CN114301635B - Access control method, device and server - Google Patents
Access control method, device and server Download PDFInfo
- Publication number
- CN114301635B CN114301635B CN202111506940.4A CN202111506940A CN114301635B CN 114301635 B CN114301635 B CN 114301635B CN 202111506940 A CN202111506940 A CN 202111506940A CN 114301635 B CN114301635 B CN 114301635B
- Authority
- CN
- China
- Prior art keywords
- address
- target
- access request
- access
- identification information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 62
- 238000012545 processing Methods 0.000 claims description 85
- 230000000903 blocking effect Effects 0.000 claims description 5
- 238000004891 communication Methods 0.000 abstract description 17
- 238000004458 analytical method Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 5
- 230000000694 effects Effects 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000006978 adaptation Effects 0.000 description 2
- 238000004590 computer program Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application provides an access control method, an access control device and a server, wherein the method comprises the following steps: receiving an access request sent by terminal equipment; analyzing the access request to obtain target information, wherein the target information comprises target identification information and first address information of the terminal equipment; determining a target IP address corresponding to the target identification information according to the target identification information; according to the target IP address and the first address information, the access request is processed, and the access requests sent by different terminal devices can be differentially analyzed by the method, so that the access request is processed more accurately, and the safety and reliability of the communication network are improved.
Description
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to an access control method, an access control device, and a server.
Background
A 5G private network refers to a private communication network provided for a specific industry or enterprise user in a specific area, and as 5G technology is continuously matured, the 5G private network is gradually applied in different fields. The 5G private network has the characteristics of large bandwidth, low time delay and wide connection, and can provide better communication experience for users. Meanwhile, as the 5G private network is usually deeply used for the production and management business of enterprises, in order to ensure interest of users and improve the safety of equipment and information of the users, the users have higher requirements on the safety and reliability of the 5G private network. If the access request with potential safety hazard can be identified, the safety and reliability of the 5G private network can be effectively improved.
In the prior art, a firewall is generally configured in front of a server, and then the received access request is identified and analyzed through the firewall, and whether to block the access request is judged according to a preset rule.
However, the prior art cannot perform differentiated analysis on access requests sent by different terminal devices, so that the processing process of the access requests is not accurate enough, and a certain potential safety hazard exists in the communication network.
Disclosure of Invention
The access control method, the access control device and the server can conduct differentiated analysis on access requests sent by different terminal devices, process the access requests more accurately and improve the safety and reliability of a communication network.
In a first aspect, the present application provides an access control method, including: receiving an access request sent by terminal equipment; analyzing the access request to obtain target information, wherein the target information comprises target identification information and first address information of the terminal equipment; determining a target IP address corresponding to the target identification information according to the target identification information; and processing the access request according to the target IP address and the first address information.
Optionally, the first address information includes an access IP address; processing the access request according to the target IP address and the first address information, including: judging whether the target IP address is consistent with the access IP address; and if the target IP address is consistent with the access IP address, releasing the access request.
Optionally, the method further comprises: if the target IP address is inconsistent with the access IP address, determining a target processing strategy according to other information and/or target identification information in the first address information, wherein the other information comprises URL address and/or reference field data; and processing the access request according to the target processing strategy.
Optionally, processing the access request according to the target processing policy includes: if the target processing strategy indicates that the access request is refused, blocking the access request; and if the target processing strategy indicates to redirect the access request, performing redirection processing on the access request.
Optionally, redirecting the access request includes: and redirecting the access address corresponding to the access request to a second access address according to the target identification information and the corresponding relation between the preset identification information of the terminal equipment and the access address.
Optionally, determining the target IP address corresponding to the target identification information includes: judging whether the target identification information belongs to a preset white list or not; if the target identification information belongs to the preset white list, determining a target IP address corresponding to the target identification information.
Optionally, determining the target IP address corresponding to the target identification information includes: determining whether the access IP address is a preset security address allowing access; if the address is not the secure address, determining a target IP address corresponding to the target identification information.
In a second aspect, the present application provides an access control apparatus, the apparatus comprising:
and the receiving module is used for receiving the access request sent by the terminal equipment.
The processing module is used for analyzing the access request to obtain target information, wherein the target information comprises target identification information and first address information of the terminal equipment.
And the determining module is used for determining the target IP address corresponding to the target identification information according to the target identification information.
And the processing module is also used for processing the access request according to the target IP address and the first address information.
Optionally, the first address information includes an access IP address.
The processing module is specifically used for judging whether the target IP address is consistent with the access IP address; and if the target IP address is consistent with the access IP address, releasing the access request.
Optionally, the processing module is further configured to determine, if the target IP address and the access IP address are inconsistent, a target processing policy according to other information and/or target identification information in the first address information, where the other information includes URL address and/or reference field data; and processing the access request according to the target processing strategy.
Optionally, the processing module is specifically configured to block the access request if the target processing policy indicates that the access request is denied; and if the target processing strategy indicates to redirect the access request, performing redirection processing on the access request.
Optionally, the processing module is specifically configured to redirect, according to the target identification information and the preset correspondence between the identification information of the terminal device and the access address, the access address corresponding to the access request to the second access address.
Optionally, the processing module is specifically configured to determine whether the target identification information belongs to a preset white list; if the target identification information belongs to the preset white list, determining a target IP address corresponding to the target identification information.
Optionally, the processing module is specifically configured to determine whether the access IP address is a preset security address that allows access; if the address is not the secure address, determining a target IP address corresponding to the target identification information.
In a third aspect, the present application provides a server comprising: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method as the first aspect or the alternative of the first aspect.
In a fourth aspect, the present application provides a computer-readable storage medium having stored therein computer-executable instructions which, when executed by a processor, are adapted to carry out a method as in the first aspect or the alternative of the first aspect.
According to the access control method, the access control device and the server, the access request sent by the terminal equipment is received, and the target information comprising the target identification information and the first address information of the terminal equipment is obtained by analyzing the access request; determining a target IP address corresponding to the target identification information according to the acquired target identification information; according to the target IP address and the first address information, the access request is processed, differentiated analysis on the access requests sent by different terminal devices can be achieved, accuracy of the processing process is improved, and safety and reliability of the communication network are further improved.
Drawings
Fig. 1 is an application scenario schematic diagram of an access control method provided in the present application;
fig. 2 is a schematic flow chart of an access control method provided in the present application;
FIG. 3 is a flow chart of another access control method provided in the present application;
FIG. 4 is a flow chart of another access control method provided in the present application;
fig. 5 is a schematic structural diagram of an access control device provided in the present application;
fig. 6 is a schematic structural diagram of a server provided in the present application.
Specific embodiments of the present disclosure have been shown by way of the above drawings and will be described in more detail below. These drawings and the written description are not intended to limit the scope of the disclosed concepts in any way, but rather to illustrate the disclosed concepts to those skilled in the art by reference to specific embodiments.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples are not representative of all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with some aspects of the present disclosure as detailed in the accompanying claims.
A 5G private network refers to a private communication network provided for a specific industry or enterprise user in a specific area, and as 5G technology is continuously matured, the 5G private network is gradually applied in different fields. The 5G private network has the characteristics of large bandwidth, low time delay and wide connection, and can provide better communication experience for users. Meanwhile, as the 5G private network is usually deeply used for the production and management business of enterprises, in order to ensure interest of users and improve the safety of equipment and information of the users, the users have higher requirements on the safety and reliability of the 5G private network. If the access request with potential safety hazard can be identified, the safety and reliability of the 5G private network can be effectively improved.
In the prior art, a firewall is generally configured before a server, and then a received access request is identified and analyzed through the firewall, so as to obtain information such as a source internet protocol (Internet Protocol, IP) address, a source port number, a destination IP address of a request for access, a destination port, a destination uniform resource locator (Uniform Resoure Locator, URL) and the like of a terminal device, and judge whether to block the access request according to preset rules. In the 5G private network service scenario, there are specific terminals with extremely high access rights, and also there are specific terminals only allowed to access the address of the specific service server, however, in the prior art, identification information which can be in one-to-one correspondence with the terminal devices, for example, information such as an international mobile subscriber identification code (International Mobile Subscriber Identity, IMSI), a mobile equipment international identity code (International Mobile Equipment Identity, IMEI), a mobile phone number (Mobile Subscriber International ISDN Number, MSISDN) of the terminal, is not obtained, so that differential analysis cannot be performed on access requests sent by different terminal devices, and the processing procedure of the access requests is not accurate enough. If the specific identification information corresponding to the terminal equipment can be combined to analyze the access request sent by the terminal equipment, the accuracy of the processing process of the access request can be improved, and then the safety and reliability of the 5G private network are improved.
Based on this, the inventors have conceived that, when an access request transmitted by a terminal device through a base station is received, information such as a device identification of the terminal device, a destination address at which the terminal device requests access, reference field data of the access request, and the like is obtained by analyzing the access request. Whether the destination address of the access requested by the terminal equipment is safe or not can be determined by judging whether the destination address of the access requested by the terminal equipment belongs to a preset safe address list, and if so, the access request is released; if not, further determining whether the terminal equipment is a secure terminal by judging whether the equipment identification information of the terminal equipment is in a preset equipment white list, and if so, releasing the access request; if the terminal is not a secure terminal, whether the corresponding relation among the equipment identifier of the terminal equipment, the destination address requested to be accessed by the terminal equipment and the reference field data of the access request is legal or not can be further determined according to the corresponding relation among the equipment identifier of the terminal equipment, the destination address requested to be accessed by the terminal equipment and the reference field data of the access request and the pre-selected and stored association relation among a plurality of groups of equipment identifiers, the destination address requested to be accessed by the equipment and the reference field data of the access request, and if the corresponding relation is legal, the access request is released; if not, the blocking of the access request can be further determined according to a pre-stored decision strategy corresponding to the device identifier of the terminal device or the destination address of the access request requested by the terminal device or the reference field data of the access request, or if yes, the redirection processing is performed on the access request. By the method, differentiated analysis of access requests sent by different terminal devices is realized, the problem that the processing process of the access requests is inaccurate in the prior art is solved, the safety and reliability of a communication network are improved, and the communication quality is optimized.
Fig. 1 is a schematic view of an application scenario of an access control method provided in the present application, and as shown in fig. 1, the method may be applied to a scenario including a terminal device 11, a base station 12, a first server 13, and a second server 14.
The user issues an access request requesting access to the second server 14 via the terminal device 11.
The access request is forwarded to the first server 13 through the base station 11, the first server 13 analyzes the received access request to obtain target information including target identification information and first address information of the terminal device, determines a target IP address corresponding to the target identification information according to the target identification information, and processes the access request according to the target IP address and the first address information.
Optionally, the first server 13 is specifically configured to determine whether the target IP address and the access IP address are consistent; and if the target IP address is consistent with the access IP address, releasing the access request.
Optionally, the first server 13 is further configured to determine, if the target IP address and the access IP address are inconsistent, a target processing policy according to other information and/or target identification information in the first address information, where the other information includes URL address and/or reference field data; and processing the access request according to the target processing strategy.
Optionally, the first server 13 is specifically configured to block the access request if the target processing policy indicates that the access request is denied; and if the target processing strategy indicates to redirect the access request, performing redirection processing on the access request.
Optionally, the first server 13 is specifically configured to redirect, according to the target identification information and the preset correspondence between the identification information of the terminal device and the access address, the access address corresponding to the access request to the second access address.
Optionally, the first server 13 is specifically configured to determine whether the target identifier information belongs to a preset white list; if the target identification information belongs to the preset white list, determining a target IP address corresponding to the target identification information.
Optionally, the first server 13 is specifically configured to determine whether the access IP address is a preset security address that allows access; if the address is not the secure address, determining a target IP address corresponding to the target identification information.
Fig. 2 is a flow chart of an access control method provided in the present application, where the method is applied to a server, as shown in fig. 2, and the method includes:
s201, receiving an access request sent by the terminal equipment.
Alternatively, the access request may be a hypertext transfer protocol (Hyper Text Transfer Protocol, http) type access request sent by the user via the terminal.
The access request sent by the user through the terminal device is forwarded to the server through the base station.
S202, analyzing the access request to obtain target information.
Wherein the target information includes target identification information and first address information of the terminal device.
The target identification information is identification information of the terminal device, and by way of example, the target identification information may be any one of the following information: IMSI, IMEI, MSISDN.
The first address information is information related to an address in the access request, and illustratively, the first address information may include any one of the following information: access IP address, URL address, reference field information in http request, request for access.
The server identifies the target identification information of the terminal device, the destination IP address or URL address of the access request requested by the terminal device, and the http type access request reference field information by analyzing an application layer protocol identifying the access request sent by the terminal device.
S203, determining a target IP address corresponding to the target identification information according to the target identification information.
Illustratively, according to the target identification information corresponding to the terminal equipment and the corresponding relation between the prestored multiple groups of terminal identification information and the IP addresses allowed to be accessed, determining the target IP address corresponding to the target identification information, namely the IP address allowed to be accessed by the terminal equipment.
S204, processing the access request according to the target IP address and the first address information.
When the target IP address is one, it may be determined whether the IP address requested to be accessed by the terminal device included in the first address information is consistent with the target IP address by comparing the target IP address with the first address information, and the access request may be processed according to the comparison result.
When the target IP addresses are multiple, the target IP addresses and the first address information can be compared, whether the IP addresses requested to be accessed by the terminal equipment included in the first address information belong to the target IP addresses or not can be determined, and the access requests are processed according to the comparison result.
Processing the access request may include, for example, releasing the access request of the terminal device, blocking the access request of the terminal device, redirecting the access request of the terminal device.
According to the access control method, the server receives the access request sent by the terminal equipment, analyzes the access request, acquires the target identification information and the first address information of the terminal equipment, further determines the target IP address corresponding to the target identification information according to the target identification information of the terminal equipment, processes the access request according to the target IP address and the first address information, can determine the address range of the terminal equipment which is allowed to be accessed through the identified identification information of the terminal equipment, processes the access request of the terminal equipment by combining the address information actually accessed by the terminal equipment, achieves differentiated processing of the access requests of the terminal equipment with different access authorities, improves the accuracy of the processing result of the access request by the server, and improves the safety and reliability of a communication network.
The first address information may include an access IP address. Fig. 3 is a flow chart of another access control method provided in the present application, and fig. 3 is a flowchart illustrating in further detail how to process an access request according to a target IP address and first address information when the first address information may include the access IP address, where the method is applied to a server, as shown in fig. 3, and includes:
s301, receiving an access request sent by the terminal equipment.
S302, analyzing the access request to obtain target information, wherein the target information comprises target identification information and first address information of the terminal equipment.
Wherein the first address information includes an access IP address.
S303, determining a target IP address corresponding to the target identification information according to the target identification information.
S301-S303 and S201-S203 have the same or corresponding technical features, and specific description can refer to S201-S203, and detailed description is omitted herein.
S304, judging whether the target IP address is consistent with the access IP address.
S305, if the target IP address is consistent with the access IP address, releasing the access request.
Optionally, the method further comprises:
s306, if the target IP address is inconsistent with the access IP address, determining a target processing strategy according to other information and/or target identification information in the first address information.
Wherein the other information includes URL address and/or reference field data.
S307, processing the access request according to the target processing strategy.
By the method, when the IP address requested to be accessed by the terminal equipment is different from the IP address allowed to be accessed by the equipment, a proper processing strategy can be determined by analyzing the URL address and/or the reference field data included in the access request of the terminal equipment, so that the accuracy of processing the access request is further improved, and the safety and the reliability of a communication network are improved.
In one possible implementation, processing the access request according to the target processing policy includes: if the target processing strategy indicates that the access request is refused, blocking the access request; and if the target processing strategy indicates to redirect the access request, performing redirection processing on the access request.
For example, for a specific terminal only allowed to access a specified service server address, the access request can be redirected, so that the specific terminal can successfully access the specified service server address, and the access success rate of the terminal equipment is improved.
By the method, different access requests of different terminal devices can be more reasonably processed by setting different processing strategies.
In one possible manner, redirecting the access request includes: and redirecting the access address corresponding to the access request to a second access address according to the target identification information and the corresponding relation between the preset identification information of the terminal equipment and the access address.
By the method, for the terminal equipment preset with the specific access address, when the actual access address is inconsistent with the corresponding specific access address, the terminal equipment can be redirected to the correct address, so that the terminal equipment can successfully access, and the success rate of the access request is improved.
According to the access control method provided by the application, on the basis of the embodiment, further, by judging whether the target IP address is consistent with the access IP address or not and determining which processing is executed on the access request, the accuracy and the rationality of the processing of the access request can be further improved, and the safety and the reliability of the communication network can be further improved by executing the correct processing on the access request.
Fig. 4 is a flowchart of yet another access control method provided in the present application, where fig. 4 further details how to determine a target IP address corresponding to target identification information, and the method shown in fig. 4 may be combined with the foregoing embodiment, and based on fig. 3, further details are described herein, and the method can be executed by a server, as shown in fig. 4, and includes:
s401, receiving an access request sent by the terminal equipment.
S402, analyzing the access request to obtain target information, wherein the target information comprises target identification information and first address information of the terminal equipment.
Wherein the first address information includes an access IP address.
S401 and S402 have the same technical features as S301 and S302, and reference may be made to S301 and S302 for specific description, which is not repeated here.
S403, judging whether the target identification information belongs to a preset white list.
S404, if the target identification information belongs to a preset white list, determining a target IP address corresponding to the target identification information.
In one possible implementation manner, the determined target IP address corresponding to the target identification information includes: determining whether the access IP address is a preset security address allowing access; if the address is not the secure address, determining a target IP address corresponding to the target identification information.
Optionally, if the access IP address corresponding to the target identification information is a preset security address allowing access, releasing the access request of the terminal device.
By the method, whether the address requested to be accessed by the terminal equipment is a safety address or not can be determined by judging the address requested to be accessed by the terminal equipment, and the safety of the access request of the terminal equipment is judged from the aspect of the access address, so that the dimension of safety judgment is increased, the accuracy of a judgment result is improved, and the safety and the reliability of a communication network are improved.
S405, judging whether the target IP address and the access IP address are consistent, if so, executing S406, and if not, executing S407.
S406, releasing the access request.
S407, determining a target processing strategy according to other information and/or target identification information in the first address information.
Wherein the other information includes URL address and/or reference field data.
S408, processing the access request according to the target processing strategy.
S405-S408 and S304-S307 have the same technical features, and reference is made to S304-S307 for a specific description, which is not repeated here.
The access control method provided by the application is further based on the above embodiment, and further by judging whether the target identification information belongs to a preset white list; if the target identification information belongs to the preset white list, determining the target IP address corresponding to the target identification information, and determining whether the terminal equipment is a safety equipment or not, increasing the judgment dimension for judging whether safety is ensured, improving the accuracy of the judgment result and improving the safety and reliability of the communication network.
It should be noted that the above embodiments of the method may be combined with each other, and the combination scheme also belongs to the protection scope of the present application.
Fig. 5 is a schematic structural diagram of an access control device provided in the present application, as shown in fig. 5, the device includes:
a receiving module 51, configured to receive an access request sent by a terminal device.
The processing module 52 is configured to parse the access request to obtain target information, where the target information includes target identification information and first address information of the terminal device.
The determining module 53 is configured to determine, according to the target identification information, a target IP address corresponding to the target identification information.
The processing module 52 is further configured to process the access request according to the target IP address and the first address information.
Optionally, the first address information includes an access IP address.
The processing module 52 is specifically configured to determine whether the target IP address and the access IP address are consistent; and if the target IP address is consistent with the access IP address, releasing the access request.
Optionally, the processing module 52 is further configured to determine, if the target IP address and the access IP address are inconsistent, a target processing policy according to other information and/or target identification information in the first address information, where the other information includes URL address and/or reference field data; and processing the access request according to the target processing strategy.
Optionally, the processing module 52 is specifically configured to block the access request if the target processing policy indicates that the access request is denied; and if the target processing strategy indicates to redirect the access request, performing redirection processing on the access request.
Optionally, the processing module 52 is specifically configured to redirect, according to the target identification information and the preset correspondence between the identification information of the terminal device and the access address, the access address corresponding to the access request to the second access address.
Optionally, the processing module 52 is specifically configured to determine whether the target identification information belongs to a preset whitelist; if the target identification information belongs to the preset white list, determining a target IP address corresponding to the target identification information.
Optionally, the processing module 52 is specifically configured to determine whether the access IP address is a preset security address that allows access; if the address is not the secure address, determining a target IP address corresponding to the target identification information.
The access control device may execute the above access control method, and the content and effect thereof may refer to the method embodiment section, which is not described herein.
Fig. 6 is a schematic structural diagram of a server provided in the present application, as shown in fig. 6, the electronic device includes: a processor 61 and a memory 62; the processor 61 is communicatively connected to a memory 62. The memory 62 is used to store a computer program. The processor 61 is arranged to invoke a computer program stored in the memory 62 for implementing the method in the method embodiment described above.
Optionally, the server further comprises: a transceiver 63 for enabling communication with other devices.
The server may execute the above access control method, and the content and effects thereof may refer to the method embodiment section, which is not described herein.
The application also provides a computer readable storage medium, wherein computer executable instructions are stored in the computer readable storage medium, and the computer executable instructions are used for realizing the access control method when being executed by a processor.
The above access control method can be implemented when the computer-executable instructions stored in the computer-readable storage medium are executed by the processor, and the content and effects thereof can be referred to in the method embodiment section and will not be described in detail.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any adaptations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims. It is to be understood that the present disclosure is not limited to the precise arrangements and instrumentalities shown in the drawings, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.
Claims (6)
1. An access control method, comprising:
receiving an access request sent by terminal equipment;
analyzing the access request to obtain target information, wherein the target information comprises target identification information and first address information of the terminal equipment; the first address information comprises an access IP address;
determining a target IP address corresponding to the target identification information according to the target identification information;
judging whether the access IP address belongs to the target IP address;
if so, releasing the access request;
if not, judging whether the target identification information belongs to a preset white list or not;
if the target identification information belongs to the preset white list, releasing the access request;
if the target identification information does not belong to the preset white list, judging whether the corresponding relation among the target identification information, the access IP address and the reference field data is legal or not;
if the access request is legal, releasing the access request;
if not, determining a target processing strategy according to the URL address and/or the reference field data and/or the target identification information of the uniform resource locator;
and processing the access request according to the target processing strategy.
2. The method of claim 1, wherein said processing said access request according to said target processing policy comprises:
if the target processing strategy indicates that the access request is refused, blocking the access request;
and if the target processing strategy indicates to redirect the access request, carrying out redirection processing on the access request.
3. The method of claim 2, wherein redirecting the access request comprises:
and redirecting the access address corresponding to the access request to a second access address according to the target identification information and the corresponding relation between the preset identification information of the terminal equipment and the access address.
4. An access control apparatus, comprising:
the receiving module is used for receiving the access request sent by the terminal equipment;
the processing module is used for analyzing the access request to obtain target information, wherein the target information comprises target identification information and first address information of the terminal equipment; the first address information comprises an access IP address;
the determining module is used for determining a target IP address corresponding to the target identification information according to the target identification information;
the processing module is further configured to determine whether the access IP address belongs to the target IP address; if so, releasing the access request; if not, judging whether the target identification information belongs to a preset white list or not; if the target identification information belongs to the preset white list, releasing the access request; if the target identification information does not belong to the preset white list, judging whether the corresponding relation among the target identification information, the access IP address and the reference field data is legal or not; if the access request is legal, releasing the access request; if not, determining a target processing strategy according to the URL address and/or the reference field data and/or the target identification information of the uniform resource locator; and processing the access request according to the target processing strategy.
5. A server, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1 to 3.
6. A computer readable storage medium having stored therein computer executable instructions which when executed by a processor are adapted to carry out the method of any of claims 1-3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111506940.4A CN114301635B (en) | 2021-12-10 | 2021-12-10 | Access control method, device and server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111506940.4A CN114301635B (en) | 2021-12-10 | 2021-12-10 | Access control method, device and server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114301635A CN114301635A (en) | 2022-04-08 |
| CN114301635B true CN114301635B (en) | 2024-02-23 |
Family
ID=80968428
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111506940.4A Active CN114301635B (en) | 2021-12-10 | 2021-12-10 | Access control method, device and server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114301635B (en) |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102281337A (en) * | 2011-07-29 | 2011-12-14 | 赛尔网络有限公司 | destination address access control method and system |
| CN102318314A (en) * | 2011-07-29 | 2012-01-11 | 华为技术有限公司 | Method and devices for handling access authorities |
| JP2012222557A (en) * | 2011-04-07 | 2012-11-12 | Nippon Telegr & Teleph Corp <Ntt> | Access control system and access control method |
| CN104092698A (en) * | 2014-07-21 | 2014-10-08 | 北京网秦天下科技有限公司 | Network resource access control method and device |
| CN106878135A (en) * | 2016-12-21 | 2017-06-20 | 新华三技术有限公司 | A kind of connection method and device |
| CN111031016A (en) * | 2019-11-29 | 2020-04-17 | 苏州浪潮智能科技有限公司 | Local area network management method, device, equipment and readable storage medium |
| CN111478910A (en) * | 2020-04-09 | 2020-07-31 | 北京金堤科技有限公司 | User identity authentication method and device, electronic equipment and storage medium |
| CN111556085A (en) * | 2020-07-01 | 2020-08-18 | 中国银行股份有限公司 | Remote access method and device based on secure gateway forwarding |
| CN112165455A (en) * | 2020-09-04 | 2021-01-01 | 杭州安恒信息技术股份有限公司 | Data access control method and device, computer equipment and storage medium |
| CN112769838A (en) * | 2021-01-13 | 2021-05-07 | 叮当快药科技集团有限公司 | Access user filtering method, device, equipment and storage medium |
| CN113010911A (en) * | 2021-02-07 | 2021-06-22 | 腾讯科技(深圳)有限公司 | Data access control method and device and computer readable storage medium |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040193906A1 (en) * | 2003-03-24 | 2004-09-30 | Shual Dar | Network service security |
| CN110858229B (en) * | 2018-08-23 | 2023-04-07 | 阿里巴巴集团控股有限公司 | Data processing method, device, access control system and storage medium |
-
2021
- 2021-12-10 CN CN202111506940.4A patent/CN114301635B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2012222557A (en) * | 2011-04-07 | 2012-11-12 | Nippon Telegr & Teleph Corp <Ntt> | Access control system and access control method |
| CN102281337A (en) * | 2011-07-29 | 2011-12-14 | 赛尔网络有限公司 | destination address access control method and system |
| CN102318314A (en) * | 2011-07-29 | 2012-01-11 | 华为技术有限公司 | Method and devices for handling access authorities |
| CN104092698A (en) * | 2014-07-21 | 2014-10-08 | 北京网秦天下科技有限公司 | Network resource access control method and device |
| CN106878135A (en) * | 2016-12-21 | 2017-06-20 | 新华三技术有限公司 | A kind of connection method and device |
| CN111031016A (en) * | 2019-11-29 | 2020-04-17 | 苏州浪潮智能科技有限公司 | Local area network management method, device, equipment and readable storage medium |
| CN111478910A (en) * | 2020-04-09 | 2020-07-31 | 北京金堤科技有限公司 | User identity authentication method and device, electronic equipment and storage medium |
| CN111556085A (en) * | 2020-07-01 | 2020-08-18 | 中国银行股份有限公司 | Remote access method and device based on secure gateway forwarding |
| CN112165455A (en) * | 2020-09-04 | 2021-01-01 | 杭州安恒信息技术股份有限公司 | Data access control method and device, computer equipment and storage medium |
| CN112769838A (en) * | 2021-01-13 | 2021-05-07 | 叮当快药科技集团有限公司 | Access user filtering method, device, equipment and storage medium |
| CN113010911A (en) * | 2021-02-07 | 2021-06-22 | 腾讯科技(深圳)有限公司 | Data access control method and device and computer readable storage medium |
Non-Patent Citations (3)
| Title |
|---|
| Admission Control in IP Multicast over Heterogeneous Acess Network;Pedro Santos et al.;《2008 the Second International Conference on Next Generation Mobile Applications, Services, and Technologies》;全文 * |
| 基于安全组策略的访问控制技术的研究与应用;张宝玉 张馨天;《数字技术与应用》;第38卷(第5期);184-185 * |
| 电力EMS网络安全防护策略研究与实现;郭娅雯;《硕士论文》;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114301635A (en) | 2022-04-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107612895B (en) | Internet anti-attack method and authentication server | |
| US10079834B2 (en) | Secure access to cloud-based services | |
| AU2020202168B2 (en) | Method and system related to authentication of users for accessing data networks | |
| US20200045073A1 (en) | Test system and method for identifying security vulnerabilities of a device under test | |
| EP2830280A1 (en) | Web caching with security as a service | |
| US9787678B2 (en) | Multifactor authentication for mail server access | |
| WO2023041039A1 (en) | Secure access control method, system and apparatus based on dns resolution, and device | |
| CN112995163A (en) | Resource access authentication method and device, storage medium and electronic equipment | |
| CN108513267A (en) | Safe verification method, authentication server and the service terminal of communication service | |
| US11258779B2 (en) | Wireless LAN (WLAN) public identity federation trust architecture | |
| CN113438215B (en) | Data transmission method, device, equipment and storage medium | |
| CN109688096B (en) | IP address identification method, device, equipment and computer readable storage medium | |
| US10785147B2 (en) | Device and method for controlling route of traffic flow | |
| CN114301635B (en) | Access control method, device and server | |
| GB2547231A (en) | Apparatus, method and computer program product for use in authenticating a user | |
| CN116155538A (en) | Privacy protection method, device, electronic equipment and computer storage medium | |
| KR102123549B1 (en) | Server and method for controlling of internet page access | |
| CN112202776A (en) | Source station protection method and network equipment | |
| CN115549966B (en) | Security audit method and device for service request | |
| CN111224918A (en) | Real-time networking security control platform and access authentication method | |
| CN113507450B (en) | Method and device for filtering internal and external network data based on parameter feature vector | |
| CN115333781A (en) | Access control security system, method and firewall based on environment data certificate | |
| CN115396133A (en) | Access method and device of application system, gateway and readable storage medium | |
| CN113691545A (en) | Routing control method and device, electronic equipment and computer readable medium | |
| KR20240076874A (en) | Server connection control method based on user network profile |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |