) 2021-01-26

Family

ID=74349538

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010973585.0A Pending CN112272158A (en) 2020-09-16 2020-09-16 Data proxy method, system and proxy server

Country Status (2)

Country Link
CN (1) CN112272158A (en)
WO (1) WO2022057000A1 (en)

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112714197A (en) * 2021-03-29 2021-04-27 杭州优云科技有限公司 Method, device and network equipment for realizing HTTPS proxy with zero configuration
CN113163024A (en) * 2021-03-12 2021-07-23 网宿科技股份有限公司 Message processing method, server and storage medium
CN113194099A (en) * 2021-04-30 2021-07-30 网宿科技股份有限公司 Data proxy method and proxy server
CN113315852A (en) * 2021-04-27 2021-08-27 北京奇艺世纪科技有限公司 Domain name resolution method, device and system
CN113364741A (en) * 2021-05-17 2021-09-07 网宿科技股份有限公司 Application access method and proxy server
CN113381978A (en) * 2021-05-12 2021-09-10 网宿科技股份有限公司 Safe login method and device
CN113381979A (en) * 2021-05-12 2021-09-10 网宿科技股份有限公司 Access request proxy method and proxy server
CN113556388A (en) * 2021-07-14 2021-10-26 杭州玳数科技有限公司 Proxy service method, proxy service platform, computer device, and storage medium
CN114189493A (en) * 2021-11-08 2022-03-15 深圳市酷开网络科技股份有限公司 Distributed signaling communication method, computer device, signaling system, and storage medium
CN114374669A (en) * 2022-01-11 2022-04-19 杭州迪普科技股份有限公司 VPN client proxy DNS analysis method and system
CN114422472A (en) * 2022-01-19 2022-04-29 中国农业银行股份有限公司 Network address conversion method and device and electronic equipment
CN114640533A (en) * 2022-03-29 2022-06-17 北京有竹居网络技术有限公司 Method, device, storage medium and electronic equipment for transmitting messages
CN114710314A (en) * 2022-02-21 2022-07-05 深圳腾银信息咨询有限责任公司 Configured software service platform access method, device, system and medium
CN115174675A (en) * 2022-06-30 2022-10-11 北京华御数观科技有限公司 Kafka service access method
WO2022242023A1 (en) * 2021-05-19 2022-11-24 网宿科技股份有限公司 Resource acquisition method and system, webvpn proxy server and server
CN115801727A (en) * 2021-09-10 2023-03-14 腾讯科技(深圳)有限公司 Domain name resolution method, domain name resolution device, electronic equipment and storage medium
CN115987956A (en) * 2022-12-28 2023-04-18 中国电子产业工程有限公司 Resource reference method of Web proxy application, electronic equipment and storage medium
WO2024088217A1 (en) * 2022-10-24 2024-05-02 杭州阿里云飞天信息技术有限公司 Private network access methods and system
CN118353834A (en) * 2024-06-17 2024-07-16 北京火山引擎科技有限公司 Traffic scheduling method, traffic scheduling device, traffic scheduling apparatus, traffic scheduling storage medium, and traffic scheduling program product

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114466066B (en) * 2022-04-13 2022-07-22 北京指掌易科技有限公司 Web-based reverse proxy method, device, medium and electronic equipment
CN115190107B (en) * 2022-07-07 2023-04-18 四川川大智胜系统集成有限公司 Multi-subsystem management method based on extensive domain name, management terminal and readable storage medium
CN115589426A (en) * 2022-09-08 2023-01-10 中冶赛迪信息技术(重庆)有限公司 Network service calling method and system
CN115442158B (en) * 2022-11-07 2023-03-21 易方信息科技股份有限公司 Network request method, system, storage medium and terminal equipment
CN116170240B (en) * 2023-04-26 2023-08-01 北京微步在线科技有限公司 Access method and device for privately-allocated service, electronic equipment and storage medium

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101242336A (en) * 2008-03-13 2008-08-13 杭州华三通信技术有限公司 Method for remote access to intranet Web server and Web proxy server
CN102769618A (en) * 2012-07-18 2012-11-07 北京星网锐捷网络技术有限公司 WEB access processing method, network equipment and communication system
US20180191856A1 (en) * 2016-12-29 2018-07-05 Synology Inc. Cross-domain communication methods and proxy servers using the same
CN109787951A (en) * 2018-11-22 2019-05-21 北京奇艺世纪科技有限公司 A kind of network data access method, device and electronic equipment
CN110266661A (en) * 2019-06-04 2019-09-20 东软集团股份有限公司 A kind of authorization method, device and equipment
CN110602269A (en) * 2019-10-22 2019-12-20 北京天融信网络安全技术有限公司 Method for converting domain name
CN110710184A (en) * 2017-04-07 2020-01-17 思杰系统有限公司 System and method for securely and transparently proxying SAAS applications for enhanced security and visibility through cloud-hosted or local network gateways
CN110808897A (en) * 2019-11-06 2020-02-18 深信服科技股份有限公司 Proxy access method, user equipment, storage medium, device and system
CN110855766A (en) * 2019-11-06 2020-02-28 北京天融信网络安全技术有限公司 Method and device for accessing Web resources and proxy server

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103067417B (en) * 2011-10-19 2016-04-13 华耀(中国)科技有限公司 The Web service mapping method of TSM Security Agent and system thereof in VPN
CN104901943A (en) * 2012-03-31 2015-09-09 北京奇虎科技有限公司 Method and system for accessing website
CN106878458A (en) * 2017-03-24 2017-06-20 福建中金在线信息科技有限公司 A kind of proxy access method and system
CN109889626A (en) * 2019-03-20 2019-06-14 湖南快乐阳光互动娱乐传媒有限公司 Method, device and system for acquiring corresponding relation between IP address and DNS address

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101242336A (en) * 2008-03-13 2008-08-13 杭州华三通信技术有限公司 Method for remote access to intranet Web server and Web proxy server
CN102769618A (en) * 2012-07-18 2012-11-07 北京星网锐捷网络技术有限公司 WEB access processing method, network equipment and communication system
US20180191856A1 (en) * 2016-12-29 2018-07-05 Synology Inc. Cross-domain communication methods and proxy servers using the same
CN110710184A (en) * 2017-04-07 2020-01-17 思杰系统有限公司 System and method for securely and transparently proxying SAAS applications for enhanced security and visibility through cloud-hosted or local network gateways
CN109787951A (en) * 2018-11-22 2019-05-21 北京奇艺世纪科技有限公司 A kind of network data access method, device and electronic equipment
CN110266661A (en) * 2019-06-04 2019-09-20 东软集团股份有限公司 A kind of authorization method, device and equipment
CN110602269A (en) * 2019-10-22 2019-12-20 北京天融信网络安全技术有限公司 Method for converting domain name
CN110808897A (en) * 2019-11-06 2020-02-18 深信服科技股份有限公司 Proxy access method, user equipment, storage medium, device and system
CN110855766A (en) * 2019-11-06 2020-02-28 北京天融信网络安全技术有限公司 Method and device for accessing Web resources and proxy server

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
李建彬: "《https://www.cnblogs.com/liabin/p/11723837.html》", 23 October 2019 *

Cited By (28)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113163024A (en) * 2021-03-12 2021-07-23 网宿科技股份有限公司 Message processing method, server and storage medium
CN112714197A (en) * 2021-03-29 2021-04-27 杭州优云科技有限公司 Method, device and network equipment for realizing HTTPS proxy with zero configuration
CN113315852A (en) * 2021-04-27 2021-08-27 北京奇艺世纪科技有限公司 Domain name resolution method, device and system
CN113315852B (en) * 2021-04-27 2023-11-24 北京奇艺世纪科技有限公司 Domain name resolution method, device and system
CN113194099A (en) * 2021-04-30 2021-07-30 网宿科技股份有限公司 Data proxy method and proxy server
CN113381978A (en) * 2021-05-12 2021-09-10 网宿科技股份有限公司 Safe login method and device
CN113381979A (en) * 2021-05-12 2021-09-10 网宿科技股份有限公司 Access request proxy method and proxy server
CN113364741A (en) * 2021-05-17 2021-09-07 网宿科技股份有限公司 Application access method and proxy server
WO2022242023A1 (en) * 2021-05-19 2022-11-24 网宿科技股份有限公司 Resource acquisition method and system, webvpn proxy server and server
CN113556388A (en) * 2021-07-14 2021-10-26 杭州玳数科技有限公司 Proxy service method, proxy service platform, computer device, and storage medium
CN113556388B (en) * 2021-07-14 2023-06-13 杭州玳数科技有限公司 Proxy service method, proxy service platform, computer device, and storage medium
CN115801727A (en) * 2021-09-10 2023-03-14 腾讯科技(深圳)有限公司 Domain name resolution method, domain name resolution device, electronic equipment and storage medium
CN114189493B (en) * 2021-11-08 2024-04-12 深圳市酷开网络科技股份有限公司 Distributed signaling communication method, computer device, signaling system and storage medium
CN114189493A (en) * 2021-11-08 2022-03-15 深圳市酷开网络科技股份有限公司 Distributed signaling communication method, computer device, signaling system, and storage medium
CN114374669B (en) * 2022-01-11 2024-04-26 杭州迪普科技股份有限公司 VPN client proxy DNS analysis method and system
CN114374669A (en) * 2022-01-11 2022-04-19 杭州迪普科技股份有限公司 VPN client proxy DNS analysis method and system
CN114422472B (en) * 2022-01-19 2024-03-12 中国农业银行股份有限公司 Network address conversion method and device and electronic equipment
CN114422472A (en) * 2022-01-19 2022-04-29 中国农业银行股份有限公司 Network address conversion method and device and electronic equipment
CN114710314A (en) * 2022-02-21 2022-07-05 深圳腾银信息咨询有限责任公司 Configured software service platform access method, device, system and medium
CN114640533A (en) * 2022-03-29 2022-06-17 北京有竹居网络技术有限公司 Method, device, storage medium and electronic equipment for transmitting messages
CN114640533B (en) * 2022-03-29 2023-11-24 北京有竹居网络技术有限公司 Method and device for transmitting message, storage medium and electronic equipment
CN115174675B (en) * 2022-06-30 2023-10-17 北京华御数观科技有限公司 Kafka service access method
CN115174675A (en) * 2022-06-30 2022-10-11 北京华御数观科技有限公司 Kafka service access method
WO2024088217A1 (en) * 2022-10-24 2024-05-02 杭州阿里云飞天信息技术有限公司 Private network access methods and system
CN115987956B (en) * 2022-12-28 2024-03-12 中国电子产业工程有限公司 Resource reference method for Web proxy application, electronic equipment and storage medium
CN115987956A (en) * 2022-12-28 2023-04-18 中国电子产业工程有限公司 Resource reference method of Web proxy application, electronic equipment and storage medium
CN118353834A (en) * 2024-06-17 2024-07-16 北京火山引擎科技有限公司 Traffic scheduling method, traffic scheduling device, traffic scheduling apparatus, traffic scheduling storage medium, and traffic scheduling program product
CN118353834B (en) * 2024-06-17 2024-08-09 北京火山引擎科技有限公司 Traffic scheduling method, traffic scheduling device, traffic scheduling apparatus, traffic scheduling storage medium, and traffic scheduling program product

Also Published As

Publication number Publication date
WO2022057000A1 (en) 2022-03-24

Similar Documents

Publication Publication Date Title
CN112272158A (en) Data proxy method, system and proxy server
US10212173B2 (en) Deterministic reproduction of client/server computer state or output sent to one or more client computers
CN112260990B (en) Method and device for safely accessing intranet application
CN101977224B (en) SSL VPN equipment-based Web resource authentication information management method
CN109547458B (en) Login verification method and device, computer equipment and storage medium
CN110049022B (en) Domain name access control method and device and computer readable storage medium
CN113381979B (en) Access request proxy method and proxy server
US20090177778A1 (en) Session Affinity Cache and Manager
US20190116186A1 (en) Enterprise cloud access control and network access control policy using risk based blocking
CN101488965B (en) Domain name filtering system and method
CN112260988B (en) Abnormal request processing method and device
CN111698345B (en) Domain name query method, recursive server and storage medium
CN105187430A (en) Reverse proxy server, reverse proxy system and reverse proxy method
US20200210584A1 (en) Deterministic Reproduction of Client/Server Computer State or Output Sent to One or More Client Computers
US11616853B2 (en) Dynamic domain discovery and proxy configuration
CN115189897A (en) Access processing method and device for zero trust network, electronic equipment and storage medium
CN111770072B (en) Method and device for accessing function page through single sign-on
CN113194099B (en) Data proxy method and proxy server
CN109561010B (en) Message processing method, electronic equipment and readable storage medium
CN114338597A (en) Network access method and device
CN113784354A (en) Request conversion method and device based on gateway
GB2560952A (en) Reconciling received messages
CN115913583A (en) Business data access method, device and equipment and computer storage medium
CN112260991B (en) Authentication management method and device
CN112491910B (en) DOT protocol-based flow identification method, DOT protocol-based flow identification device, DOT protocol-based flow identification equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20210126

RJ01 Rejection of invention patent application after publication