CN113206845A - Network access control method, device, computer equipment and storage medium - Google Patents

Network access control method, device, computer equipment and storage medium Download PDF

Info

Publication number
CN113206845A
CN113206845A CN202110467501.0A CN202110467501A CN113206845A CN 113206845 A CN113206845 A CN 113206845A CN 202110467501 A CN202110467501 A CN 202110467501A CN 113206845 A CN113206845 A CN 113206845A
Authority
CN
China
Prior art keywords
network access
v2ray
employee
website
accessed
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110467501.0A
Other languages
Chinese (zh)
Other versions
CN113206845B (en
Inventor
赵应旺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tibet Ningsuan Technology Group Co ltd
Original Assignee
Dilu Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Dilu Technology Co Ltd filed Critical Dilu Technology Co Ltd
Priority to CN202110467501.0A priority Critical patent/CN113206845B/en
Publication of CN113206845A publication Critical patent/CN113206845A/en
Application granted granted Critical
Publication of CN113206845B publication Critical patent/CN113206845B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application relates to a network access control method, a network access control device, computer equipment and a storage medium. The method comprises the following steps: when an access request of a terminal for accessing a target website is received, acquiring a terminal identifier carried in the access request; acquiring an employee identifier associated with the terminal identifier according to the terminal identifier; acquiring a network access level associated with the employee identification according to the employee identification of the employee; matching a corresponding access control strategy according to the network access level, wherein the access control strategy is a v2ray routing rule which is configured in advance according to the network access level on the basis of a v2ray component; and forwarding the access request to a v2ray monitoring port corresponding to the access control strategy, so that the employee can access the specified website according with the network access level, and realizing access control on the specified equipment by forwarding the access request to the access control realized based on the v2ray, thereby improving the customization degree.

Description

Network access control method, device, computer equipment and storage medium
Technical Field
The present application relates to the field of internet technologies, and in particular, to a network access control method and apparatus, a computer device, and a storage medium.
Background
As the influence of the internet on the life of people increases, access control to internal networking devices becomes more and more important for enterprises, and a plurality of routers are appeared for controlling network access of the internal networking devices.
However, the existing router for controlling different devices to access the network can only simply control a single device, taking a tp-link commercial router as an example, although website filtering can be set, so that all users using the network are prohibited from accessing certain websites, such as shopping websites, and a part of the users cannot access the network when the users need to access the prohibited websites due to different working contents.
Therefore, the current method for controlling network access has low customization degree.
Disclosure of Invention
In view of the above, it is desirable to provide a network access control method, apparatus, computer device, and storage medium capable of improving the degree of customization.
A method of network access control, the method comprising:
when an access request of a terminal for accessing a target website is received, acquiring a terminal identifier carried in the access request;
acquiring an employee identifier associated with the terminal identifier according to the terminal identifier;
acquiring a network access level associated with the employee identification according to the employee identification of the employee;
matching a corresponding access control strategy according to the network access level, wherein the access control strategy is a v2ray routing rule which is configured in advance according to the network access level on the basis of a v2ray component;
and forwarding the access request to a v2ray monitoring port corresponding to the access control strategy, so that the staff can access the specified website according with the network access level.
In one embodiment, the method further comprises:
and acquiring employee identification, network access level and used terminal identification of the employee from the employee management system in real time, and updating the current employee identification, network access level and used terminal identification of the employee.
In one embodiment, the configuration mode of the v2ray routing rule is as follows:
determining a website which is allowed to be accessed or a website which is not allowed to be accessed by each employee according to the work content of each employee;
classifying the websites which are allowed to be accessed or not allowed to be accessed according to the same employees of the websites which are allowed to be accessed as a class, and determining the access types of the websites of the employees;
determining a corresponding network access level according to a website which is allowed to be accessed or a website which is not allowed to be accessed and corresponds to the employee website access type;
defining a v2ray monitoring port corresponding to the network access level based on a v2ray component;
and setting a routing rule of the v2ray monitoring port according to the website which is allowed to be accessed or the website which is not allowed to be accessed and corresponds to the network access level, and controlling the access of each employee to different websites.
In one embodiment, the step of setting a routing rule of the v2ray monitoring port according to a website which is allowed to be accessed or a website which is not allowed to be accessed and corresponds to the network access level, and controlling the access of each employee to different websites includes:
adding the website allowed to be accessed into a white list of the v2ray monitoring port according to the website allowed to be accessed corresponding to the network access level, enabling the v2ray monitoring port to monitor the website in the white list, and preventing access when the website not in the white list is monitored to be accessed;
and adding the website which is not allowed to be accessed into the blacklist of the v2ray monitoring port according to the website which is not allowed to be accessed and corresponds to the network access level, so that the v2ray monitoring port monitors the websites in the blacklist, and when the websites in the blacklist are monitored to be accessed, the access is prevented.
In one embodiment, the method further comprises:
and when the employee identification associated with the terminal identification is not acquired or the network access level associated with the employee identification is not acquired, forwarding the access request to a default v2ray monitoring port, and preventing the access request from accessing the target website through the v2ray monitoring port.
A network access control apparatus, the apparatus comprising:
the terminal comprises a request receiving module, a request sending module and a request receiving module, wherein the request receiving module is used for acquiring a terminal identifier carried in an access request when the access request of a terminal for accessing a target website is received;
the staff matching module is used for acquiring staff identifications associated with the terminal identifications according to the terminal identifications;
the network access level acquisition module is used for acquiring the network access level associated with the employee identification according to the employee identification of the employee;
the matching module is used for matching a corresponding access control strategy according to the network access level, wherein the access control strategy is a v2ray routing rule which is based on a v2ray component and is configured in advance according to the network access level;
and the network access control module is used for forwarding the access request to a v2ray monitoring port corresponding to the access control strategy so that the staff can access the specified website according with the network access level.
A computer device comprising a memory storing a computer program and a processor implementing the steps of the method when executing the computer program.
A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method.
According to the network access control method, the network access control device, the computer equipment and the storage medium, when an access request of a terminal for accessing a target website is received, a terminal identifier carried in the access request is obtained; acquiring an employee identifier associated with the terminal identifier according to the terminal identifier; acquiring a network access level associated with the employee identification according to the employee identification of the employee; matching a corresponding access control strategy according to the network access level, wherein the access control strategy is a v2ray routing rule which is configured in advance according to the network access level on the basis of a v2ray component; and forwarding the access request to a v2ray monitoring port corresponding to the access control strategy, so that the employee can access the specified website according with the network access level, and realizing access control on the specified equipment by forwarding the access request to the access control realized based on the v2ray, thereby improving the customization degree.
Drawings
FIG. 1 is a flow diagram illustrating a method for network access control in one embodiment;
FIG. 2 is a flow chart illustrating a network access control method according to another embodiment;
fig. 3 is a block diagram showing a configuration of a network access control device according to an embodiment.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.
The network access control method provided by the application can be applied to the environment of network access control of small enterprises. The openwrt open source router is used as a main body and can be realized by a computer with double network ports, an openwrt open source router operating system is downloaded and installed in the computer with the double network ports, the openwrt open source router operating system is started, a v2ray component is installed, a v2ray routing rule is configured, and the openwrt open source router realizes network access control on all internet access devices under the openwrt open source router through a network access control method, wherein the openwrt is a Linux distribution version suitable for embedded devices, a writable file system capable of adding software packages is provided, and the openwrt open source router is a router system with a high customizable degree; v2ray is a traffic agent distribution software, and supports a plurality of inbound and outbound protocols, each protocol can work independently, inbound traffic can be sent out by different outlets according to configuration, and shunting according to regions or domain names is easily realized to achieve optimal network performance.
When a flow forwarding program of the openwrt open source router receives an access request of a terminal for accessing a target website, acquiring a terminal identifier carried in the access request; acquiring an employee identifier associated with the terminal identifier by a flow forwarding program of the openwrt open source router according to the terminal identifier; the flow forwarding program of the openwrt open source router acquires a network access level associated with the employee identification according to the employee identification; matching a corresponding access control strategy by a flow forwarding program of the openwrt open source router according to the network access level, wherein the access control strategy is a v2ray routing rule which is based on a v2ray component and is configured in advance according to the network access level; and the flow forwarding program of the openwrt open source router forwards the access request to a v2ray monitoring port corresponding to the access control strategy, so that the staff can access the specified website according with the network access level.
In one embodiment, as shown in fig. 1, a network access control method is provided, which takes an openwrt open source router as an execution subject, and includes the following steps:
step S220, when receiving an access request of the terminal to access the target website, acquiring a terminal identifier carried in the access request.
Wherein the terminal is a terminal under the local area network of the openwrt open source router. The destination website refers to a website which is requested to be accessed, and the terminal identifier is information for identifying the terminal, such as an IP address, a terminal identification code, and the like.
And step S240, acquiring the employee identification associated with the terminal identification according to the terminal identification.
Wherein, the employee identification, the network access level and the used terminal identification of the employee. The employee identification of the employee can be correspondingly searched in the database through the terminal identification.
In one embodiment, the network access control method further comprises:
and acquiring employee identification, network access level and used terminal identification of the employee from the employee management system in real time, and updating the current employee identification, network access level and used terminal identification of the employee.
Network management staff of an enterprise edit staff identifications, network access levels and used terminal identifications of the staff through a staff management system, or update staff identifications, network access levels and used terminal identifications of the staff, openwrt open source routers perform data interaction with the staff management system in real time to obtain the staff identifications, the network access levels and the used terminal identifications of the current staff, and when an access request exists, network access of the staff can be accurately controlled.
And step S260, acquiring the network access level associated with the employee identification according to the employee identification.
The network access level is associated with the employee identification, and after the employee identification is determined, the associated network access level can be obtained according to the employee identification.
And step S280, matching a corresponding access control strategy according to the network access level, wherein the access control strategy is a v2ray routing rule which is configured in advance according to the network access level on the basis of the v2ray component.
Different network access levels correspond to different access control strategies, and the corresponding access control strategies are matched through the corresponding relation between the network access levels and the access control strategies.
In one embodiment, the configuration mode of the v2ray routing rule is as follows:
determining websites which are allowed to be accessed or websites which are not allowed to be accessed by each employee according to the work content of each employee; classifying the websites according to the websites which are allowed to be accessed or the websites which are not allowed to be accessed by each employee, and determining the access types of the websites of the employees according to the categories of the employees which are the same as the websites which are allowed to be accessed; determining a corresponding network access level according to a website which is allowed to be accessed or a website which is not allowed to be accessed and corresponds to the employee website access type; defining a v2ray monitoring port corresponding to the network access level based on the v2ray component; and setting a routing rule of the v2ray monitoring port according to the website which is allowed to be accessed or the website which is not allowed to be accessed and corresponds to the network access level, and controlling the staff to access different websites on the internet.
In one embodiment, the step of setting the routing rule of the v2ray monitoring port according to the website which is allowed to be accessed or the website which is not allowed to be accessed and corresponds to the network access level, and controlling the internet access of various employees to access different websites includes: adding the website allowed to be accessed into a white list of the v2ray monitoring port according to the website allowed to be accessed corresponding to the network access level, enabling the v2ray monitoring port to monitor the websites in the white list, and preventing access when the websites in the white list are not monitored to be accessed; and adding the website which is not allowed to be accessed into the blacklist of the v2ray monitoring port according to the website which is not allowed to be accessed and corresponds to the network access level, so that the v2ray monitoring port monitors the websites in the blacklist, and when the websites in the blacklist are monitored to be accessed, the access is prevented.
And step S300, forwarding the access request to a v2ray monitoring port corresponding to the access control strategy, so that the employee can access the specified website according with the network access level.
If the blacklist is established by the v2ray monitoring port, the v2ray monitoring port prevents access by judging whether a target website accessed by the access request is a website in the blacklist and is a website in the blacklist, and if not, the access is allowed; if the white list is formulated by the v2ray monitoring port, the v2ray monitoring port allows access by judging whether the target website accessed by the access request is a website in the white list or not, and if not, the access is prevented.
According to the network access control method, when an access request of a terminal for accessing a target website is received, a terminal identifier carried in the access request is obtained; determining the staff using the terminal according to the terminal identification; acquiring a network access level associated with the employee identification according to the employee identification of the employee; matching a corresponding access control strategy according to the network access level, wherein the access control strategy is based on a v2ray routing rule pre-configured by a v2ray component; and forwarding the access request to a v2ray monitoring port corresponding to the access control strategy, so that the employee can access the specified website according with the network access level, and realizing the access control on the specified equipment by forwarding the access request to the access control realized based on the v2ray, thereby improving the customization degree.
In one embodiment, the network access control method further comprises: and when the employee identification associated with the terminal identification is not acquired or the network access level associated with the employee identification is not acquired, forwarding the access request to a default v2ray monitoring port, and preventing the access request from accessing the target website through the v2ray monitoring port.
Wherein the default v2ray listening port prohibits all websites from requesting access.
To describe the present application more clearly, in order to apply to the networking construction of small enterprises, a scene that the staff internet surfing behavior needs to be finely controlled and is integrated with a staff management system is provided with an embodiment of a network access control method, which includes the following steps:
before executing the network access control method, an openwrt open source router is set up in advance, and the specific steps are as follows:
the method comprises the following steps: and downloading and installing an openwrt open source router operating system by adopting a computer with double network ports.
Step two: and starting an openwrt open source router operating system, installing a v2ray component, configuring a v2ray routing rule, and completing construction of the openwrt open source router.
Configure v2ray routing rules for example: defining a v2ray listening port, such as: 10011, then, a routing rule is defined for the traffic flowing into the v2ray listening port (i.e. the access request through the v2ray listening port), and the routing rule defines that the traffic flowing from the 10011v2ray listening port can only access the web site example a. Thus, there is an access control policy, which is assumed to be level 1. More access control policies can be set according to needs, for example, v2ray listening port 10012 of level2 is set, and the routing rule is example b.com, so that there is an access control policy that can only access example b.com, and more access control policies can be customized according to needs.
As shown in fig. 2, the network access control method is performed:
forwarding traffic (namely an access request sent by a terminal under a local area network of an openwrt open-source router) by using a traffic forwarding program (the traffic forwarding program is a control program in an openwrt open-source router operating system and is realized based on iptables, and IP and authority information of employee networking equipment are acquired from an enterprise employee management system, and iptables of an openwrt router is configured); assuming that the computer IP address of employee B is 192.168.0.102, and the network access level determined according to the computer IP address can only access web site example b.com, the traffic of the computer IP address is completely forwarded to 10012, so that employee B can only access web site example b.com.
The flow forwarding program acquires the employee Internet access authority (the employee Internet access authority comprises employee identification, network access level and used terminal identification of the employee) from the employee management system in real time, and updates the current employee identification, network access level, used terminal identification and Internet access state of the employee.
The flow forwarding program also determines the internet surfing state of the staff according to the inflow flow, and reports the internet surfing state of the staff to the staff management system, so that the staff management system can further analyze the internet surfing behavior of the staff, such as what website is accessed by a computer and what file is downloaded; and analyzing the network fault reason and the like.
The network access control method is mainly based on an openwrt open source router system, uses a v2ray component to realize an access control strategy aiming at a website, reads a terminal IP address and internet access authority information of an employee from an enterprise employee management system, and forwards flow to different access control strategies realized based on the v2ray component by combining iptables, so that fine control aiming at equipment internet access is realized, and low-cost and highly customizable small enterprise network access control is realized; furthermore, the control of the employee Internet access authority is aimed at, and the control is integrated with an employee management system of an enterprise, so that the integration of the employee Internet access and the employee management system is realized, and the defect that a commercial router cannot be highly customized and integrated is overcome.
It should be understood that, although the steps in the flowchart of fig. 1 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least a portion of the steps in fig. 1 may include multiple sub-steps or multiple stages that are not necessarily performed at the same time, but may be performed at different times, and the order of performance of the sub-steps or stages is not necessarily sequential, but may be performed in turn or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
In one embodiment, as shown in fig. 3, there is provided a network access control apparatus including: a request receiving module 410, an employee matching module 420, a network access level obtaining module 430, a matching module 440, and a network access control module 450.
The request receiving module 410 is configured to, when an access request for the terminal to access the target website is received, obtain a terminal identifier carried in the access request.
And the employee matching module 420 is configured to obtain, according to the terminal identifier, an employee identifier associated with the terminal identifier.
And a network access level obtaining module 430, configured to obtain, according to the employee identifier of the employee, a network access level associated with the employee identifier.
And the matching module 440 is configured to match a corresponding access control policy according to the network access level, where the access control policy is a v2ray routing rule configured in advance according to the network access level based on the v2ray component.
And the network access control module 450 is configured to forward the access request to a v2ray monitoring port corresponding to the access control policy, so that the employee accesses a specified website meeting the network access level.
In one embodiment, the network access control device further comprises an information acquisition module: the system is used for acquiring employee identification, network access level and used terminal identification of the employee from the employee management system in real time, and updating the current employee identification, network access level and used terminal identification of the employee.
In one embodiment, the network access control device further comprises a rule configuration module: the system comprises a website determining module, a website determining module and a website determining module, wherein the website determining module is used for determining websites which are allowed to be accessed or websites which are not allowed to be accessed by each employee according to the work content of each employee; classifying the websites according to the websites which are allowed to be accessed or the websites which are not allowed to be accessed by each employee, and determining the access types of the websites of the employees according to the categories of the employees which are the same as the websites which are allowed to be accessed; determining a corresponding network access level according to a website which is allowed to be accessed or a website which is not allowed to be accessed and corresponds to the employee website access type; defining a v2ray monitoring port corresponding to the network access level based on the v2ray component; and setting a routing rule of the v2ray monitoring port according to the website which is allowed to be accessed or the website which is not allowed to be accessed and corresponds to the network access level, and controlling the staff to access different websites on the internet.
In one embodiment, the rule configuration module is further to: adding the website allowed to be accessed into a white list of the v2ray monitoring port according to the website allowed to be accessed corresponding to the network access level, enabling the v2ray monitoring port to monitor the websites in the white list, and preventing access when the websites in the white list are not monitored to be accessed; and adding the website which is not allowed to be accessed into the blacklist of the v2ray monitoring port according to the website which is not allowed to be accessed and corresponds to the network access level, so that the v2ray monitoring port monitors the websites in the blacklist, and when the websites in the blacklist are monitored to be accessed, the access is prevented.
In one embodiment, the network access control module is further configured to: and when the employee identification associated with the terminal identification is not acquired or the network access level associated with the employee identification is not acquired, forwarding the access request to a default v2ray monitoring port, and preventing the access request from accessing the target website through the v2ray monitoring port.
For specific limitations of the network access control device, reference may be made to the above limitations of the network access control method, which are not described herein again. The modules in the network access control device can be implemented in whole or in part by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, comprising a memory and a processor, the memory storing a computer program, the processor implementing the steps of the network access control method described above when executing the computer program.
In an embodiment, a computer-readable storage medium is provided, on which a computer program is stored, which computer program, when being executed by a processor, carries out the steps of the network access control method described above.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware related to instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (8)

1. A method for network access control, the method comprising:
when an access request of a terminal for accessing a target website is received, acquiring a terminal identifier carried in the access request;
acquiring an employee identifier associated with the terminal identifier according to the terminal identifier;
acquiring a network access level associated with the employee identification according to the employee identification;
matching a corresponding access control strategy according to the network access level, wherein the access control strategy is a v2ray routing rule which is configured in advance according to the network access level on the basis of a v2ray component;
and forwarding the access request to a v2ray monitoring port corresponding to the access control strategy, so that the staff can access the specified website according with the network access level.
2. The method of claim 1, further comprising:
and acquiring employee identification, network access level and used terminal identification of the employee from the employee management system in real time, and updating the current employee identification, network access level and used terminal identification of the employee.
3. The method of claim 1, wherein the v2ray routing rule is configured in a manner that:
determining a website which is allowed to be accessed or a website which is not allowed to be accessed by each employee according to the work content of each employee;
classifying the websites which are allowed to be accessed or not allowed to be accessed according to the same employees of the websites which are allowed to be accessed as a class, and determining the access types of the websites of the employees;
determining a corresponding network access level according to a website which is allowed to be accessed or a website which is not allowed to be accessed and corresponds to the employee website access type;
defining a v2ray monitoring port corresponding to the network access level based on a v2ray component;
and setting a routing rule of the v2ray monitoring port according to the website which is allowed to be accessed or the website which is not allowed to be accessed and corresponds to the network access level, and controlling the access of each employee to different websites.
4. The method according to claim 3, wherein the step of setting the routing rule of the v2ray monitoring port according to the website which is allowed to be accessed or the website which is not allowed to be accessed and corresponds to the network access level, and controlling the internet access of each employee to access different websites comprises the following steps:
adding the website allowed to be accessed into a white list of the v2ray monitoring port according to the website allowed to be accessed corresponding to the network access level, enabling the v2ray monitoring port to monitor the website in the white list, and preventing access when the website not in the white list is monitored to be accessed;
and adding the website which is not allowed to be accessed into the blacklist of the v2ray monitoring port according to the website which is not allowed to be accessed and corresponds to the network access level, so that the v2ray monitoring port monitors the websites in the blacklist, and when the websites in the blacklist are monitored to be accessed, the access is prevented.
5. The method of claim 1, further comprising:
and when the employee identification associated with the terminal identification is not acquired or the network access level associated with the employee identification is not acquired, forwarding the access request to a default v2ray monitoring port, and preventing the access request from accessing the target website through the v2ray monitoring port.
6. A network access control apparatus, the apparatus comprising:
the terminal comprises a request receiving module, a request sending module and a request receiving module, wherein the request receiving module is used for acquiring a terminal identifier carried in an access request when the access request of a terminal for accessing a target website is received;
the staff matching module is used for acquiring staff identifications associated with the terminal identifications according to the terminal identifications;
the network access level acquisition module is used for acquiring the network access level associated with the employee identification according to the employee identification of the employee;
the matching module is used for matching a corresponding access control strategy according to the network access level, wherein the access control strategy is a v2ray routing rule which is based on a v2ray component and is configured in advance according to the network access level;
and the network access control module is used for forwarding the access request to a v2ray monitoring port corresponding to the access control strategy so that the staff can access the specified website according with the network access level.
7. A computer device comprising a memory and a processor, the memory storing a computer program, wherein the processor implements the steps of the method of any one of claims 1 to 5 when executing the computer program.
8. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 5.
CN202110467501.0A 2021-04-28 2021-04-28 Network access control method, device, computer equipment and storage medium Active CN113206845B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110467501.0A CN113206845B (en) 2021-04-28 2021-04-28 Network access control method, device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110467501.0A CN113206845B (en) 2021-04-28 2021-04-28 Network access control method, device, computer equipment and storage medium

Publications (2)

Publication Number Publication Date
CN113206845A true CN113206845A (en) 2021-08-03
CN113206845B CN113206845B (en) 2023-08-11

Family

ID=77027102

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110467501.0A Active CN113206845B (en) 2021-04-28 2021-04-28 Network access control method, device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN113206845B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115941316A (en) * 2022-12-05 2023-04-07 广州力麒智能科技有限公司 Intelligent self-service terminal middleware calling method and device

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1527209A (en) * 2003-03-06 2004-09-08 华为技术有限公司 Network access control method based onuser's account number
CN102118749A (en) * 2009-12-30 2011-07-06 比亚迪股份有限公司 Network access control device for mobile terminal and mobile terminal equipment
CN102891826A (en) * 2011-06-27 2013-01-23 成都市华为赛门铁克科技有限公司 Control method, equipment and system for webpage access
CN106572116A (en) * 2016-11-10 2017-04-19 长春理工大学 Role-and-attribute-based cross-domain secure switch access control method of integrated network
CN107426168A (en) * 2017-05-23 2017-12-01 国网山东省电力公司电力科学研究院 A kind of Secure Network Assecc processing method and processing device
CN107888614A (en) * 2017-12-01 2018-04-06 大猫网络科技(北京)股份有限公司 A kind of user right determination methods and device
CN109472159A (en) * 2018-11-15 2019-03-15 泰康保险集团股份有限公司 Access control method, device, medium and electronic equipment
CN111800440A (en) * 2020-09-08 2020-10-20 平安国际智慧城市科技股份有限公司 Multi-policy access control login method and device, computer equipment and storage medium

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1527209A (en) * 2003-03-06 2004-09-08 华为技术有限公司 Network access control method based onuser's account number
CN102118749A (en) * 2009-12-30 2011-07-06 比亚迪股份有限公司 Network access control device for mobile terminal and mobile terminal equipment
CN102891826A (en) * 2011-06-27 2013-01-23 成都市华为赛门铁克科技有限公司 Control method, equipment and system for webpage access
CN106572116A (en) * 2016-11-10 2017-04-19 长春理工大学 Role-and-attribute-based cross-domain secure switch access control method of integrated network
CN107426168A (en) * 2017-05-23 2017-12-01 国网山东省电力公司电力科学研究院 A kind of Secure Network Assecc processing method and processing device
CN107888614A (en) * 2017-12-01 2018-04-06 大猫网络科技(北京)股份有限公司 A kind of user right determination methods and device
CN109472159A (en) * 2018-11-15 2019-03-15 泰康保险集团股份有限公司 Access control method, device, medium and electronic equipment
CN111800440A (en) * 2020-09-08 2020-10-20 平安国际智慧城市科技股份有限公司 Multi-policy access control login method and device, computer equipment and storage medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115941316A (en) * 2022-12-05 2023-04-07 广州力麒智能科技有限公司 Intelligent self-service terminal middleware calling method and device
CN115941316B (en) * 2022-12-05 2023-08-08 广州力麒智能科技有限公司 Intelligent self-service terminal middleware calling method and device

Also Published As

Publication number Publication date
CN113206845B (en) 2023-08-11

Similar Documents

Publication Publication Date Title
CN110311929B (en) Access control method and device, electronic equipment and storage medium
KR100950840B1 (en) Modular network-assisted policy resolution
US20070288613A1 (en) Providing support for responding to location protocol queries within a network node
RU2560821C2 (en) Communication system, control device, communication method and programme
US20070274285A1 (en) System and method for configuring a router
US20070274230A1 (en) System and method for modifying router firmware
US20070274314A1 (en) System and method for creating application groups
JP2014518021A (en) COMMUNICATION SYSTEM, CONTROL DEVICE, COMMUNICATION METHOD, AND PROGRAM
US11050716B1 (en) Secure communication method and system using network socket proxying
CN112953745B (en) Service calling method, system, computer device and storage medium
JP7476366B2 (en) Relay method, relay system, and relay program
CN113206845B (en) Network access control method, device, computer equipment and storage medium
CN112866214A (en) Firewall strategy issuing method and device, computer equipment and storage medium
US8914339B2 (en) Device for managing data filters
US10541872B2 (en) Network policy distribution
KR101922795B1 (en) Apparatus and method for providing of IoT service
JP5110082B2 (en) Communication control system, communication control method, and communication terminal
US11533229B2 (en) Method and system for signaling communication configuration for Iot devices using manufacturer usage description files
US20220414211A1 (en) Method for coordinating the mitigation of a cyber attack, associated device and system
Cisco Introduction to Network Security Policy
CN115001826B (en) Network access control method, device, network equipment and storage medium
CN114422214B (en) Access information processing method, device, equipment and computer storage medium
CN114679428A (en) Method, device, computer equipment and storage medium for adding EIP on NAT rule
CN116455594A (en) Distributed intelligent lighting system, access method and related device
CN116170198A (en) Message processing method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20230209

Address after: 11 / F, Liuwu building, Liuwu New District, Lhasa City, Tibet Autonomous Region, 850000

Applicant after: Tibet ningsuan Technology Group Co.,Ltd.

Address before: 210038 building A1, Huizhi Science Park, 8 Hengtai Road, Qixia District, Nanjing City, Jiangsu Province

Applicant before: DILU TECHNOLOGY Co.,Ltd.

GR01 Patent grant
GR01 Patent grant