CN115842641A - Access request processing method, electronic device, and medium - Google Patents
Access request processing method, electronic device, and medium Download PDFInfo
- Publication number
- CN115842641A CN115842641A CN202111112491.5A CN202111112491A CN115842641A CN 115842641 A CN115842641 A CN 115842641A CN 202111112491 A CN202111112491 A CN 202111112491A CN 115842641 A CN115842641 A CN 115842641A
- Authority
- CN
- China
- Prior art keywords
- access request
- user terminal
- data stream
- access
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Information Transfer Between Computers (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a processing method of an access request, an electronic device, electronic equipment and a medium. In the application, the user terminal device may receive an access request sent by a target terminal, and determine a risk type corresponding to the access request and used for describing a security risk degree based on a pre-configured security access policy. And after determining that the risk type corresponding to the access request is a high risk type, guiding the access request to a corresponding target node so that the target node processes and responds to the access request, finally receiving response information returned by the target node, and sending the response information to the target terminal, wherein the response information comprises at least part of a file data stream rendered by the target node.
Description
Technical Field
The present application relates to the field of network security technologies, and in particular, to a method, an electronic apparatus, an electronic device, and a medium for processing an access request.
Background
With the development of internet technology, the scale and speed of network attacks are increasing, and the challenges of network security are becoming more and more serious.
In the related art, a firewall or security software is generally installed to prevent a network attack. However, the installation process of the firewall or security software is complicated, and sometimes needs to be performed on multiple devices, and the firewall or security software needs to be maintained by professional personnel, so that the labor cost and the economic cost are high.
Therefore, how to ensure the network security of the user and reduce the cost of various maintenance security devices becomes a technical problem which needs to be solved urgently.
Disclosure of Invention
The embodiment of the application provides an access request processing method, an electronic device, electronic equipment and a medium, which are used for solving the problems that potential safety hazards easily exist in network access of users in the related art and the cost for maintaining various safety equipment is high.
According to an aspect of the embodiments of the present application, a method for processing an access request is provided, where the method is applied to a user terminal device, and the method includes:
receiving an access request sent by a target terminal;
determining a risk type corresponding to the access request based on the access request and a pre-configured security access policy, wherein the risk type is used for describing a security risk degree corresponding to the access request;
if the risk type corresponding to the access request is a high risk type, the access request is guided to a corresponding target node so that the target node processes and responds to the access request;
and receiving response information returned by the target node, and sending the response information to the target terminal, wherein the response information comprises at least part of the file data stream rendered by the target node.
According to an aspect of the embodiments of the present application, a method for processing an access request is provided, where the method is applied to a distributed node in a distributed network, and the method includes:
acquiring data to be rendered corresponding to an access request according to the access request sent by user terminal equipment, wherein the access request is guided by the user terminal equipment according to a pre-configured security access strategy;
rendering at least part of the data to obtain a corresponding file data stream;
and sending the file data stream as response information to the user terminal equipment so that the user terminal equipment sends the response information to a target terminal.
According to an aspect of the embodiments of the present application, a method for processing an access request is provided, where the method is applied to a target terminal, and the method includes:
sending an access request to user terminal equipment so that the user terminal equipment performs access control on the access request according to a pre-configured security access policy;
receiving response information sent by the user terminal device, wherein the response information comprises a file data stream at least partially rendered by a target node;
and displaying the resources corresponding to the access request according to the file data stream.
According to another aspect of the embodiments of the present application, an electronic apparatus for processing an access request is provided, which is applied to a user terminal device, and includes:
a first receiving module configured to receive an access request transmitted by a target terminal;
the determining module is configured to determine a risk type corresponding to the access request based on the access request and a pre-configured security access policy, wherein the risk type is used for describing a security risk degree corresponding to the access request;
the processing module is configured to, if the risk type corresponding to the access request is a high risk type, direct the access request to a corresponding target node so that the target node processes and responds to the access request;
the first sending module is configured to receive response information returned by the target node and send the response information to the target terminal, wherein the response information comprises a file data stream at least partially rendered by the target node.
According to another aspect of the embodiments of the present application, an electronic device for processing an access request is provided, which is applied to a distributed node in a distributed network, and includes:
the system comprises an acquisition module, a rendering module and a display module, wherein the acquisition module is configured to acquire data to be rendered corresponding to an access request according to the access request sent by user terminal equipment, and the access request is guided by the user terminal equipment according to a pre-configured security access strategy;
the generating module is configured to render at least part of the data to obtain a corresponding file data stream;
and the response module is configured to send the file data stream to the user terminal device as response information so that the user terminal device sends the response information to a target terminal.
According to another aspect of the embodiments of the present application, an electronic device for processing an access request is provided, which is applied to a target terminal, and includes:
the second sending module is configured to send an access request to the user terminal device, so that the user terminal device performs access control on the access request according to a pre-configured security access policy;
a second receiving module configured to receive response information transmitted by the user terminal device, the response information including a file data stream at least partially rendered by a target node;
and the display module is configured to display the resource corresponding to the access request according to the file data stream.
According to another aspect of the embodiments of the present application, there is provided an electronic device including:
a memory for storing executable instructions; and
and the display is used for displaying with the memory to execute the executable instruction so as to complete the operation of the processing method of any access request.
According to a further aspect of the embodiments of the present application, there is provided a computer-readable storage medium for storing computer-readable instructions, which, when executed, perform the operations of the method for processing an access request according to any of the above embodiments.
In the application, the user terminal device may receive an access request sent by a target terminal, and determine a risk type corresponding to the access request and used for describing a security risk degree based on a pre-configured security access policy. And after determining that the risk type corresponding to the access request is a high risk type, the access request is guided to the corresponding target node so that the target node processes and responds to the access request, and finally response information returned by the target node is received and sent to the target terminal, wherein the response information comprises at least part of file data stream rendered by the target node. By applying the technical scheme of the application, the access request initiated by the terminal user can be guided to the specific node in the distributed network through the user terminal equipment according to the pre-configured security access policy, so that the node processes the access request and returns the response data to the terminal user through the user terminal equipment. Therefore, the defect that the access request initiated by the terminal user directly reaches the malicious website to bring the potential safety hazard to the user data is avoided, the network safety of the user is ensured, meanwhile, the user is not required to maintain a plurality of safety devices, and the maintenance cost is reduced.
The technical solution of the present application is further described in detail by the accompanying drawings and examples.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description, serve to explain the principles of the application.
The present application may be more clearly understood from the following detailed description with reference to the accompanying drawings, in which:
fig. 1 is a schematic diagram illustrating a processing method of an access request according to the present application;
fig. 2 is a schematic diagram illustrating another method for processing an access request according to the present application;
FIG. 3 is a schematic diagram of another method for processing an access request according to the present application;
fig. 4-5 are schematic flow charts of a processing method of an access request proposed in the present application;
FIGS. 6-8 are schematic diagrams of an electronic device for processing an access request according to the present disclosure;
fig. 9 is a schematic diagram of an electronic device for processing an access request according to the present application.
Detailed Description
Various exemplary embodiments of the present application will now be described in detail with reference to the accompanying drawings. It should be noted that: the relative arrangement of the components and steps, the numerical expressions, and numerical values set forth in these embodiments do not limit the scope of the present application unless specifically stated otherwise.
Meanwhile, it should be understood that the sizes of the respective portions shown in the drawings are not drawn in an actual proportional relationship for the convenience of description.
The following description of at least one exemplary embodiment is merely illustrative in nature and is in no way intended to limit the application, its application, or uses.
Techniques, methods, and apparatus known to those of ordinary skill in the relevant art may not be discussed in detail but are intended to be part of the specification where appropriate.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, further discussion thereof is not required in subsequent figures.
In addition, technical solutions between the various embodiments of the present application may be combined with each other, but it must be based on the realization of the technical solutions by a person skilled in the art, and when the technical solutions are contradictory or cannot be realized, such a combination of technical solutions should be considered to be absent and not within the protection scope of the present application.
It should be noted that all directional indicators (such as up, down, left, right, front, back, 8230; \8230;) in the embodiments of the present application are only used to explain the relative positional relationship between the components, the motion situation, etc. in a specific posture (as shown in the drawings), and if the specific posture is changed, the directional indicator is changed accordingly.
A processing method for making an access request according to an exemplary embodiment of the present application is described below with reference to fig. 1 to 5. It should be noted that the following application scenarios are merely illustrated for the convenience of understanding the spirit and principles of the present application, and the embodiments of the present application are not limited in this respect. Rather, embodiments of the present application may be applied to any scenario where applicable.
In one embodiment, fig. 1 schematically illustrates a flow chart of a processing method of an access request according to an embodiment of the present application. As shown in fig. 1, the method is applied to a user terminal device, and includes:
s101, receives an access request transmitted from a target terminal.
The user terminal device may be a device close to the user side in the network location, and the user terminal device may receive the data traffic sent by the mobile terminal, perform certain processing, such as security access control, data leakage prevention, and the like, based on the received data traffic, and send the data traffic to a corresponding target network or target device. For example, the user terminal device may be a CPE (Customer Premise Equipment), a wireless router, a firewall, a server, a light cat, a portable computer or a desktop computer, and so on.
It should be noted that the ue in the present application can be applied in various network environments, for example, various local area networks, metropolitan area networks, and wide area networks. In some examples, the user terminal device may be applied in an SD-WAN (Software Defined Wide Area Network), and may also be applied in a distributed Network, such as a content distribution Network or an edge computing Network, and the like, which is not particularly limited in this application.
It should be noted that the user terminal device may also provide the functions provided by the user terminal device, such as security access control, data leakage prevention, and the like. For example, the target terminal may determine a risk type of the access request based on the access request, and if the risk type is a high risk type, send the access request to the corresponding target node for subsequent processing.
It should be noted that the user terminal device may support network access of one or more mobile terminals, for example, the user terminal device may receive one access request at a time for processing, or may receive multiple access requests at a time and process each access request respectively.
The access request may be information sent by the target terminal to request access to a corresponding resource, and it should be noted that the resource may be various types of resources, for example, the resource may include but is not limited to a web resource, a video resource, a picture resource, an audio resource, or a text resource, and so on. In an example, the access request may also be information requesting access to a cloud resource, such as a cloud game, a cloud desktop, and so on.
In an exemplary embodiment of the present application, the user may generate the access request by clicking a particular area (e.g., an "access" button or a "game start" button, etc.) on the target terminal display interface. The target terminal may send the access request to the user terminal device. After receiving the access request, the user terminal device may perform subsequent processing based on the access request.
In an example, the target terminal may send the access request to the user terminal device corresponding to the IP address based on the IP address of the user terminal device. In another example, a drainage tunnel may be pre-established between the target terminal and the user terminal device, and the target terminal may send the access request to the user terminal device based on the drainage tunnel. It should be noted that the tunneling protocol for establishing the drainage tunnel may include, but is not limited to GRE, IPsec, PAC, or the like, and may also be any other tunneling protocol that can be supported by the target terminal and the user terminal device, and this is not particularly limited in this application.
S102, determining a risk type corresponding to the access request based on the access request and a pre-configured security access policy, wherein the risk type is used for describing a security risk degree corresponding to the access request.
The security access policy may be policy information for performing security access control on an access request received by the user terminal device, so as to ensure network security of the user and avoid data security hidden troubles caused by accessing a dangerous website.
In an exemplary embodiment of the present application, the user terminal device may determine whether it is a high-risk access request based on a pre-stored security access policy after receiving the access request.
It should be noted that, for the pre-stored security access policy, it may be configured in advance for a user (for example, a user using a target terminal or an administrative user of a service platform providing services, etc.) and configured on a user terminal device.
The method and the device for determining the risk type corresponding to the access request according to the security access policy are not specifically limited. For example, the address information corresponding to the access request may be matched with a high risk address included in a pre-stored risk address set, so as to determine the risk hazard corresponding to the access request according to a manner of whether the address information is located in the risk address set. Or, the domain name information corresponding to the access request may be matched with a high risk domain name included in a pre-stored risk domain name set, so as to determine the risk hazard corresponding to the access request according to a manner of whether the domain name information is located in the risk domain name set. Or, the protocol type corresponding to the access request may be matched with a high-risk protocol included in a set of pre-stored risk protocol types, so as to determine the risk hazard corresponding to the access request according to a manner of whether the protocol type is in the set of risk protocol types. The above are merely exemplary, and the present application is not limited thereto.
And S103, if the risk type corresponding to the access request is a high risk type, the access request is guided to the corresponding target node so that the target node processes and responds to the access request.
In one embodiment, when the user terminal device determines that the access request is of a high risk type, the problem of potential safety hazard of user data caused by directly sending the access request to a risk website in the related art is avoided. The user terminal device can send the access request to a distributed node in the distributed network, and the distributed node (i.e., the target node) is utilized to perform corresponding processing on the access request, so that the content of the response data returned to the user terminal in the following process is guaranteed to be generated by rendering of the target node. And further, the problem that the potential safety hazard of user data is easily caused due to data rendering at a user terminal in the related technology is avoided.
In one embodiment, the target node may be any one or more nodes in the CDN distributed network, and the node may be an edge node or a non-edge node.
For example, for a target node being a distributed node in the CDN network, after receiving a high-risk type access request steered from the target node, the distributed node may first forward the steered access request to the CDN service. If the data resource corresponding to the access request is found at the current node, at least part of data in the data resource can be rendered, and the corresponding file data stream is obtained and then sent to the user terminal equipment. And when the distributed node does not find the data resource corresponding to the access request at the current node, performing source returning operation, and starting a rendering instance at the distributed node after receiving the data resource from the source server or the upper node in the following. It should be noted that each access request may establish a corresponding rendering instance to render web page content, elements, or other resources, and convert the web page content, elements, or other resources into a secure file data stream and return the secure file data stream to the user terminal device.
In another example, the target node may be an edge node in an edge cloud network, which may be a cloud computing platform constructed over an edge infrastructure based on the core and edge computing capabilities of the cloud computing technology to form a resilient cloud platform with comprehensive capabilities of computing, networking, storage, security, etc. in the edge location. A plurality of edge nodes (i.e., distributed nodes) may be included in the edge cloud network. After receiving the high-risk type access request from the source server, the edge node may perform a source returning operation, and after receiving the data resource corresponding to the access request from the source server, start a rendering instance at the edge node. It should be noted that each access request may establish a corresponding rendering instance to render web page content, elements, or other resources, and convert the web page content, elements, or other resources into a secure file data stream and return the secure file data stream to the user terminal device.
Optionally, in the embodiment of the present application, the access request with a high risk type may be directed to the CDN edge node by a default routing gateway, that is, a correspondence between the user terminal device and the target node is predetermined, and when it is determined that the access request is of the high risk type, the access request may be sent to the corresponding target node, so that the target node processes the access request.
In an exemplary embodiment of the present application, if it is determined that the risk type corresponding to the access request is a low risk type, the user terminal device may send the access request to a corresponding target device or a target network, for example, the access request is a request for accessing www.a.com, and after it is determined that the risk type of the access request is a low risk type, indicating www.a.com is a secure destination address, the user terminal device may send the access request to an origin server of www.a.com.
And S104, receiving response information returned by the target node, and sending the response information to the target terminal, wherein the response information comprises at least part of the file data stream rendered by the target node.
In the application, the user terminal device may receive the access request sent by the target terminal, and determine a risk type corresponding to the access request and used for describing the security risk degree based on a pre-configured security access policy. And after determining that the risk type corresponding to the access request is a high risk type, the access request is guided to the corresponding target node so that the target node processes and responds to the access request, and finally response information returned by the target node is received and sent to the target terminal, wherein the response information comprises at least part of file data stream rendered by the target node. By applying the technical scheme of the application, the access request initiated by the terminal user can be guided to the specific node in the distributed network through the user terminal equipment, so that the node processes the access request and then returns the response data to the terminal user through the user terminal equipment. Therefore, the defect that the access request initiated by the terminal user directly reaches the malicious website to bring the potential safety hazard to the user data is avoided.
Optionally, in another embodiment based on the above method of the present application, the response information further includes a control data stream for instructing the target terminal to render the data that is not rendered.
In an embodiment, the target node may render all the data resources corresponding to the access request and return the rendered data resources to the user terminal device, or may render only part of the data resources and return the rendered data resources to the user terminal device. Therefore, if there is data that needs to be returned to the target terminal and is not rendered, the response information may further include a control data stream for instructing the target terminal to render the data that is not rendered.
In an example, the control data stream may carry data that is not rendered for the target terminal to obtain, so that the target terminal does not need to additionally obtain, which not only improves the processing efficiency of the target terminal, but also prevents the target terminal from accessing a malicious website, thereby ensuring the security of the data of the target terminal.
Optionally, the present application does not specifically limit how to determine the data that needs to be rendered by the target node. For example, the target node may determine the dynamic and static types of the data to be rendered corresponding to the access request, for example, the dynamic type of data is subjected to data processing by the target node, and the static type of data is subjected to rendering by the target terminal; the target node may also determine the size of the data to be rendered corresponding to the access request, for example, data with a size exceeding a certain threshold is rendered by the target node, data with a size smaller than the threshold is rendered by the target terminal, and the like.
Optionally, in another embodiment based on the foregoing method of the present application, a risk type corresponding to the access request is determined based on the access request and a pre-configured security access policy, including;
and determining the risk type corresponding to the access request according to the protocol type, URL or the requested data type of the access request and a pre-configured security access policy.
Optionally, in another embodiment based on the foregoing method of the present application, determining a risk type corresponding to the access request based on the access request and a pre-configured security access policy includes:
determining address information corresponding to the access request;
and determining the risk type corresponding to the access request based on the address information and a pre-configured security access policy.
In one manner, the risk type of the access request may be determined according to whether address information corresponding to the access request is in a risk address set.
Specifically, for example, address information corresponding to the access request may be matched with a pre-stored risk address set, so as to determine a risk hazard corresponding to the access request according to a manner of whether the address information is located in the risk address set. It may be appreciated that the access request may be determined to correspond to a high risk type if address information corresponding to the access request exists in the set of risk addresses. Otherwise it is determined that the access request corresponds to a non-high risk type.
In another example, the risk type corresponding to the access request may also be determined according to at least one of a protocol type, a URL, or a requested data type in the access request and a pre-configured security access policy, and the determination manner may refer to the foregoing description, which is not described herein again. Therefore, the risk type of the access request can be determined based on various information carried in the access request, the effectiveness of risk type determination can be ensured, and the security of network access of the user is further ensured.
Optionally, in another embodiment based on the foregoing method of the present application, determining a risk type corresponding to the access request based on the address information and a pre-configured security access policy includes:
matching the address information with a preset high-risk address set, wherein the high-risk address set comprises at least one high-risk address;
and if the address information exists in the high-risk address set, determining that the risk type corresponding to the access request is a high-risk type.
The address information comprises at least one of a target access address, a source address or a static route corresponding to the access request.
In one embodiment, a target access address corresponding to an access request may be matched with a pre-stored risk address set, so as to determine a risk hazard corresponding to the access request according to a manner of whether the target access address is located in the risk address set. Or, the source address corresponding to the access request may be matched with a pre-stored risk domain name set, so as to determine the risk hazard corresponding to the access request according to a manner of whether the source address is located in the risk domain name set. Or, the static routing information corresponding to the access request may be matched with a set of pre-stored risk static routing information, so as to determine the risk hazard corresponding to the access request according to a manner of whether the static routing information is located in the set of risk static routing information. It should be understood that the static route may be a predetermined transmission route of the access request of the target terminal, and if an address of a certain hop in the transmission route is located in the risk address set, it indicates that the transmission route has a security risk, and therefore, the risk type of the access request may be determined as a high risk type.
Optionally, in another embodiment based on the foregoing method of the present application, before determining a risk type corresponding to the access request based on the access request and a pre-configured security access policy, the method further includes:
receiving update information aiming at a security access policy, which is sent by a distributed node or a security management platform;
and updating the previously stored security access policy according to the update information.
In one embodiment, the pre-configured security access policy in the present application may be updated periodically, wherein the present application does not specifically limit the main body or period for generating the update information. For example, the distributed node may update the security access policy according to a certain update period to generate the update information, or the security management platform may update the security access policy according to a certain update period to generate the update information.
It can be understood that, when the user terminal device detects that the update information currently exists, the security access policy that has been currently acquired may be updated and upgraded according to the update information. Thereby ensuring an optimal security access policy for the access request.
Optionally, in another embodiment based on the foregoing method of the present application, the steering the access request to the corresponding target node includes:
and sending the access request to a corresponding target node by adopting a private communication protocol, GRE, IPsec or PAC.
In one embodiment, the access request may be sent in multiple transmission modes during the process of directing the access request to the corresponding target node. The access request is sent, for example, using a proprietary communication protocol, or may be sent over a GRE (General Routing Encapsulation) channel. The access request may also be sent over IPsec (Security Architecture for IP network IP layer protocol Security Architecture). Alternatively, the access request may be sent via a PAC (Programmable Automation Controller agent auto configuration) rule, or the like.
In one embodiment, after receiving an access request, a user terminal device may send a scheduling request for a target access address to a scheduling node in a distributed network according to the target access address included in the access request, so that the scheduling node allocates a target node for processing the access request to the scheduling request for the target access address according to a preset rule. The preset rule may be that the scheduling node determines parameters such as area information of a corresponding target terminal or source station area information according to the access request, and selects a node matched with the parameters such as the area information of the terminal or the source station area information from the plurality of distributed nodes as the target node according to a load balancing algorithm.
In an example, a plurality of servers, such as a scheduling server, a configuration server, and at least one distributed server, etc., may be included in the distributed node. The user terminal device may send a scheduling request for the access request to a scheduling server (i.e., a scheduling node), and the scheduling server may select one of the at least one distributed server as a target node of the access request according to a preset scheduling rule or a load balancing algorithm, and return address information of the target node to the user terminal device, so that the user terminal device sends the access request to a corresponding target node according to the address information for subsequent processing.
In one embodiment, after the user terminal device receives the address information of the target node fed back by the scheduling node, the access request may be sent to the address information of the target node through a pre-allocated channel and a transmission manner by using a private protocol, so that the access request is processed and responded to by the target node subsequently. Through the setting of the private protocol, the information is not easy to be maliciously cracked or intercepted by others, and the safety of data transmission is ensured.
In one embodiment, fig. 2 schematically illustrates a flow chart of a processing method of an access request according to an embodiment of the present application. As shown in fig. 2, the method for distributing nodes in a distributed network includes:
s201, obtaining data to be rendered corresponding to an access request according to the access request sent by user terminal equipment, wherein the access request is guided by the user terminal equipment according to a pre-configured security access strategy.
In one embodiment, when the user terminal device determines that the access request is of a high risk type, the problem of potential safety hazard of user data caused by directly sending the access request to a risk website in the related art is avoided. The user terminal device can send the access request to a distributed node in the distributed network, and the distributed node (i.e., the target node) is utilized to perform corresponding processing on the access request, so that the content of the response data returned to the user terminal in the following process is guaranteed to be generated by rendering of the target node. And further, the problem that the potential safety hazard of user data is easily caused due to data rendering at a user terminal in the related technology is avoided.
It should be noted that the distributed node (i.e. the target node) in the distributed network in the present application may be determined by the scheduling node in the scheduling server.
In one approach, the distributed node may be randomly or assigned by the scheduling node as a target node from among a plurality of distributed nodes. In another mode, the scheduling node may also select terminal region information from the multiple distributed nodes according to access parameters (e.g., parameters such as user terminal region information, source station region information, and access data information types) corresponding to the access request and according to a load balancing algorithm; and/or the distributed nodes matched with the source station area information are used as target nodes.
Of course, the distributed nodes (i.e., target nodes) in the distributed network in the present application may also be determined by other manners, such as pre-allocation, and the like, which is not particularly limited in the present application.
The distributed Network in the embodiment of the present application may be a Content Delivery Network (CDN) Network, where the CDN Network may include a plurality of distributed nodes. Besides the CDN network, the distributed network may also be a server cluster composed of a plurality of servers according to a distributed architecture, and the distributed node is any server in the server cluster.
Optionally, the distributed network may also be an edge cloud network, and the edge cloud network may be a cloud computing platform constructed on an edge infrastructure based on a core and an edge computing capability of a cloud computing technology, so as to form an elastic cloud platform with comprehensive capabilities of computing, networking, storage, security, and the like at an edge location. Multiple edge nodes (i.e., distributed nodes) may be included in the edge cloud network to provide services on the edge of the network closer to the terminals. It should be noted that the embodiments of the present application do not limit the specific kind of the distributed network, and any network with a distributed architecture formed by multiple computing devices is suitable for the present application.
For example, for a target node being a distributed node in the CDN network, after receiving a directed high-risk type access request, the distributed node may first forward the directed access request to the CDN service. If the data resource corresponding to the access request is found at the current node, at least part of data in the data resource can be rendered, and the corresponding file data stream is obtained and then sent to the user terminal equipment. And when the distributed node does not find the data resource corresponding to the access request at the node, performing source returning operation, and starting a rendering instance at the distributed node after receiving the data resource from the source server or the upper node in the following. It should be noted that each access request may establish a corresponding rendering instance to render web page content, elements, or other types of resources, and convert the web page content, elements, or other types of resources into a secure file data stream and return the secure file data stream to the user terminal device.
S202, rendering at least part of the data to obtain a corresponding file data stream.
In an exemplary embodiment of the present application, the distributed node in the present application may render all the data resources corresponding to the access request and return the rendered data resources to the user terminal device, or may render only part of the data resources and return the rendered data resources to the user terminal device. This is not a limitation of the present application.
It is understood that the rendering application instance in some embodiments of the present application may include a plurality of preconfigured plug-ins, such as flash plug-ins. By the method, subsequent page rendering work can be realized without temporarily loading or installing corresponding plug-ins, and the method is beneficial to improving the rendering efficiency and saving the storage resources of the target terminal.
In an exemplary embodiment of the present application, after receiving the access request, the distributed node may process and feed back response information based on the access request. For example, if the access request is an access request for a web page, the distributed node may obtain a page element and a component corresponding to the web page, and perform at least partial rendering according to the page element and the component to obtain a corresponding file data stream. And sending the file data stream to user terminal equipment as response information, and sending the file data stream to the target terminal by the user terminal equipment.
It should be noted that the distributed node generates the corresponding file data stream based on the rendered data, so that malicious codes or viruses can be prevented from being carried before the data is rendered, and the security of the data of the target terminal is ensured as the response information is returned to the target terminal.
Optionally, some embodiments of the present application may further include the step of establishing a generic rendering application instance. It should be noted that, the general rendering application example may be used to render page contents of target terminals with different attribute information, for example, target terminals with different screen sizes and/or target terminals with different resolutions. Therefore, by establishing the universal rendering application example, the complexity of establishing for multiple times can be avoided, a single rendering application example can be adapted to target terminals with different attribute information, and the rendering efficiency is improved.
Specifically, the method and the device can generate a universal rendering application instance according to a preset rule, for example, a first received access request of every day, every week, every month or the like generates the universal rendering application instance, so that a subsequent access request is quickly processed by using the universal rendering application instance. For example, processing a plurality of access requests simultaneously or performing a sorting process on a plurality of access requests. It should be understood that, according to the method and the device, the relevant rendering data corresponding to the current rendering task can be deleted or released after the current rendering task is completed every time, so that the problem that the privacy data of the user is leaked due to the fact that other people acquire the relevant rendering data is avoided, and the information safety of the method and the device is improved.
In addition, at least part of the rendering described in this application may be that the target node renders all the data resources corresponding to the access request and returns the data resources to the user terminal device, or that the distributed node renders only part of the data resources and returns the data resources to the user terminal device. This is not a limitation of the present application.
Optionally, in the process of determining the data to be rendered, the task processing capability attribute information of the target terminal for describing the target terminal may be obtained in the embodiment. It should be understood that if the task processing capability of the target terminal is poor, the data rendered by the target terminal may not be allocated or may be allocated less, and if the task processing capability of the target terminal is strong, more data rendered by the target terminal may be allocated, thereby saving the computing resources of the target node.
More specifically, the task processing capability attribute information may include at least one of computing resource occupation information, network status information, and processor performance information of the target terminal.
S203, the file data stream is sent to the user terminal equipment as response information, so that the user terminal equipment sends the response information to the target terminal.
In this embodiment, after the target node generates the rendered file data stream, the file data stream may be sent to the corresponding user terminal device as the response information of the access request, and then forwarded to the corresponding target terminal by the user terminal device.
Therefore, at least part of data to be rendered is rendered through the target node, the security risk of network access of the target terminal can be reduced, and the security of the target terminal is ensured.
Optionally, in another embodiment based on the foregoing method of the present application, sending the file data stream as response information to the user terminal device, so that the user terminal device sends the response information to the target terminal, where the sending includes:
generating a control data stream for instructing the target terminal to render the data which is not rendered according to the data which is not rendered;
and sending the control data stream and the file data stream as response information to the user terminal equipment so that the user terminal equipment sends the response information to the target terminal.
In an embodiment, the distributed node may render all the data resources corresponding to the access request and return the rendered data resources to the user terminal device, or may render only part of the data resources and return the rendered data resources to the user terminal device. Therefore, if there is data that needs to be returned to the target terminal and is not rendered, the response information may further include a control data stream for instructing the target terminal to render the data that is not rendered. So that the subsequent distributed node can send the control data stream and the file data stream as response information to the user terminal device.
Similarly, the present application does not specifically limit how to determine the data that the target node needs to render. For example, the target node may determine which data to be rendered is rendered by itself and which data to be rendered is rendered by the target terminal according to the dynamic and static content type of the request page corresponding to the access request. Rendering is thus only done for data rendered by itself. Optionally, in the process of determining the data to be rendered, the task processing capability attribute information of the target terminal for describing the target terminal may also be obtained in this embodiment, which is specifically described above and is not described herein again.
After receiving the response information including the control data stream and the file data stream, the target terminal may render unrendered data based on the control data stream, and update the file data stream, so as to obtain a completed resource, and display the completed resource in the interface according to the resource.
Optionally, in another embodiment based on the foregoing method of the present application, before obtaining, according to an access request sent by a user terminal device, data to be rendered corresponding to the access request, the method further includes:
carrying out high-risk address identification to obtain update information aiming at a security access strategy;
and sending the updating information to the user terminal equipment so that the user terminal equipment can update the security access policy according to the updating information.
In this embodiment, the distributed node may perform risk address identification, so as to add a high risk address in the network to the risk address set, and generate update information for the security access policy, for example, add a high risk address that is not included in the existing risk address set, or delete a risk-relieved high risk address in the existing risk address set, and so on. Therefore, the distributed node can send the updating information to the user terminal equipment, so that the user terminal equipment updates the existing security access policy according to the updating information, and the timeliness of the security access policy is ensured.
The pre-configured security access policy mentioned above in the present application may be updated periodically, where the present application does not specifically limit the main body or the period of generating the update information. For example, the distributed node may update the security access policy according to a certain update period to generate update information, or the security management platform may update the security access policy according to a certain update period to generate update information, where the update information may be updated according to a fixed period, or may not be updated according to a fixed later period, and this is not particularly limited in this application.
Optionally, in another embodiment based on the foregoing method of the present application, the access request includes attribute information of the target terminal, where the attribute information is used to describe a page display feature of the target terminal;
rendering at least part of the data to obtain a corresponding file data stream, comprising:
reading attribute information of the target terminal according to the access request;
according to the attribute information, establishing a rendering application example corresponding to the attribute information;
and rendering at least part of the data by adopting the rendering application example to obtain the corresponding file data stream.
In one mode, the attribute information for describing the page display characteristics of the target terminal may be at least one of screen size information, resolution information, and environment information of the operating platform of the target terminal.
Optionally, for the manner of obtaining the attribute information, the target terminal may carry the attribute information for describing the page display characteristics of the target terminal on the access request in the process of sending the access request. After the distributed node receives the access request, the attribute information carried in the access request is directly read, so that the subsequent processing efficiency of the target node is improved.
The target terminal may be one or more of terminal devices having data access and data storage functions, such as a desktop, a notebook computer, a smart phone, a tablet computer, a smart watch, a smart bracelet, smart glasses, a smart speaker, an in-vehicle computer, an AR device, and a VR device.
According to the method and the device, the distributed node can establish the rendering application instance corresponding to the attribute information which is generated by the target terminal and used for representing the page display characteristics of the target terminal, and execute the rendering application instance to acquire and process the data to be rendered corresponding to the access request, so that the computing resources of the target node are saved, and the situations that the general rendering application instance is not adaptive to the target terminal and the computing capacity is excessive or too small are avoided.
Specifically, in the embodiment of the present application, the page display characteristic of the user terminal may be determined by operating the electronic device and/or the screen display parameter of the user terminal. For example, the operation electronic device may include an android operation electronic device, an IOS operation electronic device, a win operation electronic device, and the like. And for the screen display parameters may correspond to screen size, screen resolution, etc. It can be understood that, for different operating electronic devices and/or different screen display parameters, in order to adapt to the page characteristics of the target terminal, the corresponding rendering application instance is started, which can ensure the pertinence of the rendering application instance and save the computing resources of the target node.
Optionally, in another embodiment based on the foregoing method of the present application, rendering at least part of the data to obtain a corresponding file data stream includes:
according to the access request, sending an acquisition request aiming at the attribute information of the target terminal to the target terminal, wherein the attribute information is used for describing the page display characteristics of the target terminal;
establishing a rendering application instance corresponding to the attribute information based on the attribute information fed back by the target terminal according to the acquisition request;
and rendering at least part of the data by adopting the rendering application example to obtain the corresponding file data stream.
Optionally, as for the manner of obtaining the attribute information, after receiving the access request sent by the user terminal device, the distributed node may also send an obtaining request for obtaining the attribute information to the target terminal that generates the access request. Therefore, after the attribute information fed back by the target terminal is received, the corresponding rendering application instance can be established for the target terminal in a targeted manner. Therefore, the target node sends an acquisition request aiming at the attribute information to the target terminal, so that the target terminal can sense the processing process of the target node, and corresponding operations, such as restarting an access request or sending an operation progress query, can be performed under unexpected conditions (such as current node failure or slow response).
Optionally, in another embodiment based on the foregoing method of the present application, acquiring data to be rendered corresponding to an access request according to the access request sent by a user terminal device includes:
determining data to be rendered corresponding to an access request according to the access request sent by user terminal equipment;
detecting whether the current node stores data or not;
if yes, acquiring data from the current node;
and if not, acquiring data from the original server.
In one embodiment, after receiving the high-risk type access request from the distributed node, the distributed node may first determine whether data to be rendered corresponding to the access request is stored in the current node. If the data is stored, finding the data resource corresponding to the access request from the current node, rendering at least part of the data, obtaining the corresponding file data stream, and sending the file data stream to the user terminal equipment
If not, the distributed node may obtain the page content from other nodes than the current node, a central cloud, a data center, or an origin server. And starting a rendering instance at the edge node after subsequently receiving the data resource. The webpage content and elements requested by the access request are rendered, converted into a safe file data stream and returned to the user terminal equipment as response information.
In one embodiment, fig. 3 schematically illustrates a flow chart of a processing method of an access request according to an embodiment of the present application. As shown in fig. 3, the method is applied to a target terminal, and includes:
s301, sending an access request to the user terminal equipment so that the user terminal equipment performs access control on the access request according to a pre-configured security access policy.
S302, response information sent by the user terminal equipment is received, and the response information comprises at least part of the file data stream rendered by the target node.
In one embodiment, the problem of potential safety hazard of user data caused by directly sending an access request generated by a target terminal used by a user to a risk website in the related art is avoided. According to the method and the device, the user terminal equipment can receive the access request sent by the target terminal equipment, so that the user terminal equipment sends the access request to the distributed node in the follow-up process, and the distributed node pulls the data to be rendered corresponding to the request from the target object corresponding to the access request. And rendering the data to be rendered subsequently to generate a file data stream, returning the file data stream to the user terminal equipment, and sending the file data stream to the target terminal by the user terminal equipment.
And S303, displaying the resources corresponding to the access request according to the file data stream.
It can be understood that, after the target terminal receives the file data stream rendered by the target node, the resource corresponding to the access request can be displayed on its own display screen for the user to view according to the file data stream.
By applying the technical scheme of the application, the access request initiated by the terminal user can be guided to the specific node in the distributed network through the user terminal equipment, so that the node processes the access request and then returns the response data to the terminal user through the user terminal equipment. Therefore, the defect that the access request initiated by the terminal user directly reaches the malicious website to bring the potential safety hazard to the user data is avoided.
Optionally, in another embodiment based on the above method of the present application, the response information further includes a control data stream for indicating that the current terminal renders the data that is not rendered;
displaying the resources corresponding to the access request according to the file data stream, wherein the resource comprises:
updating the file data stream according to the control data stream and the data that is not rendered;
and displaying the resources corresponding to the access request according to the updated file data stream.
In an embodiment, the distributed node may render all the data resources corresponding to the access request and return the rendered data resources to the user terminal device, or may render only part of the data resources and return the rendered data resources to the user terminal device. Therefore, if there is data that needs to be returned to the target terminal and is not rendered, the response information may further include a control data stream for instructing the target terminal to render the data that is not rendered. After receiving the control data stream, the subsequent target terminal may update the file data stream according to the control data stream and the data that is not rendered, that is, the target terminal may render the data that is not rendered based on the control data stream and update the file data stream, so that after performing the preset processing on the updated file data stream, the resource corresponding to the access request is displayed on its own display screen for the user to view and feed back. It should be understood that, if the target node renders all the data to obtain a file data stream, the target terminal may directly display, on its own display screen, a resource corresponding to the access request for the user to view and feed back, based on the file data stream.
In yet another embodiment, as shown in fig. 4, an overall flowchart of a processing method of an access request proposed by the present application is provided. The method specifically comprises the following steps:
the method comprises the steps that user terminal equipment receives an access request sent by a target terminal, determines that a risk type corresponding to the access request is a high risk type based on a pre-configured security access strategy, then guides the access request to a corresponding distributed node so that the distributed node processes and responds to the access request, finally receives response information including a file data stream at least partially rendering data returned by the distributed node, and sends the response information to the target terminal.
In yet another embodiment, as shown in fig. 5, an overall flowchart of a processing method of an access request proposed by the present application is provided. The method specifically comprises the following steps:
sending an access request to user terminal equipment by a target terminal; and the user terminal equipment determines a risk type corresponding to the access request and used for describing the security risk degree corresponding to the access request based on the access request and a pre-configured security access policy, and sends the access request with the high risk type to the target node after determining that the risk type corresponding to the access request is the high risk type.
In one embodiment, after receiving an access request of a high-risk type, a target node may acquire data to be rendered corresponding to the access request from a current node or an origin server, render at least part of the data to obtain a corresponding file data stream, and generate a control data stream for instructing the target terminal to render the data not rendered for the data not rendered, that is, transmit the control data stream and the file data stream as response information to a user terminal device, so that the user terminal device transmits the response information to the target terminal device.
Finally, after receiving the response information of the control data stream and the file data stream, the target terminal can display the resource corresponding to the access request according to the control data stream and the file data stream.
In another embodiment of the present application, as shown in fig. 6, the present application further provides an electronic device for processing an access request. The first receiving module 401, the determining module 402, the processing module 403, and the first sending module 404, which are applied to the ue, include:
a first receiving module 401 configured to receive an access request transmitted by a target terminal;
a determining module 402, configured to determine a risk type corresponding to the access request based on the access request and a pre-configured security access policy, where the risk type is used to describe a security risk degree corresponding to the access request;
a processing module 403, configured to, if a risk type corresponding to the access request is a high risk type, direct the access request to a corresponding target node, so that the target node processes and responds to the access request;
a first sending module 404, configured to receive response information returned by the target node, and send the response information to the target terminal, where the response information includes a file data stream at least partially rendered by the target node.
In the application, the user terminal device may receive an access request sent by a target terminal, and determine a risk type corresponding to the access request and used for describing a security risk degree based on a pre-configured security access policy. And after determining that the risk type corresponding to the access request is a high risk type, the access request is guided to the corresponding target node so that the target node processes and responds to the access request, and finally response information returned by the target node is received and sent to the target terminal, wherein the response information comprises at least part of file data stream rendered by the target node.
In another embodiment of the present application, the method further includes: the response information also includes a control data stream for instructing the target terminal to render the data that is not rendered.
In another embodiment of the present application, the determining module 402 further includes:
a determining module 402, configured to determine a risk type corresponding to the access request according to a protocol type, a URL, or a requested data type of the access request, and a pre-configured security access policy.
In another embodiment of the present application, the determining module 402 further includes:
a determining module 402 configured to determine address information corresponding to the access request;
a determining module 402 configured to determine a risk type corresponding to the access request based on the address information and a pre-configured security access policy.
In another embodiment of the present application, the determining module 402 further includes:
a determining module 402, configured to match the address information with a preset high-risk address set, where the high-risk address set includes at least one high-risk address;
a determining module 402, configured to determine that the risk type corresponding to the access request is a high risk type if the address information exists in the high risk address set.
In another embodiment of the present application, the method further includes: the address information comprises at least one of a target access address, a source address or a static route corresponding to the access request.
In another embodiment of the present application, the determining module 402 further includes:
a determining module 402 configured to receive update information for the security access policy sent by a distributed node or a security management platform;
a determining module 402 configured to update a previously stored security access policy according to the update information.
In another embodiment of the present application, the determining module 402 further includes:
a determining module 402 configured to send the access request to a corresponding target node by using a private communication protocol, GRE, IPsec, or PAC.
In another embodiment of the present application, as shown in fig. 7, the present application further provides an electronic device for processing an access request. The method includes an obtaining module 405, a generating module 406, and a responding module 407, and is applied to a distributed node in a distributed network, including:
an obtaining module 405, configured to obtain, according to an access request sent by a user terminal device, data to be rendered corresponding to the access request, where the access request is directed by the user terminal device according to a pre-configured security access policy;
a generating module 406, configured to render at least part of the data to obtain a corresponding file data stream;
a response module 407, configured to send the file data stream to the user terminal device as response information, so that the user terminal device sends the response information to a target terminal.
In another embodiment of the present application, the generating module 406 further includes:
a generating module 406 configured to generate, for non-rendered data, a control data stream for instructing the target terminal to render the non-rendered data;
a generating module 406, configured to send the control data stream and the file data stream to the user terminal device as response information, so that the user terminal device sends the response information to a target terminal.
In another embodiment of the present application, the generating module 406 further includes:
a generating module 406 configured to perform high risk address identification to obtain updated information for the security access policy;
a generating module 406, configured to send the update information to the user terminal device, so that the user terminal device updates the security access policy according to the update information.
In another embodiment of the present application, the generating module 406 further includes:
a generating module 406, configured to render at least part of the data to obtain a corresponding file data stream, including:
a generating module 406, configured to read attribute information of the target terminal according to the access request;
a generating module 406 configured to establish a rendering application instance corresponding to the attribute information according to the attribute information;
the generating module 406 is configured to render at least a portion of the data by using the rendering application instance, so as to obtain a corresponding file data stream.
In another embodiment of the present application, the generating module 406 further includes:
a generating module 406, configured to send, according to the access request, an acquisition request for attribute information of the target terminal to the target terminal, where the attribute information is used to describe a page display feature of the target terminal;
a generating module 406 configured to establish a rendering application instance corresponding to the attribute information based on the attribute information fed back by the target terminal according to the acquisition request;
the generating module 406 is configured to render at least a portion of the data by using the rendering application instance, so as to obtain a corresponding file data stream.
In another embodiment of the present application, the generating module 406 further includes:
a generating module 406 configured to determine, according to an access request sent by a user terminal device, data to be rendered corresponding to the access request;
a generating module 406 configured to detect whether the current node stores the data;
a generating module 406 configured to obtain the data from the current node if yes;
a generation module 406 configured to obtain the data from the origin server if not.
In another embodiment of the present application, as shown in fig. 8, the present application further provides an electronic device for processing an access request. The system comprises a second sending module 408, a second receiving module 409 and a display module 410, and is applied to a target terminal, and the method comprises the following steps:
a second sending module 408, configured to send an access request to a user terminal device, so that the user terminal device performs access control on the access request according to a pre-configured security access policy;
a second receiving module 409 configured to receive response information sent by the user terminal device, the response information including a file data stream at least partially rendered by a target node;
a display module 410 configured to display the resource corresponding to the access request according to the file data stream.
In another embodiment of the present application, the second receiving module 409 further includes:
the second receiving module 409 is configured to display the resource corresponding to the access request according to the file data stream, and includes:
a second receiving module 409 configured to update the file data stream according to the control data stream and the data that is not rendered;
a second receiving module 409, configured to display a resource corresponding to the access request according to the updated file data stream.
FIG. 9 is a block diagram illustrating a logical structure of an electronic device in accordance with an exemplary embodiment. For example, the electronic device 500 may be a mobile phone, a computer, a digital broadcast terminal, a messaging device, a game console, a tablet device, a medical device, an exercise device, a personal digital assistant, and the like.
In an exemplary embodiment, there is also provided a non-transitory computer readable storage medium, such as a memory, including instructions executable by an electronic device processor to perform the method of network monitoring described above, the method comprising: in the application, the user terminal device may receive an access request sent by a target terminal, and determine a risk type corresponding to the access request and used for describing a security risk degree based on a pre-configured security access policy. And after determining that the risk type corresponding to the access request is a high risk type, the access request is guided to the corresponding target node so that the target node processes and responds to the access request, and finally response information returned by the target node is received and sent to the target terminal, wherein the response information comprises at least part of file data stream rendered by the target node. Optionally, the instructions may also be executable by a processor of the electronic device to perform other steps involved in the exemplary embodiments described above. For example, the non-transitory computer readable storage medium may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.
In an exemplary embodiment, there is also provided an application/computer program product including one or more instructions executable by a processor of an electronic device to perform the above-described method of network monitoring, the method comprising: in the application, the user terminal device may receive an access request sent by a target terminal, and determine a risk type corresponding to the access request and used for describing a security risk degree based on a pre-configured security access policy. And after determining that the risk type corresponding to the access request is a high risk type, the access request is guided to the corresponding target node so that the target node processes and responds to the access request, and finally response information returned by the target node is received and sent to the target terminal, wherein the response information comprises at least part of file data stream rendered by the target node. Optionally, the instructions may also be executable by a processor of the electronic device to perform other steps involved in the exemplary embodiments described above.
Fig. 9 is an exemplary diagram of the computer device 50. It will be understood by those skilled in the art that the schematic diagram 9 is merely an example of the computer device 50 and does not constitute a limitation of the computer device 50 and may include more or less components than those shown, or combine certain components, or different components, for example, the computer device 50 may also include input output devices, network access devices, buses, etc.
The Processor 502 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. The general purpose processor may be a microprocessor or the processor 502 may be any conventional processor or the like, the processor 502 being the control center for the computer device 50 and the various interfaces and lines connecting the various parts of the overall computer device 50.
The memory 501 may be used to store computer readable instructions 503 and the processor 502 may implement the various functions of the computer device 50 by executing or executing the computer readable instructions or modules stored in the memory 501 and invoking data stored in the memory 501. The memory 501 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data created according to the use of the computer device 50, and the like. In addition, the Memory 501 may include a hard disk, a Memory, a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash Memory Card (Flash Card), at least one disk storage device, a Flash Memory device, a Read-Only Memory (ROM), a Random Access Memory (RAM), or other non-volatile/volatile storage devices.
The modules integrated by the computer device 50 may be stored in a computer-readable storage medium if they are implemented in the form of software functional modules and sold or used as separate products. Based on such understanding, all or part of the flow in the method according to the embodiments of the present invention can also be implemented by using computer readable instructions to instruct related hardware, and the computer readable instructions can be stored in a computer readable storage medium, and when the computer readable instructions are executed by a processor, the steps of the above-described embodiments of the method can be implemented.
Other embodiments of the present application will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the application being indicated by the following claims.
It will be understood that the present application is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the application is limited only by the appended claims.
Claims (21)
1. A processing method for access request is applied to user terminal equipment, and comprises the following steps:
receiving an access request sent by a target terminal;
determining a risk type corresponding to the access request based on the access request and a pre-configured security access policy, wherein the risk type is used for describing a security risk degree corresponding to the access request;
if the risk type corresponding to the access request is a high risk type, the access request is guided to a corresponding target node so that the target node processes and responds to the access request;
and receiving response information returned by the target node, and sending the response information to the target terminal, wherein the response information comprises at least part of the file data stream rendered by the target node.
2. The method of claim 1, wherein the response information further comprises a control data stream for instructing the target terminal to render the data that is not rendered.
3. The method of claim 1, wherein determining a risk type corresponding to the access request based on the access request and a pre-configured security access policy comprises;
and determining a risk type corresponding to the access request according to the protocol type, URL or the requested data type of the access request and a pre-configured security access policy.
4. The method of claim 1, wherein determining the risk type corresponding to the access request based on the access request and a pre-configured security access policy comprises:
determining address information corresponding to the access request;
and determining the risk type corresponding to the access request based on the address information and a pre-configured security access policy.
5. The method of claim 4, wherein determining the risk type corresponding to the access request based on the address information and a pre-configured security access policy comprises:
matching the address information with a preset high-risk address set, wherein the high-risk address set comprises at least one high-risk address;
and if the address information exists in the high-risk address set, determining that the risk type corresponding to the access request is a high-risk type.
6. The method of claim 4, wherein the address information comprises at least one of a destination access address, a source address, or a static route corresponding to the access request.
7. The method of claim 1, further comprising, before determining a risk type corresponding to the access request based on the access request and a pre-configured security access policy:
receiving update information for the security access policy sent by a distributed node or a security management platform;
and updating the previously stored security access policy according to the updating information.
8. The method of claim 1, wherein the steering the access requests to corresponding target nodes comprises:
and sending the access request to a corresponding target node by adopting a private communication protocol, GRE, IPsec or PAC.
9. A processing method of an access request is applied to a distributed node in a distributed network, and comprises the following steps:
acquiring data to be rendered corresponding to an access request according to the access request sent by user terminal equipment, wherein the access request is guided by the user terminal equipment according to a pre-configured security access strategy;
rendering at least part of the data to obtain a corresponding file data stream;
and sending the file data stream as response information to the user terminal equipment so that the user terminal equipment sends the response information to a target terminal.
10. The method of claim 9, wherein sending the file data stream to the user terminal device as response information, so that the user terminal device sends the response information to a target terminal, comprises:
for the data which is not rendered, generating a control data stream for instructing the target terminal to render the data which is not rendered;
and sending the control data stream and the file data stream to the user terminal equipment as response information so that the user terminal equipment sends the response information to a target terminal.
11. The method according to claim 9, before acquiring the data to be rendered corresponding to the access request according to the access request sent by the user terminal device, further comprising:
carrying out high-risk address identification to obtain update information aiming at a security access strategy;
and sending the updating information to the user terminal equipment so that the user terminal equipment can update the security access policy according to the updating information.
12. The method according to claim 9, wherein the access request includes attribute information of the target terminal, the attribute information being used for describing page display characteristics of the target terminal;
rendering at least part of the data to obtain a corresponding file data stream, including:
reading attribute information of the target terminal according to the access request;
establishing a rendering application instance corresponding to the attribute information according to the attribute information;
and rendering at least part of the data by adopting the rendering application example to obtain a corresponding file data stream.
13. The method of claim 9, wherein rendering at least a portion of the data to obtain a corresponding file data stream comprises:
sending an acquisition request aiming at the attribute information of the target terminal to the target terminal according to the access request, wherein the attribute information is used for describing the page display characteristics of the target terminal;
based on the attribute information fed back by the target terminal according to the acquisition request, establishing a rendering application instance corresponding to the attribute information;
and rendering at least part of the data by adopting the rendering application example to obtain a corresponding file data stream.
14. The method of claim 9, wherein the obtaining the data to be rendered corresponding to the access request according to the access request sent by the user terminal device comprises:
determining data to be rendered corresponding to an access request according to the access request sent by user terminal equipment;
detecting whether the current node stores the data or not;
if yes, acquiring the data from the current node;
and if not, acquiring the data from the original server.
15. A processing method of access request is applied to a target terminal, and comprises the following steps:
sending an access request to user terminal equipment so that the user terminal equipment performs access control on the access request according to a pre-configured security access policy;
receiving response information sent by the user terminal device, wherein the response information comprises a file data stream at least partially rendered by a target node;
and displaying the resources corresponding to the access request according to the file data stream.
16. The method of claim 15, wherein the response information further comprises a control data stream for indicating that the current terminal renders the data that is not rendered;
displaying the resources corresponding to the access request according to the file data stream, including:
updating the file data stream in dependence on the control data stream and the data not rendered;
and displaying the resources corresponding to the access request according to the updated file data stream.
17. An electronic device for processing an access request, applied to a user terminal device, includes:
a first receiving module configured to receive an access request transmitted by a target terminal;
the determining module is configured to determine a risk type corresponding to the access request based on the access request and a pre-configured security access policy, wherein the risk type is used for describing a security risk degree corresponding to the access request;
the processing module is configured to, if the risk type corresponding to the access request is a high risk type, direct the access request to a corresponding target node so that the target node processes and responds to the access request;
the first sending module is configured to receive response information returned by the target node and send the response information to the target terminal, wherein the response information comprises a file data stream at least partially rendered by the target node.
18. An electronic device for processing an access request, applied to a distributed node in a distributed network, comprising:
the system comprises an acquisition module, a rendering module and a display module, wherein the acquisition module is configured to acquire data to be rendered corresponding to an access request according to the access request sent by user terminal equipment, and the access request is guided by the user terminal equipment according to a pre-configured security access strategy;
the generating module is configured to render at least part of the data to obtain a corresponding file data stream;
a response module configured to send the file data stream as response information to the user terminal device, so that the user terminal device sends the response information to a target terminal.
19. An electronic device for processing an access request, applied to a target terminal, includes:
the second sending module is configured to send an access request to the user terminal device, so that the user terminal device performs access control on the access request according to a pre-configured security access policy;
a second receiving module configured to receive response information transmitted by the user terminal device, the response information including a file data stream at least partially rendered by a target node;
and the display module is configured to display the resource corresponding to the access request according to the file data stream.
20. An electronic device, comprising:
a memory for storing executable instructions; and the number of the first and second groups,
a processor for display with the memory to execute the executable instructions to perform the operations of the method of processing an access request of any of claims 1-16.
21. A computer-readable storage medium storing computer-readable instructions that, when executed, perform the operations of the method of processing an access request of any of claims 1-16.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111112491.5A CN115842641A (en) | 2021-09-18 | 2021-09-18 | Access request processing method, electronic device, and medium |
| PCT/CN2022/119101 WO2023040983A1 (en) | 2021-09-18 | 2022-09-15 | Access request processing method, electronic apparatus, electronic device, and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111112491.5A CN115842641A (en) | 2021-09-18 | 2021-09-18 | Access request processing method, electronic device, and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115842641A true CN115842641A (en) | 2023-03-24 |
Family
ID=85574545
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111112491.5A Pending CN115842641A (en) | 2021-09-18 | 2021-09-18 | Access request processing method, electronic device, and medium |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN115842641A (en) |
| WO (1) | WO2023040983A1 (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117835248A (en) * | 2023-10-17 | 2024-04-05 | 湖北星纪魅族集团有限公司 | Security control method, terminal, and non-transitory computer-readable storage medium |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102694772B (en) * | 2011-03-23 | 2014-12-10 | 腾讯科技(深圳)有限公司 | Apparatus, system and method for accessing internet web pages |
| CN105991580B (en) * | 2015-02-12 | 2019-09-17 | 腾讯科技(深圳)有限公司 | Network address safety detection method and device |
| CN111372205A (en) * | 2020-02-28 | 2020-07-03 | 维沃移动通信有限公司 | Information prompting method and electronic equipment |
| CN111641701B (en) * | 2020-05-25 | 2023-07-14 | 深信服科技股份有限公司 | Data protection method and device, equipment and storage medium |
-
2021
- 2021-09-18 CN CN202111112491.5A patent/CN115842641A/en active Pending
-
2022
- 2022-09-15 WO PCT/CN2022/119101 patent/WO2023040983A1/en unknown
Also Published As
| Publication number | Publication date |
|---|---|
| WO2023040983A1 (en) | 2023-03-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10587544B2 (en) | Message processing method, processing server, terminal, and storage medium | |
| EP3313027B1 (en) | Routing rule acquisition method and system | |
| CN107491320B (en) | Loading method and device based on mixed-mode mobile application | |
| US8850523B2 (en) | Watermarks for roaming | |
| US10945130B2 (en) | Method for establishing wireless connection for application of user equipment | |
| CN107979520B (en) | Message processing method and message processing device | |
| EP3528474B1 (en) | Webpage advertisement anti-shielding methods and content distribution network | |
| US10630800B2 (en) | Methods and systems for handling requests regarding zero-rating | |
| CN110730133B (en) | Route notification method and system | |
| CN111345008A (en) | Mobile edge host service notification method and device | |
| CN112825524B (en) | Method, device and system for determining network service node | |
| CN110996372B (en) | Message routing method, device and system and electronic equipment | |
| WO2023040983A1 (en) | Access request processing method, electronic apparatus, electronic device, and medium | |
| KR20100022281A (en) | Wireless internet service system for blocking access to harmful site and method thereof | |
| CN104346228A (en) | Application program sharing method and terminal | |
| US20170118593A1 (en) | Method and device for position-based message information parallel broadcasting | |
| CN115699706A (en) | Method and system for propagating data between different domains in a privacy-focused manner | |
| KR101042244B1 (en) | Method and System for Managing Quality of Experience of Service in Wired and Wireless Communication Network | |
| US10652352B2 (en) | Server, client device and methods therein for handling | |
| CN110830513A (en) | Cloud engine, method for remotely accessing application, system thereof and storage medium | |
| EP2976858B1 (en) | Global email identity preferences | |
| JP7400505B2 (en) | Information processing device, information processing system, and information processing program | |
| WO2024016657A1 (en) | Network access method and apparatus, and computer-readable storage medium | |
| CN115460674A (en) | Network distribution method and device | |
| CN115243291A (en) | Data processing method, device, equipment and computer storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |