CN114024947A - Web access method and device based on browser - Google Patents

Web access method and device based on browser Download PDF

Info

Publication number
CN114024947A
CN114024947A CN202210005478.8A CN202210005478A CN114024947A CN 114024947 A CN114024947 A CN 114024947A CN 202210005478 A CN202210005478 A CN 202210005478A CN 114024947 A CN114024947 A CN 114024947A
Authority
CN
China
Prior art keywords
domain name
access
browser
access scheme
web
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210005478.8A
Other languages
Chinese (zh)
Other versions
CN114024947B (en
Inventor
童兆丰
黄雅芳
薛锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing ThreatBook Technology Co Ltd
Original Assignee
Beijing ThreatBook Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing ThreatBook Technology Co Ltd filed Critical Beijing ThreatBook Technology Co Ltd
Priority to CN202210005478.8A priority Critical patent/CN114024947B/en
Publication of CN114024947A publication Critical patent/CN114024947A/en
Application granted granted Critical
Publication of CN114024947B publication Critical patent/CN114024947B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/955Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]

Abstract

The application provides a web access method and a device based on a browser, wherein the web access method based on the browser comprises the following steps: detecting an access URL input by a user in a browser; judging whether the local PAC script exists and is the latest version; when the local PAC script exists and is the latest version, analyzing a host from the access URL; constructing a proxy search instruction through a host, user information, a domain name of a DNS authoritative server and a proxy search function in a local PAC script; sending a proxy search instruction to a DNS authoritative server so that the DNS authoritative server carries out domain name search according to the proxy search instruction to obtain an access scheme identifier IP address; determining a web access scheme according to the access scheme identification IP address; the web access scheme is a black domain name access scheme, a gray domain name access scheme or a white domain name access scheme; the web access is performed according to a web access scheme. Therefore, the implementation of the embodiment can effectively control the Web access risk of the browser.

Description

Web access method and device based on browser
Technical Field
The application relates to the field of network security, in particular to a web access method and device based on a browser.
Background
With the popularization and development of web access, web applications have become the most popular applications in the internet at present. While the web brings convenience to users, hackers have also begun to attack users' device terminals using the web. Many of these bugs and attacks occur when a browser accesses a malicious web site. Therefore, how to prevent the malicious website from being accessed through the browser has become a problem which needs to be solved urgently by various organizations and individuals. At present, in order to solve this problem, a method for performing security policy filtering on a gateway device is proposed by those in the art. However, the method has the problems of inconvenient hardware deployment and relatively complex capacity expansion, expansion and the like; and when effective web access control is carried out, a threat intelligence library or other libraries need to be configured in advance, so that the perception capability of the new threat is poor.
Disclosure of Invention
The embodiment of the application aims to provide a Web access method and device based on a browser, which can effectively control the Web access risk of the browser. Meanwhile, the method is simple and convenient to deploy, and the user can complete deployment only by configuring the PAC URL in the browser, so that other operation and maintenance work is avoided. Secondly, the method can analyze and identify risks and threats in time by the cloud end, so that the perception capability of the cloud end to new threats is improved, and the information lag is avoided. In addition, the PAC script used by the method does not need to be updated frequently, and the convenience degree of the method application is greatly improved.
A first aspect of an embodiment of the present application provides a web access method based on a browser, including: detecting an access URL input by a user in a browser;
judging whether the local PAC script exists and is the latest version;
when the local PAC script exists and is the latest version, analyzing a host from the access URL;
constructing a proxy search instruction through the host, the user information, the domain name of the DNS authoritative server and a proxy search function in the local PAC script;
sending the proxy search instruction to the DNS authoritative server so that the DNS authoritative server carries out domain name query according to the proxy search instruction to obtain an access scheme Identifier (IP) address;
determining a web access scheme according to the access scheme identification IP address; the web access scheme is a black domain name access scheme, a gray domain name access scheme or a white domain name access scheme;
and performing web access according to the web access scheme.
In the implementation process, the method can construct the proxy search instruction according to the PAC script, and select the corresponding server to perform the Web access according to the proxy search instruction, so that the effect of effectively controlling the Web access risk of the browser can be realized.
Further, before the step of detecting the URL entered by the user in the browser, the method further includes:
setting a special PAC URL matched with customer information in the PAC configuration of the browser;
and downloading the local PAC script through the special PAC URL.
Further, the method further comprises:
and when the local PAC script does not exist or is not the latest version, downloading the latest PAC script through a special PAC URL, updating the local PAC script according to the latest PAC script, and executing the step of analyzing the host from the access URL.
Further, the step of constructing a proxy search instruction by the host, the user information, the domain name of the DNS authoritative server, and the proxy search function in the local PAC script includes:
and sequentially splicing the host, the user information and the domain name of the DNS authoritative server according to a proxy search function in the local PAC script to obtain a proxy search instruction.
Further, the DNS authoritative server performs domain name query according to the proxy search instruction to obtain a black domain name, a gray domain name or a white domain name; wherein the content of the first and second substances,
the IP inquiry address corresponding to the black domain name is a black domain name access scheme identification IP address;
the IP inquiry address corresponding to the grey domain name is a grey domain name access scheme identification IP address;
and the IP inquiry address corresponding to the white domain name is a white domain name access scheme identification IP address.
Further, when the web access scheme is a black domain name access scheme, the step of performing web access according to the web access scheme includes:
and sending the URL access request to an interception server in an agent mode so as to enable the interception server to return an interception alarm page.
Further, when the web access scheme is a grey domain name access scheme, the step of performing web access according to the web access scheme includes:
sending a URL access request to an HTTP/HTTPS proxy server in a proxy mode, so that the HTTP/HTTPS proxy server forwards the URL access request to a real server, and the HTTP/HTTPS proxy server receives a web response of the real server, detects and filters the web response, and obtains and forwards a web security response to the browser;
and receiving a web security response fed back by the HTTP/HTTPS proxy server.
Further, when the web access scheme is a white domain name access scheme, the step of performing web access according to the web access scheme includes:
sending a URL access request to a real server to cause the real server to return a web response.
Further, the method further comprises:
and when the access scheme identification IP address is not acquired, sending a URL access request to a real server so that the real server returns a web response.
A second aspect of an embodiment of the present application provides a web access apparatus based on a browser, where the web access apparatus based on the browser includes:
the detection unit is used for detecting an access URL input by a user in a browser;
the judging unit is used for judging whether the local PAC script exists and is the latest version;
a parsing unit, configured to parse a host from the access URL when the local PAC script exists and is the latest version;
the building unit is used for building a proxy search instruction through the host, the user information, the domain name of the DNS authoritative server and the proxy search function in the local PAC script;
a sending unit, configured to send the proxy search instruction to the DNS authoritative server, so that the DNS authoritative server performs domain name query according to the proxy search instruction to obtain an access scheme identifier IP address;
the determining unit is used for determining a web access scheme according to the access scheme identification IP address; the web access scheme is a black domain name access scheme, a gray domain name access scheme or a white domain name access scheme;
and the access unit is used for performing web access according to the web access scheme.
In the implementation process, the device can construct a proxy search instruction according to the PAC script, return an access scheme identification IP address according to the proxy search instruction, and select a corresponding server for Web access according to the access scheme identification IP address, so that the effect of effectively controlling the Web access risk of the browser can be realized.
A third aspect of embodiments of the present application provides an electronic device, including a memory and a processor, where the memory is used to store a computer program, and the processor runs the computer program to enable the electronic device to execute the browser-based web access method according to any one of the first aspect of embodiments of the present application.
A fourth aspect of the embodiments of the present application provides a computer-readable storage medium, which stores computer program instructions, and when the computer program instructions are read and executed by a processor, the computer program instructions perform the browser-based web access method according to any one of the first aspect of the embodiments of the present application.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.
Fig. 1 is a schematic flowchart of a web access method based on a browser according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of a web access device based on a browser according to an embodiment of the present application;
FIG. 3 is a block diagram of an application system of a browser-based web access method according to an embodiment of the present application;
fig. 4 is a schematic flowchart illustrating a web access method based on a browser according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures. Meanwhile, in the description of the present application, the terms "first", "second", and the like are used only for distinguishing the description, and are not to be construed as indicating or implying relative importance.
Example 1
Referring to fig. 1, fig. 1 is a flowchart illustrating a web access method based on a browser according to an embodiment of the present application. The web access method based on the browser comprises the following steps:
s101, detecting an access URL input by a user in a browser.
In this embodiment, before the step of detecting the access URL input by the user in the browser, the method further includes:
setting a special PAC URL matched with the client information in the PAC configuration of the browser;
the local PAC script is downloaded via the dedicated PAC URL.
In this embodiment, the method may configure, in the PAC server, a dedicated PAC script for each client in advance, where the script includes the following findproxyforrl function (i.e., a subsequent proxy lookup function):
function FindProxyForURL(url, host)
{
IPcode = dnssresolve (host + ', < client ID >. pac. onedns. net');
switch (IPcode) {
case '127.255.0.1':
return "PROXY < intercept server IP > < intercept service port >";
case '127.255.0.2':
return "PROXY < HTTP/HTTPs PROXY server IP > < HTTP/HTTPs PROXY service port >";
case '127.255.0.3':
return "DIRECT";
default:
break;
}
return 'DIRECT';
}
wherein < client ID > is the client specific string; the interception server IP is the IP address of the interception server and the port number intercepted by the interception service; the HTTP/HTTPS proxy server IP is the IP address of the HTTP/HTTPS proxy server and the port number intercepted by the proxy server.
In this embodiment, the user may download the latest PAC script specific to the client via the specific PAC URL. The PAC script is a proprietary script.
In this embodiment, the browser may automatically set the PAC script as the client's private PAC URL in the browser's PAC configuration when it is downloaded to the latest PAC script.
S102, judging whether the local PAC script exists and is the latest version; if yes, executing steps S103-S109; if not, the flow is ended.
As an optional implementation, the method further comprises:
when the local PAC script does not exist or the local PAC script is not the latest version, the latest PAC script is downloaded through the dedicated PAC URL, the local PAC script is updated according to the latest PAC script, and step S103 is performed.
In this embodiment, when the user inputs the accessed URL in the browser, the browser may automatically determine whether the local PAC script exists or is updated. And if the current PAC script does not exist or is updated, requesting the latest PAC script from the PAC server according to the configured PAC URL, acquiring the latest PAC script from the PAC server and storing the latest PAC script to the local.
S103, analyzing the host from the access URL.
And S104, sequentially splicing the host, the user information and the domain name of the DNS authoritative server according to the proxy search function in the local PAC script to obtain a proxy search instruction.
In this embodiment, the browser may parse the host from the access URL input by the user, and call the proxy lookup function FindProxyForURL (URL, host) in the dedicated PAC script using the URL and the host parameter. When the proxy lookup function executes the statement, "IPcode = dnResolve (host + ', < client ID >. pac. onedns.net')," the host string and ". < client ID >. pac. onedns.net" are spliced into a new domain name, and the IP address corresponding to the domain name is queried through a DNS protocol.
And S105, sending a proxy searching instruction to the DNS authoritative server so that the DNS authoritative server carries out domain name searching according to the proxy searching instruction to obtain an access scheme identifier IP address.
In this embodiment, the DNS authoritative server performs domain name query according to the proxy search instruction to obtain a black domain name, a gray domain name, or a white domain name; wherein the content of the first and second substances,
the IP inquiry address corresponding to the black domain name is a black domain name access scheme identification IP address;
the IP inquiry address corresponding to the grey domain name is a grey domain name access scheme identification IP address;
and the IP inquiry address corresponding to the white domain name is the white domain name access scheme identification IP address.
In this embodiment, when receiving a query for a "< host >, < client ID >,. pac.onedns.net'" domain name, the DNS authority server extracts a < client ID > and a < host > from the queried domain name, then queries the < host > according to a Web access policy corresponding to the < client ID >, and returns different IP addresses according to a query result:
a) if the domain name is black, the Web access needs to be intercepted, and the returned IP address is '127.255.0.1';
b) a grey domain name, wherein if the flow needs to be detected and filtered in the Web access, the returned IP address is '127.255.0.2';
c) with the domain name, such Web access can proceed normally, returning an IP address of "127.255.0.3".
S106, determining a web access scheme according to the IP address of the access scheme identifier; the web access scheme is a black domain name access scheme, a gray domain name access scheme or a white domain name access scheme; and triggering and executing corresponding steps in the steps S107-S109 according to the web access scheme.
And S107, when the web access scheme is the black domain name access scheme, sending a URL access request to the interception server in an agent mode so that the interception server returns an interception alarm page.
S108, when the web access scheme is a grey domain name access scheme, sending a URL access request to an HTTP/HTTPS proxy server in a proxy mode so that the HTTP/HTTPS proxy server forwards the URL access request to a real server, enabling the HTTP/HTTPS proxy server to receive a web response of the real server, detecting and filtering the web response, and obtaining and forwarding a web security response to a browser; and receiving a web security response fed back by the HTTP/HTTPS proxy server.
And S109, when the web access scheme is a white domain name access scheme or the IP address of the access scheme identifier is not acquired, sending a URL access request to the real server so that the real server returns a web response.
In this embodiment, the browser receives an IP address returned by the DNS authoritative server, and performs the following different operations according to the difference of the returned IP addresses:
a) 127.255.0.1: the browser generates a request of URL to an interception server in a proxy mode; the interception server returns an interception alarm page to the browser;
b) 127.255.0.2: the browser sends a URL request to an HTTP/HTTPS proxy server in a proxy mode; after the HTTP/HTTPS proxy server detects and filters the URL request, forwarding the URL request to a real server; the HTTP/HTTPS proxy server receives a Web response of the real server; and after the HTTP/HTTPS proxy server responds to the Web, detecting and filtering. If the content is safe, forwarding the content to the browser; otherwise, terminating the Web access;
c) 127.255.0.3: the browser sends a URL request to a real server; the real server returns a Web response to the browser;
d) if other abnormal conditions are met, the browser sends a URL request to the real server; the real server returns a Web response to the browser.
Referring to fig. 4, fig. 4 is a schematic flowchart illustrating an exemplary process of a web access method based on a browser according to this embodiment.
Specifically, the environment for performing the method has a PAC server on which a dedicated PAC script is placed for each customer service, downloadable via a dedicated PAC URL. Such as:
URL of this server: https:// pac. onedns.net/threebook/threebook.pac places the file threebook.pac as follows:
function FindProxyForURL(url, host)
{
IPcode = dnsResolve(host+'.threatbook.pac.onedns.net');
switch (IPcode) {
case '127.255.0.1':
return "PROXY 192.168.100.200:80";
case '127.255.0.2':
return "PROXY 192.168.100.205:80";
case '127.255.0.3':
return "DIRECT";
default:
break;
}
return 'DIRECT';
}
the environment for executing the method also comprises a DNS authoritative server which is used for resolving the name of the name to be accessed, then the name of the client, and the IP is returned according to the query result, and the rule is as follows:
(1) black domain name: the return IP is 127.255.0.1;
(2) grey domain name: the return IP is 127.255.0.2;
(3) white domain name: the return IP is 127.255.0.3.
The environment for executing the method also has an interception server, which sets its IP address as: 192.168.100.200, a Web service listening to the 80 port is started in the server. The service returns an intercept alerts page after receiving any Web request, including the receipt of an agent request.
The environment for carrying out the method also has an HTTP/HTTPs proxy server, whose IP address is set to: 192.168.100.205, where the server opens an HTTP/HTTPS proxy service that listens to the 80 port. The service transmits the request to the real server after receiving the proxy request, detects the response content after receiving the response of the real server, and transmits the response content to the client if the response content is safe, otherwise, the service closes the network connection.
For example, in the PAC URL configuration item of the browser, the configuration URL is: https:// pac. onedns.net/threebook/threebook.pac;
at this time, four requests are sequentially initiated in the browser:
(1) http://www.black.com/index.html
the browser displays the intercept alerts page because www.black.com is a black domain name.
(2) http://www.gray.com/index.html
The browser normally displays the web page content, because www.gray.com is a grey domain name, when the web page content is forwarded through the HTTP/HTTPS proxy server, the web page content is found to be safe and forwarded normally.
(3) http://www.gray.com/black.html
The browser display shows a portion of the web page content, since www.gray.com is a grey domain name, and when forwarded through the HTTP/HTTPs proxy server, it is found that the portion of the web page content is at a security risk and is intercepted.
(4) http://www.white.com/index.html
The browser normally displays the web page content because www.white.com is a white domain name and the browser directly accesses www.white.com the server.
Based on the above example, the browser first downloads the script of triple book.
FindProxyForURL(“http://www.black.com/index.html”, “www.black.com”)
In this function, the following function call will be performed:
IPcode = dnsResolve(“www.black.com.threatbook.pac.onedns.net”)
when a DNS authority server of "pac. A triple book, and the domain name "www.black.com" of this Web request. Then, according to the relevant policy of the client threatbook, the domain name "www.black.com" is queried in the domain name library, and the domain name is obtained as a black domain name, so that the returned IP address is: "127.255.0.1", then IPcode = 127.255.0.1 ". The browser would then send an "http:// www.black.com/index. html" request to the intercept server 192.168.100.200:80 in proxy fashion, which returns an intercept page to the browser.
Since the script of this script already exists locally, the browser will directly execute the function of this script:
FindProxyForURL(“http://www.gray.com/index.html”, “www.gray.com”)
in this function, the following function call will be performed:
IPcode = dnsResolve(“www.gray.com.threatbook.pac.onedns.net”)
when a DNS authority server of "pac. A triple book, and the domain name "www.gray.com" of this Web request. Then, according to the related policy of the client threatbook, the domain name "www.gray.com" is queried in the domain name library, and the domain name is obtained as a gray domain name, so that the returned IP address is: "127.255.0.2", then IPcode = 127.255.0.2 ". The browser then sends an HTTP:// www.gray.com/index. html request to the HTTP/HTTPs proxy server 192.168.100.205:80 in a proxy manner, the proxy server sends a Web request "HTTP:// www.gray.com/index. html" to the www.gray.com server, receives a response to the request, and then performs content detection on the response, and if no risk is found, sends the response to the browser as it is.
Since the script of this script already exists locally, the browser will directly execute the function of this script:
FindProxyForURL(“http://www.gray.com/black.html”, “www.gray.com”)
in this function, the following function call will be performed:
IPcode = dnsResolve(“www.gray.com.threatbook.pac.onedns.net”)
when a DNS authority server of "pac. A triple book, and the domain name "www.gray.com" of this Web request. Then, according to the related policy of the client threatbook, the domain name "www.gray.com" is queried in the domain name library, and the domain name is obtained as a gray domain name, so that the returned IP address is: "127.255.0.2", then IPcode = 127.255.0.2 ". The browser then sends an HTTP:// www.gray.com/black.html request to the HTTP/HTTPs proxy server 192.168.100.205:80 in a proxy manner, the proxy server sends a Web request "HTTP:// www.gray.com/black.html" to the www.gray.com server, receives a response to the request, performs content detection on the response, finds that there is a security risk in the content, disconnects the network with the browser and www.gray.com server, and does not forward the response content.
Since the script of this script already exists locally, the browser will directly execute the function of this script:
FindProxyForURL(“http://www.white.com/index.html”, “www.white.com”)
in this function, the following function call will be performed:
IPcode = dnsResolve(“www.white.com.threatbook.pac.onedns.net”)
when a DNS authority server of "pac. A triple book, and the domain name "www.white.com" of this Web request. Then, according to the relevant policy of the client threatbook, the domain name "www.white.com" is queried in the domain name library, and the domain name is obtained as a white domain name, so that the returned IP address is: "127.255.0.3", then IPcode = 127.255.0.3 ". The browser would then request "http:// www.white.com/index. html" directly from the "www.white.com" server and receive a response from the server.
Referring to fig. 3, fig. 3 is a framework diagram of an application system of a web access method based on a browser according to the present embodiment. The PAC URL is connected to a PAC server, and the PAC server is used for storing PAC scripts.
In this embodiment, the method can be implemented by combining the PAC technology and the threat intelligence technology of the browser to block access to a malicious website through the browser. Specifically, the method classifies domain names into the following three categories according to, but not limited to, threat intelligence and the configuration of a client:
black domain name: the website corresponding to the domain name is a malicious website, and if the website is visited, a network security event is caused;
grey domain name: the website corresponding to the domain name is not absolutely safe, and if the website is visited, a network safety event can be caused;
white domain name: the website corresponding to the domain name is safe and can be normally accessed.
As can be seen from fig. 3, the following four types of servers are deployed at the cloud end in the present scheme:
PAC server: providing PAC script downloading service, and downloading a special PAC script according to the access PAC URL of a user;
a DNS authoritative server: performing IP address resolution on the special domain name of the scheme, and for convenience of description, identifying the special domain name of the scheme by using' pac.
Intercepting a server: the Web server provides a response interception page, is used for intercepting the access of a user to the black domain name, and returns to the interception page after receiving any Web request;
HTTP/HTTPS proxy Server: and (3) the agent user accesses the grey domain name, deep protocol analysis and safety analysis are carried out on the access content, malicious information is found, and network access is blocked in time.
In this embodiment, the execution subject of the method may be a computing device such as a computer and a server, and is not limited in this embodiment.
In this embodiment, an execution subject of the method may also be an intelligent device such as a smart phone and a tablet computer, which is not limited in this embodiment.
It can be seen that, by implementing the Web access method based on the browser described in this embodiment, the browser can perform Web access in three different ways according to different categories to which domain names belong. Directly intercepting the access of the black domain name; accessing the grey domain name in a proxy mode, and performing content security detection on a cloud proxy server; and the access to the domain name is directly communicated with the real server. Therefore, the Web access risk of the browser is effectively controlled. By implementing the embodiment, simple and convenient deployment can be realized, so that a user can complete the deployment only by configuring the PAC URL in the browser, and no other operation and maintenance work is required. Secondly, after the risk and the threat can be analyzed and identified in time at the cloud, all users can be synchronized immediately, and information lag does not exist. In addition, the PAC scripts do not need to be updated frequently and do not download black and grey domain name sets locally to the user.
Example 2
Referring to fig. 2, fig. 2 is a schematic structural diagram of a web access device based on a browser according to an embodiment of the present application. As shown in fig. 2, the browser-based web access apparatus includes:
a detection unit 210 for detecting an access URL input in a browser by a user;
a determining unit 220, configured to determine whether the local PAC script exists and is the latest version;
a parsing unit 230 for parsing a host from the access URL when the local PAC script exists and is the latest version;
a constructing unit 240, configured to construct a proxy search instruction through a host, user information, a domain name of the DNS authoritative server, and a proxy search function in the local PAC script;
a sending unit 250, configured to send a proxy search instruction to the DNS authoritative server, so that the DNS authoritative server performs domain name query according to the proxy search instruction to obtain an access scheme identifier IP address;
a determining unit 260 for determining a web access scheme according to the access scheme identification IP address; the web access scheme is a black domain name access scheme, a gray domain name access scheme or a white domain name access scheme;
an accessing unit 270 for performing web access according to the web access scheme.
As an optional implementation, the browser-based web access device further includes:
a setting unit 280 for setting a dedicated PAC URL matched with the client information in the PAC configuration of the browser;
the download unit 290 downloads the local PAC script through the dedicated PAC URL.
As an alternative embodiment, the downloading unit 290 is further configured to download the latest PAC script through the dedicated PAC URL, update the local PAC script according to the latest PAC script, and perform the step of parsing the host from the access URL when the local PAC script does not exist or the local PAC script is not the latest version.
As an optional implementation manner, the constructing unit 240 is specifically configured to sequentially splice the host, the user information, and the domain name of the DNS authoritative server according to a proxy search function in the local PAC script to obtain a proxy search instruction.
As an optional implementation manner, the DNS authoritative server performs domain name query according to the proxy search instruction to obtain a black domain name, a gray domain name, or a white domain name; wherein the content of the first and second substances,
the IP inquiry address corresponding to the black domain name is a black domain name access scheme identification IP address;
the IP inquiry address corresponding to the grey domain name is a grey domain name access scheme identification IP address;
and the IP inquiry address corresponding to the white domain name is the white domain name access scheme identification IP address.
As an optional implementation manner, the accessing unit 270 is specifically configured to send, in a proxy manner, a URL access request to the interception server when the web access scheme is the black domain name access scheme, so that the interception server returns an interception alarm page.
As an optional implementation manner, the accessing unit 270 is further specifically configured to, when the web access scheme is a grey domain name access scheme, send a URL access request to the HTTP/HTTPs proxy server in a proxy manner, so that the HTTP/HTTPs proxy server forwards the URL access request to the real server, and receive a web response of the real server, detect and filter the web response, and obtain and forward a web security response to the browser; and receiving a web security response fed back by the HTTP/HTTPS proxy server.
As an optional implementation manner, the accessing unit 270 is further specifically configured to send a URL access request to the real server to enable the real server to return a web response when the web access scheme is the white domain name access scheme.
As an optional implementation manner, the accessing unit 270 is further specifically configured to send a URL access request to the real server when the access scheme identification IP address is not obtained, so that the real server returns a web response.
In the embodiment of the present application, for explanation of a web access device based on a browser, reference may be made to the description in embodiment 1, and details of this embodiment are not repeated.
It can be seen that, by implementing the Web access apparatus based on the browser described in this embodiment, a proxy search instruction can be constructed according to the PAC script, an access scheme identifier IP address is returned according to the proxy search instruction, and then a corresponding server is selected according to the access scheme identifier IP address to perform Web access, so that an effect of effectively controlling a Web access risk of the browser can be achieved.
An embodiment of the present application provides an electronic device, which includes a memory and a processor, where the memory is used to store a computer program, and the processor runs the computer program to make the electronic device execute the browser-based web access method in embodiment 1 of the present application.
An embodiment of the present application provides a computer-readable storage medium, which stores computer program instructions, and when the computer program instructions are read and executed by a processor, the computer program instructions execute the browser-based web access method in embodiment 1 of the present application.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method can be implemented in other ways. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only an example of the present application and is not intended to limit the scope of the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application. It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.
The above description is only for the specific embodiments of the present application, but the scope of the present application is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present application, and shall be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

Claims (10)

1. A browser-based web access method, comprising:
detecting an access URL input by a user in a browser;
judging whether the local PAC script exists and is the latest version;
when the local PAC script exists and is the latest version, analyzing a host from the access URL;
constructing a proxy search instruction through the host, the user information, the domain name of the DNS authoritative server and a proxy search function in the local PAC script;
sending the proxy search instruction to the DNS authoritative server so that the DNS authoritative server carries out domain name query according to the proxy search instruction to obtain an access scheme Identifier (IP) address;
determining a web access scheme according to the access scheme identification IP address; the web access scheme is a black domain name access scheme, a gray domain name access scheme or a white domain name access scheme;
and performing web access according to the web access scheme.
2. A browser-based web access method according to claim 1, wherein the step of detecting an access URL entered by a user in a browser is preceded by the method further comprising:
setting a special PAC URL matched with customer information in the PAC configuration of the browser;
and downloading the local PAC script through the special PAC URL.
3. The browser-based web access method of claim 1, further comprising:
and when the local PAC script does not exist or is not the latest version, downloading the latest PAC script through a special PAC URL, updating the local PAC script according to the latest PAC script, and executing the step of analyzing the host from the access URL.
4. The browser-based web access method of claim 1, wherein the step of constructing a proxy lookup instruction through the host, the user information, the domain name of the DNS authority server, and the proxy lookup function in the local PAC script comprises:
and sequentially splicing the host, the user information and the domain name of the DNS authoritative server according to a proxy search function in the local PAC script to obtain a proxy search instruction.
5. The browser-based web access method according to claim 1, wherein the DNS authoritative server performs domain name query according to the proxy search instruction to obtain a black domain name, a gray domain name, or a white domain name; wherein the content of the first and second substances,
the IP inquiry address corresponding to the black domain name is a black domain name access scheme identification IP address;
the IP inquiry address corresponding to the grey domain name is a grey domain name access scheme identification IP address;
and the IP inquiry address corresponding to the white domain name is a white domain name access scheme identification IP address.
6. The browser-based web access method of claim 1, wherein when the web access scheme is a black domain name access scheme, the step of performing web access according to the web access scheme comprises:
and sending the URL access request to an interception server in an agent mode so as to enable the interception server to return an interception alarm page.
7. The browser-based web access method of claim 1, wherein when the web access scheme is a grey domain name access scheme, the step of performing web access according to the web access scheme comprises:
sending a URL access request to an HTTP/HTTPS proxy server in a proxy mode, so that the HTTP/HTTPS proxy server forwards the URL access request to a real server, and the HTTP/HTTPS proxy server receives a web response of the real server, detects and filters the web response, and obtains and forwards a web security response to the browser;
and receiving a web security response fed back by the HTTP/HTTPS proxy server.
8. The browser-based web access method of claim 1, wherein when the web access scheme is a white domain name access scheme, the step of performing web access according to the web access scheme comprises:
sending a URL access request to a real server to cause the real server to return a web response.
9. The browser-based web access method of claim 1, further comprising:
and when the access scheme identification IP address is not acquired, sending a URL access request to a real server so that the real server returns a web response.
10. A browser-based web access device, the browser-based web access device comprising:
the detection unit is used for detecting an access URL input by a user in a browser;
the judging unit is used for judging whether the local PAC script exists and is the latest version;
a parsing unit, configured to parse a host from the access URL when the local PAC script exists and is the latest version;
the building unit is used for building a proxy search instruction through the host, the user information, the domain name of the DNS authoritative server and the proxy search function in the local PAC script;
a sending unit, configured to send the proxy search instruction to the DNS authoritative server, so that the DNS authoritative server performs domain name query according to the proxy search instruction to obtain an access scheme identifier IP address;
the determining unit is used for determining a web access scheme according to the access scheme identification IP address; the web access scheme is a black domain name access scheme, a gray domain name access scheme or a white domain name access scheme;
and the access unit is used for performing web access according to the web access scheme.
CN202210005478.8A 2022-01-05 2022-01-05 Web access method and device based on browser Active CN114024947B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210005478.8A CN114024947B (en) 2022-01-05 2022-01-05 Web access method and device based on browser

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210005478.8A CN114024947B (en) 2022-01-05 2022-01-05 Web access method and device based on browser

Publications (2)

Publication Number Publication Date
CN114024947A true CN114024947A (en) 2022-02-08
CN114024947B CN114024947B (en) 2022-04-01

Family

ID=80069625

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210005478.8A Active CN114024947B (en) 2022-01-05 2022-01-05 Web access method and device based on browser

Country Status (1)

Country Link
CN (1) CN114024947B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116980236A (en) * 2023-09-25 2023-10-31 腾讯科技(深圳)有限公司 Network security detection method, apparatus, device, medium and program product

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101035128A (en) * 2007-04-18 2007-09-12 大连理工大学 Three-folded webpage text content recognition and filtering method based on the Chinese punctuation
CN102891794A (en) * 2011-07-22 2013-01-23 华为技术有限公司 Data packet transmission control method and gateway device
CN107689965A (en) * 2017-09-30 2018-02-13 北京奇虎科技有限公司 Means of defence, the apparatus and system of the network equipment
CN107872481A (en) * 2016-09-26 2018-04-03 平安科技(深圳)有限公司 Act on behalf of the processing method of auto-configuration script and act on behalf of auto-configuration script server
CN112637333A (en) * 2020-12-22 2021-04-09 畅捷通信息技术股份有限公司 Intelligent client agent method
US20210144174A1 (en) * 2019-11-07 2021-05-13 Mcafee, Llc Visual Detection of Phishing Websites Via Headless Browser

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101035128A (en) * 2007-04-18 2007-09-12 大连理工大学 Three-folded webpage text content recognition and filtering method based on the Chinese punctuation
CN102891794A (en) * 2011-07-22 2013-01-23 华为技术有限公司 Data packet transmission control method and gateway device
CN107872481A (en) * 2016-09-26 2018-04-03 平安科技(深圳)有限公司 Act on behalf of the processing method of auto-configuration script and act on behalf of auto-configuration script server
CN107689965A (en) * 2017-09-30 2018-02-13 北京奇虎科技有限公司 Means of defence, the apparatus and system of the network equipment
US20210144174A1 (en) * 2019-11-07 2021-05-13 Mcafee, Llc Visual Detection of Phishing Websites Via Headless Browser
CN112637333A (en) * 2020-12-22 2021-04-09 畅捷通信息技术股份有限公司 Intelligent client agent method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
MICROSOFT: "Use proxy auto-configuration (.pac) files with IEAK 11", 《MICROSOFT DOCUMENTATION》 *
朱跃龙: "Internet代理服务器自动配置脚本原理及应用", 《河海大学常州分校学报》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116980236A (en) * 2023-09-25 2023-10-31 腾讯科技(深圳)有限公司 Network security detection method, apparatus, device, medium and program product
CN116980236B (en) * 2023-09-25 2024-01-09 腾讯科技(深圳)有限公司 Network security detection method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN114024947B (en) 2022-04-01

Similar Documents

Publication Publication Date Title
CN107438079B (en) Method for detecting unknown abnormal behaviors of website
CN101304418B (en) Client side protection method and system against drive-by pharming via referrer checking
CN110798472B (en) Data leakage detection method and device
EP2532136B1 (en) System and method for risk rating and detecting redirection activities
US8707429B2 (en) DNS resolution, policies, and views for large volume systems
US9838419B1 (en) Detection and remediation of watering hole attacks directed against an enterprise
RU2726032C2 (en) Systems and methods for detecting malicious programs with a domain generation algorithm (dga)
CN109922062B (en) Source code leakage monitoring method and related equipment
CN105635178B (en) Ensure the block type Network Access Method and device of safety
CN111783096B (en) Method and device for detecting security hole
CN103491543A (en) Method for detecting malicious websites through wireless terminal, and wireless terminal
CN108063833B (en) HTTP DNS analysis message processing method and device
CN111404937B (en) Method and device for detecting server vulnerability
CN110879891A (en) Vulnerability detection method and device based on web fingerprint information
CN113301012A (en) Network threat detection method and device, electronic equipment and storage medium
CN114024947B (en) Web access method and device based on browser
CN116389099A (en) Threat detection method, threat detection device, electronic equipment and storage medium
CN113595981B (en) Method and device for detecting threat of uploading file and computer readable storage medium
US20210176233A1 (en) Malicious website discovery using legitimate third party identifiers
KR101891300B1 (en) Method and apparatus for providing secure internet connection
CN110557465A (en) method and device for acquiring IP address of user side
KR102001814B1 (en) A method and apparatus for detecting malicious scripts based on mobile device
CN113783843B (en) Cloud WAF domain name scheduling method, device and equipment and readable storage medium
CN110414227A (en) A kind of information output method and its equipment, storage medium, electronic equipment
RU2778635C1 (en) System and method for outside control of the cyberattack surface

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant