CN114338438B - Internet surfing behavior management method, system storage medium and equipment - Google Patents
Internet surfing behavior management method, system storage medium and equipment Download PDFInfo
- Publication number
- CN114338438B CN114338438B CN202111474024.7A CN202111474024A CN114338438B CN 114338438 B CN114338438 B CN 114338438B CN 202111474024 A CN202111474024 A CN 202111474024A CN 114338438 B CN114338438 B CN 114338438B
- Authority
- CN
- China
- Prior art keywords
- filtering
- request message
- server
- cpe
- strategy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000007726 management method Methods 0.000 title claims abstract description 228
- 238000001914 filtration Methods 0.000 claims abstract description 229
- 238000000034 method Methods 0.000 claims abstract description 50
- 238000004891 communication Methods 0.000 claims abstract description 29
- 229920006235 chlorinated polyethylene elastomer Polymers 0.000 claims abstract description 16
- 238000000136 cloud-point extraction Methods 0.000 claims abstract description 16
- 230000006399 behavior Effects 0.000 claims description 162
- 230000005540 biological transmission Effects 0.000 abstract description 8
- 230000006870 function Effects 0.000 description 16
- 238000010586 diagram Methods 0.000 description 11
- 101100042631 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) SIN3 gene Proteins 0.000 description 10
- 238000013461 design Methods 0.000 description 9
- 238000012545 processing Methods 0.000 description 9
- 238000012550 audit Methods 0.000 description 8
- 238000012790 confirmation Methods 0.000 description 4
- 230000008569 process Effects 0.000 description 4
- 238000004590 computer program Methods 0.000 description 2
- 238000011217 control strategy Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000009467 reduction Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000006386 memory function Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a management method, a system storage medium and equipment for surfing behavior, relates to the field of data communication, and is used for reducing occupation of network bandwidth by data transmission and reducing the traffic born by a server. The method is applied to Customer Premise Equipment (CPE) in a network surfing behavior management system, wherein the network surfing behavior management system comprises a server and a plurality of CPEs; each CPE stores a first filtering strategy, and the server stores a second filtering strategy; the method comprises the following steps: receiving original request messages sent by a plurality of clients; filtering the original request message according to the first filtering strategy to obtain an intermediate request message conforming to the first filtering strategy; and sending the intermediate request message to the server, so that the server filters the intermediate request message based on the second filtering strategy to obtain a target request message conforming to the second filtering strategy, and sending the target request message to the network side equipment.
Description
Technical Field
The present invention relates to the field of data communications, and in particular, to a method, a system storage medium, and an apparatus for managing internet surfing behavior.
Background
In the application scenario related to accessing the internet, the user needs to monitor, control and the like the flow data of accessing the internet through the branch network, namely, the management of the internet surfing behavior of the user is realized.
Conventional internet surfing behavior management functions are typically integrated into a dedicated internet surfing behavior management device. The internet surfing behavior management equipment is deployed at the outlet of each branch network to realize internet surfing behavior management and audit. In the method for managing the internet surfing behavior, since an internet surfing behavior management device needs to be configured for each branch network, the cost of internet surfing behavior management is high.
In order to solve the problem of higher cost of internet surfing behavior management, in the prior art, a server with an internet surfing behavior management function is arranged at an internet portal, and the server comprises an internet surfing behavior management mirror image instance created for each branch network, and after receiving traffic data sent by each branch network, internet surfing behavior management actions are executed for corresponding traffic data.
However, since traffic data of all branch networks needs to be drained to the server, the burden of network bandwidth is greatly increased, and the traffic borne by the server is also greatly increased.
Disclosure of Invention
The invention provides a management method, a system storage medium and equipment for surfing behavior, which are used for reducing occupation of network bandwidth by data transmission and reducing the traffic born by a server.
In order to achieve the above purpose, the invention adopts the following technical scheme:
in a first aspect, a method for managing internet surfing behavior is provided, where the method is applied to a client terminal device (customer premise equipment, CPE) in an internet surfing behavior management system, and the internet surfing behavior management system includes a server and a plurality of CPEs; each CPE stores a first filtering strategy, and the server stores a second filtering strategy; the method comprises the following steps: receiving original request messages sent by a plurality of clients; filtering the original request message according to the first filtering strategy to obtain an intermediate request message conforming to the first filtering strategy; and sending the intermediate request message to the server, so that the server filters the intermediate request message based on the second filtering strategy to obtain a target request message conforming to the second filtering strategy, and sending the target request message to the network side equipment.
In one possible implementation, the internet surfing behavior management system further comprises a policy management device; the method further comprises the following steps: and receiving the filtering strategy sent by the strategy management equipment, and determining the received filtering strategy as a first filtering strategy. Thus, the first filtering strategy can be configured at the CPE side, so that the original request message is filtered at the CPE side.
In one possible implementation manner, the internet surfing behavior management system further comprises a policy management device and a plurality of gateway devices; the sending of the intermediate request message to the server comprises: sending an intermediate request message to a target gateway device in the plurality of gateway devices, so that the target gateway device forwards the intermediate request message to a server; the target gateway device is defined for the policy management device based on the SD-WAN network protocol. Therefore, the drainage of the internet surfing data request message is completed in the SD-WAN network, a special drainage tunnel is not required to be built, and the internet surfing behavior management cost is reduced.
In a second aspect, a method for managing internet surfing behavior is provided, where the method is applied to a server in an internet surfing behavior management system, and the internet surfing behavior management system further includes a plurality of customer premise equipment CPE; each CPE stores a first filtering strategy, and the server stores a second filtering strategy; the method comprises the following steps: receiving an intermediate request message sent by each CPE; the intermediate request message is obtained by filtering original request messages sent by a plurality of clients according to a first filtering strategy by each CPE; and filtering the intermediate request message according to the second filtering strategy to obtain a target request message conforming to the second filtering strategy, and sending the target request message to the network side equipment.
In one possible implementation manner, the internet surfing behavior management system further comprises a policy management device, and the method further comprises: and receiving the filtering strategy sent by the strategy management equipment, and determining the received filtering strategy as a second filtering strategy. Thus, the first filtering strategy can be configured on the server side, and the filtering of the intermediate request message on the server side is realized.
In one possible implementation, the sum of the routing lengths between the server and each CPE is less than a preset length. That is, the server of the present invention is deployed near the gateway device of the SD-WAN network without requiring extensive scheduling of traffic.
In one possible implementation manner, the internet surfing behavior management system further includes a policy management device, where the filtering the intermediate request packet according to the second filtering policy to obtain the target request packet conforming to the second filtering policy includes: utilizing the target allocation resources to filter the intermediate request message according to the second filtering strategy to obtain a target request message conforming to the second filtering strategy; the target allocated resources are resources allocated in advance for each CPE by the policy management device. Therefore, traffic load balancing can be performed, and dynamic capacity expansion of processing capacity of user internet surfing behavior is realized
In a third aspect, a management apparatus for internet surfing behavior is provided, where the management apparatus is applied to a customer premise equipment CPE in an internet surfing behavior management system, and the internet surfing behavior management system includes a server and a plurality of CPEs; each CPE stores a first filtering strategy, and the server stores a second filtering strategy; the management device includes: a receiving unit, a filtering unit and a transmitting unit. The receiving unit is used for receiving original request messages sent by a plurality of clients; the filtering unit is used for filtering the original request message according to the first filtering strategy to obtain an intermediate request message conforming to the first filtering strategy; the sending unit is used for sending the intermediate request message to the server, so that the server filters the intermediate request message based on the second filtering strategy to obtain a target request message conforming to the second filtering strategy, and sending the target request message to the network side equipment.
In one possible implementation, the internet surfing behavior management system further comprises a policy management device; the management device further includes: and a determining unit. And the receiving unit is also used for receiving the filtering strategy sent by the strategy management equipment. And the determining unit is used for determining the received filtering strategy as a first filtering strategy.
In one possible implementation manner, the internet surfing behavior management system further comprises a policy management device and a plurality of gateway devices; the sending unit is specifically configured to send an intermediate request packet to a target gateway device in the multiple gateway devices, so that the target gateway device forwards the intermediate request packet to the server; the target gateway device is defined for the policy management device based on the SD-WAN network protocol.
In a fourth aspect, a management apparatus for internet surfing behavior is provided, which is applied to a server in an internet surfing behavior management system, where the internet surfing behavior management system further includes a plurality of customer premise equipment CPE; each CPE stores a first filtering strategy, and the server stores a second filtering strategy; the management device includes: a receiving unit and a filtering unit and a transmitting unit. And the receiving unit is used for receiving the intermediate request message sent by each CPE. The intermediate request message is obtained by filtering original request messages sent by a plurality of clients according to a first filtering strategy by each CPE. And the filtering unit is used for filtering the intermediate request message according to the second filtering strategy to obtain a target request message conforming to the second filtering strategy. And the sending unit is used for sending the target request message to the network side equipment.
In one possible implementation, the internet surfing behavior management system further comprises a policy management device; the management device further includes: and a determining unit. And the determining unit is used for receiving the filtering strategy sent by the strategy management equipment and determining the received filtering strategy as a second filtering strategy.
In one possible implementation, the sum of the routing lengths between the server and each CPE is less than a preset length.
In one possible implementation, the internet surfing behavior management system further comprises a policy management device; the filtering unit is specifically configured to utilize the target allocation resource to filter the intermediate request message according to the second filtering policy, so as to obtain a target request message conforming to the second filtering policy; the target allocated resources are resources allocated in advance for each CPE by the policy management device.
In a fifth aspect, there is provided a system for managing internet surfing behavior, including: a server and a plurality of customer premise equipments CPEs; wherein, each CPE stores a first filtering strategy, and the server stores a second filtering strategy; when the internet behavior management system is running, each CPE performs the management method as in the first aspect or the server performs the management method as in the second aspect.
In a sixth aspect, a computer readable storage medium is provided, in which instructions are stored which, when executed, implement the management method as in the first or second aspect.
In a seventh aspect, there is provided a customer premise equipment CPE comprising: a processor, a memory, and a communication interface; wherein the communication interface is used for communication between the communication device and other equipment or network; the memory is used to store one or more programs, the one or more programs comprising computer-executable instructions that, when executed by the CPE, cause the CPE to perform the management method as in the first aspect.
An eighth aspect provides a server, comprising: a processor, a memory, and a communication interface; wherein the communication interface is used for communication between the communication device and other equipment or network; the memory is used to store one or more programs, the one or more programs comprising computer-executable instructions that, when executed by the server, cause the server to perform the method of management as in the second aspect.
The invention provides a management method, a system storage medium and equipment of internet surfing behavior, which are applied to Customer Premise Equipment (CPE) in an internet surfing behavior management system. Wherein each CPE stores a first filtering policy and the server stores a second filtering policy. After receiving the original request messages sent by the clients, the CPE performs preliminary filtration on the original request messages according to a first filtration strategy, so as to filter out the original request messages which do not accord with the first filtration strategy and obtain intermediate request messages which accord with the first filtration strategy. And then sending the intermediate request message to the server, so that the server filters the intermediate request message based on the second filtering strategy to obtain a target request message conforming to the second filtering strategy, and sending the target request message to the network side equipment. Therefore, the invention filters the original request message which does not accord with the first filtering strategy according to the first filtering strategy at the CPE side, thereby reducing the quantity of the original request message sent by the CPE to the server and realizing the reduction of the occupation of the data transmission to the network bandwidth. The CPE sends an intermediate request message to the server that conforms to the first filtering policy. Accordingly, the server filters the intermediate request message based on the second filtering policy, that is, the data traffic that the server needs to filter is reduced, so that the traffic borne by the server can be reduced.
Drawings
FIG. 1 is a schematic diagram of a network behavior management system according to an embodiment of the present invention;
FIG. 2 is a second schematic diagram of a network behavior management system according to an embodiment of the present invention;
FIG. 3 is a flowchart of a method for managing Internet surfing behavior according to an embodiment of the present invention;
FIG. 4 is a second flowchart of a method for managing Internet surfing behavior according to an embodiment of the present invention;
FIG. 5 is a third flow chart of a method for managing Internet surfing behavior according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of a management device for internet surfing behavior according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of another management apparatus for internet surfing behavior according to an embodiment of the present invention;
fig. 8 is a schematic structural diagram of a server according to an embodiment of the present invention;
fig. 9 is a second schematic structural diagram of a server according to an embodiment of the present invention.
Detailed Description
Before describing embodiments of the present invention, the terminology involved in the embodiments of the present invention will be explained:
wide area software defined network SD-WAN (software defined wide area network, SDN): is a service formed by applying software defined network (software defined network, SDN) technology to a wide area network scenario. SD-WAN may be used to connect enterprise networks, data centers, internet applications, and cloud services over a wide geographic area, with the aim of helping users reduce the expense of the wide area network and improving the flexibility of network connections.
The goal of SD-WAN is to implement flexible networking of enterprises through virtualization technology, application level policies and Overlay (Overlay) networks, and customer premise equipment CPE devices at the edges.
And (3) managing internet surfing behavior: internet behavior management refers to helping internet users control and manage the use of the internet. The method comprises the steps of web page access filtering, network application control, bandwidth flow management, information transceiving audit and user behavior analysis. For example, filtering illegal bad websites avoids legal risks, filtering malicious web pages to ensure safety, filtering websites that affect the working efficiency, such as games and shopping. For another example, the internet surfing behavior of the intranet user is recorded, and the intranet user can be checked according to the internet surfing behavior; and (5) recording an intranet security event to help an administrator find a security threat.
In a certain application scenario, the behavior of the user accessing the internet needs to be monitored, controlled and the like, namely, the internet surfing behavior of the user is managed. The traditional internet surfing behavior management function is usually integrated in the internet surfing behavior management device, and the internet surfing behavior management device is deployed at the outlet of each branch network to realize internet surfing behavior management and audit. The cost of the internet surfing behavior management is high because of the need of configuring an internet surfing behavior management device for each branch network. In order to solve the problem of higher cost of internet surfing behavior management, in the prior art, a corresponding internet surfing behavior management mirror image instance is created for each branch network in a cloud platform server, and then internet surfing behaviors of a plurality of branch networks are managed on the cloud platform server. Thus, traffic data of multiple branch networks needs to be drained to the cloud platform, which increases the burden of network bandwidth. Accordingly, the cloud platform server needs to process all traffic data of the plurality of branch networks, so that the traffic borne by the cloud platform server is greatly increased.
In view of this, the embodiment of the present invention provides a method for managing internet surfing behavior, which is applied to a customer premise equipment CPE in an internet surfing behavior management system, where the internet surfing behavior management system includes a server and a plurality of CPEs; each CPE stores a first filtering strategy, and the server stores a second filtering strategy; the method comprises the following steps: receiving original request messages sent by a plurality of clients; filtering the original request message according to the first filtering strategy to obtain an intermediate request message conforming to the first filtering strategy; and sending the intermediate request message to the server, so that the server filters the intermediate request message based on the second filtering strategy to obtain a target request message conforming to the second filtering strategy, and sending the target request message to the network side equipment.
According to the invention, the original request messages which do not accord with the first filtering strategy are filtered out at the CPE side according to the first filtering strategy, so that the number of the original request messages sent by the CPE to the server is reduced, and the occupation of data transmission to network bandwidth is reduced. The CPE sends an intermediate request message to the server that conforms to the first filtering policy. Correspondingly, the server filters the intermediate request message based on the second filtering strategy, namely, the data traffic required to be filtered by the server is reduced, so that the traffic borne by the cloud platform can be reduced.
The following describes in detail the implementation of the embodiment of the present invention with reference to the drawings.
The system architecture and the service scenario described in the embodiments of the present invention are for more clearly describing the technical solution provided in the embodiments of the present invention, and do not constitute a limitation on the technical solution provided in the embodiments of the present invention, and those skilled in the art can know that, with the evolution of the network architecture and the appearance of a new service scenario, the technical solution provided in the embodiments of the present invention is equally applicable to similar technical problems.
Fig. 1 is a schematic architecture diagram of a network behavior management system 10 to which embodiments of the present invention are applied. As shown in fig. 1, the internet behavior management system may include a secure resource pool 110, a network side device 120, and a plurality of CPEs (e.g., CPE1, CPE2 in fig. 1), and a plurality of user networks (e.g., user network 1, user network 2 in fig. 1). The secure resource pool 110 is connected to a plurality of CPEs. The CPE is connected to the customer network (e.g., CPE1 is connected to customer network 1 in fig. 1). The CPE and the customer network may be connected in a wired manner or may be connected in a wireless manner, which is not limited in the embodiment of the present invention.
And the CPE receives the Internet surfing data request message of the user network and manages the Internet surfing data request message according to an Internet surfing behavior management strategy at the CPE side.
The secure resource pool 110 receives the intermediate request message which is sent by the CPEs and accords with the internet surfing behavior management policy of the CPE side, and performs internet surfing behavior management on the intermediate request message according to the internet surfing behavior policy of the server side. The secure resource pool 110 sends an intermediate request message to the network side device 120 that conforms to the server-side network surfing behavior policy.
In an actual application scenario, as shown in fig. 2, the above-mentioned internet behavior management system specifically includes: the security capability management platform 130, the SD-WAN unified management platform 140, the gateway device 150, the secure resource pool 110, the network side device 120, a plurality of CPEs (e.g., CPE1, CPE2 in fig. 1), and a plurality of user networks (e.g., user network 1, user network 2 in fig. 1). The SD-WAN unified management platform 140 is connected to the gateway device 150. The SD-WAN unified management platform 140 may be connected with CPE of the plurality of networks through gateway device 150. For example, SD-WAN unified management platform 140 is connected to CPE1 through gateway device 150. SD-WAN unified management platform 140 is connected to CPE2 through gateway device 150. The SD-WAN unified management platform 140 may also be connected with a plurality of CPEs. For example, SD-WAN unified management platform 140 is connected to CPE 1. The security capability management platform 130 is connected to the SD-WAN unified management platform 140. The security capability management platform 130 is coupled to the secure resource pool 110. The secure resource pool 110 is connected to a network-side device 120.
Wherein the secure resource pool 110 includes a plurality of servers. The server processes the Internet surfing data request message sent by the CPE.
The security capability management device 130 may receive a network surfing behavior management request message (may also be referred to as an order) from the user network, where the request message is used to request configuration of a network surfing behavior policy of the user network, allocate a network surfing behavior management resource for the user network, and send the network surfing behavior management policy (a second filtering policy described below) on the server side to the security resource pool 110. The security capability management device 130 also transmits CPE-side network behavior management policies (first filtering policies described below) to the SD-WAN unified management platform 140.
In one example, the user network 1 sends a web behavior management request message to the security capability management device 130 through the CPE1. The internet surfing behavior management request information includes information such as a network protocol (internet protocol) IP address, port number, internet surfing behavior management policy, internet surfing behavior management resource, etc. of the user network. The security capability management apparatus 130 configures a surfing behavior engine in the security resource pool 110 according to the surfing behavior management resource, and starts the surfing behavior engine. The security capability management apparatus 130 splits the surfing behavior management policy into a server-side surfing behavior policy and a CPE-side surfing behavior management policy according to a splitting policy (pre-stored in the security capability management apparatus 130 by an operation and maintenance person). Further, the security capability management device 130 issues the server-side internet surfing behavior policy to the internet surfing behavior engine in the secure resource pool 110, and issues the CPE-side internet surfing behavior management policy to the CPE1 through the SD-WAN unified management platform 120. Finally, the security capability management device 130 feeds back the result of the server-side internet surfing strategy to the SD-WAN unified management platform 140.
For example, the security capability management device 130 generates a CPE-side surfing behavior management policy according to a web page filtering policy and an application control policy in the surfing behavior management policy, and generates a server-side surfing behavior management policy according to policies such as user authentication, traffic management, and behavior audit in the surfing behavior management policy.
The SD-WAN unified management platform 140 may be used to send the CPE side internet behavior management policies to the CPE.
In one example, SD-WAN unified management platform 140 may be used to send CPE-side Internet surfing behavior management policies to CPE1. Accordingly, after CPE1 receives and configures the CPE side's internet behavior management policy, CPE1 feeds back the configuration success result to SD-WAN unified management platform 140.
The gateway device 150 is configured to receive network configuration information of traffic flow guidance issued by the SD-WAN unified management platform 140.
In one example, gateway device 150 receives network configuration information for traffic steering issued by SD-WAN unified management platform 140. Accordingly, the SD-WAN unified management platform 140 acquires the network configuration information from the CPE1 to the secure resource pool, and further, issues the network configuration information to the gateway device 150.
It should be noted that, in the embodiment of the present invention, the security capability management platform 130 and the SD-WAN unified management platform 140 may be integrated in the same device. For example, the security capability management device 130, the SD-WAN unified management platform 140 may be integrated on the same server. Thus, the maintenance and the management of the equipment can be facilitated.
It should be noted that fig. 1 and 2 are exemplary drawings, and the number of devices shown in fig. 1 and 2 is not limited. And the communication systems shown in fig. 1 and 2 may include other devices in addition to those shown in fig. 1 and 2, without limitation.
In order to clearly describe the technical solution of the embodiments of the present invention, in the embodiments of the present invention, the words "first", "second", etc. are used to distinguish the same item or similar items having substantially the same function and effect. For example, the first filtering policy and the second filtering policy are merely for distinguishing different indication information, and are not limited in order. It will be appreciated by those of skill in the art that the words "first," "second," and the like do not limit the amount and order of execution, and that the words "first," "second," and the like do not necessarily differ.
In the present invention, the words "exemplary" or "such as" are used to mean serving as an example, instance, or illustration. Any embodiment or design described herein as "exemplary" or "for example" should not be construed as preferred or advantageous over other embodiments or designs. Rather, the use of words such as "exemplary" or "such as" is intended to present related concepts in a concrete fashion.
In the present invention, "at least one" means one or more, and "a plurality" means two or more. "and/or", describes an association relationship of an association object, and indicates that there may be three relationships, for example, a and/or B, and may indicate: a alone, a and B together, and B alone, wherein a, B may be singular or plural. The character "/" generally indicates that the context-dependent object is an "or" relationship. "at least one of" or the like means any combination of these items, including any combination of single item(s) or plural items(s). For example, at least one (one) of a, b, or c may represent: a, b, c, a-b, a-c, b-c, or a-b-c, wherein a, b, c may be single or plural.
The following describes a method for managing a surfing behavior according to an embodiment of the present invention, with reference to a surfing behavior management system shown in fig. 1. In which the terms and the like related to the actions of the embodiments of the present invention are mutually referred to, without limitation. The message names of interactions between the devices or parameter names in the messages in the embodiments of the present invention are just an example, and other names may be used in specific implementations without limitation. The actions involved in the embodiments of the present invention are just an example, and other names may be adopted in the specific implementation, for example: the "included" in the embodiments of the present invention may be replaced by "carried on" or the like.
Fig. 3 is a schematic diagram of a management method of internet surfing behavior, where the management method is applied to CPE in an internet surfing behavior management system, and the internet surfing behavior management system includes a server and a plurality of CPEs; each CPE stores a first filtering policy and the server stores a second filtering policy, as shown in fig. 3, and the method includes S201-S205 described below.
S201, the CPE receives original request messages sent by a plurality of clients.
The CPE is connected with a plurality of clients, and the clients are clients in the same user network. The original request message may be an internet data request message.
Wherein the CPE may be any one of the CPEs in fig. 1. The user network may be any of the user networks in fig. 1, for example, the user network 1, the user network 2, or the user network 2, and is not limited thereto.
In one possible implementation, multiple clients send internet data request messages to the CPE. Correspondingly, the CPE receives a plurality of internet data request messages sent by a plurality of clients.
The internet data request message may include an identifier of the client (such as a network protocol (internet protocol, IP) address), a request method field, a uniform resource locator (uniform resource locator, URL) field, a browser type for generating the request, a request method (such as GET, POST), and the like.
S202, the CPE filters the original request message according to the first filtering strategy to obtain an intermediate request message conforming to the first filtering strategy.
In a possible implementation manner, the CPE filters the plurality of internet surfing data request messages according to a preset first filtering policy to obtain an internet surfing data request message conforming to the first filtering policy.
Illustratively, the first filtering policy includes a web page filtering policy and an application control policy. The web page filtering strategy filters the internet data request messages related to games, shopping and the like, and the control strategy is applied to filter the internet data request messages of chatting, stock frying, games, online videos and the like. The CPE receives 10 Internet surfing data request messages. Wherein, 2 internet data request messages are data messages for requesting shopping web pages, and 1 internet data request message is data message for requesting game web pages. And the CPE filters the received 10 Internet surfing data request message according to a preset webpage filtering strategy and an application control strategy. Further, the CPE determines that 7 of the 10 internet data request messages conform to the first filtering policy.
The first filtering policy may be a media access control (media access control, MAC) address and an IP address field set to allow for external connection, or an access control list (access control list, ACL) control policy set for a message and including information such as destination IP, destination port, protocol type, time slot, etc., which is not limited.
S203, the CPE sends an intermediate request message to the server, so that the server filters the intermediate request message based on the second filtering strategy to obtain a target request message conforming to the second filtering strategy, and sends the target request message to the network side equipment.
In a possible implementation manner, the CPE sends the encrypted intermediate request message to the server through the gateway device, so that the server filters the intermediate request message based on the second filtering policy to obtain a target request message conforming to the second filtering policy, and sends the target request message to the network side device.
Correspondingly, the server receives the intermediate request message sent by each CPE.
The intermediate request message is obtained by filtering original request messages sent by a plurality of clients according to a first filtering strategy by each CPE.
S204, the server filters the intermediate request message according to the second filtering strategy to obtain a target request message conforming to the second filtering strategy.
In a possible implementation manner, after receiving the intermediate request message sent by each CPE, the server obtains a second filtering policy corresponding to the CPE according to the identification information in the intermediate request message. And the server filters the intermediate request message according to the second filtering strategy to obtain a target request message conforming to the second filtering strategy.
Specifically, a plurality of internet surfing behavior engines are arranged in the server, and each CPE at least corresponds to one internet surfing behavior engine. The Internet surfing behavior engine is provided with a second filtering strategy. The second filtering policy is a surfing behavior filtering policy of the CPE corresponding to the surfing behavior engine. After the server receives the intermediate request message sent by the CPE, the server determines a surfing behavior engine corresponding to the CPE according to the IP in the intermediate request message. Further, the Internet surfing behavior engine audits the intermediate request message sent by the CPE according to a second filtering strategy.
Illustratively, the second filtering policy is a policy such as user authentication, traffic management, and behavior audit. Such as web access auditing, mail auditing, outgoing file auditing, multi-level parent-child channels, dynamic flow control, and local username-password authentication.
For example, the internet surfing behavior engine a needs to perform internet surfing behavior management for 7 internet surfing data request messages sent by the CPE 1. And the Internet surfing behavior engine A manages and audits the Internet surfing behaviors of the 7 Internet surfing data request messages according to the second filtering strategy, and confirms that the 5 Internet surfing data request messages accord with the second filtering strategy.
It should be noted that, the second filtering policy may also be a policy such as multistage father-son channel, dynamic flow control, peer-to-peer (P2P) intelligent flow control, flow control blacklist, etc., which is not limited.
S205, the server sends a target request message to the network side equipment.
The invention provides a management method, a system storage medium and equipment of internet surfing behavior, which are applied to Customer Premise Equipment (CPE) in an internet surfing behavior management system. Wherein each CPE stores a first filtering policy and the server stores a second filtering policy. After receiving the original request messages sent by the clients, the CPE performs preliminary filtration on the original request messages according to a first filtration strategy, so as to filter out the original request messages which do not accord with the first filtration strategy and obtain intermediate request messages which accord with the first filtration strategy. And then sending the intermediate request message to the server, so that the server filters the intermediate request message based on the second filtering strategy to obtain a target request message conforming to the second filtering strategy, and sending the target request message to the network side equipment. Therefore, the invention filters the original request message which does not accord with the first filtering strategy according to the first filtering strategy at the CPE side, thereby reducing the quantity of the original request message sent by the CPE to the server and realizing the reduction of the occupation of the data transmission to the network bandwidth. The CPE sends an intermediate request message to the server that conforms to the first filtering policy. Accordingly, the server filters the intermediate request message based on the second filtering policy, that is, the data traffic that the server needs to filter is reduced, so that the traffic borne by the server can be reduced.
In one design, in order to set a corresponding filtering policy in each CPE, the system for managing internet surfing behavior according to the embodiment of the present invention further includes a policy management device, as shown in fig. 4, and the method for managing internet surfing behavior according to the embodiment of the present invention further includes the following steps S206-S207.
S206, the CPE receives the filtering strategy sent by the strategy management equipment.
The policy management device may be a network element or a network device in fig. 2, where the security capability management device 110 and the SD-WAN unified management platform 120 are integrated.
It should be noted that, before the CPE receives the filtering policy sent by the policy management device, the user network first sends the internet surfing behavior management policy to the policy management device through the CPE. And the policy management equipment generates a filtering policy sent to the CPE according to the preset condition and the internet surfing behavior management policy, and sends the filtering policy to the CPE.
S207, the CPE determines the received filtering strategy as a first filtering strategy.
In one possible implementation, after receiving the filtering policy, the CPE confirms that the filtering policy is a network surfing behavior management policy, and sets the filtering policy as the first filtering policy.
Subsequently, if the CPE configures the first filtering policy successfully, the CPE sends a message of the successful configuration to the policy management device. If the CPE fails to configure the first filtering strategy, the CPE sends a message of configuration failure to the strategy management equipment.
Specifically, the CPE sends a message to the SD-WAN unified management platform that policy configuration succeeds or fails.
In one design, in order to reduce the internet surfing behavior management cost, the internet surfing behavior management system provided by the embodiment of the invention further comprises a policy management device and a plurality of gateway devices; wherein each gateway device has one or more CPEs connected thereto. In this case, the above S203 provided by the embodiment of the present invention specifically includes the following S2031.
S2031, the CPE sends an intermediate request packet to a target gateway device of the plurality of gateway devices, so that the target gateway device forwards the intermediate request packet to the server.
Wherein the target gateway device is defined for the policy management device based on the SD-WAN network protocol. The gateway device directly connected to the CPE of the plurality of gateway devices is an SD-WAN gateway device.
In one possible implementation, the CPE encrypts the intermediate request file and sends the encrypted intermediate request message to the server through the target gateway device.
It can be understood that the technical scheme of the invention is to build an enterprise wide area network by means of an SD-WAN. The SD-WAN gateway device and the CPE are devices under the SD-WAN unified management platform. The SD-WAN unified management platform issues network configuration information of traffic flow drainage to the SD-WAN gateway equipment in advance. The network configuration information is node information of the gateway device required for the CPE to the server. Therefore, in the implementation of the invention, the drainage of the internet surfing data request message is completed in the SD-WAN network, a special drainage tunnel is not required to be built, and the management cost of the internet surfing behavior is reduced.
In one design, a filtering policy at the server side is set, and the method for managing internet surfing behavior provided by the embodiment of the present invention, the internet surfing behavior management system further includes a policy management device, as shown in fig. 5, and further includes the following S208-S209.
S208, the server receives the filtering strategy sent by the strategy management device.
S209, the server determines the received filtering strategy as a second filtering strategy.
In one possible implementation, after receiving the filtering policy, the server confirms that the filtering policy is a network surfing behavior management policy, and sets the filtering policy as a second filtering policy.
Specifically, a surfing behavior engine in the server receives a filtering policy sent by the policy management device, and if the filtering policy is confirmed to be a surfing behavior management policy, the filtering policy is set to be a second filtering policy. Subsequently, the security capability management platform sends the filtering strategy configuration result of the server side to the SD-WAN unified management platform. For example, the security capability management platform sends the successful configuration of the filtering policy on the server side to the SD-WAN unified management platform.
It should be noted that, before the server receives the filtering policy sent by the policy management device, the user network first sends the internet surfing behavior management policy to the policy management device through the CPE. And the policy management equipment generates a filtering policy sent to the server side according to the preset condition and the internet surfing behavior management policy, and sends the filtering policy to the server.
In one design, in order to reduce the scope of traffic scheduling, in the method for managing internet surfing behavior provided by the embodiment of the present invention, the sum of the routing lengths between the server and each CPE is smaller than a preset length.
It will be appreciated that in embodiments of the present invention, the server is deployed near the gateway device of the SD-WAN network. I.e. on the network link, the transmission path from the CPE to the server is smaller than the preset length, so that there is no need to schedule traffic in a large scale.
In one design, in order to perform traffic load balancing and realize dynamic capacity expansion of processing capacity of a user surfing behavior, the method for managing surfing behavior provided by the embodiment of the present invention, the step S205 specifically includes the following step S2051.
S2051, the server filters the intermediate request message according to the second filtering strategy by utilizing the target allocation resource to obtain the target request message conforming to the second filtering strategy.
The target allocation resource is a resource which is allocated to each CPE in advance by the policy management equipment.
Before the server receives the filtering policy sent by the policy management device, the user network first sends the required internet surfing behavior management resource to the policy management device through the CPE. The policy management device configures corresponding internet surfing behavior management resources for the CPE in the server according to the internet surfing behavior management resources required by the CPE.
In a possible implementation manner, the intermediate request message is load-balanced to the resources allocated to each CPE through the SDN switch. And the resources distributed by each CPE filter the intermediate request message according to the second filtering strategy to obtain a target request message conforming to the second filtering strategy.
Specifically, the internet surfing data request message is load-balanced to the internet surfing behavior engine through the SDN switch. Therefore, the user network needs to increase the processing capacity of the internet surfing behavior, and only needs to assign the newly added engine to the user engine sequence, so that the user service is not influenced.
It can be understood that an SDN switch is introduced in the embodiment of the present invention, and through a programmable interface, balanced processing of traffic load and service sequence arrangement of multiple security capabilities (internet surfing behavior, firewall, log audit, etc.) are implemented, and load logic and arrangement implement high individuation and rapid convenience. Therefore, traffic load balancing is carried out, and dynamic capacity expansion of the processing capacity of the user internet surfing behavior is realized.
The foregoing description of the solution provided by the embodiments of the present invention has been mainly presented in terms of a method. To achieve the above functions, it includes corresponding hardware structures and/or software modules that perform the respective functions. Those of skill in the art will readily appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as hardware or combinations of hardware and computer software. Whether a function is implemented as hardware or computer software driven hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the embodiments of the present invention.
The embodiment of the invention can divide the functional modules of the device according to the method example, for example, each functional module can be divided corresponding to each function, or two or more functions can be integrated in one processing module. The integrated modules may be implemented in hardware or in software functional modules. Optionally, the division of the modules in the embodiment of the present invention is schematic, which is merely a logic function division, and other division manners may be implemented in practice.
Fig. 6 is a schematic structural diagram of a management device for internet surfing behavior according to an embodiment of the present invention. As shown in fig. 6, the management device 30 may be located in the CPE. Comprising the following steps: a receiving unit 301, a filtering unit 302, and a transmitting unit 303.
The receiving unit 301 is configured to receive original request messages sent by a plurality of clients. For example, as shown in fig. 3, the receiving unit 301 may be used to perform S201.
The filtering unit 302 is configured to filter the original request message according to the first filtering policy, so as to obtain an intermediate request message conforming to the first filtering policy. For example, as shown in fig. 3, the receiving unit 301 may be used to perform S202.
The sending unit 303 is configured to send an intermediate request packet to the server, so that the server filters the intermediate request packet based on the second filtering policy, obtains a target request packet according with the second filtering policy, and sends the target request packet to the network side device. For example, as shown in fig. 3, the transmission unit 303 may be used to perform S203.
Optionally, as shown in fig. 6, the management device 30 in the embodiment of the present invention further includes: a confirmation unit 304.
A receiving unit 301, configured to receive the filtering policy sent by the policy management device. For example, as shown in fig. 4, the receiving unit 301 may be used to perform S206.
A confirmation unit 304, configured to determine the received filtering policy as the first filtering policy. For example, as shown in fig. 4, the confirmation unit 304 may be used to perform S207.
Optionally, the sending unit 303 is specifically configured to send an intermediate request packet to a target gateway device in the multiple gateway devices, so that the target gateway device forwards the intermediate request packet to the server; the target gateway device is defined for the policy management device based on the SD-WAN network protocol. For example, the transmission unit 303 may be used to perform S2031.
Fig. 7 is a schematic structural diagram of a management device for internet surfing behavior according to an embodiment of the present invention. As shown in fig. 6, the management device 40 may be located in the server described above. Comprising the following steps: a receiving unit 401, a filtering unit 402, and a transmitting unit 403.
A receiving unit 401, configured to receive an intermediate request packet sent by each CPE; the intermediate request message is obtained by filtering original request messages sent by a plurality of clients according to a first filtering strategy by each CPE.
The filtering unit 402 is configured to filter the intermediate request packet according to the second filtering policy, obtain a target request packet according to the second filtering policy, and send the target request packet to the network side device. For example, as shown in fig. 4, the filtering unit 402 may be used to perform S204.
A sending unit 403, configured to send a target request packet to a network side device. For example, as shown in fig. 4, the filtering unit 402 may be used to perform S205.
Optionally, as shown in fig. 7, the management device 40 in the embodiment of the present invention further includes: a validation unit 404.
A receiving unit 401, configured to receive the filtering policy sent by the policy management device.
A confirmation unit 404, configured to determine the received filtering policy as the second filtering policy.
Optionally, the sum of the routing lengths between the server and each CPE is less than a preset length.
Optionally, as shown in fig. 7, the filtering unit 402 is specifically configured to filter the intermediate request packet according to the second filtering policy by using the target allocation resource, to obtain a target request packet conforming to the second filtering policy; the target allocated resources are resources allocated in advance for each CPE by the policy management device. For example, the filtering unit 402 may be used to perform S2051.
In the case of implementing the functions of the integrated modules described above in the form of hardware, an embodiment of the present invention provides a possible structural schematic diagram of the server involved in the above embodiment. As shown in fig. 8, the server 50 includes a processor 501, a memory 502, and a bus 503. The processor 501 and the memory 502 may be connected by a bus 503.
The processor 501 is a control center of the communication device, and may be one processor or a collective term of a plurality of processing elements. For example, the processor 501 may be a general-purpose central processing unit (central processing unit, CPU), or may be another general-purpose processor. Wherein the general purpose processor may be a microprocessor or any conventional processor or the like.
As one example, processor 501 may include one or more CPUs, such as CPU 0 and CPU 1 shown in fig. 8.
Memory 502 may be, but is not limited to, read-only memory (ROM) or other type of static storage device that can store static information and instructions, random access memory (random access memory, RAM) or other type of dynamic storage device that can store information and instructions, as well as electrically erasable programmable read-only memory (EEPROM), magnetic disk storage or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer.
As a possible implementation, the memory 502 may exist separately from the processor 501, and the memory 502 may be connected to the processor 501 by means of a bus 503 for storing instructions or program code. The processor 501, when calling and executing instructions or program code stored in the memory 502, is capable of implementing the sensor determination method provided by the embodiment of the present invention.
In another possible implementation, the memory 502 may also be integrated with the processor 501.
Bus 503 may be an industry standard architecture (Industry Standard Architecture, ISA) bus, peripheral component interconnect (Peripheral Component Interconnect, PCI) bus, or extended industry standard architecture (Extended Industry Standard Architecture, EISA) bus, among others. The bus may be classified as an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown in fig. 8, but not only one bus or one type of bus.
It should be noted that the structure shown in fig. 8 does not constitute a limitation of the server 50. In addition to the components shown in fig. 8, the server 50 may include more or less components than shown, or certain components may be combined, or a different arrangement of components.
As an example, in connection with fig. 6, the determining unit 304 and the filtering unit 302 in the determining apparatus 30 realize the same functions as the processor 501 in fig. 8.
Optionally, as shown in fig. 8, the server 50 provided by the embodiment of the present invention may further include a communication interface 504.
A communication interface 504 for connecting with other devices via a communication network. The communication network may be an ethernet, a radio access network, a wireless local area network (wireless local area networks, WLAN), etc. The communication interface 504 may include a receiving unit for receiving data and a transmitting unit for transmitting data.
In one design, the communication interface may also be integrated into the processor in the server provided by the embodiments of the present invention.
Fig. 9 shows another hardware configuration of the server in the embodiment of the present invention. As shown in fig. 9, the server 60 may include a processor 601 and a communication interface 602. The processor 601 is coupled to a communication interface 602.
The function of the processor 601 may be as described above with reference to the processor 501. The processor 601 also has a memory function, and the function of the memory 502 can be referred to.
The communication interface 602 is used to provide data to the processor 601. The communication interface 602 may be an internal interface of the communication device or an external interface of the communication device.
It should be noted that the structure shown in fig. 9 does not constitute a limitation of the server 60, and the server 60 may include more or less components than those shown in fig. 9, or may combine some components, or may be a different arrangement of components.
Meanwhile, the hardware structure schematic of the CPE provided in the embodiment of the present invention may refer to the description of the server in fig. 8 or fig. 9, and will not be described herein.
From the above description of embodiments, it will be apparent to those skilled in the art that the foregoing functional unit divisions are merely illustrative for convenience and brevity of description. In practical applications, the above-mentioned function allocation may be performed by different functional units, i.e. the internal structure of the device is divided into different functional units, as needed, to perform all or part of the functions described above. The specific working processes of the above-described systems, devices and units may refer to the corresponding processes in the foregoing method embodiments, which are not described herein.
The embodiment of the invention also provides a system for managing the internet surfing behavior, which is characterized by comprising the following steps: a server and a plurality of customer premise equipments CPEs; wherein, each CPE stores a first filtering strategy, and the server stores a second filtering strategy; when the internet surfing behavior management system runs, the internet surfing behavior management system executes each step in the method flow shown in the method embodiment.
The embodiment of the invention also provides a computer readable storage medium, wherein the computer readable storage medium stores instructions, when the computer executes the instructions, the computer executes each step in the method flow shown in the method embodiment.
The embodiments of the present invention also provide a computer program product comprising instructions which, when executed on a computer, cause the computer to perform the method of determining the embodiments of the method described above.
The computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the computer-readable storage medium would include the following: electrical connections having one or more wires, portable computer diskette, hard disk. Random access Memory (Random Access Memory, RAM), read-Only Memory (ROM), erasable programmable Read-Only Memory (Erasable Programmable Read Only Memory, EPROM), registers, hard disk, optical fiber, portable compact disc Read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any other form of computer-readable storage medium suitable for use by a person or persons of skill in the art. An exemplary storage medium is coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an application specific integrated circuit (Application Specific Integrated Circuit, ASIC). In embodiments of the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
Since the server, the user equipment, the computer readable storage medium, and the computer program product in the embodiments of the present invention can be applied to the above-mentioned method, the technical effects that can be obtained by the method can also refer to the above-mentioned method embodiments, and the embodiments of the present invention are not described herein again.
The present invention is not limited to the above embodiments, and any changes or substitutions within the technical scope of the present invention should be covered by the scope of the present invention.
Claims (9)
1. The management method of the internet surfing behavior is characterized by being applied to Customer Premise Equipment (CPE) in an internet surfing behavior management system, wherein the internet surfing behavior management system comprises a server and a plurality of CPEs; each CPE stores a first filtering strategy, and the server stores a second filtering strategy; the method comprises the following steps:
receiving original request messages sent by a plurality of clients;
filtering the original request message according to the first filtering strategy to obtain an intermediate request message conforming to the first filtering strategy;
the intermediate request message is sent to the server, so that the server filters the intermediate request message based on the second filtering strategy to obtain a target request message conforming to the second filtering strategy, and the target request message is sent to network side equipment;
The internet surfing behavior management system also comprises policy management equipment;
and receiving the filtering strategy sent by the strategy management equipment, and determining the received filtering strategy as the first filtering strategy.
2. The method of claim 1, wherein the internet behavior management system further comprises a policy management device and a plurality of gateway devices; the sending the intermediate request message to the server includes:
sending the intermediate request message to a target gateway device in the plurality of gateway devices, so that the target gateway device forwards the intermediate request message to the server; the target gateway device is defined for the policy management device based on an SD-WAN network protocol.
3. The method for managing the internet surfing behavior is characterized by being applied to a server in an internet surfing behavior management system, wherein the internet surfing behavior management system also comprises a plurality of Customer Premise Equipment (CPE); each CPE stores a first filtering strategy, and the server stores a second filtering strategy; the method comprises the following steps:
receiving an intermediate request message sent by each CPE; the intermediate request message is obtained by filtering original request messages sent by a plurality of clients by each CPE according to the first filtering strategy;
Filtering the intermediate request message according to the second filtering strategy to obtain a target request message conforming to the second filtering strategy, and sending the target request message to network side equipment;
the internet surfing behavior management system also comprises policy management equipment;
and receiving the filtering strategy sent by the strategy management equipment, and determining the received filtering strategy as the second filtering strategy.
4. A method of managing according to claim 3, characterized in that the sum of the routing lengths between the server and each CPE is smaller than a preset length.
5. The method according to any one of claims 3 to 4, wherein the internet surfing behavior management system further comprises a policy management device; the filtering the intermediate request message according to the second filtering policy to obtain a target request message conforming to the second filtering policy, including:
utilizing target allocation resources, and filtering the intermediate request message according to the second filtering strategy to obtain a target request message conforming to the second filtering strategy; and the target allocated resource is a resource which is allocated to each CPE in advance by the policy management equipment.
6. A system for managing internet surfing behavior, comprising: a server and a plurality of customer premise equipments CPEs; wherein, each CPE stores a first filtering strategy, and the server stores a second filtering strategy; when the internet behavior management system is running, each CPE performs the management method of any one of claims 1 to 2 or the server performs the management method of any one of claims 3 to 5.
7. A computer readable storage medium having instructions stored therein which, when executed, implement the management method of any one of claims 1 to 2 or any one of claims 3 to 5.
8. A customer premise equipment CPE, comprising: a processor, a memory, and a communication interface; wherein the communication interface is used for the communication between the customer premise equipment CPE and other equipment or network; the memory is configured to store one or more programs, the one or more programs comprising computer-executable instructions that, when executed by the CPE, cause the CPE to perform the management method of any of claims 1-2.
9. A server, comprising: a processor, a memory, and a communication interface; wherein the communication interface is used for the server to communicate with other devices or networks; the memory is configured to store one or more programs, the one or more programs comprising computer-executable instructions that, when executed by the server, cause the server to perform the management method of any of claims 3-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111474024.7A CN114338438B (en) | 2021-12-02 | 2021-12-02 | Internet surfing behavior management method, system storage medium and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111474024.7A CN114338438B (en) | 2021-12-02 | 2021-12-02 | Internet surfing behavior management method, system storage medium and equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114338438A CN114338438A (en) | 2022-04-12 |
| CN114338438B true CN114338438B (en) | 2023-07-28 |
Family
ID=81048918
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111474024.7A Active CN114338438B (en) | 2021-12-02 | 2021-12-02 | Internet surfing behavior management method, system storage medium and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114338438B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101399749A (en) * | 2007-09-27 | 2009-04-01 | 华为技术有限公司 | Method, system and device for packet filtering |
| CN101567848A (en) * | 2009-06-01 | 2009-10-28 | 北京星网锐捷网络技术有限公司 | Safety control method and exchanger |
| CN102752215A (en) * | 2012-07-16 | 2012-10-24 | 杭州华三通信技术有限公司 | Processing method for VDP (vertical data processing) request messages and edge switch |
| CN102916826A (en) * | 2011-08-01 | 2013-02-06 | 中兴通讯股份有限公司 | Method and device for controlling network access |
| CN212392885U (en) * | 2020-08-10 | 2021-01-22 | 西安创业天下网络科技有限公司 | 5G signal relay amplifier with CPE function |
| CN112491711A (en) * | 2020-11-17 | 2021-03-12 | 上海八彦图信息科技有限公司 | Routing strategy processing method and device for load balancing and electronic equipment |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8555365B2 (en) * | 2010-05-21 | 2013-10-08 | Barracuda Networks, Inc. | Directory authentication method for policy driven web filtering |
| CN115119021A (en) * | 2022-06-28 | 2022-09-27 | 北京达佳互联信息技术有限公司 | Data processing method and device, electronic equipment and storage medium |
-
2021
- 2021-12-02 CN CN202111474024.7A patent/CN114338438B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101399749A (en) * | 2007-09-27 | 2009-04-01 | 华为技术有限公司 | Method, system and device for packet filtering |
| CN101567848A (en) * | 2009-06-01 | 2009-10-28 | 北京星网锐捷网络技术有限公司 | Safety control method and exchanger |
| CN102916826A (en) * | 2011-08-01 | 2013-02-06 | 中兴通讯股份有限公司 | Method and device for controlling network access |
| CN102752215A (en) * | 2012-07-16 | 2012-10-24 | 杭州华三通信技术有限公司 | Processing method for VDP (vertical data processing) request messages and edge switch |
| CN212392885U (en) * | 2020-08-10 | 2021-01-22 | 西安创业天下网络科技有限公司 | 5G signal relay amplifier with CPE function |
| CN112491711A (en) * | 2020-11-17 | 2021-03-12 | 上海八彦图信息科技有限公司 | Routing strategy processing method and device for load balancing and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114338438A (en) | 2022-04-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8484695B2 (en) | System and method for providing access control | |
| CN113949573A (en) | Zero-trust service access control system and method | |
| CN110554927A (en) | Micro-service calling method based on block chain | |
| CN113037761B (en) | Login request verification method and device, storage medium and electronic equipment | |
| CN111935312B (en) | Industrial Internet container cloud platform and flow access control method thereof | |
| WO2023020606A1 (en) | Method, system and apparatus for hiding source station, and device and storage medium | |
| KR20110103461A (en) | Method and system for authentication of network nodes of a peer-to-peer network | |
| CN110830317B (en) | Internet access behavior management system, equipment and method | |
| CN114338438B (en) | Internet surfing behavior management method, system storage medium and equipment | |
| CN110336793B (en) | Intranet access method and related device | |
| CN112217910B (en) | Video service access method, device, network equipment and storage medium | |
| CN116566764A (en) | Configuration method and device for accessing virtual private network | |
| CN102917027A (en) | Method, device and system for accessing webpage chatting room | |
| CN103001931A (en) | Communication system of terminals interconnected among different networks | |
| CN110324826B (en) | Intranet access method and related device | |
| KR101379803B1 (en) | System for distributing abnormal traffic and method of distributing abnormal traffice using the same | |
| KR101869584B1 (en) | Method and system for cloud-based identity management (c-idm) implementation | |
| CN111953798A (en) | Cross-network communication method, device and system and proxy server | |
| CN109962831B (en) | Virtual client terminal device, router, storage medium, and communication method | |
| CN115812317A (en) | Method and apparatus for preventing network attacks in network slices | |
| JP4878043B2 (en) | Access control system, connection control device, and connection control method | |
| CN113572868B (en) | Dynamic dial-up networking method and system | |
| CN113904939B (en) | Method, device and storage medium for managing target terminal | |
| CN114866371B (en) | Method and device for establishing IPSec tunnel, storage medium and electronic equipment | |
| Chaitra et al. | Integration of software router with Wi-Fi for enhanced security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |