CN116723245A - Application request processing method, device, equipment and storage medium - Google Patents
Application request processing method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN116723245A CN116723245A CN202310861091.7A CN202310861091A CN116723245A CN 116723245 A CN116723245 A CN 116723245A CN 202310861091 A CN202310861091 A CN 202310861091A CN 116723245 A CN116723245 A CN 116723245A
- Authority
- CN
- China
- Prior art keywords
- target
- server
- address
- accessed
- application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 20
- 238000000034 method Methods 0.000 claims abstract description 41
- 230000004044 response Effects 0.000 claims abstract description 35
- 238000012545 processing Methods 0.000 claims abstract description 26
- 238000004891 communication Methods 0.000 claims description 26
- 238000004590 computer program Methods 0.000 claims description 16
- 230000008569 process Effects 0.000 claims description 15
- 238000002955 isolation Methods 0.000 abstract description 23
- 239000003999 initiator Substances 0.000 abstract description 2
- 238000011161 development Methods 0.000 description 7
- 238000001914 filtration Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 238000004458 analytical method Methods 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000000977 initiatory effect Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 239000011521 glass Substances 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/60—Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses an application request processing method, an application request processing device, application request processing equipment and a storage medium. The method comprises the following steps: acquiring an application access request sent by a target application; determining a target access address to be accessed by a target application according to an application access request, and feeding back the target access address to the target application; responding to a network connection request generated by a target application according to a target access address, and if the target access address meets a preset address access condition, generating a server access request for accessing a server to be accessed associated with the target access address; sending a server access request to a server to be accessed, so that the server to be accessed generates and feeds back request response data based on the server access request; and sending request response data to the target application. The embodiment of the invention improves the processing efficiency and the security of the application request based on the Internet isolation and improves the use experience of the application request initiator.
Description
Technical Field
The present invention relates to the field of data processing technologies, and in particular, to a method, an apparatus, a device, and a storage medium for processing an application request.
Background
In order to protect the network information security, the internal and external networks are generally isolated and data exchanged through measures such as a special channel, a special security protocol and the like. The network isolation technology is developed in the physical isolation concept, the external network is directly connected with the Internet, and the internal network is a relatively safe internal network.
In the process of internet isolation of the macOS system (operating system running on Macintosh series computer), the following technical schemes are mainly adopted:
scheme 1: based on kernel driver extension provided by manufacturers, performing function development, and loading kernel drivers into a system after the development is completed; scheme 2: constructing a virtual network card, draining all networks in the equipment to the virtual network card, and then acquiring an IP (Internet Protocol Address ) packet from the virtual network card to filter so as to realize release or interception; scheme 3: the self-deployed DNS server mode sets up the server for device DNS (Domain Name System ) services that require internet isolation, so that all DNS generated by the device is drained to the server for processing.
However, the above-mentioned prior art solutions have the following technical problems: the problem with scheme 1 is that there are few APIs (Application Programming Interface, application programming interfaces) provided for the kernel driver, resulting in very low development and debugging efficiency, and difficult to troubleshoot if problems occur. Scheme 2 has the following problems: because the protocol layer conversion is performed for a plurality of times, the efficiency is lower, and the differentiated control for the application cannot be supported. Scheme 3 has the following problems: independent DNS servers must be deployed, actual maintenance is complex, if a large number of devices are used, the concurrency problem exists under the condition of high concurrency, the safety is low, and the user experience is influenced.
In summary, the existing technical means for solving the internet isolation has low development efficiency and security for realizing the network isolation, and the actual operation and use experience of the user can be affected due to the possible concurrency problem in the process of actually accessing the data by the upper layer application.
Disclosure of Invention
The invention provides an application request processing method, an application request processing device and a storage medium, which are used for improving the processing efficiency and the security of an application request based on Internet isolation and improving the use experience of an application request initiator.
According to an aspect of the present invention, there is provided an application request processing method, the method including:
acquiring an application access request sent by a target application;
determining a target access address to be accessed by the target application according to the application access request, and feeding back the target access address to the target application;
responding to a network connection request generated by the target application according to the target access address, and if the target access address meets a preset address access condition, generating a server access request for accessing a server to be accessed associated with the target access address;
the server access request is sent to the server to be accessed, so that the server to be accessed generates and feeds back request response data based on the server access request;
And sending the request response data to the target application.
According to another aspect of the present invention, there is provided an application request processing apparatus including:
the access request acquisition module is used for acquiring an application access request sent by the target application;
the target address determining module is used for determining a target access address to be accessed by the target application according to the application access request and feeding back the target access address to the target application;
the access request generation module is used for responding to a network connection request generated by the target application according to the target access address, and if the target access address meets a preset address access condition, a server access request for accessing a server to be accessed which is associated with the target access address is generated;
the access request sending module is used for sending the server access request to the server to be accessed so that the server to be accessed can generate and feed back request response data based on the server access request;
and the response data sending module is used for sending the request response data to the target application.
According to another aspect of the present invention, there is provided an electronic apparatus including:
At least one processor; and
a memory communicatively coupled to the at least one processor; wherein,,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the application request processing method according to any one of the embodiments of the present invention.
According to another aspect of the present invention, there is provided a computer readable storage medium storing computer instructions for causing a processor to implement the application request processing method according to any one of the embodiments of the present invention when executed.
According to the technical scheme, an application access request sent by a target application is obtained; determining a target access address to be accessed by a target application according to an application access request, and feeding back the target access address to the target application; responding to a network connection request generated by a target application according to a target access address, and if the target access address meets a preset address access condition, generating a server access request for accessing a server to be accessed associated with the target access address; sending a server access request to a server to be accessed, so that the server to be accessed generates and feeds back request response data based on the server access request; the request response data is sent to the target application. According to the technical scheme, when the network connection request of the target application is received, whether the target application has the network connection communication establishment condition or not is judged based on the preset address access condition, so that the Internet isolation of part of the applications is realized, the problem that the development efficiency and the safety of realizing the network isolation are low in the technical means of the Internet isolation is solved, and the actual operation and the use experience of application users are improved.
It should be understood that the description in this section is not intended to identify key or critical features of the embodiments of the invention or to delineate the scope of the invention. Other features of the present invention will become apparent from the description that follows.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, and it is apparent that the drawings in the following description are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of an application request processing method according to a first embodiment of the present invention;
FIG. 2 is a flow chart of a method for processing an application request according to a second embodiment of the present invention;
FIG. 3 is a flow chart of a method for processing an application request according to a third embodiment of the present invention;
fig. 4 is a schematic structural diagram of an application request processing device according to a fourth embodiment of the present invention;
fig. 5 is a schematic structural diagram of an electronic device implementing an application request processing method according to an embodiment of the present invention.
Detailed Description
In order that those skilled in the art will better understand the present invention, a technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in which it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the present invention without making any inventive effort, shall fall within the scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and the claims of the present invention and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate such that the embodiments of the invention described herein may be implemented in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example 1
Fig. 1 is a flowchart of an application request processing method according to a first embodiment of the present invention, where the method may be performed by an application request processing device, and the application request processing device may be implemented in hardware and/or software, and the application request processing device may be configured in an electronic device. As shown in fig. 1, the method includes:
s110, acquiring an application access request sent by a target application.
The target application can be an upper layer application with an access request; the application access request may be a page access request and a page display request initiated by the target application to the server, or may be other requests, which is not limited in this embodiment.
For example, the application access request sent by the target application may be obtained by the operating system of the front-end device.
S120, determining a target access address to be accessed by the target application according to the application access request, and feeding back the target access address to the target application.
The target access address may be a server address of a server to be accessed by the target application. The application access request may include information such as a server identifier and a domain name of the server to be accessed, and may specifically be obtained by analyzing the application access request.
The front-end device may perform request analysis on the application access request to obtain a domain name to be accessed by the target application, and determine a target access address corresponding to the domain name to be accessed; and the front-end equipment feeds back the target access address to the target application after determining the target access address so as to enable the target application to perform address request access based on the target access address.
In an alternative embodiment, determining a target access address to be accessed by a target application according to an application access request includes: determining a domain name to be accessed of a server to be accessed according to an application access request; the domain name to be accessed is sent to a domain name server, so that the domain name server can determine and feed back a target access address associated with the domain name to be accessed; a target access address is obtained.
By way of example, the domain name to be accessed of the server to be accessed can be determined by carrying out request analysis on the application access request; and sending the domain name to be accessed to a DNS server, determining a target access address corresponding to the domain name to be accessed after the DNS server receives the domain name to be accessed, feeding back the target access address to front-end equipment, and acquiring the target access address by the front-end equipment.
And S130, responding to a network connection request generated by the target application according to the target access address, and if the target access address meets the preset address access condition, generating a server access request for accessing a server to be accessed associated with the target access address.
The target application may select whether to send a request to a server to be accessed corresponding to the target access address after receiving the target access address, and if so, send a network connection request to the target access address; in the process that the target application sends a network request to the target access address, an operating system of the front-end equipment responds to the network connection request, and after responding to the network connection request, whether the target access address meets the preset address access condition is judged. The address access condition may be preset by a related technician, for example, the address access condition may be that the received access address is a security address in a white list. And if the target access address meets the preset address access condition, generating a server access request for accessing the server to be accessed associated with the target access address. The server access request may generate a server access request requesting access to server data based on data such as a target application related network protocol, a server identification, and application related information.
In an alternative embodiment, in response to a network connection request generated by a target application according to a target access address, if the target access address meets a preset address access condition, generating a server access request for accessing a server to be accessed associated with the target access address, including: responding to a network connection request generated by a target application according to a target access address, and judging whether the target access address meets a preset address access condition in the process of establishing network communication connection between servers to be accessed associated with the target access address based on the network connection request; if yes, establishing network communication connection with the server to be accessed, and generating a server access request for accessing the server to be accessed according to the application access request.
The operating system of the head-end equipment, for example, sends the target access address to the target application for the target application to determine whether to initiate a network connection request to the target access address. If the operating system of the front-end equipment receives a network connection request sent by a target application, responding to the network connection request, and judging whether the target address meets a preset address access condition in the process of establishing network communication connection with a server to be accessed of the target access address based on the network connection request; if yes, establishing network communication connection with the server to be accessed; if not, the connection is interrupted and no network access authority is fed back to the target application, so that the Internet isolation of partial applications is realized. If the network communication connection with the server to be accessed can be established, generating a server access request for accessing the server to be accessed based on a corresponding communication protocol according to the application access request.
And S140, sending the server access request to the server to be accessed, so that the server to be accessed generates and feeds back request response data based on the server access request.
For example, the operating system of the front-end device may send a server access request to a server to be accessed, where after receiving the server access request, the server to be accessed performs request parsing on the server access request to obtain response data associated with the access request. For example, if the server access request is a presentation request for a page, the request response data may include relevant data to be presented by the page. The server to be accessed feeds back the request response data to the operating system of the front-end equipment.
And S150, sending the request response data to the target application.
The operating system of the front-end device sends the request response data to the target application after receiving the request response data fed back by the server to be accessed.
According to the technical scheme, an application access request sent by a target application is obtained; determining a target access address to be accessed by a target application according to an application access request, and feeding back the target access address to the target application; responding to a network connection request generated by a target application according to a target access address, and if the target access address meets a preset address access condition, generating a server access request for accessing a server to be accessed associated with the target access address; sending a server access request to a server to be accessed, so that the server to be accessed generates and feeds back request response data based on the server access request; the request response data is sent to the target application. According to the technical scheme, when the network connection request of the target application is received, whether the target application has the network connection communication establishment condition or not is judged based on the preset address access condition, so that the Internet isolation of part of the applications is realized, the problem that the development efficiency and the safety of realizing the network isolation are low in the technical means of the Internet isolation is solved, and the actual operation and the use experience of application users are improved.
Example two
Fig. 2 is a flowchart of an application request processing method according to a second embodiment of the present invention, where the embodiment is optimized and improved based on the above technical solutions.
Further, the step of determining a target access address to be accessed by a target application according to an application access request is refined into the step of determining a domain name to be accessed of a server to be accessed according to the application access request; the domain name to be accessed is sent to a domain name server, so that the domain name server can determine and feed back a target access address associated with the domain name to be accessed; the target access address "is obtained to perfect the determination of the target access address.
Further, the step of generating a server access request for accessing the server to be accessed associated with the target access address is refined to judge whether the target address is in a preset address white list if the target access address meets the preset address access condition; if yes, judging whether the target application is in a preset application white list; if yes, generating a server access request for accessing the server to be accessed associated with the target access address so as to perfect the generation condition of the server access request. In the embodiments of the present invention, the descriptions of other embodiments may be referred to in the portions not described in detail.
As shown in fig. 2, the method comprises the following specific steps:
s210, acquiring an application access request sent by a target application.
S220, determining a domain name to be accessed of the server to be accessed according to the application access request.
And S230, the domain name to be accessed is sent to a domain name server, so that the domain name server can determine and feed back a target access address associated with the domain name to be accessed.
S240, acquiring a target access address, and feeding back the target access address to the target application.
It should be noted that, because different upper layer application originators are different, when different application originators access the same address, there may be a situation that the corresponding domain names are different, that is, the request domain name of the upper layer application a initiating the access request is a, the corresponding access address is B, the request domain name of the upper layer application B initiating the access request is B, and the corresponding access address may also be B. Therefore, in order to further realize the accuracy of internet isolation and improve the safety, the correspondence between the domain name and the address can be updated and checked to ensure that the address which can be accessed is an address which exists in the updated domain name address correspondence set and has authority to access.
Optionally, after the target access address is obtained, if the domain name to be accessed is in a preset domain name white list, updating a preset domain name address relationship set by adopting a target domain name address association relationship between the domain name to be accessed and the target access address; the set of domain name address relationships includes at least one candidate domain name address association.
For example, after the operating system of the front-end device obtains the target access address, if the domain name to be accessed exists in the preset domain name white list, a target domain name address association relationship between the domain name to be accessed and the target access address is established, and the target domain name address association relationship is updated to be in the preset domain name address relationship set. The domain name address relation set and the domain name white list can be preset by related technicians according to actual requirements. The set of domain name address relationships may be updated continuously during execution of the application request.
Optionally, if the domain name to be accessed is not in the preset domain name white list, the preset domain name address relationship set is not updated.
S250, responding to a network connection request generated by the target application according to the target access address, and judging whether the target access address is in a preset address white list.
The operating system of the front-end device determines whether the target access address is in a preset address white list according to the network connection request of the target application. The address white list includes addresses with access rights, and may be specifically pre-constructed by a relevant technician.
And S260, if so, judging whether the target application is in a preset application white list.
If the target access address exists in the preset address white list, whether the target application is in the preset application white list is further judged; the application white list comprises an upper layer application with access authority, and the application white list can be pre-constructed by related technicians. If the target access address does not exist in the preset white list, the target access address has no access right, namely network communication connection with the server cannot be established, and the operating system of the front-end equipment can feed back prompt information such as no access right to the target application.
And S270, if so, generating a server access request for accessing the server to be accessed associated with the target access address.
For example, if the target application exists in the preset application white list, a server access request is generated, if the target application does not exist in the preset application white list, the target application does not have access rights, that is, network communication connection with the server cannot be established, and then the operating system of the front-end device can feed back prompt information such as no access rights to the target application.
In an alternative embodiment, before generating a server access request for accessing a server to be accessed associated with a target access address, determining whether a domain name to be accessed exists in a preset domain name address relationship set; if yes, executing to generate a server access request for accessing the server to be accessed associated with the target access address.
The method includes the steps that whether a domain name to be accessed exists in a preset domain name address association relationship is judged, and if yes, a server access request is generated; if not, the domain name to be accessed does not have access right, namely network communication connection with the server cannot be established, and the operating system of the front-end equipment can feed back prompt information such as no access right to the target application.
It should be noted that, whether the target access address is in the preset address white list, whether the target application is in the preset application white list, and whether the domain name to be accessed exists in the preset domain name address relationship set are not before and after the execution sequence of the three judging processes is not divided, the target access address may be judged first, the target application may be judged first, or the domain name to be accessed may be judged first, and the judging sequence of the three judging processes is not limited in any way in this embodiment.
And S280, sending the server access request to the server to be accessed, so that the server to be accessed generates and feeds back request response data based on the server access request.
And S290, the request response data is sent to the target application.
According to the technical scheme, whether the target access address is in the preset address white list or not is further judged, if yes, whether the target application is in the preset application white list or not is judged, if yes, a server access request for accessing a server to be accessed which is related to the target access address is generated, address access conditions are perfected, judging conditions of the target access address are perfected, more accurate Internet isolation of application requests of upper-layer applications is achieved, safety of a request execution process is further improved, and therefore using experience of application users is improved.
Example III
Fig. 3 is an interaction schematic diagram of an application request processing method according to a third embodiment of the present invention. The present embodiment provides a preferred example based on the above-described embodiments.
To further enable decoupling between functional modules, at least one functional module plug-in may be deployed within the head-end equipment according to a functional module division, which may specifically include a DNS proxy plug-in and a network filtering plug-in.
Before the process starts, the DNS proxy plugin and the network filtering plugin need to be started. Specifically, whether the network filtering plug-in and the DNS proxy plug-in are started or not is judged by an internet isolation SDK (Software Development Kit ) deployed on the front-end equipment, and if not, the plug-in is started. The plug-in closing flow is the same as the plug-in opening flow, and this embodiment will not be described in detail.
The internet isolation SDK may respond to a request for setting an address white list and an application white list of an upper layer application, request the setting of the address white list from the network filtering plug-in to obtain an address white list setting result, and request the setting of the application white list from the DNS proxy server to obtain an application white list setting result.
As shown in fig. 3, the method comprises the following specific steps:
s301, an operating system of the front-end equipment acquires an application access request sent by a target application.
S302, an operating system of front-end equipment determines a domain name to be accessed of a server to be accessed according to an application access request, and sends the domain name to be accessed to a DNS proxy plugin;
s303, the DNS proxy plugin of the front-end equipment sends the domain name to be accessed to a domain name server so that the domain name server can determine and feed back a target access address associated with the domain name to be accessed.
S304, the DNS proxy plug-in of the front-end equipment acquires a target access address fed back by the domain name server, and feeds the target access address back to the target application through the operating system.
S305, the DNS proxy plugin of the front-end equipment judges whether the domain name to be accessed is in a preset domain name white list, if so, a preset domain name address relation set is updated by adopting a target domain name address association relation between the domain name to be accessed and a target access address.
S306, an operating system of the front-end equipment responds to a network connection request generated by a target application according to a target access address, and in the process of establishing network communication connection between servers to be accessed associated with the target access address based on the network connection request, a deployed network filtering plug-in judges whether the target access address is in a preset address white list.
S307, if yes, the network filtering plug-in judges whether the target application is in a preset application white list.
And S308, if so, the network filtering plug-in judges whether the domain name to be accessed exists in a preset domain name address relation set.
And S309, if yes, sending an allowable release instruction to the operating system, and generating a server access request for accessing the server to be accessed associated with the target access address by the operating system.
S310, the operating system of the front-end equipment sends a server access request to the server to be accessed, so that the server to be accessed generates and feeds back request response data based on the server access request.
S311, the operating system of the front-end equipment sends the request response data to the target application.
Example IV
Fig. 4 is a schematic structural diagram of an application request processing device according to a fourth embodiment of the present invention. The application request processing device provided by the embodiment of the invention is applicable to the situation of processing the request of the application request based on the internet isolation, and can be realized in the form of hardware and/or software, as shown in fig. 4, and specifically comprises: an access request acquisition module 401, a target address determination module 402, an access request generation module 403, an access request transmission module 404, and a response data transmission module 405. Wherein,,
an access request acquisition module 401, configured to acquire an application access request sent by a target application;
a target address determining module 402, configured to determine a target access address to be accessed by the target application according to the application access request, and feed back the target access address to the target application;
An access request generating module 403, configured to respond to a network connection request generated by the target application according to the target access address, and if the target access address meets a preset address access condition, generate a server access request for accessing a server to be accessed associated with the target access address;
an access request sending module 404, configured to send the server access request to the server to be accessed, so that the server to be accessed generates and feeds back request response data based on the server access request;
and the response data sending module 405 is configured to send the request response data to the target application.
According to the technical scheme, an application access request sent by a target application is obtained; determining a target access address to be accessed by a target application according to an application access request, and feeding back the target access address to the target application; responding to a network connection request generated by a target application according to a target access address, and if the target access address meets a preset address access condition, generating a server access request for accessing a server to be accessed associated with the target access address; sending a server access request to a server to be accessed, so that the server to be accessed generates and feeds back request response data based on the server access request; the request response data is sent to the target application. According to the technical scheme, when the network connection request of the target application is received, whether the target application has the network connection communication establishment condition or not is judged based on the preset address access condition, so that the Internet isolation of part of the applications is realized, the problem that the development efficiency and the safety of realizing the network isolation are low in the technical means of the Internet isolation is solved, and the actual operation and the use experience of application users are improved.
Optionally, the destination address determining module 402 includes:
the access domain name determining unit is used for determining a domain name to be accessed of the server to be accessed according to the application access request;
an access domain name sending unit, configured to send the domain name to be accessed to a domain name server, so that the domain name server determines and feeds back a target access address associated with the domain name to be accessed;
and the target address acquisition unit is used for acquiring the target access address.
Optionally, the access request generating module 403 includes:
the address judging unit is used for judging whether the target access address is in a preset address white list or not;
the application judging unit is used for judging whether the target application is in a preset application white list or not if the target access address is in the preset address white list;
and the access request generation unit is used for generating a server access request for accessing the server to be accessed associated with the target access address if the target application is in a preset application white list.
Optionally, the access request generating module 403 further includes:
the domain name judging unit is used for judging whether the domain name to be accessed exists in a preset domain name address relation set before the server access request for accessing the server to be accessed associated with the target access address is generated; if yes, executing the server access request for generating the server to be accessed, which is associated with the target access address.
Optionally, the destination address determining module 402 further includes:
a relationship set updating unit, configured to update the preset domain name address relationship set by using a target domain name address association relationship between the domain name to be accessed and the target access address if the domain name to be accessed is in a preset domain name white list after the target access address is acquired; the domain name address relationship set includes at least one candidate domain name address association relationship.
Optionally, the access request generating module 403 includes:
an access condition judging unit, configured to respond to a network connection request generated by the target application according to the target access address, and judge whether the target access address meets a preset address access condition in a process of establishing a network communication connection between servers to be accessed associated with the target access address based on the network connection request;
and the communication connection establishing unit is used for establishing network communication connection with the server to be accessed if the target access address meets the preset address access condition, and generating a server access request for accessing the server to be accessed according to the application access request.
The application request processing device provided by the embodiment of the invention can execute the application request processing method provided by any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the execution method.
Example five
Fig. 5 shows a schematic diagram of an electronic device 50 that may be used to implement an embodiment of the invention. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. Electronic equipment may also represent various forms of mobile devices, such as personal digital processing, cellular telephones, smartphones, wearable devices (e.g., helmets, glasses, watches, etc.), and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the inventions described and/or claimed herein.
As shown in fig. 5, the electronic device 50 includes at least one processor 51, and a memory, such as a Read Only Memory (ROM) 52, a Random Access Memory (RAM) 53, etc., communicatively connected to the at least one processor 51, in which the memory stores a computer program executable by the at least one processor, and the processor 51 may perform various appropriate actions and processes according to the computer program stored in the Read Only Memory (ROM) 52 or the computer program loaded from the storage unit 58 into the Random Access Memory (RAM) 53. In the RAM 53, various programs and data required for the operation of the electronic device 50 can also be stored. The processor 51, the ROM 52 and the RAM 53 are connected to each other via a bus 54. An input/output (I/O) interface 55 is also connected to bus 54.
Various components in the electronic device 50 are connected to the I/O interface 55, including: an input unit 56 such as a keyboard, a mouse, etc.; an output unit 57 such as various types of displays, speakers, and the like; a storage unit 58 such as a magnetic disk, an optical disk, or the like; and a communication unit 59 such as a network card, modem, wireless communication transceiver, etc. The communication unit 59 allows the electronic device 50 to exchange information/data with other devices via a computer network, such as the internet, and/or various telecommunications networks.
The processor 51 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of processor 51 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various processors running machine learning model algorithms, digital Signal Processors (DSPs), and any suitable processor, controller, microcontroller, etc. The processor 51 performs the various methods and processes described above, such as application request processing methods.
In some embodiments, the application request processing method may be implemented as a computer program tangibly embodied on a computer-readable storage medium, such as the storage unit 58. In some embodiments, part or all of the computer program may be loaded and/or installed onto the electronic device 50 via the ROM 52 and/or the communication unit 59. When the computer program is loaded into RAM 53 and executed by processor 51, one or more steps of the application request processing method described above may be performed. Alternatively, in other embodiments, the processor 51 may be configured to perform the application request processing method in any other suitable way (e.g., by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuit systems, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems On Chip (SOCs), load programmable logic devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs, the one or more computer programs may be executed and/or interpreted on a programmable system including at least one programmable processor, which may be a special purpose or general-purpose programmable processor, that may receive data and instructions from, and transmit data and instructions to, a storage system, at least one input device, and at least one output device.
A computer program for carrying out methods of the present invention may be written in any combination of one or more programming languages. These computer programs may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the computer programs, when executed by the processor, cause the functions/acts specified in the flowchart and/or block diagram block or blocks to be implemented. The computer program may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of the present invention, a computer-readable storage medium may be a tangible medium that can contain, or store a computer program for use by or in connection with an instruction execution system, apparatus, or device. The computer readable storage medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. Alternatively, the computer readable storage medium may be a machine readable signal medium. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on an electronic device having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) through which a user can provide input to the electronic device. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic input, speech input, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), blockchain networks, and the internet.
The computing system may include clients and servers. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so that the defects of high management difficulty and weak service expansibility in the traditional physical hosts and VPS service are overcome.
It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps described in the present invention may be performed in parallel, sequentially, or in a different order, so long as the desired results of the technical solution of the present invention are achieved, and the present invention is not limited herein.
The above embodiments do not limit the scope of the present invention. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the scope of the present invention.
Claims (10)
1. An application request processing method, comprising:
acquiring an application access request sent by a target application;
determining a target access address to be accessed by the target application according to the application access request, and feeding back the target access address to the target application;
responding to a network connection request generated by the target application according to the target access address, and if the target access address meets a preset address access condition, generating a server access request for accessing a server to be accessed associated with the target access address;
The server access request is sent to the server to be accessed, so that the server to be accessed generates and feeds back request response data based on the server access request;
and sending the request response data to the target application.
2. The method according to claim 1, wherein the determining, according to the application access request, a target access address to be accessed by the target application includes:
determining a domain name to be accessed of a server to be accessed according to the application access request;
the domain name to be accessed is sent to a domain name server, so that the domain name server can determine and feed back a target access address associated with the domain name to be accessed;
and acquiring the target access address.
3. The method according to claim 2, wherein generating a server access request for accessing a server to be accessed associated with the target access address if the target access address satisfies a preset address access condition comprises:
judging whether the target access address is in a preset address white list or not;
if yes, judging whether the target application is in a preset application white list;
If yes, a server access request for accessing the server to be accessed which is associated with the target access address is generated.
4. A method according to claim 3, wherein prior to said generating a server access request to access a server to be accessed associated with said target access address, the method further comprises:
judging whether the domain name to be accessed exists in a preset domain name address relation set or not;
if yes, executing the server access request for generating the server to be accessed, which is associated with the target access address.
5. The method of claim 4, wherein after obtaining the target access address, the method further comprises:
if the domain name to be accessed is in a preset domain name white list, updating the preset domain name address relation set by adopting a target domain name address association relation between the domain name to be accessed and the target access address; the domain name address relationship set includes at least one candidate domain name address association relationship.
6. The method according to any one of claims 1-5, wherein the generating, in response to the network connection request generated by the target application according to the target access address, a server access request for accessing a server to be accessed associated with the target access address if the target access address meets a preset address access condition, includes:
Responding to a network connection request generated by the target application according to the target access address, and judging whether the target access address meets a preset address access condition in the process of establishing network communication connection between servers to be accessed associated with the target access address based on the network connection request;
if yes, establishing network communication connection with the server to be accessed, and generating a server access request for accessing the server to be accessed according to the application access request.
7. An application request processing apparatus, comprising:
the access request acquisition module is used for acquiring an application access request sent by the target application;
the target address determining module is used for determining a target access address to be accessed by the target application according to the application access request and feeding back the target access address to the target application;
the access request generation module is used for responding to a network connection request generated by the target application according to the target access address, and if the target access address meets a preset address access condition, a server access request for accessing a server to be accessed which is associated with the target access address is generated;
The access request sending module is used for sending the server access request to the server to be accessed so that the server to be accessed can generate and feed back request response data based on the server access request;
and the response data sending module is used for sending the request response data to the target application.
8. The apparatus of claim 7, wherein the destination address determination module comprises:
the access domain name determining unit is used for determining a domain name to be accessed of the server to be accessed according to the application access request;
an access domain name sending unit, configured to send the domain name to be accessed to a domain name server, so that the domain name server determines and feeds back a target access address associated with the domain name to be accessed;
and the target address acquisition unit is used for acquiring the target access address.
9. An electronic device, the electronic device comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the application request processing method of any one of claims 1-6.
10. A computer readable storage medium storing computer instructions for causing a processor to implement the application request processing method of any one of claims 1-6 when executed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310861091.7A CN116723245A (en) | 2023-07-13 | 2023-07-13 | Application request processing method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310861091.7A CN116723245A (en) | 2023-07-13 | 2023-07-13 | Application request processing method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116723245A true CN116723245A (en) | 2023-09-08 |
Family
ID=87869844
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310861091.7A Pending CN116723245A (en) | 2023-07-13 | 2023-07-13 | Application request processing method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116723245A (en) |
-
2023
- 2023-07-13 CN CN202310861091.7A patent/CN116723245A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113766487B (en) | Cloud mobile phone information acquisition method, device, equipment and medium | |
| CN109343983B (en) | Information interaction method, device, equipment and storage medium between function modules | |
| CN113806037A (en) | Service calling method and device, storage medium and electronic equipment | |
| CN117034257A (en) | Information acquisition method, device, equipment and medium under virtualization management | |
| CN109922120B (en) | Method and terminal for improving DNS availability | |
| CN116723245A (en) | Application request processing method, device, equipment and storage medium | |
| CN108734033B (en) | Method and device for realizing safety interaction between systems | |
| CN114924826B (en) | Page fusion method, device and equipment based on different code platforms | |
| CN108288135B (en) | System compatibility method and device, computer readable storage medium and electronic equipment | |
| CN116112382A (en) | Network data capturing method and device, electronic equipment and storage medium | |
| CN114928540B (en) | Preemption method and device, electronic equipment and storage medium | |
| CN115174447B (en) | Network communication method, device, system, equipment and storage medium | |
| CN115525415B (en) | Data processing method, device, equipment and medium | |
| CN115499332B (en) | Method, device, equipment and medium for monitoring network message | |
| CN116647450A (en) | Modification method, device, equipment and medium of Nginx configuration information | |
| CN118018522A (en) | Network card configuration method, device, equipment and medium | |
| CN116319002A (en) | Single sign-on method, device, gateway equipment and storage medium | |
| CN117596288A (en) | Message transmission method and device, electronic equipment and storage medium | |
| CN116781572A (en) | Service availability detection method, device, equipment and storage medium | |
| CN117493000A (en) | Task processing method, device, equipment and medium | |
| CN116319454A (en) | Method, device, equipment and storage medium for detecting time consumption of application program network | |
| CN118153041A (en) | Control method and related device for malicious keep-alive behavior of application program | |
| CN117424895A (en) | Information sharing method, electronic equipment and storage medium | |
| CN116107878A (en) | Remote debugging method, device, equipment and storage medium | |
| CN117556116A (en) | Method and device for processing request information, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |