CN117319481A - Port resource reverse proxy method, system and storage medium - Google Patents
Port resource reverse proxy method, system and storage medium Download PDFInfo
- Publication number
- CN117319481A CN117319481A CN202311604842.3A CN202311604842A CN117319481A CN 117319481 A CN117319481 A CN 117319481A CN 202311604842 A CN202311604842 A CN 202311604842A CN 117319481 A CN117319481 A CN 117319481A
- Authority
- CN
- China
- Prior art keywords
- proxy
- port
- determining
- access request
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 35
- 238000004891 communication Methods 0.000 claims description 42
- 238000004806 packaging method and process Methods 0.000 claims description 4
- 230000000694 effects Effects 0.000 abstract description 5
- 238000005516 engineering process Methods 0.000 description 9
- 230000008569 process Effects 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000012545 processing Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 2
- 239000002699 waste material Substances 0.000 description 2
- 230000001133 acceleration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/2895—Intermediate processing functionally located close to the data provider application, e.g. reverse proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/562—Brokering proxy services
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The application discloses a port resource reverse proxy method, a system and a storage medium, wherein the method comprises the following steps: when a target access request is received, determining access basic information according to the target access request; determining port characteristics in the access basic information and determining a proxy strategy according to the port characteristics; determining the port proxy identity according to the proxy strategy and the access basic information; and when receiving a feedback signal corresponding to the target access request, sending the feedback signal to the target object according to the port proxy identity. By acquiring the port characteristics to determine the proxy policy and combining the access basic information to determine the port proxy identity, the technical effect that when the feedback signal of the target access request is received, the feedback signal can be accurately sent to the target object according to the port proxy identity is realized.
Description
Technical Field
The present invention relates to the field of port proxy, and in particular, to a port resource reverse proxy method, system and storage medium.
Background
With the development of computer networks, many companies, organizations, and communities have internally formed internal local area networks, and in general, internal local area networks need to connect to the Internet in order to obtain information from the Internet. For company information security, proxy servers are generally used to proxy Internet connection requests from internal local area networks, where clients in the local area network must designate proxy servers and send connection requests to be sent directly to a target server on the Internet to the proxy servers, and the proxy servers access the target servers. Instead of accessing a fixed server for requests of clients on the Internet, a proxy server is designed to search for a plurality of indeterminate servers on the Internet, so that a conventional proxy server does not support external access requests to an internal network.
If a proxy server is capable of proxy access to an internal network by a client on an external network, then this proxy service is referred to as a reverse proxy service and the proxy server is referred to as a reverse proxy server. The reverse proxy server now appears to the outside as a normal server, and clients on the external network can access the reverse proxy server as a server to be accessed by the client without requiring a specific configuration. The reverse proxy server does not actually process the client request from the external network, but forwards the request to the actual server on the internal network for processing. The conventional reverse proxy technology in the prior art has the following disadvantages:
1. when deployment, the IP address of the internal server is needed to be preposed on the reverse proxy server;
2. the internal server needs to modify its IP address;
3. the reverse proxy server needs to configure a new IP address to communicate with the internal server; and
4. the internal server cannot obtain the actual visitor IP and thus cannot be further analyzed.
Therefore, how to improve accuracy and rationality of the reverse proxy when receiving the access request becomes a technical problem to be solved urgently.
Disclosure of Invention
In order to improve accuracy and rationality of a reverse proxy when an access request is received, the application provides a port resource reverse proxy method, a port resource reverse proxy system and a storage medium.
In a first aspect, the method for port resource reverse proxy provided by the present application adopts the following technical scheme:
a port resource reverse proxy method, comprising:
when a target access request is received, determining access basic information according to the target access request;
determining port features in the access basis information;
determining a proxy strategy according to the port characteristics;
determining a port proxy identity according to the proxy strategy and the access basic information;
when receiving a feedback signal corresponding to the target access request, sending the feedback signal to a target object according to the port proxy identity;
the step of determining access basic information according to the target access request when the target access request is received comprises the following steps:
when a target access request is received, judging whether a preset agent requirement is met or not according to the target access request;
if yes, determining access basic information according to the target access request;
if not, acquiring a judging result and sending the judging result to a preset port to receive an authority changing instruction from the preset port;
the step of determining a proxy policy according to the port features includes:
determining physical and communication characteristics among the port characteristics;
generating a physical label according to the physical characteristics;
generating a communication tag according to the communication characteristics;
traversing in a preset proxy strategy set according to the physical tag and the communication tag to determine a proxy strategy.
Optionally, the step of traversing in a preset proxy policy set according to the physical tag and the communication tag to determine a proxy policy includes:
acquiring a preset proxy strategy set and a current network environment;
determining an environment subset in the preset proxy strategy set according to the current network environment;
traversing in the subset of environments according to the physical tags and the communication tags to determine a proxy policy.
Optionally, the step of determining an environment subset from the preset proxy policy set according to the current network environment includes:
acquiring a security tag in a current network environment;
determining a network security level according to the security tag;
determining subset defining conditions according to the network security level;
and determining an environment subset in the preset agent strategy set according to the subset limiting condition.
Optionally, the step of determining the port proxy identity according to the proxy policy in combination with the access basic information includes:
acquiring a proxy mode set in the proxy strategy;
determining a policy weight according to the access basic information;
and determining the port proxy identity according to the policy weight and the proxy mode set.
Optionally, the step of sending the feedback signal to the target object according to the port proxy identity when receiving the feedback signal corresponding to the target access request includes:
when receiving a feedback signal corresponding to the target access request, determining a feedback target and feedback content according to the feedback signal;
determining a target object according to the port proxy identity and the feedback target;
judging whether content packaging is needed according to the feedback content;
if yes, generating target content according to the agent strategy in combination with the feedback content and sending the target content to the target object.
In a second aspect, the present application provides a port resource reverse proxy system, including:
the basic information module is used for determining access basic information according to the target access request when the target access request is received;
the port characteristic module is used for determining port characteristics in the access basic information;
the proxy policy module is used for determining a proxy policy according to the port characteristics;
the port proxy identity module is used for determining the port proxy identity according to the proxy strategy and the access basic information;
the feedback signal module is used for sending the feedback signal to a target object according to the port proxy identity when receiving the feedback signal corresponding to the target access request;
the basic information module is further used for judging whether a preset agent requirement is met or not according to the target access request when the target access request is received;
if yes, determining access basic information according to the target access request;
if not, acquiring a judging result and sending the judging result to a preset port to receive an authority changing instruction from the preset port;
wherein the proxy policy module is further configured to determine a physical feature and a communication feature in the port features;
generating a physical label according to the physical characteristics;
generating a communication tag according to the communication characteristics;
traversing in a preset proxy strategy set according to the physical tag and the communication tag to determine a proxy strategy.
In a third aspect, the present application provides a computer device, the device comprising: a memory, a processor which, when executing the computer instructions stored by the memory, performs the method as claimed in any one of the preceding claims.
In a fourth aspect, the present application provides a computer readable storage medium comprising instructions which, when run on a computer, cause the computer to perform a method as described above.
In summary, the present application includes the following beneficial technical effects:
when a target access request is received, determining access basic information according to the target access request; determining port characteristics in the access basic information and determining a proxy strategy according to the port characteristics; determining the port proxy identity according to the proxy strategy and the access basic information; and when receiving a feedback signal corresponding to the target access request, sending the feedback signal to the target object according to the port proxy identity. By acquiring the port characteristics to determine the proxy policy and combining the access basic information to determine the port proxy identity, the technical effect that when receiving the feedback signal of the target access request, the feedback signal can be sent to the target object according to the port proxy identity is realized.
Drawings
FIG. 1 is a schematic diagram of a computer device architecture of a hardware operating environment according to an embodiment of the present application.
Fig. 2 is a flowchart of a first embodiment of a port resource reverse proxy method according to the present application.
Fig. 3 is a block diagram of a first embodiment of a port resource reverse proxy system of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application will be further described in detail by means of the accompanying drawings and examples. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the present application.
Referring to fig. 1, fig. 1 is a schematic diagram of a computer device structure of a hardware running environment according to an embodiment of the present application.
As shown in fig. 1, the computer device may include: a processor 1001, such as a central processing unit (Central Processing Unit, CPU), a communication bus 1002, a user interface 1003, a network interface 1004, a memory 1005. Wherein the communication bus 1002 is used to enable connected communication between these components. The user interface 1003 may include a Display, an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may further include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a Wireless interface (e.g., a Wireless-Fidelity (Wi-Fi) interface). The Memory 1005 may be a high-speed random access Memory (Random Access Memory, RAM) or a stable nonvolatile Memory (NVM), such as a disk Memory. The memory 1005 may also optionally be a storage device separate from the processor 1001 described above.
Those skilled in the art will appreciate that the architecture shown in fig. 1 is not limiting of a computer device and may include more or fewer components than shown, or may combine certain components, or a different arrangement of components.
As shown in fig. 1, an operating system, a network communication module, a user interface module, and a port resource reverse-proxy program may be included in the memory 1005 as one type of storage medium.
In the computer device shown in fig. 1, the network interface 1004 is mainly used for data communication with a network server; the user interface 1003 is mainly used for data interaction with a user; the processor 1001 and the memory 1005 in the present application may be provided in a computer device, where the computer device calls, through the processor 1001, a port resource reverse proxy program stored in the memory 1005, and executes a port resource reverse proxy method provided in the embodiment of the present application.
An embodiment of the present application provides a port resource reverse proxy method, and referring to fig. 2, fig. 2 is a schematic flow chart of a first embodiment of the port resource reverse proxy method.
In this embodiment, the port resource reverse proxy method includes the following steps:
step S10: and when the target access request is received, determining access basic information according to the target access request.
In order to determine whether the current port meets the preset proxy requirement, when a target access request is received, determining access basic information according to the target access request includes: step S101: when a target access request is received, judging whether a preset agent requirement is met according to the target access request; step S102: if yes, determining access basic information according to the target access request; step S103: if not, acquiring a judging result and sending the judging result to the preset port to receive the permission changing instruction from the preset port.
It should be noted that, the reverse proxy server is located between the user and the target server, but the reverse proxy server is equivalent to the target server for the user, that is, the user directly accesses the reverse proxy server to obtain the resources of the target server. Meanwhile, the user does not need to know the address of the target server or make any setting at the user side. Reverse proxy servers are commonly used as Web acceleration, i.e., using reverse proxy as a front-end of Web server to reduce network and server load and improve access efficiency.
It can be understood that the embodiment is one of the reverse proxy and the executable technical scheme, and the execution subject of the embodiment may be an intelligent device with a computing function or other electronic terminals with the same function, which is not limited herein. In the following description, the execution body of the present embodiment will be described by taking a port resource reverse proxy device as an example.
The data information of the target access request generated when the internal network transmits the connection request to the external network is the target access request.
It can be understood that the determination of the access basic information according to the target access request is by obtaining a data packet corresponding to the target access request, and obtaining information corresponding to the key byte according to the determined position of the key byte in the data packet. Wherein the target access request comprises: intranet address, target access address, access port information, access content type, etc.
In a specific implementation, when a target access request is received, determining access basic information according to the target access request is performed by monitoring intranet data in real time, and when the intranet is determined to need to perform access request to the extranet, obtaining the target access request and determining the access basic information in the target access request.
It should be noted that, the preset proxy requirement refers to a corresponding constraint condition as to whether the current port meets the proxy requirement. In this embodiment, whether to meet the preset proxy requirement is determined according to the target access request by determining the current port usage and the basic attribute in the target access request. And when at least one of the use condition and the basic attribute does not meet the limiting condition corresponding to the preset agent requirement, the corresponding preset agent requirement is judged not to be met.
It can be understood that, the judgment result refers to the content of the result corresponding to the judgment of whether the port meets the preset proxy requirement through the target access request in the embodiment, and the judgment result carries the corresponding unsatisfied condition.
In a specific implementation, the permission change instruction is an instruction for dynamically allocating ports, if the port a does not meet the current preset proxy requirement, all the current port sets meeting the preset proxy requirement are acquired, and the corresponding ports are selected from the port sets to realize the reverse proxy. According to the embodiment, a dynamic port pool technology is adopted to manage port resources, and dynamic allocation and recovery are carried out according to the service condition of the ports, so that the optimal utilization of the port resources is realized. Meanwhile, the embodiment supports a multi-device scene, can realize reverse proxy among multiple devices, and improves the expandability and flexibility of the reverse proxy. Compared with the traditional reverse proxy technology, the technology has the following advantages: the port resource utilization rate is high: the technology adopts a dynamic port pool technology, and can dynamically allocate and recover according to the service condition of the ports, thereby realizing the optimal utilization of the port resources and avoiding the resource waste. The expandability is stronger: the technology supports a multi-device scene, can realize reverse proxy among multiple devices, and improves the expandability and flexibility of the reverse proxy. Reverse proxy efficiency is higher: the technology can realize the optimal utilization of port resources through the dynamic port pool technology, and improves the efficiency and reliability of the reverse proxy.
Step S20: the port characteristics are determined in the access basis information.
It should be noted that, determining the port feature in the access basic information is mainly to determine the basic attribute of the port, where the port is an interpretation of an english port, and may be considered as an outlet where the device communicates with the outside. Ports can be divided into virtual ports and physical ports, where virtual ports refer to ports within a computer or within a switch router that are not visible. Such as 80 ports, 21 ports, 23 ports, etc. in a computer. The physical ports are also called interfaces, and are visible ports, RJ45 network ports of a computer backboard, RJ45 ports of a switch router hub and the like. The use of RJ11 jacks by phones also falls into the category of physical ports.
In a specific implementation, the port feature is determined by acquiring corresponding port parameters from the access basic information, and in order to combine the existing use cases, the acquired port feature can be further verified in a history manner by accessing the port work log after the port is determined.
Step S30: and determining the proxy strategy according to the port characteristics.
Wherein, in order to realize the rationality of the proxy policy determination, the step of determining the proxy policy according to the port characteristics includes: step S301: determining physical features and communication features in the port features; step S302: generating a physical label according to the physical characteristics; step S303: generating a communication tag according to the communication characteristics; step S304: traversing in a preset proxy strategy set according to the physical label and the communication label to determine the proxy strategy.
In this embodiment, the physical characteristics refer to physical characteristics of the port, for example, a port type, and the communication port refers to protocol characteristics and software characteristics of the port.
In a specific implementation, the physical tag and the communication tag are traversed in the preset proxy policy set according to the physical tag and the communication tag, and the physical tag and the communication tag are used as traversing conditions. Acquiring a preset proxy strategy set, and matching corresponding proxy strategies in the preset proxy strategy set by combining the traversal conditions.
It should be noted that, the step of traversing in the preset proxy policy set according to the physical tag and the communication tag to determine the proxy policy includes: acquiring a preset proxy strategy set and a current network environment; determining an environment subset in a preset proxy strategy set according to the current network environment; traversal is performed in the subset of environments based on the physical tags and the communication tags to determine the proxy policy.
It should be noted that, the determination of the current network environment may further define the scope of the policy, so in order to reduce the waste of subsequent computing resources, it is necessary to determine the network environment first, determine the environment subset according to the network environment, and traverse in the environment subset according to the physical tag and the communication tag to determine the proxy policy.
It will be appreciated that the current network environment may be a secure environment of a network or a communication environment of a network in this embodiment, which is not limited herein. The present embodiment is described by taking a network security environment as an example.
It should be noted that, the step of determining the subset of environments in the preset proxy policy set according to the current network environment includes: acquiring a security tag in a current network environment; determining the network security level according to the security tag; determining subset defining conditions according to the network security level; the subset of environments is determined in a preset set of proxy policies according to subset defining conditions.
Step S40: and determining the port proxy identity according to the proxy strategy and the access basic information.
It should be noted that, the step of determining the port proxy identity according to the proxy policy in combination with the access basic information includes: acquiring a proxy mode set in a proxy strategy; determining a policy weight according to the access basic information; and determining the port proxy identity according to the policy weight and the proxy mode set.
It will be understood that the policy weights in this embodiment refer to the adjustment weights of each element in a specific proxy policy. For example: in the agent A strategy, specific network information of the agent is selected from B and C, wherein the strategy weights corresponding to B and C are used as reference factors for preferentially selecting the adjustment direction.
It should be noted that, according to the access basic information, the determination policy weight is set in this embodiment to determine a specific data feature corresponding to each basic information in the access basic information after the access basic information is acquired. And determining a data deviation result of each type of data compared with a preset model according to the data characteristic analysis, and taking the data deviation result as weight information corresponding to the type.
Step S50: and when receiving a feedback signal corresponding to the target access request, sending the feedback signal to the target object according to the port proxy identity.
Further, in order to reasonably send the feedback signal to the target object, when receiving the feedback signal corresponding to the target access request, the step of sending the feedback signal to the target object according to the port proxy identity includes: when receiving a feedback signal corresponding to the target access request, determining a feedback target and feedback content according to the feedback signal; determining a target object according to the port proxy identity in combination with a feedback target; judging whether content packaging is needed according to the feedback content; if yes, generating target content according to the agent strategy in combination with the feedback content and sending the target content to the target object.
It should be noted that determining the feedback target and the feedback content according to the feedback signal refers to acquiring a corresponding feedback content portion and a feedback target portion in the feedback signal when the feedback signal is received, where the feedback target portion is corresponding network address information.
In specific implementation, the target object is determined according to the port proxy identity in combination with the feedback target, the port proxy identity is a virtual address generated after the port is reversely proxy by the proxy policy, and the identity represented by the virtual address is the port proxy identity.
When receiving a target access request, the embodiment determines access basic information according to the target access request; determining port characteristics in the access basic information and determining a proxy strategy according to the port characteristics; determining the port proxy identity according to the proxy strategy and the access basic information; and when receiving a feedback signal corresponding to the target access request, sending the feedback signal to the target object according to the port proxy identity. By acquiring the port characteristics to determine the proxy policy and combining the access basic information to determine the port proxy identity, the technical effect that when receiving the feedback signal of the target access request, the feedback signal can be sent to the target object according to the port proxy identity is realized.
In addition, the embodiment of the application further provides a computer readable storage medium, wherein the storage medium stores a program of the port resource reverse proxy, and the program of the port resource reverse proxy realizes the steps of the method of the port resource reverse proxy when being executed by a processor.
Referring to fig. 3, fig. 3 is a block diagram of a first embodiment of a port resource reverse proxy system according to the present application.
As shown in fig. 3, the port resource reverse proxy system provided in the embodiment of the present application includes:
a basic information module 10, configured to determine access basic information according to a target access request when receiving the target access request;
a port feature module 20 for determining a port feature in the access base information;
a proxy policy module 30 for determining a proxy policy based on the port characteristics;
a port proxy identity module 40, configured to determine a port proxy identity according to the proxy policy in combination with the access base information;
the feedback signal module 50 is configured to send, when receiving a feedback signal corresponding to the target access request, the feedback signal to a target object according to the port proxy identity;
the basic information module 10 is further configured to determine, when a target access request is received, whether a preset proxy requirement is met according to the target access request;
if yes, determining access basic information according to the target access request;
if not, acquiring a judging result and sending the judging result to a preset port to receive an authority changing instruction from the preset port;
wherein the proxy policy module 30 is further configured to determine a physical feature and a communication feature in the port features;
generating a physical label according to the physical characteristics;
generating a communication tag according to the communication characteristics;
traversing in a preset proxy strategy set according to the physical tag and the communication tag to determine a proxy strategy.
It should be understood that the foregoing is merely illustrative, and the technical solutions of the present application are not limited in any way, and those skilled in the art may set the technical solutions according to the needs in the specific application, and the present application is not limited thereto.
When receiving a target access request, the embodiment determines access basic information according to the target access request; determining port characteristics in the access basic information and determining a proxy strategy according to the port characteristics; determining the port proxy identity according to the proxy strategy and the access basic information; and when receiving a feedback signal corresponding to the target access request, sending the feedback signal to the target object according to the port proxy identity. By acquiring the port characteristics to determine the proxy policy and combining the access basic information to determine the port proxy identity, the technical effect that when receiving the feedback signal of the target access request, the feedback signal can be sent to the target object according to the port proxy identity is realized.
In an embodiment, the proxy policy module 30 is further configured to obtain a preset proxy policy set and a current network environment; determining an environment subset in a preset proxy strategy set according to the current network environment; traversal is performed in the subset of environments based on the physical tags and the communication tags to determine the proxy policy.
In one embodiment, the proxy policy module 30 is further configured to obtain a security tag in the current network environment; determining the network security level according to the security tag; determining subset defining conditions according to the network security level; the subset of environments is determined in a preset set of proxy policies according to subset defining conditions.
In an embodiment, the port proxy identity module 40 is further configured to obtain a proxy mode set in a proxy policy; determining a policy weight according to the access basic information; and determining the port proxy identity according to the policy weight and the proxy mode set.
In an embodiment, the feedback signal module 50 is further configured to determine, when receiving a feedback signal corresponding to the target access request, a feedback target and feedback content according to the feedback signal; determining a target object according to the port proxy identity in combination with a feedback target; judging whether content packaging is needed according to the feedback content; if yes, generating target content according to the agent strategy in combination with the feedback content and sending the target content to the target object.
It should be noted that the above-described working procedure is merely illustrative, and does not limit the scope of protection of the present application, and in practical application, a person skilled in the art may select part or all of them according to actual needs to achieve the purpose of the embodiment, which is not limited herein.
In addition, technical details that are not described in detail in this embodiment may refer to a method for port resource reverse proxy provided in any embodiment of the present application, which is not described herein.
Furthermore, it should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The foregoing embodiment numbers of the present application are merely for describing, and do not represent advantages or disadvantages of the embodiments.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. Read Only Memory (ROM)/RAM, magnetic disk, optical disk) and including several instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method of the embodiments of the present application.
The foregoing description is only of the preferred embodiments of the present application, and is not intended to limit the scope of the claims, and all equivalent structures or equivalent processes using the descriptions and drawings of the present application, or direct or indirect application in other related technical fields are included in the scope of the claims of the present application.
Claims (8)
1. A port resource reverse proxy method, comprising:
when a target access request is received, determining access basic information according to the target access request;
determining port features in the access basis information;
determining a proxy strategy according to the port characteristics;
determining a port proxy identity according to the proxy strategy and the access basic information;
when receiving a feedback signal corresponding to the target access request, sending the feedback signal to a target object according to the port proxy identity;
the step of determining access basic information according to the target access request when the target access request is received comprises the following steps:
when a target access request is received, judging whether a preset agent requirement is met or not according to the target access request;
if yes, determining access basic information according to the target access request;
if not, acquiring a judging result and sending the judging result to a preset port to receive an authority changing instruction from the preset port;
the step of determining a proxy policy according to the port features includes:
determining physical and communication characteristics among the port characteristics;
generating a physical label according to the physical characteristics;
generating a communication tag according to the communication characteristics;
traversing in a preset proxy strategy set according to the physical tag and the communication tag to determine a proxy strategy.
2. The port resource reverse proxy method of claim 1, wherein the step of traversing in a preset proxy policy set according to the physical tag and the communication tag to determine a proxy policy comprises:
acquiring a preset proxy strategy set and a current network environment;
determining an environment subset in the preset proxy strategy set according to the current network environment;
traversing in the subset of environments according to the physical tags and the communication tags to determine a proxy policy.
3. The port resource reverse proxy method according to claim 2, wherein the step of determining a subset of environments in the preset proxy policy set according to the current network environment comprises:
acquiring a security tag in a current network environment;
determining a network security level according to the security tag;
determining subset defining conditions according to the network security level;
and determining an environment subset in the preset agent strategy set according to the subset limiting condition.
4. The port resource reverse proxy method of claim 1, wherein the step of determining a port proxy identity in accordance with the proxy policy in combination with the access base information comprises:
acquiring a proxy mode set in the proxy strategy;
determining a policy weight according to the access basic information;
and determining the port proxy identity according to the policy weight and the proxy mode set.
5. The port resource reverse proxy method according to claim 1, wherein the step of sending the feedback signal to the target object according to the port proxy identity when receiving the feedback signal corresponding to the target access request comprises:
when receiving a feedback signal corresponding to the target access request, determining a feedback target and feedback content according to the feedback signal;
determining a target object according to the port proxy identity and the feedback target;
judging whether content packaging is needed according to the feedback content;
if yes, generating target content according to the agent strategy in combination with the feedback content and sending the target content to the target object.
6. A port resource reverse proxy system, the port resource reverse proxy system comprising:
the basic information module is used for determining access basic information according to the target access request when the target access request is received;
the port characteristic module is used for determining port characteristics in the access basic information;
the proxy policy module is used for determining a proxy policy according to the port characteristics;
the port proxy identity module is used for determining the port proxy identity according to the proxy strategy and the access basic information;
the feedback signal module is used for sending the feedback signal to a target object according to the port proxy identity when receiving the feedback signal corresponding to the target access request;
the basic information module is further used for judging whether a preset agent requirement is met or not according to the target access request when the target access request is received;
if yes, determining access basic information according to the target access request;
if not, acquiring a judging result and sending the judging result to a preset port to receive an authority changing instruction from the preset port;
wherein the proxy policy module is further configured to determine a physical feature and a communication feature in the port features;
generating a physical label according to the physical characteristics;
generating a communication tag according to the communication characteristics;
traversing in a preset proxy strategy set according to the physical tag and the communication tag to determine a proxy strategy.
7. A computer device, the device comprising: a memory, a processor which, when executing the computer instructions stored by the memory, performs the method of any one of claims 1 to 5.
8. A computer readable storage medium comprising instructions which, when run on a computer, cause the computer to perform the method of any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311604842.3A CN117319481B (en) | 2023-11-29 | 2023-11-29 | Port resource reverse proxy method, system and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311604842.3A CN117319481B (en) | 2023-11-29 | 2023-11-29 | Port resource reverse proxy method, system and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117319481A true CN117319481A (en) | 2023-12-29 |
| CN117319481B CN117319481B (en) | 2024-02-27 |
Family
ID=89255617
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311604842.3A Active CN117319481B (en) | 2023-11-29 | 2023-11-29 | Port resource reverse proxy method, system and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117319481B (en) |
Citations (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101662357A (en) * | 2008-08-29 | 2010-03-03 | 公安部第三研究所 | Method for accessing secure gateway client |
| US9515877B1 (en) * | 2014-07-29 | 2016-12-06 | Crimson Corporation | Systems and methods for enrolling and configuring agents |
| CN106534319A (en) * | 2016-11-22 | 2017-03-22 | 深圳市掌世界网络科技有限公司 | Method for direct access to target server through proxy server |
| US20170118249A1 (en) * | 2015-10-23 | 2017-04-27 | Oracle International Corporation | Managing security agents in a distributed environment |
| US20170279805A1 (en) * | 2016-03-22 | 2017-09-28 | Microsoft Technology Licensing, Llc | Secure resource-based policy |
| CN111460460A (en) * | 2020-04-02 | 2020-07-28 | 北京金山云网络技术有限公司 | Task access method, device, proxy server and machine-readable storage medium |
| US10778724B1 (en) * | 2018-06-29 | 2020-09-15 | Juniper Networks, Inc. | Scalable port range management for security policies |
| CN111756761A (en) * | 2020-06-29 | 2020-10-09 | 杭州安恒信息技术股份有限公司 | Network defense system and method based on flow forwarding and computer equipment |
| CN112637346A (en) * | 2020-12-24 | 2021-04-09 | 北京知道创宇信息技术股份有限公司 | Proxy method, device, proxy server and storage medium |
| KR20210094132A (en) * | 2014-09-23 | 2021-07-28 | 오라클 인터내셔날 코포레이션 | Proxy servers within computer subnetworks |
| CN114466066A (en) * | 2022-04-13 | 2022-05-10 | 北京指掌易科技有限公司 | Web-based reverse proxy method, device, medium and electronic equipment |
| CN114666130A (en) * | 2022-03-23 | 2022-06-24 | 北京从云科技有限公司 | WEB security reverse proxy method |
| CN115883155A (en) * | 2022-11-24 | 2023-03-31 | 嬴彻星创智能科技(上海)有限公司 | Management and control method and device for vehicle-mounted controller |
| CN116016475A (en) * | 2022-09-08 | 2023-04-25 | 广东好太太智能家居有限公司 | Data drilling service platform, access method and related equipment |
| CN116805946A (en) * | 2022-03-18 | 2023-09-26 | 腾讯科技(深圳)有限公司 | Message request processing method and device, electronic equipment and storage medium |
| CN116886358A (en) * | 2023-07-06 | 2023-10-13 | 浪潮通用软件有限公司 | Secure heterogeneous system based on reverse proxy mechanism, resource request method and device |
| WO2023211124A1 (en) * | 2022-04-26 | 2023-11-02 | 프라이빗테크놀로지 주식회사 | System for controlling controller-based network connection and method for same |
-
2023
- 2023-11-29 CN CN202311604842.3A patent/CN117319481B/en active Active
Patent Citations (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101662357A (en) * | 2008-08-29 | 2010-03-03 | 公安部第三研究所 | Method for accessing secure gateway client |
| US9515877B1 (en) * | 2014-07-29 | 2016-12-06 | Crimson Corporation | Systems and methods for enrolling and configuring agents |
| KR20210094132A (en) * | 2014-09-23 | 2021-07-28 | 오라클 인터내셔날 코포레이션 | Proxy servers within computer subnetworks |
| US20170118249A1 (en) * | 2015-10-23 | 2017-04-27 | Oracle International Corporation | Managing security agents in a distributed environment |
| US20170279805A1 (en) * | 2016-03-22 | 2017-09-28 | Microsoft Technology Licensing, Llc | Secure resource-based policy |
| CN106534319A (en) * | 2016-11-22 | 2017-03-22 | 深圳市掌世界网络科技有限公司 | Method for direct access to target server through proxy server |
| US10778724B1 (en) * | 2018-06-29 | 2020-09-15 | Juniper Networks, Inc. | Scalable port range management for security policies |
| CN111460460A (en) * | 2020-04-02 | 2020-07-28 | 北京金山云网络技术有限公司 | Task access method, device, proxy server and machine-readable storage medium |
| CN111756761A (en) * | 2020-06-29 | 2020-10-09 | 杭州安恒信息技术股份有限公司 | Network defense system and method based on flow forwarding and computer equipment |
| CN112637346A (en) * | 2020-12-24 | 2021-04-09 | 北京知道创宇信息技术股份有限公司 | Proxy method, device, proxy server and storage medium |
| CN116805946A (en) * | 2022-03-18 | 2023-09-26 | 腾讯科技(深圳)有限公司 | Message request processing method and device, electronic equipment and storage medium |
| CN114666130A (en) * | 2022-03-23 | 2022-06-24 | 北京从云科技有限公司 | WEB security reverse proxy method |
| CN114466066A (en) * | 2022-04-13 | 2022-05-10 | 北京指掌易科技有限公司 | Web-based reverse proxy method, device, medium and electronic equipment |
| WO2023211124A1 (en) * | 2022-04-26 | 2023-11-02 | 프라이빗테크놀로지 주식회사 | System for controlling controller-based network connection and method for same |
| CN116016475A (en) * | 2022-09-08 | 2023-04-25 | 广东好太太智能家居有限公司 | Data drilling service platform, access method and related equipment |
| CN115883155A (en) * | 2022-11-24 | 2023-03-31 | 嬴彻星创智能科技(上海)有限公司 | Management and control method and device for vehicle-mounted controller |
| CN116886358A (en) * | 2023-07-06 | 2023-10-13 | 浪潮通用软件有限公司 | Secure heterogeneous system based on reverse proxy mechanism, resource request method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117319481B (en) | 2024-02-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8832063B1 (en) | Dynamic request throttling | |
| EP3432549B1 (en) | Method and apparatus for processing user requests | |
| US11522905B2 (en) | Malicious virtual machine detection | |
| CN102682242B (en) | For method and the dummy machine system of managing virtual machines system | |
| US10432551B1 (en) | Network request throttling | |
| CN110554927A (en) | Micro-service calling method based on block chain | |
| WO2006095184B1 (en) | Data processing system | |
| CN113132293B (en) | Attack detection method and device and public honeypot system | |
| US7818752B2 (en) | Interface for application components | |
| CN113259479B (en) | Data processing method and equipment | |
| CN106533961B (en) | Flow control method and device | |
| CN114095567A (en) | Data access request processing method and device, computer equipment and medium | |
| CN111343262A (en) | Distributed cluster login method, device, equipment and storage medium | |
| CN108881460B (en) | Method and device for realizing unified monitoring of cloud platform | |
| CN110708309A (en) | Anti-crawler system and method | |
| CN112105026A (en) | Authorization control method, device and storage medium | |
| CN117319481B (en) | Port resource reverse proxy method, system and storage medium | |
| KR102206847B1 (en) | System and method for hybrid security | |
| US20100146120A1 (en) | Caller-specific visibility masks for networking objects | |
| WO2023091215A1 (en) | Mapping an application signature to designated cloud resources | |
| CN113645060B (en) | Network card configuration method, data processing method and device | |
| US11422845B2 (en) | Native cloud live traffic migration to counter suspected harmful traffic | |
| CN114490071A (en) | Resource scheduling method, device, equipment and medium based on cloud game | |
| CN114244555A (en) | Method for adjusting security policy | |
| KR20140129716A (en) | System for storage security of cloud server in cloud computing environment and method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |