CN116827623A - Access request processing method, device and equipment - Google Patents
Access request processing method, device and equipment Download PDFInfo
- Publication number
- CN116827623A CN116827623A CN202310752167.2A CN202310752167A CN116827623A CN 116827623 A CN116827623 A CN 116827623A CN 202310752167 A CN202310752167 A CN 202310752167A CN 116827623 A CN116827623 A CN 116827623A
- Authority
- CN
- China
- Prior art keywords
- address
- list
- access request
- source
- record
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 19
- 238000013475 authorization Methods 0.000 claims abstract description 135
- 238000012545 processing Methods 0.000 claims description 47
- 238000000034 method Methods 0.000 claims description 46
- 238000001514 detection method Methods 0.000 claims description 8
- 239000004973 liquid crystal related substance Substances 0.000 claims description 8
- 230000004044 response Effects 0.000 claims description 8
- 238000004590 computer program Methods 0.000 claims description 4
- 238000010586 diagram Methods 0.000 description 9
- 230000008569 process Effects 0.000 description 5
- 238000012552 review Methods 0.000 description 5
- 230000000694 effects Effects 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
Abstract
The application provides an access request processing method, device and equipment. The application provides an access request processing method, which is applied to a proxy server and comprises the following steps: receiving an access request and acquiring a source IP address of the access request; searching whether a first record corresponding to the source IP address exists in the IP list of the current record; the IP list is recorded with source IP addresses corresponding to unexpired historical access requests; if yes, forwarding the access request when the authorization status information corresponding to the first record is authorized. The access request processing method, the device and the equipment provided by the application can improve the security of the proxy.
Description
Technical Field
The present application relates to the field of information technologies, and in particular, to a method, an apparatus, and a device for processing an access request.
Background
With the rapid growth of the internet, various unknown access requests may attack network resources. Thus, there is a need to protect network resources from unauthorized access.
In the related art, proxy methods such as mitxproxy and red socks only support Basic authentication of HTTP, apache htpasswd file authentication or LDAP authentication when authentication is performed. In these proxy methods, additional authentication information needs to be configured for the proxy client, and thus, once the authentication information is revealed, a great security problem is caused.
Disclosure of Invention
In view of the above, the present application provides a method, apparatus and device for processing an access request, which are used for solving the problem of low security of the existing proxy mode.
Specifically, the application is realized by the following technical scheme:
the first aspect of the present application provides an access request processing method, which is applied to a proxy server, and includes:
receiving an access request and acquiring a source IP address of the access request;
searching whether a first record corresponding to the source IP address exists in the IP list of the current record; the IP list is recorded with source IP addresses corresponding to unexpired historical access requests;
if yes, forwarding the access request when the authorization status information corresponding to the first record is authorized.
Optionally, when the first record corresponding to the source IP address does not exist in the IP list, the method further includes:
refusing to forward the access request;
and adding a second record corresponding to the source IP address in the IP list, and configuring initial expiration time and initial authorization status information for the second record so that the source IP address waits for authorization within the initial expiration time.
Optionally, when the first record corresponding to the source IP address exists in the IP list, the method further includes:
and updating the expiration time corresponding to the first record.
Optionally, the authorization status information of the target IP address in the IP list is updated based on an authorization instruction or a revocation authorization instruction for the target IP address.
Optionally, the method further comprises:
for each IP address in the IP list, deleting the IP address from the IP list when the expiration time of the IP address arrives.
Optionally, the method further comprises:
when detecting a consulting request aiming at the IP list, judging whether a consulting user corresponding to the consulting request is an administrator with authorized authority;
if yes, displaying the IP list to the consulting user so that the consulting user triggers an authorization instruction or a cancel authorization instruction for the IP address in the IP list;
and updating the authorization status information of the target IP address in response to an authorization instruction or a revocation authorization instruction for the target IP address in the IP list.
The second aspect of the application provides an access request processing device, which comprises an acquisition module, a search module and a processing module; wherein, the liquid crystal display device comprises a liquid crystal display device,
the acquisition module is used for receiving an access request and acquiring a source IP address of the access request;
the searching module is used for searching whether a first record corresponding to the source IP address exists in the IP list of the current record; the IP list is recorded with source IP addresses corresponding to unexpired historical access requests;
the processing module is configured to forward the access request when the searching module finds that the first record corresponding to the source IP address exists in the IP list and the authorization status information corresponding to the first record is authorized.
Optionally, the processing module is further configured to refuse to forward the access request when the first record corresponding to the source IP address does not exist in the IP list, add a second record corresponding to the source IP address in the IP list, and configure an initial expiration time and initial authorization status information for the second record, so that the source IP address waits for authorization within the initial expiration time.
Optionally, the processing module is further configured to update an expiration time corresponding to the first record when the searching module finds that the first record corresponding to the source IP address exists in the IP list.
Optionally, the authorization status information of the target IP address in the IP list is updated based on an authorization instruction or a revocation authorization instruction for the target IP address.
Optionally, the processing module is further configured to delete, for each IP address in the IP list, the IP address from the IP list when an expiration time of the IP address arrives.
Optionally, the device further comprises a detection module and a display module; wherein, the liquid crystal display device comprises a liquid crystal display device,
the detection module is used for judging whether a consulting user corresponding to the consulting request is an administrator with authorized authority when the consulting request for the IP list is detected;
the display module is used for displaying the IP list to the consulting user when the detection module judges that the consulting user corresponding to the consulting request is an administrator with authorized authority, so that the consulting user triggers an authorized instruction or a cancel authorized instruction of the IP address in the IP list;
the processing module is further configured to update authorization status information of a target IP address in the IP list in response to an authorization instruction or a revocation authorization instruction for the target IP address.
A third aspect of the application provides an access request processing device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of any one of the methods provided in the first aspect of the application when the program is executed.
According to the access request processing method, the access request processing device and the access request processing equipment, the source IP address of the access request is obtained by receiving the access request, and whether the first record corresponding to the source IP address exists or not is further searched from the IP list of the current record; the source IP address corresponding to the unexpired historical access request is recorded in the IP list, so that when the first record exists in the IP list, the access request is forwarded when the authorization state information corresponding to the first record is authorized. Thus, authentication based on a user name, a password, etc. is not required, authentication can be directly performed based on the source IP address of the access request, and the security of the proxy can be improved.
Drawings
FIG. 1 is a flowchart of a first embodiment of an access request processing method provided by the present application;
FIG. 2 is a flowchart of a second embodiment of an access request processing method provided by the present application;
FIG. 3 is a flowchart of a third embodiment of an access request processing method provided by the present application;
FIG. 4 is a hardware configuration diagram of an access request processing device where the access request processing device provided by the present application is located;
FIG. 5 is a schematic diagram of a first embodiment of an access request processing apparatus according to the present application;
fig. 6 is a schematic structural diagram of a second embodiment of an access request processing apparatus according to the present application.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the application. Rather, they are merely examples of apparatus and methods consistent with aspects of the application as detailed in the accompanying claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any or all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used herein to describe various information, these information should not be limited by these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the application. The word "if" as used herein may be interpreted as "at … …" or "at … …" or "responsive to a determination", depending on the context.
The application provides a method, a device and equipment for processing an access request, which are used for solving the problem of low security of the existing proxy mode.
According to the access request processing method, the access request processing device and the access request processing equipment, the source IP address of the access request is obtained by receiving the access request, and whether the first record corresponding to the source IP address exists or not is further searched from the IP list of the current record; the source IP address corresponding to the unexpired historical access request is recorded in the IP list, so that when the first record exists in the IP list, the access request is forwarded when the authorization state information corresponding to the first record is authorized. Thus, authentication based on a user name, a password, etc. is not required, authentication can be directly performed based on the source IP address of the access request, and the security of the proxy can be improved.
Specific examples are given below to describe the technical solution of the present application in detail.
Fig. 1 is a flowchart of a first embodiment of an access request processing method provided by the present application. Referring to fig. 1, the method provided in this embodiment is applied to a proxy server, and the method may include:
s101, receiving an access request and acquiring a source IP address of the access request.
Specifically, an access request is from a client (e.g., from a browser), the access request being a request sent to a target server for requesting the target server to provide a particular resource or service, the access request being forwarded to the target server via a proxy server. Further, the access request may be an HTTP request sent through the browser. The access request may include information such as the time of the request, the resource requested, the method of the request, the parameters of the request, and the source IP address.
Further, after receiving the access request, the proxy server obtains the source IP address of the access request. Wherein the source IP address of the access request refers to the IP address of the device that originated the request, which is unique to identify the identity and location of the device.
S102, searching whether a first record corresponding to the source IP address exists in an IP list of the current record; and the source IP address corresponding to the unexpired historical access request is recorded in the IP list.
Specifically, a plurality of records are recorded in the current recorded IP list, and each record represents information such as a source IP address corresponding to an unexpired historical access request, authorization status information corresponding to the source IP address, expiration time of the source IP address, and the like. Wherein the authorization status information characterizes whether the source IP address is authorized, the authorization status information including authorized and unauthorized. The expiration time characterizes the access request as valid for that time.
Further, the IP list may be stored locally, or may be stored in another device independent of the device. For example, it may be stored in a database server. Accordingly, when the IP list is stored in another device independent of the device, in this step, the IP list may be acquired from the other device.
It should be noted that, the authorization status information of the target IP address in the IP list is updated based on the authorization instruction or the revocation authorization instruction for the target IP address.
Specifically, the authorization status information of the target IP address in the IP list is updated from unauthorized to unauthorized based on the authorization instruction for the target IP address, and the authorization status information of the target IP address in the IP list is updated from authorized to unauthorized based on the revocation authorization instruction for the target IP address. It should be noted that the authorization instruction or the cancel authorization instruction may be an instruction triggered by an administrator, which is a person who has the authority to decide whether to authorize or cancel authorization for a certain IP address.
Further, table 1 is a schematic diagram of an IP list according to an exemplary embodiment of the present application. Referring to table 1, the ip list may be expressed as follows:
table 1IP list
| Source IP address | Authorization status information | Expiration time |
| 192.168.1.1 | Authorized | 2023/5/30/14:52 |
| 192.168.1.2 | Authorized | 2023/5/30/17:20 |
| 192.168.1.3 | Unauthorized use of the device | 2023/5/30/18:00 |
And S103, if so, forwarding the access request when the authorization status information corresponding to the first record is authorized.
Specifically, if the first record corresponding to the source IP address is found from the IP list of the current record, and the authorization status information corresponding to the first record is authorized, it indicates that the IP address is authorized, and at this time, the proxy server forwards the access request.
Further, if the first record corresponding to the source IP address is found from the IP list of the current record, and the authorization status information corresponding to the first record is unauthorized, the source IP address is not yet authorized at this time, and the proxy server refuses to forward the access request at this time.
For example, in one embodiment, the proxy server receives the access request 1, where the source IP address of the access request 1 is 192.168.1.1, and at this time, the proxy server searches the IP list for a first record (the first record in table 1) corresponding to the source IP address, and determines, in combination with table 1, that the authorization status information corresponding to the first record is authorized, and at this time, the proxy server forwards the access request 1.
For another example, in another embodiment, the proxy server receives the access request 2, where the source IP address of the access request 2 is 192.168.1.3, and at this time, the proxy server searches the IP list for the first record (the third record in table 1) of the source IP address, and further determines, in combination with table 1, that the authorization status information corresponding to the source IP address is unauthorized, and at this time, the proxy server refuses to forward the access request 2.
According to the access request processing method, the access request is received, the source IP address of the access request is obtained, and whether a first record corresponding to the source IP address exists or not is further searched from the IP list of the current record; and when the first record exists in the IP list, forwarding the accessed request when the authorization state information corresponding to the first record is authorized. Thus, authentication based on a user name, a password, etc. is not required, authentication can be directly performed based on the source IP address of the access request, and the security of the proxy can be improved.
Optionally, when the first record corresponding to the source IP address exists in the IP list, the method further includes:
and updating the expiration time corresponding to the first record.
Specifically, when the expiration time is characterized by a future expiration time (i.e., the future expiration time expires after the future expiration time arrives), the update process may be to update the expiration time to a time after the expiration time plus a preset duration. Further, when the elapsed time is characterized by the start time plus a specified length of time (i.e., the specified length of time expires from the start time), then the update process may be to update the start time to a value that is the original value plus a preset length of time. It should be noted that, the preset duration or the specified duration is set according to actual needs, and in this embodiment, the preset duration or the specified duration is not limited. For example, the preset time period or the specified time period may be 10 minutes.
Further, in connection with the above example, for example, after forwarding the access request 1, the expiration time corresponding to the first record (the first record in table 1) corresponding to the source IP address 192.168.1.1 is updated to 2023/5/30/15:02.
Further, in the second example, after the proxy server refuses to forward the access request 2, the expiration time of the first record (the third record in table 1) corresponding to the source IP address 192.168.1.3 is updated to 2023/5/30/18:10.
Table 2 is a schematic diagram of an IP list shown in an exemplary embodiment of the present application. Referring to table 2, after updating the expiration time corresponding to the first record, the IP list may be expressed as follows:
table 2IP list
| Source IP address | Authorization status information | Expiration time |
| 192.168.1.1 | Authorized | 2023/5/30/15:02 |
| 192.168.1.2 | Authorized | 2023/5/30/17:30 |
| 192.168.1.3 | Unauthorized use of the device | 2023/5/30/18:10 |
Optionally, for each IP address in the IP list, when the expiration time of the IP address arrives, the IP address is deleted from the IP list.
Specifically, each IP address is provided with an expiration time, and when the proxy server detects that the expiration time of a certain IP address arrives, the IP address is deleted from the IP list.
According to the method provided by the application, the source IP address corresponding to the unexpired historical access request can be recorded in the IP list by updating the IP list, so that access control can be performed based on the IP list, and the access security is improved.
Fig. 2 is a flowchart of a second embodiment of an access request processing method provided by the present application. Referring to fig. 2, the method provided in this embodiment may include:
s201, receiving an access request and acquiring a source IP address of the access request.
Specifically, the specific implementation procedure and implementation principle of this step may refer to the description in step S101, which is not described herein.
S202, searching whether a first record corresponding to the source IP address exists in an IP list of the current record; the IP list is recorded with source IP addresses corresponding to unexpired historical access requests; if yes, go to step S203, if no, go to step S206.
S203, judging whether the authorization status information corresponding to the first record is authorized, if so, executing step S204, and if not, executing step S205.
S204, forwarding the current access request, and updating the expiration time corresponding to the first record.
S205, refusing to forward the access request, and updating the expiration time corresponding to the first record.
Specifically, the specific implementation process and implementation principle of steps S202 to S205 may refer to the foregoing description of steps, and will not be repeated herein.
S206, refusing to forward the access request.
Specifically, if the first record corresponding to the source IP address is not found in the IP list of the current record, this indicates that the source IP address is not authorized yet, and the proxy server refuses to forward the access request.
S207, adding a second record corresponding to the source IP address in the IP list, and configuring initial expiration time and initial authorization status information for the second record so that the source IP address waits for authorization within the expiration time.
Specifically, a second record corresponding to the source IP address is added to the IP list, where the second record includes information such as the source IP address, an initial expiration time, and initial authorization status information. It should be noted that, the initial authorization status information corresponding to the second record is unauthorized. Further, referring to the foregoing description, when the expiration time is characterized by a future expiration time, the initial expiration time may be the current time plus a specified duration (e.g., 10 minutes) later.
For example, in one embodiment, the proxy server receives the access request 3 at 2023/5/30/18:30, where the source IP address of the access request 3 is 192.168.2.1, at this time, the proxy server does not find the first record corresponding to the source IP address in the IP list, at this time, the proxy server refuses to forward the access request 3, and adds the second record corresponding to the source IP address in the IP list. In connection with the above example, for example, the following record is added: the source IP address is 192.168.2.1, the authorization status of the source IP address is unauthorized, and the expiration time of the IP address is 2023/5/30/18:40.
Table 3 is a schematic diagram of an IP list according to an exemplary embodiment of the present application. Referring to table 3, at this time, the IP list may be expressed as follows:
table 3IP list
| Source IP address | Authorization status information | Expiration time |
| 192.168.2.1 | Unauthorized use of the device | 2023/5/30/18:40 |
According to the access request processing method, the access request is received, the source IP address of the access request is obtained, whether the first record corresponding to the source IP address exists or not is further searched from the IP list of the current records, when the first record corresponding to the source IP address does not exist in the IP list, forwarding of the access request is refused, the second record corresponding to the source IP address is added in the IP list, and initial expiration time and initial authorization state information are configured for the second record, so that the source IP address waits for authorization within the expiration time. In this way, an opportunity for obtaining authorization can be provided for the IP address which is not obtained authorization, and then access control is performed based on the IP list, so that the security of access is improved.
Fig. 3 is a flowchart of a third embodiment of an access request processing method provided by the present application. Referring to fig. 3, the method provided in this embodiment, based on the foregoing embodiment, may include:
s301, when a reference request aiming at the IP list is detected, judging whether a reference user corresponding to the reference request is an administrator with authorized authority.
Specifically, the reference request may be from the device or may be from another device independent of the device. For example, the reference request comes from an authorized device independent of the present device.
Further, the review request carries attribute information of the review user, for example, the attribute information may include information such as a user name, a password, or a user identification, and whether the review user is an administrator may be determined based on the attribute information. For example, in one embodiment, the administrator may be a consulting user whose user identifier is a specified identifier, where when the user identifier carried by the consulting request is a specified identifier, the consulting user is considered to be the administrator. For another example, in one embodiment, a particular user name may be assigned to the management source, and when the user name carried by the review request is the particular user name, the review user is the administrator.
And S302, if so, displaying the IP list to the consulting user so that the consulting user triggers an authorization instruction or a cancel authorization instruction for the IP address in the IP list.
Specifically, when the consulting request comes from the device, the IP list is displayed to the consulting user of the local device side. When the consulting request comes from the authorization device independent of the device, the IP list is sent to the authorization device, so that the authorization device displays the IP list to a consulting user at the authorization device side.
In particular, after the IP list is displayed to the administrator, the administrator may trigger an authorization instruction or a revocation authorization instruction for a certain IP address based on the displayed IP list.
When the IP list is stored in another device independent of the device, the IP list may be acquired from the other device.
S303, in response to an authorization instruction or a cancel authorization instruction for a target IP address in the IP list, updating authorization status information of the target IP address.
Specifically, referring to the foregoing description, when the reference request comes from the device, the administrator triggers the authorization instruction or cancels the authorization instruction on the device side based on the displayed IP list, and further, after detecting the authorization instruction of the administrator for the target IP address in the IP list, the device updates the authorization status information of the target IP address to be authorized. Correspondingly, after detecting the revocation authority instruction for the target IP address in the IP list, the device updates the authorization status information of the target IP address to be unauthorized.
Further, when the reference request comes from an authorization device independent of the device, at this time, the administrator triggers an authorization instruction or a revocation authorization instruction on the authorization device, and after the authorization device detects the authorization instruction or the revocation authorization instruction, the authorization instruction or the revocation authorization designation is sent to the device, and the device responds to the authorization instruction or the revocation authorization instruction to update the authorization status information of the target IP address.
It should be noted that, referring to the foregoing description, after the IP list is stored in another device independent of the present device, the updated IP list may be returned to the other device.
According to the access request processing method provided by the embodiment, when the reference request for the IP list is detected, whether the reference user corresponding to the reference request is an administrator with authorization authority is judged, and then the IP list is displayed to the reference user when the reference user corresponding to the reference request is the administrator with authorization authority, so that the reference user triggers an authorization instruction or a cancel authorization instruction for the IP address in the IP list, and the authorization state information of the target IP address is updated in response to the authorization instruction or the cancel authorization instruction for the target IP address in the IP list. Thus, an authorization method is provided, which can enable an administrator to authorize or cancel the authorization of the IP address, and a method for maintaining the IP list is provided, and further, the access security can be improved by performing access control through the maintained IP list.
The application also provides an embodiment of the access request processing device corresponding to the embodiment of the access request processing method.
The embodiment of the access request processing device provided by the application can be applied to the access request processing equipment. The apparatus embodiments may be implemented by software, or may be implemented by hardware or a combination of hardware and software. Taking a software implementation as an example, the device in a logic sense is formed by reading corresponding computer program instructions in the nonvolatile memory into the memory by the processor of the access request processing device where the device is located. In terms of hardware, as shown in fig. 4, a hardware structure diagram of an access request processing device where an access request processing apparatus provided by the present application is shown, except for a processor, a memory, a network interface, and a nonvolatile memory shown in fig. 4, where the access request processing device where the apparatus is located in an embodiment generally includes other hardware according to an actual function of the access request processing apparatus, which is not described herein again.
Fig. 5 is a schematic structural diagram of a first embodiment of an access request processing apparatus according to the present application. Referring to fig. 5, the apparatus provided in this embodiment may include an obtaining module 510, a searching module 520, and a processing module 530, where,
the obtaining module 510 is configured to receive an access request, and obtain a source IP address of the access request.
The searching module 520 is configured to search whether a first record corresponding to the source IP address exists in the IP list of the current record; and the source IP address corresponding to the unexpired historical access request is recorded in the IP list.
The processing module 530 is configured to forward the access request when the searching module finds that the first record corresponding to the source IP address exists in the IP list and the authorization status information corresponding to the first record is authorized.
The processing module 530 is further configured to refuse to forward the access request when the searching module finds that the first record corresponding to the source IP address exists in the IP list and the authorization status information corresponding to the first record is unauthorized.
The processing module 530 is further configured to refuse to forward the access request when the searching module finds that the first record corresponding to the source IP address does not exist in the IP list, add a second record corresponding to the source IP address in the IP list, and configure an initial expiration time and initial authorization status information for the second record, so that the source IP address waits for authorization within the initial expiration time.
The processing module 530 is further configured to update an expiration time corresponding to a first record corresponding to the source IP address when the searching module finds that the first record exists in the IP list. The processing module 530 is further configured to delete, for each IP address in the IP list, the IP address from the IP list when an expiration time of the IP address arrives.
The device provided in this embodiment may be used to implement the technical solutions of the method embodiments shown in fig. 1 and fig. 2, and its implementation principle and technical effects are similar, and are not described here again.
According to the access request processing device provided by the embodiment, by receiving an access request and acquiring a source IP address of the access request, whether a first record corresponding to the source IP address exists or not is further searched from an IP list of current records; and when the first record exists in the IP list, forwarding the accessed request when the authorization state information corresponding to the first record is authorized. Thus, authentication based on a user name, a password, etc. is not required, authentication can be directly performed based on the source IP address of the access request, and the security of the proxy can be improved.
Optionally, the authorization status information of the target IP address in the IP list is updated based on an authorization instruction or a revocation authorization instruction for the target IP address.
Fig. 6 is a schematic structural diagram of a second embodiment of an access request processing apparatus according to the present application. Referring to fig. 6, the apparatus provided in this embodiment may further include a detection module 540 and a display module 550 based on the first embodiment, where,
the detecting module 540 is configured to, when detecting a reference request for the IP list, determine whether a reference user corresponding to the reference request is an administrator with authorized rights.
The display module 550 is configured to determine, at the detection module, that the reference user corresponding to the reference request is an administrator with authorization authority, and display the IP list to the reference user, so that the reference user triggers an authorization instruction or a revocation authorization instruction for an IP address in the IP list.
The processing module 530 is further configured to update authorization status information of a target IP address in the IP list in response to an authorization instruction or a revocation authorization instruction for the target IP address.
The device provided in this embodiment may be used to implement the technical scheme of the method embodiment shown in fig. 3, and its implementation principle and technical effects are similar, and will not be described here again.
Access request processing device provided in this embodiment , When a consulting request for the IP list is detected, whether a consulting user corresponding to the consulting request is an administrator with authorization authority is judged, and then the IP list is displayed to the consulting user when the consulting user corresponding to the consulting request is the administrator with authorization authority, so that the consulting user triggers an authorization instruction or a cancel authorization instruction for the IP address in the IP list, and the authorization state information of the target IP address is updated in response to the authorization instruction or the cancel authorization instruction for the target IP address in the IP list. Thus, an authorization method is provided, which can enable an administrator to authorize or cancel the authorization of the IP address, and a method for maintaining the IP list is provided, and further, the access security can be improved by performing access control through the maintained IP list.
With continued reference to fig. 4, the present application further provides an access request processing apparatus, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps of any one of the methods provided in the first aspect of the present application when the processor executes the program.
The implementation process of the functions and roles of each unit in the above device is specifically shown in the implementation process of the corresponding steps in the above method, and will not be described herein again.
For the device embodiments, reference is made to the description of the method embodiments for the relevant points, since they essentially correspond to the method embodiments. The apparatus embodiments described above are merely illustrative, wherein the elements illustrated as separate elements may or may not be physically separate, and the elements shown as elements may or may not be physical elements, may be located in one place, or may be distributed over a plurality of network elements. Some or all of the modules may be selected according to actual needs to achieve the purposes of the present application. Those of ordinary skill in the art will understand and implement the present application without undue burden.
The foregoing description of the preferred embodiments of the application is not intended to be limiting, but rather to enable any modification, equivalent replacement, improvement or the like to be made within the spirit and principles of the application.
Claims (13)
1. An access request processing method, wherein the method is applied to a proxy server, and the method comprises:
receiving an access request and acquiring a source IP address of the access request;
searching whether a first record corresponding to the source IP address exists in the IP list of the current record; the IP list is recorded with source IP addresses corresponding to unexpired historical access requests;
if yes, forwarding the access request when the authorization status information corresponding to the first record is authorized.
2. The method of claim 1, wherein when the IP list does not have the first record corresponding to the source IP address, the method further comprises:
refusing to forward the access request;
and adding a second record corresponding to the source IP address in the IP list, and configuring initial expiration time and initial authorization status information for the second record so that the source IP address waits for authorization within the initial expiration time.
3. The method of claim 1, wherein when the IP list has a first record corresponding to the source IP address, the method further comprises:
and updating the expiration time corresponding to the first record.
4. The method of claim 1, wherein the authorization status information for a target IP address in the IP list is updated based on an authorization instruction or a revocation authorization instruction for the target IP address.
5. The method of claim 1, the method further comprising:
for each IP address in the IP list, deleting the IP address from the IP list when the expiration time of the IP address arrives.
6. The method of claim 4, the method further comprising:
when detecting a consulting request aiming at the IP list, judging whether a consulting user corresponding to the consulting request is an administrator with authorized authority;
if yes, displaying the IP list to the consulting user so that the consulting user triggers an authorization instruction or a cancel authorization instruction for the IP address in the IP list;
and updating the authorization status information of the target IP address in response to an authorization instruction or a revocation authorization instruction for the target IP address in the IP list.
7. An access request processing device is characterized by comprising an acquisition module, a search module and a processing module; wherein, the liquid crystal display device comprises a liquid crystal display device,
the acquisition module is used for receiving an access request and acquiring a source IP address of the access request;
the searching module is used for searching whether a first record corresponding to the source IP address exists in the IP list of the current record; the IP list is recorded with source IP addresses corresponding to unexpired historical access requests;
the processing module is configured to forward the access request when the searching module finds that the first record corresponding to the source IP address exists in the IP list and the authorization status information corresponding to the first record is authorized.
8. The apparatus of claim 7, wherein the processing module is further configured to refuse to forward the access request and add a second record corresponding to the source IP address to the IP list when the lookup module finds that the first record corresponding to the source IP address does not exist in the IP list, and configure an initial expiration time and initial authorization status information for the second record so that the source IP address waits for authorization within the initial expiration time.
9. The apparatus of claim 7, wherein the processing module is further configured to update an expiration time corresponding to a first record corresponding to the source IP address when the lookup module finds that the first record exists in the IP list.
10. The apparatus of claim 7, wherein the authorization status information for a target IP address in the IP list is updated based on an authorization instruction or a revocation authorization instruction for the target IP address.
11. The apparatus of claim 7, wherein the processing module is further configured to delete each IP address in the IP list from the IP list when an expiration time for the IP address arrives.
12. The apparatus of claim 7, further comprising a detection module and a display module; wherein, the liquid crystal display device comprises a liquid crystal display device,
the detection module is used for judging whether a consulting user corresponding to the consulting request is an administrator with authorized authority when the consulting request for the IP list is detected;
the display module is used for displaying the IP list to the consulting user when the detection module judges that the consulting user corresponding to the consulting request is an administrator with authorized authority, so that the consulting user triggers an authorized instruction or a cancel authorized instruction of the IP address in the IP list;
the processing module is further configured to update authorization status information of a target IP address in the IP list in response to an authorization instruction or a revocation authorization instruction for the target IP address.
13. An access request processing device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the method according to any of claims 1-6 when the program is executed by the processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310752167.2A CN116827623A (en) | 2023-06-25 | 2023-06-25 | Access request processing method, device and equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310752167.2A CN116827623A (en) | 2023-06-25 | 2023-06-25 | Access request processing method, device and equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116827623A true CN116827623A (en) | 2023-09-29 |
Family
ID=88142353
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310752167.2A Pending CN116827623A (en) | 2023-06-25 | 2023-06-25 | Access request processing method, device and equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116827623A (en) |
-
2023
- 2023-06-25 CN CN202310752167.2A patent/CN116827623A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111600856B (en) | Safety system of operation and maintenance of data center | |
| CN105939326B (en) | Method and device for processing message | |
| CN102104592B (en) | Session migration between network policy servers | |
| JP4544417B2 (en) | List management server, list management system, list management method and program | |
| US20140122580A1 (en) | Proxy based network communications | |
| US8739255B2 (en) | Replicating selected secrets to local domain controllers | |
| CN107682361B (en) | Website vulnerability scanning method and device, computer equipment and storage medium | |
| JP2005072639A (en) | Apparatus, method and program for assigning identifier | |
| CN108418806B (en) | Message processing method and device | |
| WO2012117253A1 (en) | An authentication system | |
| US20210105251A1 (en) | Ip address access based on security level and access history | |
| US20080189286A1 (en) | System For Managing And Protecting Personal Information On Internet And Method Thereof | |
| EP3790259A1 (en) | Communication device and communication method | |
| JP2013179489A (en) | Apparatus management device, apparatus management method, and apparatus management program | |
| EP3332533A1 (en) | Parallel detection of updates to a domain name system record system using a common filter | |
| CN114244575A (en) | Automatic route hijacking blocking method and device | |
| CN116827623A (en) | Access request processing method, device and equipment | |
| CN113039764B (en) | Method and system for providing access to data stored in a secure data area of a cloud platform | |
| US8955156B2 (en) | Method and apparatus for securely providing postal address data to client devices | |
| CN106453408B (en) | Method and device for preventing counterfeit offline attack | |
| JP6536109B2 (en) | Security management system and security management method | |
| JP6852752B2 (en) | Security management system and security management method | |
| US7200661B2 (en) | System and method for registering a client device | |
| KR101448953B1 (en) | Security system and operating method thereof | |
| KR20180072899A (en) | System and method for gs1 based thing information searching service |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |