CN114697380B - Redirection method, system, device and storage medium for access request - Google Patents
Redirection method, system, device and storage medium for access request Download PDFInfo
- Publication number
- CN114697380B CN114697380B CN202210243431.5A CN202210243431A CN114697380B CN 114697380 B CN114697380 B CN 114697380B CN 202210243431 A CN202210243431 A CN 202210243431A CN 114697380 B CN114697380 B CN 114697380B
- Authority
- CN
- China
- Prior art keywords
- message
- terminal
- server
- target
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/148—Migration or transfer of sessions
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
The application discloses a redirection method, a redirection system, a redirection device and a storage medium for access requests. The method comprises the following steps: the method comprises the steps that an admission server obtains a first message sent by a terminal; the admission server acquires target quintuple information in the first message and judges whether quintuple information which is the same as the target quintuple information is stored in the admission server or not; under the condition that the five-tuple information which is the same as the target five-tuple information is stored in the access server, a forged second message and a redirection message are sent to the terminal; the admission server receives a third message sent by the terminal and establishes a connection relationship between the admission server and the terminal; and the admission server receives the access request sent by the terminal based on the redirection message and sends an access result corresponding to the access request to the terminal. According to the method and the device, the problem that redirection of the access request cannot be carried out under the condition that the target server does not respond to the access request in the related art is solved.
Description
Technical Field
The present application relates to the field of network security, and in particular, to a method, system, apparatus, and storage medium for redirecting an access request.
Background
The network access control technology is a mainstream network security defense technology at present, and effectively solves the security threat caused by the access of a non-secure terminal to a network by implementing security protection on the terminal, and rejects viruses, loopholes, network attacks and the like, thereby comprehensively guaranteeing the security of equipment accessed to the network.
Common technologies for network admission control include policy routing admission, VLAN isolation admission, dot1x admission, ARP admission, mirror admission, etc. The mirror admission technology refers to a technology that a switch in a network mirrors (i.e. replicates) data traffic to an admission server, the admission server monitors and examines the traffic and then performs the putting through or blocking according to a policy, and common mirror admission blocking technologies include TCP Reset, HTTP redirection and the like.
In the existing method for performing network access control through the mirror image access technology, when an access request of a terminal is redirected, an access server needs to acquire a message transmission state when the terminal and the server perform TCP three-way handshake, and when the server sends a second message to the terminal, a redirection message is sent to the terminal, so that the redirection of the access request of the terminal is performed. However, if the server accessed by the terminal does not exist, the second message cannot be sent to the terminal, so that the sending of the redirection message cannot be performed, and the redirection of the terminal access request cannot be implemented.
Aiming at the problem that the redirection of the access request cannot be carried out under the condition that the target server does not respond to the access request in the related art, no effective solution is proposed at present.
Disclosure of Invention
The application provides a redirection method, a system, a device and a storage medium of an access request, which are used for solving the problem that the redirection of the access request cannot be carried out under the condition that a target server does not respond to the access request in the related art.
According to one aspect of the present application, a method of redirecting an access request is provided. The method comprises the following steps: the method comprises the steps that an admission server obtains a first message sent by a terminal, wherein the first message is first message information generated when the terminal requests to establish connection with a target server; the admission server acquires target quintuple information in the first message and judges whether quintuple information which is the same as the target quintuple information is stored in the admission server or not; under the condition that quintuple information which is the same as the target quintuple information is stored in the access server, sending a forged second message and a redirection message to the terminal, wherein the forged second message is used for establishing the connection relation between the access server and the terminal, and the redirection message is used for redefining the access address of the terminal; the admission server receives a third message sent by the terminal and establishes a connection relation between the admission server and the terminal, wherein the third message is a message responded by aiming at the second message; and the admission server receives the access request sent by the terminal based on the redirection message and sends an access result corresponding to the access request to the terminal.
Optionally, after determining whether the same quintuple information as the target quintuple information is stored in the admission server, the method further includes: and storing the target quintuple information to the access server under the condition that the same quintuple information as the target quintuple information is not stored in the access server.
Optionally, after determining whether the same quintuple information as the target quintuple information is stored in the admission server, the method further includes: under the condition that five-tuple information which is the same as the target five-tuple information is not stored in the access server, the access server detects whether a second message sent by the target server to the terminal is received or not; and sending a redirection message to the terminal under the condition that the admission server detects the second message.
Optionally, after the admission server detects whether the target server sends the second message to the terminal, the method further includes: under the condition that the admission server does not detect the second message, the admission server detects whether the first message sent by the terminal is received again or not; and under the condition that the access server receives the first message again, executing the steps of acquiring the target quintuple information in the first message and judging whether the target quintuple information is stored in the access server.
Optionally, after sending the redirection message to the terminal in the case that the admission server detects the second message, the method further includes: after the connection relation between the target server and the terminal is established, establishing the connection relation between the access server and the terminal; and the admission server receives the access request sent by the terminal based on the redirection message and sends an access result corresponding to the access request to the terminal.
Optionally, before sending the forged second message and the redirecting message to the terminal, the method further includes: under the condition that quintuple information which is the same as the target quintuple information is stored in the access server, acquiring first identification information corresponding to the target quintuple information which is the same as the target quintuple information, and acquiring second identification information corresponding to the target quintuple information from the first message; judging whether the first identification information is the same as the second identification information; storing target five-tuple information and second identification information to an admission server under the condition that the first identification information is different from the second identification information; and under the condition that the first identification information is the same as the second identification information, executing the steps of sending the forged second message and the redirected message to the terminal.
Optionally, after determining whether the same quintuple information as the target quintuple information is stored in the admission server, the method further includes: under the condition that the five-tuple information which is the same as the target five-tuple information is stored in the access server, the access server sends a forged second message to the terminal; the admission server receives a third message sent by the terminal and establishes a connection relation between the admission server and the terminal, wherein the third message is a message responded by aiming at the second message; the admission server sends a redirection message to the terminal; and the admission server receives the access request sent by the terminal based on the redirection message and sends an access result corresponding to the access request to the terminal.
According to another aspect of the present application, a redirection system for access requests is provided. The system comprises: the terminal is used for requesting to establish a connection relation with the target server and sending an access request to the target server after establishing the connection relation with the target server; the access server is used for establishing a connection relation between the terminal and the target server, then establishing the connection relation between the terminal and the access server, sending a redirection message to the terminal so as to redirect the access request, and sending a fake response message to the terminal so as to establish the connection relation between the terminal and the access server and sending a redirection message to the terminal so as to redirect the access request under the condition that the terminal does not establish the connection relation between the terminal and the target server; and the target server is used for sending a response message to the terminal under the condition that the message of establishing the connection relation is received by the request of the terminal so as to establish the connection relation between the target server and the terminal.
According to another aspect of the present application, a redirection device for access requests is provided. The device comprises: the first acquisition unit is used for acquiring a first message sent by the terminal by the access server, wherein the first message is first message information generated when the terminal requests to establish connection with the target server; the second acquisition unit is used for acquiring the target quintuple information in the first message by the admission server and judging whether the admission server stores the quintuple information which is the same as the target quintuple information or not; the first sending unit is used for sending a forged second message and a redirection message to the terminal under the condition that quintuple information which is the same as the target quintuple information is stored in the access server, wherein the forged second message is used for establishing the connection relation between the access server and the terminal, and the redirection message is used for redefining the access address of the terminal; the first receiving unit is used for receiving a third message sent by the terminal by the access server and establishing a connection relation between the access server and the terminal, wherein the third message is a message responded by aiming at the second message; the second receiving unit is used for receiving the access request sent by the terminal based on the redirection message by the access server and sending an access result corresponding to the access request to the terminal.
According to another aspect of the embodiment of the present invention, there is also provided a computer storage medium, where the computer storage medium is configured to store a program, and when the program runs, control a device in which the computer storage medium is located to execute a redirection method of an access request.
According to another aspect of embodiments of the present invention, there is also provided an electronic device including one or more processors and a memory; the memory has stored therein computer readable instructions for execution by the processor, wherein the computer readable instructions when executed perform a method of redirecting an access request.
Through the application, the following steps are adopted: the method comprises the steps that an admission server obtains a first message sent by a terminal, wherein the first message is first message information generated when the terminal requests to establish connection with a target server; the admission server acquires target quintuple information in the first message and judges whether quintuple information which is the same as the target quintuple information is stored in the admission server or not; under the condition that quintuple information which is the same as the target quintuple information is stored in the access server, sending a forged second message and a redirection message to the terminal, wherein the forged second message is used for establishing the connection relation between the access server and the terminal, and the redirection message is used for redefining the access address of the terminal; the admission server receives a third message sent by the terminal and establishes a connection relation between the admission server and the terminal, wherein the third message is a message responded by aiming at the second message; and the admission server receives the access request sent by the terminal based on the redirection message and sends an access result corresponding to the access request to the terminal. The problem that the redirection of the access request cannot be carried out under the condition that the target server does not respond to the access request in the related art is solved. Determining whether the server exists or not by confirming whether five-tuple information which is the same as the target five-tuple information is stored in the access server, determining that the server does not exist under the condition that the five-tuple information which is the same as the target five-tuple information is stored in the access server, sending a forged second message to the terminal through the access server, completing TCP three-way handshake operation between the terminal and the access server, and carrying out redirection operation through the access server, thereby achieving the effect of redirecting the access request under any condition.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application, illustrate and explain the application and are not to be construed as limiting the application. In the drawings:
FIG. 1 is a flow chart of a method of redirecting access requests provided in accordance with an embodiment of the present application;
FIG. 2 is a flow chart of an alternative method of redirecting access requests provided in accordance with an embodiment of the present application;
FIG. 3 is a schematic diagram of a redirection system for access requests provided in accordance with an embodiment of the present application;
FIG. 4 is a schematic diagram of a redirection device for access requests provided in accordance with an embodiment of the present application;
fig. 5 is a schematic diagram of an electronic device according to an embodiment of the present application.
Detailed Description
It should be noted that, in the case of no conflict, the embodiments and features in the embodiments may be combined with each other. The present application will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.
In order to make the present application solution better understood by those skilled in the art, the following description will be made in detail and with reference to the accompanying drawings in the embodiments of the present application, it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, shall fall within the scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate in order to describe the embodiments of the present application described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
For convenience of description, the following will describe some terms or terms related to the embodiments of the present application:
the hypertext transfer protocol (Hyper Text Transfer Protocol, abbreviated HTTP) is an application layer protocol for distributed, collaborative and hypermedia information systems, which is the most widely used network transport protocol on the internet, and all WWW files must comply with this standard.
Five-tuple: generally refers to a set of five quantities, source IP address, source port, destination IP address, destination port, and transport layer protocol number.
According to an embodiment of the application, a redirection method of an access request is provided.
Fig. 1 is a flow chart of a method of redirecting access requests according to an embodiment of the present application. As shown in fig. 1, the method comprises the steps of:
step S102, the access server acquires a first message sent by the terminal, wherein the first message is first message information generated when the terminal requests to establish connection with the target server.
Specifically, the access server comprises an access control server, and is mainly used for performing user identity verification, terminal security check, terminal behavior monitoring audit and the like.
When the terminal performs data interaction with the target server, the terminal and the target server are required to be connected through a TCP three-way handshake protocol, and the data interaction between the terminal and the target server can be performed after the terminal and the target server are successfully connected.
When the first handshake of the TCP three-way handshake is performed, the terminal sends a first message to the target server, wherein the first message comprises an HTTP request and a SYN (Synchronize Sequence Number synchronous sequence number), the first message is copied by the switch when passing through the switch, the first message is sent to the access server, at the moment, the access server performs security analysis on the HTTP request according to a preset security rule, and generates an HTTP redirection message under the condition that the analysis result does not accord with the preset security rule.
Step S104, the access server obtains the target quintuple information in the first message and judges whether the access server stores the quintuple information identical to the target quintuple information.
Specifically, after receiving the first message, the admission server needs to acquire a target quintuple corresponding to the HTTP request in the first message, determine whether the target quintuple is stored in the admission server, and if the target quintuple is stored, prove that the first message corresponding to the HTTP request is not sent to the target server for the first time.
Optionally, in the redirection method of an access request provided in the embodiment of the present application, after determining whether five-tuple information that is the same as the target five-tuple information is stored in the admission server, the method further includes: and storing the target quintuple information to the access server under the condition that the same quintuple information as the target quintuple information is not stored in the access server.
Specifically, if the target quintuples are not stored in the access server, the first message corresponding to the HTTP request is proved to be sent to the target server for the first time, and the quintuples corresponding to the first message can be stored in the access server. The embodiment lays a foundation for comparing the first messages, so that whether the target server exists can be accurately determined.
And step S106, under the condition that the five-tuple information which is the same as the target five-tuple information is stored in the access server, sending a fake second message and a redirection message to the terminal, wherein the fake second message is used for establishing the connection relation between the access server and the terminal, and the redirection message is used for redetermining the access address of the terminal.
Specifically, in the case that the five-tuple information which is the same as the target five-tuple information is stored in the access server, it is proved that the first message corresponding to the HTTP request is not sent to the target server for the first time, and it can be indicated that the server requested by the terminal does not exist.
Further, after the access server falsifies the target server, a falsified second message including a falsified second handshake of the seq value corresponding to the first message may be returned, and meanwhile, the redirection message is sent to the terminal, where the terminal will buffer the redirection message into the TCP buffer after receiving the redirection message.
Step S108, the admission server receives a third message sent by the terminal, and establishes a connection relationship between the admission server and the terminal, wherein the third message is a message responded by the second message.
Specifically, after the terminal receives the forged second message and the redirected message, the terminal returns a third message according to the content of the forged second message, thereby completing the connection between the terminal and the access server. And can interact data with the admission server through the redirection message.
Step S110, the access server receives the access request sent by the terminal based on the redirection message and sends an access result corresponding to the access request to the terminal.
Specifically, after the terminal and the access server are connected, the terminal can perform an HTTP redirection request according to the redirection message in the TCP cache, so that the access server is directly accessed according to the HTTP redirection request, and a request result corresponding to the HTTP redirection request is obtained from the access server.
According to the redirection method of the access request, which is provided by the embodiment of the application, a first message sent by the terminal is obtained through the access server, wherein the first message is first message information generated when the terminal requests to establish connection with the target server; the admission server acquires target quintuple information in the first message and judges whether quintuple information which is the same as the target quintuple information is stored in the admission server or not; under the condition that quintuple information which is the same as the target quintuple information is stored in the access server, sending a forged second message and a redirection message to the terminal, wherein the forged second message is used for establishing the connection relation between the access server and the terminal, and the redirection message is used for redefining the access address of the terminal; the admission server receives a third message sent by the terminal and establishes a connection relation between the admission server and the terminal, wherein the third message is a message responded by aiming at the second message; and the admission server receives the access request sent by the terminal based on the redirection message and sends an access result corresponding to the access request to the terminal. The problem that the redirection of the access request cannot be carried out under the condition that the target server does not respond to the access request in the related art is solved. Determining whether the server exists or not by confirming whether five-tuple information which is the same as the target five-tuple information is stored in the access server, determining that the server does not exist under the condition that the five-tuple information which is the same as the target five-tuple information is stored in the access server, sending a forged second message to the terminal through the access server, completing TCP three-way handshake operation between the terminal and the access server, and carrying out redirection operation through the access server, thereby achieving the effect of redirecting the access request under any condition.
In order to reduce the storage amount in the TCP buffer in the terminal, optionally, in the redirection method of the access request provided in the embodiment of the present application, after determining whether the access server stores the same quintuple information as the target quintuple information, the method further includes: under the condition that the five-tuple information which is the same as the target five-tuple information is stored in the access server, the access server sends a forged second message to the terminal; the admission server receives a third message sent by the terminal and establishes a connection relation between the admission server and the terminal, wherein the third message is a message responded by aiming at the second message; the admission server sends a redirection message to the terminal; and the admission server receives the access request sent by the terminal based on the redirection message and sends an access result corresponding to the access request to the terminal.
Specifically, in the case that the admission server stores the same quintuple information as the target quintuple information, the admission server may falsify the admission server as the target server by returning the seq value corresponding to the first message, and return only the falsified second message to the terminal. After receiving the forged second message, the terminal cannot identify whether the second message is the forged second message because the terminal cannot identify the source of the second message, so the terminal can directly return to a third message corresponding to a third handshake in TCP three-way handshake, the access server can be connected with the terminal after receiving the third message and return a redirection message to the terminal, and after receiving the redirection message, the terminal can resend an HTTP redirection request according to the redirection message, thereby directly accessing the access server according to the HTTP redirection request and acquiring a request result corresponding to the HTTP redirection request from the access server.
Optionally, in the redirection method of an access request provided in the embodiment of the present application, after determining whether five-tuple information that is the same as the target five-tuple information is stored in the admission server, the method further includes: under the condition that five-tuple information which is the same as the target five-tuple information is not stored in the access server, the access server detects whether a second message sent by the target server to the terminal is received or not; and sending a redirection message to the terminal under the condition that the admission server detects the second message.
Specifically, when the target server returns the second message of the second handshake in the TCP three-way handshake to the terminal, the switch copies the same second message and sends the same second message to the access server, and at this time, the access server may send the redirect message to the terminal after receiving the second message, so that the terminal may redirect the HTTP request through the redirect message.
Optionally, in the redirection method of an access request provided in the embodiment of the present application, after the admission server detects whether the admission server receives the second packet sent by the target server to the terminal, the method further includes: under the condition that the admission server does not detect the second message, the admission server detects whether the first message sent by the terminal is received again or not; and under the condition that the access server receives the first message again, executing the steps of acquiring the target quintuple information in the first message and judging whether the target quintuple information is stored in the access server.
Specifically, when the five-tuple information which is the same as the target five-tuple information is not stored in the access server, the access server stores the target five-tuple information, and at the same time, the access server waits for the switch to send a second message of the second handshake in the TCP three-way handshake to be returned to the terminal by the target server, but when the target server does not exist, the target server cannot return the second message, so that the access server cannot receive the second message, and the operation of returning the redirection message to the terminal cannot be triggered. At this time, the terminal cannot receive the second message, so that the TCP three-way handshake cannot be completed, and therefore, the terminal performs the TCP three-way handshake with the target server again according to the TCP retransmission principle. When the terminal sends the first message to the target server again, the switch copies the first message to the access server again, so that the step of judging whether the target quintuple information is stored in the access server is executed again.
It should be noted that, since the content of the first message in the second handshake is identical to that of the first message generated in the last handshake, the corresponding quintuple is also identical, so that when the admission server determines the quintuple, the same quintuple information is already stored in the admission server, and therefore the operations of sending the forged second message and the redirect message to the terminal are performed. In this embodiment, by determining the five-tuple of the first message sent again, it is determined that the target server does not exist, and it is prevented that the target server and the admission server send the second message of the three-way handshake with different seq values to the terminal successively, and after receiving the second message of the three-way handshake responded by the first server, the terminal adds 1 to the seq value of the second message as an ack value to respond to the third message of the three-way handshake. At this time, the target server and the admission server sequentially receive the third message with the three-way handshake of seq and ack equal to seq plus 1, and the target server or the admission server executes the three-way handshake logic judgment, and the TCP Reset message is sent to the terminal because the ack value does not conform to the seq plus 1, so that the connection for correctly establishing the three-way handshake is Reset, and the problem of incapability of redirection is caused.
Optionally, in the redirection method of an access request provided in the embodiment of the present application, after sending a redirection packet to a terminal in a case where the admission server detects the second packet, the method further includes: after the connection relation between the target server and the terminal is established, establishing the connection relation between the access server and the terminal; and the admission server receives the access request sent by the terminal based on the redirection message and sends an access result corresponding to the access request to the terminal.
Specifically, in the case that the target server exists, since the terminal and the target server have performed two interactions of messages, the TCP three-way handshake can be successfully performed, so that the terminal and the target server are connected. However, since the HTTP access request sent by the terminal does not conform to the preset security rule, the terminal needs to redirect the HTTP request to the admission server through the redirect message.
The terminal and the access server are not connected because the operation of TCP three-way handshake is not completed between the terminal and the access server, connection between the terminal and the access server is required to be established through TCP three-way handshake, and after connection is established, the terminal can access the access server through HTTP redirection request and receive the access result returned by the access server.
Optionally, in the redirection method of an access request provided in the embodiment of the present application, before sending the forged second packet and the redirection packet to the terminal, in a case where five-tuple information that is the same as the target five-tuple information is stored in the admission server, the method further includes: under the condition that quintuple information which is the same as the target quintuple information is stored in the access server, acquiring first identification information corresponding to the target quintuple information which is the same as the target quintuple information, and acquiring second identification information corresponding to the target quintuple information from the first message; judging whether the first identification information is the same as the second identification information; storing target five-tuple information and second identification information to an admission server under the condition that the first identification information is different from the second identification information; and under the condition that the first identification information is the same as the second identification information, executing the steps of sending the forged second message and the redirected message to the terminal.
Specifically, the first identification information may be a seq value in the first packet, and the second identification information may be a seq value corresponding to the same packet as the first packet quintuple. Under the special condition of port reuse of the terminal, the situation that two different quintuples corresponding to HTTP access requests are identical may occur, because the admission server can store the seq value of the first message besides the quintuple information of the first message, at this time, the seq value in the first message and the seq value corresponding to the stored message identical to the first message quintuple can be obtained to judge, under the condition that the first identification information is different from the second identification information, the two messages identical to the quintuple can be determined to be different messages, under the condition that the first identification information is identical to the second identification information, the two messages can be determined to be identical messages, and then the steps of forging the second message and redirecting the message to the terminal are executed. According to the embodiment, the seq value in the message is further determined, so that the judgment accuracy of the message is improved, and the accuracy of redirection of the access request is improved.
Fig. 2 is a flowchart of an alternative method for redirecting an access request according to an embodiment of the present application, as shown in fig. 2:
the terminal sends a first message for carrying out TCP three-way handshake to a target server, the first message is copied by a switch when passing through the switch, the first message is sent to an access server, at the moment, the access server carries out security analysis on an HTTP request according to a preset security rule, and an HTTP redirection message is generated under the condition that the analysis result does not accord with the preset security rule. After receiving the first message, the admission server also needs to obtain a target quintuple corresponding to the HTTP request in the first message, and judge whether the target quintuple is stored in the admission server, and meanwhile, if the target quintuple is stored, the admission server can also confirm whether the values of seq are the same, so as to judge whether the first message is stored in the admission server.
Under the condition that the target quintuple is stored in the access server, the access server can forge the access server as the target server by returning the seq value corresponding to the first message, so that the connection between the terminal and the target server is changed into the connection between the terminal and the access server, and meanwhile, the redirection message is sent to the terminal. After the terminal and the access server complete TCP three-way handshake connection, the terminal can carry out HTTP redirection request according to the redirection message, so that the access server is directly accessed according to the HTTP redirection request, and a request result corresponding to the HTTP redirection request is obtained from the access server.
And under the condition that the target quintuple is not stored in the access server, storing the target quintuple and the seq value of the first message to the access server, and judging whether the access server receives the second message returned by the target server. Under the condition that the second message is not received, determining that the target server does not exist, waiting to accept the first message sent by the terminal again according to the TCP retransmission principle, and re-executing the operation of judging whether the target five-tuple is stored in the access server; under the condition that the second message is received, the existence of the target server is determined, the redirection message can be sent to the terminal, after the terminal is connected with the target server, the terminal can send an HTTP redirection request to the access server according to the redirection message, and the connection is established by carrying out TCP three-way handshake with the access server, so that the access server is directly accessed according to the HTTP redirection request, and a request result corresponding to the HTTP redirection request is obtained from the access server.
It should be noted that the steps illustrated in the flowcharts of the figures may be performed in a computer system such as a set of computer executable instructions, and that although a logical order is illustrated in the flowcharts, in some cases the steps illustrated or described may be performed in an order other than that illustrated herein.
The embodiment of the application also provides a redirection system of the access request, and it should be noted that the redirection system of the access request of the embodiment of the application can be used for executing the redirection method for the access request provided by the embodiment of the application. The following describes a redirection system for access requests provided in an embodiment of the present application.
FIG. 3 is a schematic diagram of a redirection system for access requests provided according to an embodiment of the present application, as shown in FIG. 3, the system comprising:
a terminal 31 for requesting establishment of a connection relationship with the target server 33 and transmitting an access request to the target server 33 after establishing the connection relationship with the target server 33.
Specifically, the terminal 31 is configured to send an access request, and before sending, it is required to establish a connection with the target server 33, so it is required to send a first message for establishing a connection to the target server 33.
The admission server 32 is configured to establish a connection relationship between the terminal 31 and the target server 33 after establishing the connection relationship between the terminal 31 and the target server 33, and send a redirection message to the terminal 31 to redirect the access request, where the admission server 32 is further configured to send a fake response message to the terminal 31 to establish the connection relationship between the terminal 31 and the admission server 32, and send a redirection message to the terminal 31 to redirect the access request when the terminal 31 does not establish the connection relationship between the terminal 31 and the target server 33.
Specifically, the admission server 32 may send a redirection message to the terminal 31 when the target server 33 exists, so that the terminal 31 may perform redirection access, or send a fake second message to the terminal 31 when the target server 33 does not exist, so that the terminal 31 is connected to the admission server 32, so that the terminal 31 may perform redirection access, and meanwhile, an abnormal situation caused by that the admission server 32 and the target server 33 send the second message to the terminal 31 simultaneously when the target server 33 exists is avoided.
The target server 33 is configured to send a response message to the terminal 31 when receiving the message requesting to establish the connection relationship from the terminal 31, so as to establish the connection relationship between the target server 33 and the terminal 31.
According to the redirection system for the access request, which is provided by the embodiment of the application, the terminal 31 requests to establish a connection relationship with the target server 33, and after establishing the connection relationship with the target server 33, the redirection system sends the access request to the target server 33; the admission server 32 establishes a connection relationship between the terminal 31 and the target server 33 after establishing the connection relationship between the terminal 31 and the admission server 32, and sends a redirection message to the terminal 31 to redirect the access request, where the admission server 32 is further configured to send a fake response message to the terminal 31 to establish the connection relationship between the terminal 31 and the admission server 32, and send a redirection message to the terminal 31 to redirect the access request when the terminal 31 does not establish the connection relationship with the target server 33; the target server 33, upon receiving a message requesting establishment of a connection relationship from the terminal 31, transmits a response message to the terminal 31 to establish the connection relationship between the target server 33 and the terminal 31. The problem that the redirection of the access request cannot be carried out under the condition that the target server does not respond to the access request in the related art is solved. Determining whether the server exists or not by confirming whether five-tuple information which is the same as the target five-tuple information is stored in the access server, determining that the server does not exist under the condition that the five-tuple information which is the same as the target five-tuple information is stored in the access server, sending a forged second message to the terminal through the access server, completing TCP three-way handshake operation between the terminal and the access server, and carrying out redirection operation through the access server, thereby achieving the effect of redirecting the access request under any condition.
The embodiment of the application also provides a device for redirecting the access request, and it should be noted that the device for redirecting the access request in the embodiment of the application can be used for executing the method for redirecting the access request provided in the embodiment of the application. The following describes a redirection device for an access request provided in an embodiment of the present application.
Fig. 4 is a schematic diagram of a redirection device for access requests provided according to an embodiment of the present application. As shown in fig. 4, the apparatus includes: the device comprises a first acquisition unit 41, a second acquisition unit 42, a first transmission unit 43, a first receiving unit 44 and a second receiving unit 45.
The first obtaining unit 41 is configured to obtain, by using the admission server, a first message sent by the terminal, where the first message is first message information generated when the terminal requests to establish a connection with the target server.
The second obtaining unit 42 is configured to obtain the target quintuple information in the first message by using the admission server, and determine whether the admission server stores the quintuple information identical to the target quintuple information.
And the first sending unit 43 is configured to send, to the terminal, a forged second message and a redirection message when five-tuple information that is the same as the target five-tuple information is stored in the admission server, where the forged second message is used to establish a connection relationship between the admission server and the terminal, and the redirection message is used to redetermine an access address of the terminal.
The first receiving unit 44 is configured to receive a third message sent by the terminal and establish a connection relationship between the admission server and the terminal, where the third message is a message responded to the second message.
The second receiving unit 45 is configured to receive, by using the admission server, an access request sent by the terminal based on the redirection packet, and send an access result corresponding to the access request to the terminal.
According to the redirection device for the access request, the first obtaining unit 41 is used for admitting the first message sent by the terminal to the server, wherein the first message is first message information generated when the terminal requests to establish connection with the target server; the second obtaining unit 42 is used for obtaining the target quintuple information in the first message by the admission server and judging whether the admission server stores the quintuple information which is the same as the target quintuple information; the first sending unit 43 sends a forged second message and a redirection message to the terminal when the five-tuple information which is the same as the target five-tuple information is stored in the access server, wherein the forged second message is used for establishing a connection relationship between the access server and the terminal, and the redirection message is used for redefining an access address of the terminal; the first receiving unit 44 receives a third message sent by the terminal from the access server, and establishes a connection relationship between the access server and the terminal, wherein the third message is a message responded by the second message; the second receiving unit 45 admits the access request sent by the server receiving terminal based on the redirecting message, and sends the access result corresponding to the access request to the terminal. The problem that the redirection of the access request cannot be carried out under the condition that the target server does not respond to the access request in the related art is solved. Determining whether the server exists or not by confirming whether five-tuple information which is the same as the target five-tuple information is stored in the access server, determining that the server does not exist under the condition that the five-tuple information which is the same as the target five-tuple information is stored in the access server, sending a forged second message to the terminal through the access server, completing TCP three-way handshake operation between the terminal and the access server, and carrying out redirection operation through the access server, thereby achieving the effect of redirecting the access request under any condition.
Optionally, in the redirection device for an access request provided in the embodiment of the present application, the device further includes: and the first storage unit is used for storing the target quintuple information to the access server under the condition that the same quintuple information as the target quintuple information is not stored in the access server.
Optionally, in the redirection device for an access request provided in the embodiment of the present application, the device further includes: the first detection unit is used for detecting whether the admission server receives a second message sent by the target server to the terminal or not under the condition that the admission server does not store quintuple information which is the same as the target quintuple information; and the second sending unit is used for sending the redirection message to the terminal under the condition that the admission server detects the second message.
Optionally, in the redirection device for an access request provided in the embodiment of the present application, the device further includes: the second detection unit is used for detecting whether the first message sent by the terminal is received again or not by the access server under the condition that the access server does not detect the second message; and the first execution unit is used for executing the steps of acquiring the target quintuple information in the first message and judging whether the target quintuple information is stored in the access server or not under the condition that the access server receives the first message again.
Optionally, in the redirection device for an access request provided in the embodiment of the present application, the device further includes: the first establishing unit is used for establishing the connection relation between the access server and the terminal after the connection relation between the target server and the terminal is established; and the third sending unit is used for receiving the access request sent by the terminal based on the redirection message by the access server and sending an access result corresponding to the access request to the terminal.
Optionally, in the redirection device for an access request provided in the embodiment of the present application, the device further includes: the third acquisition unit is used for acquiring first identification information corresponding to the target quintuple information which is the same as the target quintuple information under the condition that the quintuple information which is the same as the target quintuple information is stored in the access server, and acquiring second identification information corresponding to the target quintuple information from the first message; a judging unit for judging whether the first identification information is the same as the second identification information; the second storage unit is used for storing the target five-tuple information and the second identification information to the access server under the condition that the first identification information is different from the second identification information; and the second execution unit is used for executing the steps of sending the forged second message and the redirected message to the terminal under the condition that the first identification information is the same as the second identification information.
Optionally, in the redirection device for an access request provided in the embodiment of the present application, the device further includes: a fourth sending unit, configured to send a forged second message to the terminal by the admission server when the admission server stores quintuple information that is the same as the target quintuple information; the second establishing unit is used for receiving a third message sent by the terminal by the access server and establishing a connection relation between the access server and the terminal, wherein the third message is a message responded by aiming at the second message; a fifth sending unit, configured to send a redirection packet to the terminal by using the admission server; and the sixth sending unit is used for receiving the access request sent by the terminal based on the redirection message by the access server and sending an access result corresponding to the access request to the terminal.
The redirection device for the access request includes a processor and a memory, where the first acquiring unit 41, the second acquiring unit 42, the first transmitting unit 43, the first receiving unit 44, the second receiving unit 45, etc. are stored as program units in the memory, and the processor executes the program units stored in the memory to implement corresponding functions.
The processor includes a kernel, and the kernel fetches the corresponding program unit from the memory. The kernel can be set with one or more than one, and the problem that the redirection of the access request cannot be carried out under the condition that the target server does not respond to the access request in the related art is solved by adjusting the kernel parameters.
The memory may include volatile memory, random Access Memory (RAM), and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM), among other forms in computer readable media, the memory including at least one memory chip.
The embodiment of the invention provides a computer readable storage medium, on which a program is stored, which when executed by a processor implements a method of redirecting an access request.
The embodiment of the invention provides a processor which is used for running a program, wherein the program runs to execute a redirection method of an access request.
As shown in fig. 5, an embodiment of the present invention provides an electronic device, where the electronic device 50 includes a processor, a memory, and a program stored on the memory and executable on the processor, and the processor implements the following steps when executing the program: the method comprises the steps that an admission server obtains a first message sent by a terminal, wherein the first message is first message information generated when the terminal requests to establish connection with a target server; the admission server acquires target quintuple information in the first message and judges whether quintuple information which is the same as the target quintuple information is stored in the admission server or not; under the condition that quintuple information which is the same as the target quintuple information is stored in the access server, sending a forged second message and a redirection message to the terminal, wherein the forged second message is used for establishing the connection relation between the access server and the terminal, and the redirection message is used for redefining the access address of the terminal; the admission server receives a third message sent by the terminal and establishes a connection relation between the admission server and the terminal, wherein the third message is a message responded by aiming at the second message; and the admission server receives the access request sent by the terminal based on the redirection message and sends an access result corresponding to the access request to the terminal. The device herein may be a server, PC, PAD, cell phone, etc.
The present application also provides a computer program product adapted to perform, when executed on a data processing device, a program initialized with the method steps of: the method comprises the steps that an admission server obtains a first message sent by a terminal, wherein the first message is first message information generated when the terminal requests to establish connection with a target server; the admission server acquires target quintuple information in the first message and judges whether quintuple information which is the same as the target quintuple information is stored in the admission server or not; under the condition that quintuple information which is the same as the target quintuple information is stored in the access server, sending a forged second message and a redirection message to the terminal, wherein the forged second message is used for establishing the connection relation between the access server and the terminal, and the redirection message is used for redefining the access address of the terminal; the admission server receives a third message sent by the terminal and establishes a connection relation between the admission server and the terminal, wherein the third message is a message responded by aiming at the second message; and the admission server receives the access request sent by the terminal based on the redirection message and sends an access result corresponding to the access request to the terminal.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, etc., such as Read Only Memory (ROM) or flash RAM. Memory is an example of a computer-readable medium.
Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, phase change memory (PRAM), static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape disk storage or other magnetic storage devices, or any other non-transmission medium, which can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, does not include transitory computer-readable media (transmission media), such as modulated data signals and carrier waves.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article or apparatus that comprises an element.
The foregoing is merely exemplary of the present application and is not intended to limit the present application. Various modifications and changes may be made to the present application by those skilled in the art. Any modifications, equivalent substitutions, improvements, etc. which are within the spirit and principles of the present application are intended to be included within the scope of the claims of the present application.
Claims (11)
1. A method for redirecting an access request, comprising:
the method comprises the steps that an admission server obtains a first message sent by a terminal, wherein the first message is first message information generated when the terminal requests to establish connection with a target server;
the admission server acquires target quintuple information in the first message and judges whether quintuple information which is the same as the target quintuple information is stored in the admission server or not;
under the condition that quintuple information which is the same as the target quintuple information is stored in the access server, sending a fake second message and a redirection message to the terminal, wherein the fake second message is used for establishing the connection relation between the access server and the terminal, and the redirection message is used for redetermining the access address of the terminal;
The admission server receives a third message sent by the terminal and establishes a connection relationship between the admission server and the terminal, wherein the third message is a message responded by aiming at the second message;
and the admission server receives the access request sent by the terminal based on the redirection message and sends an access result corresponding to the access request to the terminal.
2. The method of claim 1, wherein after determining whether the same five-tuple information as the target five-tuple information is stored in the admission server, the method further comprises:
and storing the target quintuple information to the admission server under the condition that the same quintuple information as the target quintuple information is not stored in the admission server.
3. The method of claim 1, wherein after determining whether the same five-tuple information as the target five-tuple information is stored in the admission server, the method further comprises:
under the condition that the five-tuple information which is the same as the target five-tuple information is not stored in the access server, the access server detects whether a second message sent by the target server to the terminal is received or not;
And sending the redirection message to the terminal under the condition that the admission server detects the second message.
4. A method according to claim 3, characterized in that after the admission server detects whether the target server has received a second message sent to the terminal, the method further comprises:
under the condition that the admission server does not detect the second message, the admission server detects whether the first message sent by the terminal is received again or not;
and under the condition that the access server receives the first message again, executing the steps of acquiring the target quintuple information in the first message and judging whether the target quintuple information is stored in the access server.
5. A method according to claim 3, characterized in that, in case the admission server detects the second message, the method further comprises, after sending the redirect message to the terminal:
after the connection relation between the target server and the terminal is established, establishing the connection relation between the access server and the terminal;
and the admission server receives the access request sent by the terminal based on the redirection message and sends an access result corresponding to the access request to the terminal.
6. The method according to claim 1, wherein in case the admission server has stored therein the same quintuple information as the target quintuple information, the method further comprises, before sending the forged second message and the redirect message to the terminal:
under the condition that the five-tuple information which is the same as the target five-tuple information is stored in the access server, acquiring first identification information corresponding to the target five-tuple information which is the same as the target five-tuple information, and acquiring second identification information corresponding to the target five-tuple information from the first message;
judging whether the first identification information is the same as the second identification information;
storing the target five-tuple information and the second identification information to the admission server under the condition that the first identification information is different from the second identification information;
and under the condition that the first identification information is the same as the second identification information, executing the steps of sending a forged second message and a redirection message to the terminal.
7. The method of claim 1, wherein after determining whether the same five-tuple information as the target five-tuple information is stored in the admission server, the method further comprises:
In the case that the admission server stores quintuple information which is the same as the target quintuple information, the admission server sends the forged second message to the terminal;
the admission server receives a third message sent by the terminal and establishes a connection relationship between the admission server and the terminal, wherein the third message is a message responded by aiming at the second message;
the admission server sends the redirection message to the terminal;
and the admission server receives the access request sent by the terminal based on the redirection message and sends an access result corresponding to the access request to the terminal.
8. A system for redirecting an access request, comprising:
the terminal is used for requesting to establish a connection relationship with a target server and sending an access request to the target server after establishing the connection relationship with the target server;
the access server is used for establishing a connection relation between the terminal and the target server, then establishing the connection relation between the terminal and the access server, sending a redirection message to the terminal so as to redirect the access request, and sending a fake response message to the terminal so as to establish the connection relation between the terminal and the access server and sending a redirection message to the terminal so as to redirect the access request under the condition that the terminal does not establish the connection relation between the terminal and the target server;
And the target server is used for sending a response message to the terminal under the condition of receiving the message of the terminal requesting to establish the connection relationship so as to establish the connection relationship between the target server and the terminal.
9. A redirection device for access requests, comprising:
the first acquisition unit is used for acquiring a first message sent by the terminal by the access server, wherein the first message is first message information generated when the terminal requests to establish connection with the target server;
the second acquisition unit is used for acquiring target quintuple information in the first message by the access server and judging whether quintuple information which is the same as the target quintuple information is stored in the access server or not;
a first sending unit, configured to send, to the terminal, a forged second message and a redirection message when five-tuple information that is the same as the target five-tuple information is stored in the admission server, where the forged second message is used to establish a connection relationship between the admission server and the terminal, and the redirection message is used to redetermine an access address of the terminal;
The first receiving unit is used for receiving a third message sent by the terminal by the access server and establishing a connection relationship between the access server and the terminal, wherein the third message is a message responded by aiming at the second message;
the second receiving unit is used for receiving the access request sent by the terminal based on the redirection message by the access server and sending an access result corresponding to the access request to the terminal.
10. A computer storage medium for storing a program, wherein the program when run controls a device on which the computer storage medium is located to perform the redirection method of an access request according to any one of claims 1 to 7.
11. An electronic device comprising one or more processors and a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method of redirecting access requests of any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210243431.5A CN114697380B (en) | 2022-03-11 | 2022-03-11 | Redirection method, system, device and storage medium for access request |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210243431.5A CN114697380B (en) | 2022-03-11 | 2022-03-11 | Redirection method, system, device and storage medium for access request |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114697380A CN114697380A (en) | 2022-07-01 |
| CN114697380B true CN114697380B (en) | 2023-07-14 |
Family
ID=82138437
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210243431.5A Active CN114697380B (en) | 2022-03-11 | 2022-03-11 | Redirection method, system, device and storage medium for access request |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114697380B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016150169A1 (en) * | 2015-03-25 | 2016-09-29 | 中兴通讯股份有限公司 | Secure communication method, gateway, network side server and system |
| CN106657082A (en) * | 2016-12-27 | 2017-05-10 | 杭州盈高科技有限公司 | Fast HTTP redirection method |
| CN111628983A (en) * | 2020-05-21 | 2020-09-04 | 网神信息技术(北京)股份有限公司 | Access control method, apparatus, computer device, medium, and program product |
| CN112368690A (en) * | 2018-04-26 | 2021-02-12 | 拉德沃有限公司 | Block chain based admission procedure for protected entities |
-
2022
- 2022-03-11 CN CN202210243431.5A patent/CN114697380B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016150169A1 (en) * | 2015-03-25 | 2016-09-29 | 中兴通讯股份有限公司 | Secure communication method, gateway, network side server and system |
| CN106657082A (en) * | 2016-12-27 | 2017-05-10 | 杭州盈高科技有限公司 | Fast HTTP redirection method |
| CN112368690A (en) * | 2018-04-26 | 2021-02-12 | 拉德沃有限公司 | Block chain based admission procedure for protected entities |
| CN111628983A (en) * | 2020-05-21 | 2020-09-04 | 网神信息技术(北京)股份有限公司 | Access control method, apparatus, computer device, medium, and program product |
Non-Patent Citations (1)
| Title |
|---|
| 基于VN的网络准入控制系统;吴亮亮;《中国优秀硕士学位论文全文数据库 信息科技辑》(第2016 年 第06期期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114697380A (en) | 2022-07-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107294982B (en) | Webpage backdoor detection method and device and computer readable storage medium | |
| US10097520B2 (en) | Method and apparatus for causing delay in processing requests for internet resources received from client devices | |
| US10505985B1 (en) | Hostname validation and policy evasion prevention | |
| KR102047585B1 (en) | Method and apparatus of identifying proxy ip address | |
| US10270792B1 (en) | Methods for detecting malicious smart bots to improve network security and devices thereof | |
| CN108063714B (en) | Network request processing method and device | |
| US20170006059A1 (en) | System for protection against ddos attacks | |
| EP3297243A1 (en) | Trusted login method and device | |
| US9749354B1 (en) | Establishing and transferring connections | |
| CN108076003B (en) | Session hijacking detection method and device | |
| CN112738095A (en) | Method, device, system, storage medium and equipment for detecting illegal external connection | |
| CN103152325B (en) | Prevent the method by sharing mode access the Internet and device | |
| TW201626759A (en) | Method for detecting a number of the devices of a plurality of client terminals selected by a WEB server with additional non-specified domain name from the internet request traffics sharing the public IP address and system for detecting selectively | |
| KR101087291B1 (en) | A method for identifying whole terminals using internet and a system thereof | |
| CN114697380B (en) | Redirection method, system, device and storage medium for access request | |
| US9848050B2 (en) | Information processing device for packet and header inspection | |
| CN113098727A (en) | Data packet detection processing method and device | |
| US8001243B2 (en) | Distributed denial of service deterrence using outbound packet rewriting | |
| CN112311724A (en) | Method, device, medium and equipment for positioning HTTP hijacking | |
| CN113709136B (en) | Access request verification method and device | |
| CN112202717B (en) | HTTP request processing method and device, server and storage medium | |
| JP6623702B2 (en) | A network monitoring device and a virus detection method in the network monitoring device. | |
| CN114356593A (en) | Data processing method, device, network equipment and medium | |
| CN112600861A (en) | Method and device for detecting network wall turning behavior | |
| CN114793171B (en) | Method and device for intercepting access request, storage medium and electronic device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |