CN112311800A - Method, system, equipment and readable storage medium for area access control - Google Patents
Method, system, equipment and readable storage medium for area access control Download PDFInfo
- Publication number
- CN112311800A CN112311800A CN202011203457.4A CN202011203457A CN112311800A CN 112311800 A CN112311800 A CN 112311800A CN 202011203457 A CN202011203457 A CN 202011203457A CN 112311800 A CN112311800 A CN 112311800A
- Authority
- CN
- China
- Prior art keywords
- access
- address
- configuration file
- access control
- interception
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
- H04L63/306—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/30—Profiles
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Technology Law (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses a method for controlling regional access, which comprises the following steps: receiving an input configuration file, and sequencing access rules in the configuration file according to a high-order priority order; reading the access rules in the configuration file, and setting corresponding interception access strategies according to the reading sequence of the access rules; and executing an interception access policy to perform regional access control on the access flow. According to the method and the device, the access rules in the configuration file are sequenced according to the high-order priority by using the preset sequencing algorithm, so that the access rules of the small area in the configuration file are arranged in front of the access rules of the large area, the access rules of the small area are arranged behind the access rules of the large area, the access rules of the small area have higher priority, and when the area access control setting is carried out in the face of the area which is covered by the area and is inconsistent in configuration action, the failure of the access rules setting of the small area can be avoided. The application also provides a system, a device and a readable storage medium for regional access control, which have the beneficial effects.
Description
Technical Field
The present application relates to the field of local access control, and in particular, to a method, a system, a device, and a readable storage medium for local access control.
Background
The area access control is an operation of blocking or releasing traffic in the IP home area. If the user does not want to be accessed by the own website or the designated regional people of the server, a regional access control system can be deployed at the entrance of the local machine traffic, the visiting traffic of the regional IP is blocked, and the security of the local network system is maintained.
However, the prior art has a problem of configuring the priority, and when the areas are covered and the actions are inconsistent, the areas which are set first have higher priority. Due to this priority restriction, when the area access control setting is performed for an area where the area is covered and the configuration action is inconsistent, the access rule setting may fail.
Therefore, how to avoid the situation of access rule setting failure in the area access control is a technical problem that needs to be solved by those skilled in the art at present.
Disclosure of Invention
The application aims to provide a method, a system, equipment and a readable storage medium for area access control, which are used for avoiding the condition that rule setting fails during area access control.
In order to solve the above technical problem, the present application provides a method for controlling regional access, including:
receiving an input configuration file, and sequencing access rules in the configuration file according to a high-order priority order;
reading the access rules in the configuration file, and setting corresponding interception access strategies according to the reading sequence of the access rules;
and executing the interception access strategy to perform regional access control on access flow.
Optionally, before receiving the input configuration file, the method further includes:
acquiring an IP address library file, and analyzing the IP address library file to obtain a physical area to which each IP address belongs and a public network IP address segment owned by each physical area;
and outputting the public network IP address field owned by each physical area.
Optionally, before the access rules in the configuration file are sorted according to the high-order priority order by using a preset sorting algorithm, the method further includes:
receiving an input modification command;
and executing the modification command to modify the access rule in the configuration file.
Optionally, executing the interception access policy to perform area access control on access traffic, including:
determining an interception IP address and a release IP address according to the interception access strategy;
and acquiring the IP address of the access flow, intercepting the access flow of which the IP address belongs to the intercepted IP address, and releasing the access flow of which the IP address belongs to the released IP address.
The present application also provides a system for regional access control, the system comprising:
the first receiving module is used for receiving an input configuration file and sequencing access rules in the configuration file according to a high-order priority order;
the setting module is used for reading the access rules in the configuration file and setting corresponding interception access strategies according to the reading sequence of the access rules;
and the regional access control module is used for executing the interception access strategy to perform regional access control on access flow.
Optionally, the method further includes:
the acquisition module is used for acquiring an IP address library file and analyzing the IP address library file to obtain a physical area to which each IP address belongs and a public network IP address field owned by each physical area;
and the output module is used for outputting the public network IP address field owned by each physical area.
Optionally, the method further includes:
the second receiving module is used for receiving an input modification command;
and the execution module is used for executing the modification command to modify the access rule in the configuration file.
Optionally, the area access control module includes:
the determining submodule is used for determining an interception IP address and a release IP address according to the interception access strategy;
and the obtaining submodule is used for obtaining the IP address of the access flow, intercepting the access flow of which the IP address belongs to the intercepted IP address, and releasing the access flow of which the IP address belongs to the released IP address.
The present application also provides a regional access control device, including:
a memory for storing a computer program;
a processor for implementing the steps of the method of regional access control as claimed in any preceding claim when said computer program is executed.
The present application also provides a readable storage medium having stored thereon a computer program which, when executed by a processor, carries out the steps of the method of regional access control as claimed in any one of the preceding claims.
The method for controlling the area access comprises the following steps: receiving an input configuration file, and sequencing access rules in the configuration file according to a high-order priority order; reading the access rules in the configuration file, and setting corresponding interception access strategies according to the reading sequence of the access rules; and executing an interception access policy to perform regional access control on the access flow.
According to the technical scheme, after the configuration file is received, the access rules in the configuration file are sequenced according to a high-order priority order by using a preset sequencing algorithm, so that the access rules of a small area in the configuration file are sequenced in the front and the access rules of a large area in the back, the access rules of the small area have higher priority, and when the area access control setting is carried out in the face of the area coverage and the area with inconsistent configuration actions, the failure of the access rule setting of the small area can be avoided. The present application also provides a system, a device and a readable storage medium for controlling regional access, which have the above beneficial effects and are not described herein again.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of a method for controlling access to a region according to an embodiment of the present disclosure;
fig. 2 is a block diagram of a system for controlling access to a region according to an embodiment of the present disclosure;
fig. 3 is a block diagram of a regional access control device according to an embodiment of the present application.
Detailed Description
The core of the application is to provide a method, a system, a device and a readable storage medium for area access control, which are used for avoiding the condition of rule setting failure during area access control.
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, fig. 1 is a flowchart illustrating a method for controlling local access according to an embodiment of the present disclosure.
The method specifically comprises the following steps:
s101: receiving an input configuration file, and sequencing access rules in the configuration file according to a high-order priority order;
the area access control is an operation of blocking or releasing traffic in the IP home area. If the user does not want to be accessed by the own website or the designated regional people of the server, a regional access control system can be deployed at the entrance of the local machine traffic, the visiting traffic of the regional IP is blocked, and the security of the local network system is maintained.
However, the prior art has a problem of configuring the priority, and when the areas are covered and the actions are inconsistent, the areas which are set first have higher priority. For example, when the release of the Zhejiang is actually set first and then the Hangzhou block of the Zhejiang is set, the arrangement of the Hangzhou area actually takes the right place with respect to the action of the Zhejiang set first, that is, all the traffic from the Hangzhou area is released, which is equivalent to the rule of 'Hangzhou block of Zhejiang of China' set later, and cannot play a role. Due to the limitation of the priority, when the area access control setting is performed on the area which is covered and the configuration action is inconsistent, the rule setting fails; the present application therefore provides a solution to the above-mentioned problems.
The configuration file is a computer file, the configuration file is input by a user or a system and can configure parameters and initial settings for a computer program, in a specific embodiment, one or more access rules are stored in the configuration file, the access rules are randomly input by one or more users, no specific sequence exists in the configuration file, a situation that the access rule of a large area is arranged in front of the access rule of a small area, and the access rule of the small area is arranged behind the access rule of the large area can occur, so that the access rule of the small area cannot work, therefore, the step uses a preset ordering algorithm to order the access rules of the small area in the configuration file according to a high priority sequence, so that the access rule of the small area is arranged in front of the access rule of the large area, and the access rule of the small area is higher in priority, when region access control settings are performed in the face of regions which the regions are covered and the configuration actions are inconsistent, failure in setting access rules for a small area can be avoided.
The access rule mentioned here is a rule to be complied with by the access traffic, for example, a "China Zhejiang pass" field may be set to implement release in Zhejiang China, and a "China Zhejiang _ hang zhou block" field may be set to implement Hangzhou interception in Zhejiang China.
Preferably, the method may further output the public network IP address field owned by each physical area, so that the user sets the access rule meeting the service requirement, that is, before receiving the input configuration file, the following steps may be further performed:
acquiring an IP address library file, and analyzing the IP address library file to obtain a physical area to which each IP address belongs and a public network IP address field owned by each physical area;
and outputting the public network IP address field owned by each physical area.
In a specific embodiment, the regional access control is configured for the region requiring traffic limitation, the precision of the configured regional range should not be less than the minimum regional precision that the IP address library file can be analyzed, the free IP address library provided by the general businessman who specializes in IP address library service can be precise to the city, and if the IP address library is in a charged version, the precision of the IP address library is higher and can be precise to the county.
Optionally, when the access rule set by the user cannot meet the service requirement, the configuration rule may be modified by modifying the configuration file, so that the modified access rule can meet the service requirement, that is, before the access rule in the configuration file is sorted according to the high-order priority by using the preset sorting algorithm, the following steps may be further performed:
receiving an input modification command;
and executing the modification command to modify the access rule in the configuration file.
Optionally, the preset sorting algorithm mentioned here may be specifically a high-order-first character string sorting algorithm, and there are two common sorting algorithms for character strings, which are respectively a low-order-first sorting algorithm and a high-order-first sorting algorithm, where the low-order-first sorting algorithm checks characters from right to left, and the high-order-first sorting algorithm checks characters from left to right. The low-order priority character string ordering requires that the lengths of the character strings to be ordered are consistent, however, the lengths of the character strings are not consistent in many times, and the low-order priority ordering is not applicable, so that the high-order priority character string ordering algorithm is selected.
Optionally, a three-way character string quick sorting in a character string sorting algorithm may also be adopted, and based on the algorithm, after the configured regional access control rules are sorted, the configured and desired effect can be achieved as well.
S102: reading the access rules in the configuration file, and setting corresponding interception access strategies according to the reading sequence of the access rules;
s103: and executing an interception access policy to perform regional access control on the access flow.
Optionally, the executing of the interception access policy mentioned herein performs area access control on the access traffic, which may specifically be implemented by executing the following steps:
determining an interception IP address and a release IP address according to an interception access strategy;
and acquiring the IP address of the access flow, intercepting the access flow of which the IP address belongs to the intercepted IP address, and releasing the access flow of which the IP address belongs to the released IP address.
Optionally, the execution of the interception access policy mentioned here performs area access control on the access traffic, and may also be implemented by setting a corresponding interception release script file.
Based on the technical scheme, according to the method for controlling the access to the area, after the configuration file is received, the preset ordering algorithm is used for ordering the access rules in the configuration file according to the high-order priority order, so that the access rules of the small area in the configuration file are arranged in front of the access rules of the large area, the access rules of the small area are arranged behind the access rules of the small area, the access rules of the small area have higher priority, and when the area access control setting is carried out in the face of the area which is covered by the area and inconsistent in configuration action, the failure of the setting of the access rules of the small area can be avoided.
Referring to fig. 2, fig. 2 is a block diagram of a system for controlling local access according to an embodiment of the present disclosure.
The system may include:
a first receiving module 100, configured to receive an input configuration file, and sort access rules in the configuration file according to a high-order priority order;
a setting module 200, configured to read access rules in the configuration file, and set a corresponding interception access policy according to a reading sequence of the access rules;
the regional access control module 300 is configured to execute an interception access policy to perform regional access control on access traffic.
On the basis of the above embodiment, in a specific embodiment, the system may further include:
the acquisition module is used for acquiring the IP address library file and analyzing the IP address library file to obtain a physical area to which each IP address belongs and a public network IP address section owned by each physical area;
and the output module is used for outputting the public network IP address field owned by each physical area.
On the basis of the above embodiment, in a specific embodiment, the system may further include:
the second receiving module is used for receiving an input modification command;
and the execution module is used for executing the modification command to modify the access rule in the configuration file.
Based on the above embodiments, in a specific embodiment, the system area access control module 300 may include:
the determining submodule is used for determining an interception IP address and a release IP address according to the interception access strategy;
and the obtaining submodule is used for obtaining the IP address of the access flow, intercepting the access flow of which the IP address belongs to the intercepted IP address, and releasing the access flow of which the IP address belongs to the released IP address.
Since the embodiment of the system part corresponds to the embodiment of the method part, the embodiment of the system part is described with reference to the embodiment of the method part, and is not repeated here.
Referring to fig. 3, fig. 3 is a structural diagram of a local access control device according to an embodiment of the present application.
The regional access control device 400 may vary significantly depending on configuration or performance, and may include one or more processors (CPUs) 422 (e.g., one or more processors) and memory 432, one or more storage media 430 (e.g., one or more mass storage devices) storing applications 442 or data 444. Wherein the memory 432 and storage medium 430 may be transient or persistent storage. The program stored on the storage medium 430 may include one or more modules (not shown), each of which may include a sequence of instruction operations for the device. Still further, the processor 422 may be configured to communicate with the storage medium 430 to execute a series of instruction operations in the storage medium 430 on the regional access control device 400.
The local access control device 400 may also include one or more power supplies 424, one or more wired or wireless network interfaces 450, one or more input-output interfaces 458, and/or one or more operating systems 441, such as Windows Server, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, etc.
The steps in the method of area access control described above in fig. 1 are implemented by the area access control device based on the structure shown in this fig. 3.
It can be clearly understood by those skilled in the art that, for convenience and brevity of description, the specific working processes of the system, the apparatus and the module described above may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus, device and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, a division of modules is merely a division of logical functions, and an actual implementation may have another division, for example, a plurality of modules or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or modules, and may be in an electrical, mechanical or other form.
Modules described as separate parts may or may not be physically separate, and parts displayed as modules may or may not be physical modules, may be located in one place, or may be distributed on a plurality of network modules. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment.
In addition, functional modules in the embodiments of the present application may be integrated into one processing module, or each of the modules may exist alone physically, or two or more modules are integrated into one module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode.
The integrated module, if implemented in the form of a software functional module and sold or used as a separate product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a function calling device, or a network device) to execute all or part of the steps of the method of the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
A method, a system, a device and a readable storage medium for controlling local access provided by the present application are described in detail above. The principles and embodiments of the present application are explained herein using specific examples, which are provided only to help understand the method and the core idea of the present application. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.
It is further noted that, in the present specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
Claims (10)
1. A method for regional access control, comprising:
receiving an input configuration file, and sequencing access rules in the configuration file according to a high-order priority order;
reading the access rules in the configuration file, and setting corresponding interception access strategies according to the reading sequence of the access rules;
and executing the interception access strategy to perform regional access control on access flow.
2. The method of claim 1, wherein performing the interception access policy to perform regional access control on access traffic comprises:
determining an interception IP address and a release IP address according to the interception access strategy;
and acquiring the IP address of the access flow, intercepting the access flow of which the IP address belongs to the intercepted IP address, and releasing the access flow of which the IP address belongs to the released IP address.
3. The method of claim 1, prior to sorting the access rules in the configuration file in a high-order priority order using a pre-set sorting algorithm, further comprising:
receiving an input modification command;
and executing the modification command to modify the access rule in the configuration file.
4. The method of claim 1, prior to receiving the input configuration file, further comprising:
acquiring an IP address library file, and analyzing the IP address library file to obtain a physical area to which each IP address belongs and a public network IP address segment owned by each physical area;
and outputting the public network IP address field owned by each physical area.
5. A system for regional access control, comprising:
the first receiving module is used for receiving an input configuration file and sequencing access rules in the configuration file according to a high-order priority order;
the setting module is used for reading the access rules in the configuration file and setting corresponding interception access strategies according to the reading sequence of the access rules;
and the regional access control module is used for executing the interception access strategy to perform regional access control on access flow.
6. The system of claim 5, further comprising:
the acquisition module is used for acquiring an IP address library file and analyzing the IP address library file to obtain a physical area to which each IP address belongs and a public network IP address field owned by each physical area;
and the output module is used for outputting the public network IP address field owned by each physical area.
7. The system of claim 5, further comprising:
the second receiving module is used for receiving an input modification command;
and the execution module is used for executing the modification command to modify the access rule in the configuration file.
8. The system of claim 5, wherein the regional access control module comprises:
the determining submodule is used for determining an interception IP address and a release IP address according to the interception access strategy;
and the obtaining submodule is used for obtaining the IP address of the access flow, intercepting the access flow of which the IP address belongs to the intercepted IP address, and releasing the access flow of which the IP address belongs to the released IP address.
9. An area access control apparatus, characterized by comprising:
a memory for storing a computer program;
a processor for implementing the steps of the method of regional access control according to any of claims 1 to 4 when executing the computer program.
10. A readable storage medium, having stored thereon a computer program which, when being executed by a processor, carries out the steps of the method of regional access control according to any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011203457.4A CN112311800B (en) | 2020-11-02 | 2020-11-02 | Method, system, equipment and readable storage medium for area access control |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011203457.4A CN112311800B (en) | 2020-11-02 | 2020-11-02 | Method, system, equipment and readable storage medium for area access control |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112311800A true CN112311800A (en) | 2021-02-02 |
| CN112311800B CN112311800B (en) | 2023-04-07 |
Family
ID=74333629
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011203457.4A Active CN112311800B (en) | 2020-11-02 | 2020-11-02 | Method, system, equipment and readable storage medium for area access control |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112311800B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114338160A (en) * | 2021-12-29 | 2022-04-12 | 中软信息系统工程有限公司 | Program access control method and device, electronic equipment and storage medium |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1414757A (en) * | 2002-05-08 | 2003-04-30 | 华为技术有限公司 | Method of automatic sequential arranging access control list rule and its application |
| CN1725736A (en) * | 2005-06-30 | 2006-01-25 | 杭州华为三康技术有限公司 | Method for configuring access control list and its application |
| CN103647773A (en) * | 2013-12-11 | 2014-03-19 | 北京中创信测科技股份有限公司 | Fast encoding method of access control list (ACL) behavior set |
| CN104618140A (en) * | 2014-12-26 | 2015-05-13 | 上海斐讯数据通信技术有限公司 | ACL (access control list) table insertion sequencing method |
| US9305115B1 (en) * | 2010-10-04 | 2016-04-05 | Broadcom Corporation | Method and apparatus for reducing power consumption during rule searches in a content search system |
| US20180351845A1 (en) * | 2017-05-31 | 2018-12-06 | Fujitsu Limited | Network verification |
| US20190273721A1 (en) * | 2018-03-01 | 2019-09-05 | Fujitsu Limited | Network management apparatus, network management method, and non-transitory computer-readable storage medium |
| CN110896380A (en) * | 2019-11-28 | 2020-03-20 | 迈普通信技术股份有限公司 | Flow table screening method and device, electronic equipment and readable storage medium |
-
2020
- 2020-11-02 CN CN202011203457.4A patent/CN112311800B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1414757A (en) * | 2002-05-08 | 2003-04-30 | 华为技术有限公司 | Method of automatic sequential arranging access control list rule and its application |
| CN1725736A (en) * | 2005-06-30 | 2006-01-25 | 杭州华为三康技术有限公司 | Method for configuring access control list and its application |
| US9305115B1 (en) * | 2010-10-04 | 2016-04-05 | Broadcom Corporation | Method and apparatus for reducing power consumption during rule searches in a content search system |
| CN103647773A (en) * | 2013-12-11 | 2014-03-19 | 北京中创信测科技股份有限公司 | Fast encoding method of access control list (ACL) behavior set |
| CN104618140A (en) * | 2014-12-26 | 2015-05-13 | 上海斐讯数据通信技术有限公司 | ACL (access control list) table insertion sequencing method |
| US20180351845A1 (en) * | 2017-05-31 | 2018-12-06 | Fujitsu Limited | Network verification |
| US20190273721A1 (en) * | 2018-03-01 | 2019-09-05 | Fujitsu Limited | Network management apparatus, network management method, and non-transitory computer-readable storage medium |
| CN110896380A (en) * | 2019-11-28 | 2020-03-20 | 迈普通信技术股份有限公司 | Flow table screening method and device, electronic equipment and readable storage medium |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114338160A (en) * | 2021-12-29 | 2022-04-12 | 中软信息系统工程有限公司 | Program access control method and device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112311800B (en) | 2023-04-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110389900B (en) | Distributed database cluster testing method and device and storage medium | |
| CN108614726B (en) | Virtual machine creation method and device | |
| US20200358780A1 (en) | Security vulnerability assessment for users of a cloud computing environment | |
| US7647621B2 (en) | System, method and computer program product for applying electronic policies | |
| CN110162344B (en) | Isolation current limiting method and device, computer equipment and readable storage medium | |
| CN107578338B (en) | Service publishing method, device and equipment | |
| US20160274991A1 (en) | Optimization of Hardware Monitoring for Computing Devices | |
| CN112311800B (en) | Method, system, equipment and readable storage medium for area access control | |
| US20180107463A1 (en) | Safe loading of dynamic user-defined code | |
| US9720853B2 (en) | Universal serial bus (USB) key functioning as multiple USB keys so as to efficiently configure different types of hardware | |
| CN109597673B (en) | Method for creating virtual machine and scheduling equipment | |
| CN108900482B (en) | Script execution method, server management system, and storage medium | |
| CN106534227A (en) | Method and device of expanding distributed consistency service | |
| CN112712125A (en) | Event stream pattern matching method and device, storage medium and processor | |
| CN110399600A (en) | Generate the method and device of wide table | |
| CN110545328A (en) | Non-invasive service function expansion enhancing method and device and server | |
| US11050794B2 (en) | Generating security policies for end-user devices using group rankings and partial policy determinations | |
| CN115150268A (en) | Network configuration method and device of Kubernetes cluster and electronic equipment | |
| CN112417402B (en) | Authority control method, authority control device, authority control equipment and storage medium | |
| CN115208671A (en) | Firewall configuration method and device, electronic equipment and storage medium | |
| CN108733514B (en) | Method, system and equipment for realizing snapshot between heterogeneous storages | |
| US11150954B2 (en) | Mitigating resource scheduling conflicts in a cloud platform | |
| WO2021191014A1 (en) | Reducing attack surface by selectively collocating applications on host computers | |
| CN113806011B (en) | Cluster resource control method and device, cluster and computer readable storage medium | |
| JP7305898B2 (en) | Operation response method, operation response device, electronic device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |