JP4542122B2 - An apparatus for performing URL filtering by acquiring an original URL of content stored in a cache server or the like - Google Patents

Description

  The present invention relates to an apparatus, a program, and a method for performing URL filtering by acquiring an original URL for content stored in a cache server or content stored in another site such as a web translation service.

On a search result display page such as a search site, in addition to the original site displayed in the search result, a service for displaying a link menu for accessing content stored in a cache server of the search site is provided. In addition, the number of sites that provide services for automatically translating and displaying overseas sites is increasing, especially in major portal sites (for example, Non-Patent Document 1).
“Yahoo! Anshinnet”, [Search January 26, 2007], Internet, <URL http: // anshin. yahoo. co. jp />

  However, in the filtering service that performs access permission determination using the URL list, the content displayed using the above services uses the URL unique to the site that operates those services. Even when the URL of the original site is registered in a list to be filtered such as a harmful site, the content cannot be blocked.

  Therefore, a URL filtering service provider is forced to select whether to block the URL that provides the above service and disable the use of the service itself, or to leave a state where filtering cannot be performed. Become.

  In view of the above problems, the present invention provides the following solutions.

(1) A Web page can be acquired from a first server that distributes a Web page of the original site and a second server that distributes a Web page having the same content as the original site, and is sent to the second server. In a filtering device for filtering access of
Monitoring the access request transmitted from the user terminal, means for detecting a character string indicating an access request to the first server from the string of the access request,
Filtering access to the second server based on a character string indicating the detected access request with reference to a storage device storing at least the harmfulness determination information for each Web page distributed from the first server and means for performing,
A filtering device comprising:

(2) A means for detecting a character string indicating the access request includes:
Access to the first server having the same content as the second server by obtaining the URL of the first server based on the character string pattern of the access request transmitted from the user terminal The filtering device according to (1), wherein a character string indicating a request is detected.
(3) The filtering means is
The filtering device according to (1) or (2), wherein an inquiry is made to a harmful determination server that stores the harmful determination information as to whether or not the second server can be accessed, and the filtering is performed according to the inquiry result.

(4) further comprising means for storing a history of accessibility to the server as a result of an inquiry to the harmfulness determination server;
The means for performing filtering is:
The filtering device according to (3), wherein whether or not the second server is accessible is determined by referring to the stored history before making an inquiry to the harmful determination server.

(5) A Web page can be acquired from a first server that distributes a Web page of the original site and a second server that distributes a Web page having the same content as the original site, and is sent to the second server. In a computer program that filters access to
On the computer,
A step of monitoring the access request, detects a character string indicating an access request to the first server from the string of the access request transmitted from the user terminal,
Filtering access to the second server based on a character string indicating the detected access request with reference to a storage device storing at least the harmfulness determination information for each Web page distributed from the first server and the step of performing,
A computer program that runs

(6) A Web page can be acquired from a first server that distributes a Web page of the original site and a second server that distributes a Web page having the same content as the original site, and is sent to the second server. In the method of filtering access for
A step of monitoring the access request, detects a character string indicating an access request to the first server from the string of the access request transmitted from the user terminal,
Filtering access to the second server based on a character string indicating the detected access request with reference to a storage device storing at least the harmfulness determination information for each Web page distributed from the first server and the step of performing,
Including methods.

The feature of the above solution will be described by taking content stored in the cache server as an example.
(A) A module that automatically detects access to a URL that provides a service using a cache server (second server) when accessing a WWW server (first server) storing content from a Web browser was implemented in full I Rutaringu device, to the URL access request, prior to the verification of the URL list for filtering, it is determined whether access to the cache server. This module has a plurality of patterned data (character string patterns) for URLs that provide a service that uses a cache server in advance, and matches any of the above patterns for URLs for which access requests have been issued. This module detects and detects whether to

  (B) When an access request to the cache server is detected according to (A) above, a module that automatically converts it to the URL of the original site based on the query string of the requested URL is implemented to acquire the original URL To do. Here, in a service using a cache server, a URL for accessing cached content has a characteristic that it has a character string converted from the URL of the original site using a specific algorithm. This module has a plurality of algorithms for inversely transforming the above transformation algorithm, and has a function of automatically selecting which one of the plurality of inverse transformation algorithms to use, and using the selected inverse transformation algorithm, This module has a function of extracting a URL.

  (C) In response to the access permission inquiry that is determined to be access to the cache server according to (A) above, filtering determination is performed with respect to the URL acquired in (B) above instead of the URL of the cache server. According to the determination result, correct filtering can be enabled by permitting or blocking the connection to the URL of the cache server.

  The above (A), (B), and (C) are original in a similar manner if a cache server (second server) is replaced with a server (translation server) that stores translation results in a web translation service or the like. URL can be acquired. Further, a filtering device including the above module may be mounted and provided as an information processing device (computer) that monitors server access by a Web browser.

  According to the present invention, it is possible to solve the problem that even a site registered in a URL list to be filtered such as a harmful site cannot be blocked by the URL list.

  The “cache” displayed on the search result page of the search site, the translation result when the web translation service is used, and the like display the content of a site different from the connected site. Therefore, when performing URL filtering on such a service, the URL of the site providing the service becomes a filtering target, and URL filtering on the displayed content becomes impossible. Therefore, URL filtering is performed without impairing the function of the service itself by using a logic for acquiring the original URL of the displayed content. Many URL filtering services have specifications that do not block all such sites or perform URL filtering. Therefore, it is great to apply this logic and to have a function capable of performing URL filtering without impairing the service function.

  Hereinafter, the best mode for carrying out the present invention will be described with reference to the drawings.

[System overall configuration diagram]
FIG. 1 is a diagram showing an overall configuration of a system 1 according to an example of a preferred embodiment of the present invention.

  A system 1 constituting the present invention is a system that performs URL filtering by acquiring an original URL of content stored in a cache server or the like. In this system, a WWW (World Wide Web) server 10, a cache server 50, and a harmfulness determination server 40 are connected to a user terminal 20 via a communication line 30. In FIG. 1, each server is described as if it were a separate server, but may be configured by the same server. Moreover, there is no restriction | limiting in the number of hardware of a server, You may comprise by 1 or multiple as needed.

  The WWW server 10 stores information such as documents and images (also referred to as Web pages), and responds to software requests such as a Web browser of the user terminal 20 through a communication line 30, for example, a network such as the Internet. A function of transmitting such information is provided. A web page group such as a personal or company home page or a place on the Internet where a web page group is placed is called a web site. There may be one or more Web sites on the WWW server 10.

  The cache server 50 accumulates a copy of the contents of the website (such as a web page) provided by the WWW server 10 on a network such as the Internet, and replaces the original WWW server 10 when requested by the user. It has a function to distribute network traffic and server load by distributing. In the request for software such as the Web browser of the user terminal 20, the original URL is used for the Web site of the WWW server 10, but the cache server is not used for duplicate Web sites stored in the cache server 50. A request URL obtained by adding an original URL to 50 URLs is used.

  The harmfulness determination server 40 is a list (hereinafter referred to as a blacklist 41) of URLs of websites that are determined to be harmful by an administrator who monitors information on the Internet by acquiring information held by each WWW server 10. Remember. When a request for determining whether or not the URL of a Web page is harmful is received from the user terminal 20, the blacklist 41 is referred to and a determination result (a harmful Web site in the list) is transmitted to the user terminal 20. It has a function to do. The information judged to be harmful is, for example, information on adults, violence, dating, anti-social acts, etc. that are not desired to be shown to children. Note that the URLs of websites that are determined not to be harmful may be stored in another list (hereinafter referred to as white list 42) and referred to together with the black list 41. Access permission is transmitted to the user terminal 20 for the Web site in the white list 42.

  The communication line 30 is generally the Internet and is not limited to being realized by wire, but may be various as long as it meets the technical idea of the present invention, such as realized by a wireless LAN via an access point. Realized by communication technology.

  The user terminal 20 may be a communication terminal other than a so-called computer such as a PDA (Personal Data Assistant) in addition to a PC (Personal Computer).

[Function blocks of terminals and servers]
FIG. 2 is a functional block diagram of the user terminal 20 and the harmfulness determination server 40 according to an example of the preferred embodiment of the present invention.

  The user terminal 20 includes a transmission / reception unit 22 that has a communication I / F (communication interface), receives a Web page from the WWW server 10, and transmits a request by a Web browser. In addition, the user terminal 20 includes a display device 24 that has a display device such as a CRT or a liquid crystal display and displays a Web page or the like. Further, the user terminal 20 has input means such as a keyboard and a mouse, and includes an input unit 21 for inputting a URL in a Web browser and clicking a link displayed on the Web page.

  Further, the user terminal 20 has a control unit 23, and a filtering module 201 that makes it impossible to view inappropriate information on a website or a web page or that only useful information can be browsed. A proxy type request determination module 202 that determines whether the request is an access request (proxy type request), and if the URL access request is a proxy type request, the original URL is obtained from the request URL included in the proxy type request. An original URL extraction module 203 for extraction and a cache module 204 for storing a harmful determination result are provided. The harmful determination result is a list of harmful websites and URLs of websites to which access is permitted. Typically, these modules are realized by a computer program executed by a CPU (Central Processing Unit).

  The harmfulness determination server 40 includes a control unit 45, and includes a determination unit 401 that receives a URL harmfulness determination request and determines whether a Web site having the URL is harmful and whether access is permitted. . The determination unit 401 includes a black list 41 and a white list 42. It should be noted that only the black list 41 may be provided so that access is permitted except for websites in the black list 41. In addition, the harmfulness determination server 40 may include a transmission / reception unit, and may further include an input unit and a display unit, but the illustration is omitted here.

[URL filtering process flow]
FIG. 3 is a flowchart of URL filtering processing according to an example of the preferred embodiment of the present invention.

  First, in step S101, a user requests a Web page data by inputting a URL with a Web browser and clicking a link (connection destination URL) displayed on the Web page, using the input unit 21 of the user terminal 20. Enter. Then, the filtering module 201 included in the control unit 23 receives an HTTP (Hyper Text Transfer Protocol) request transmitted from the Web browser. Note that the filtering module 201 also receives an HTTP request or the like that a Web page automatically accesses a link (connection destination URL). Here, the HTTP request is data transmitted from the terminal (client) to the server, and includes an access request to the Web page data (hereinafter referred to as a URL access request).

Next, in step S102, the proxy type / request determination module 202 monitors an HTTP request including a URL access request, and whether or not an HTTP request (hereinafter referred to as a proxy site request) is transmitted to the cache server 50. Judging. The determination is performed by analyzing the URL pattern and matching it with the pattern file. Specifically, it will be described later with reference to FIG. URL for accessing the content of the cache server 50 (hereinafter, referred to as the request URL), the there is a pattern with the character string is converted by using a specific algorithm from the original URL of the Web site.

  Next, in step S103, when the proxy type / request determination module 202 detects a proxy type request (S103: YES), the original URL extraction module 203 performs processing. When a proxy type request is not detected (S103: NO), access permission determination for the request URL is performed.

  Next, in step S105, it is determined whether to permit access to the website of the original URL. The access permission is determined by referring to the URL list of the cache module 204. The URL list of the cache module 204 stores Web sites that have been permitted to be accessed in the past. If there is a website with the original URL in the list, access to the request URL is permitted. That is, access to the contents (cache page) of the cache server 50 is permitted (S105: in the case of permission).

  If the cache module 204 cannot determine, the harmfulness determination server 40 is requested to determine the harmfulness of the original URL, and the blacklist 41 or the whitelist 42 is used to determine whether the website of the original URL is harmful. To do. As a result of the determination, when access to the website of the original URL is permitted (S105: permission), access to the cache server 50 is permitted. If the website of the original URL is harmful (S105: prohibited), access is prohibited.

  Next, in step S106, it is determined whether to permit access to the Web site of the request URL. The access permission is determined by referring to the URL list of the cache module 204. The URL list of the cache module 204 stores Web sites that have been permitted to be accessed in the past. If there is a request URL website in the URL list, access to the request URL is permitted (S106: permission).

  If the cache module 204 cannot determine, the harmfulness determination server 40 is requested to determine the harmfulness of the request URL, and the blacklist 41 or the whitelist 42 is used to determine whether the Web site of the request URL is harmful. To do. As a result of the determination, if the access to the Web site of the request URL is permitted (S106: permission), the access to the request URL is permitted. If the Web site of the request URL is harmful (S106: prohibited), access is prohibited.

  Next, in step S107, the access to the original URL is obtained, and the cache page is accessed. In step S108, since it is determined that the original URL or the request URL is harmful, access is prohibited and a block page is displayed. In step S109, the access to the request URL is obtained, and the request URL is accessed.

[Proxy type / request determination process]
FIG. 4 is a flowchart showing processing of the proxy type / request determination module 202 according to an example of the preferred embodiment of the present invention.

  First, in step S <b> 201, the control unit 23 of the user terminal 20 downloads a pattern file via the transmission / reception unit 22. The pattern file is a file having an analysis pattern for determining a proxy type request and extracting an original URL. Specifically, it will be described later with reference to FIG. The pattern file may download the latest file from the server when the proxy type / request determination module 202 is activated. By doing so, it is possible to deal with various cache servers 50. The pattern file is generated by the administrator actually analyzing the HTTP request of the proxy type request.

  Next, in step S202, the web page data when the user inputs a URL with a web browser and clicks a link (connection destination URL) displayed on the web page using the input unit 21 of the user terminal 20. Enter the request. And the filtering module 201 with which the control part 23 is provided receives the HTTP request which a web browser transmits. Note that the filtering module 201 also receives an HTTP request or the like that a Web page automatically accesses a link (connection destination URL).

  Next, in step S203, the proxy type / request determination module 202 analyzes the HTTP request received by the filtering module 201. Analysis is performed by matching with the pattern file. Specifically, it will be described later with reference to FIG.

  Next, in step S204, if the HTTP request is not a proxy type request (in the case of NO), the URL (request URL) included in the HTTP request is extracted (step S206). On the other hand, if the HTTP request is a proxy type request (YES), the original URL is extracted from the request URL included in the HTTP request (step S205). An example of a specific pattern file, original URL, and request URL will be described with reference to FIG.

  The example of FIG. 5 is Yahoo! (Registered Trademark) Search result “www. ○○○○ .com” displayed on the result page when searching with the keyword “xxxx” on the Japan search page (http://search.yahoo.co.jp/) ”Is a part of the header of the HTTP request transmitted when the“ cache ”displayed with“ ”is clicked.

  First, the pattern file includes “prefix =“ & u = ”, suffix =“ & ”, host =“ wrs. search. yahoo. co. jp "". This is the proxy type request judgment material and the information to be referred to when extracting the original URL. The character string between the prefix “prefix” and the suffix “suffix” is the original. The determination is made based on whether or not the host name of the server matches “host”.

  Next, the determination process of whether or not the HTTP request is a proxy type request does not analyze all the HTTP requests, but determines one of the values of (a) “Host:” or (b) “Referer:”. Points. However, (b) “Referer:” is referred to only when it is difficult to determine by (a) “Host:”, and (a) “Host:” is used as the basis. In the example of FIG. 5, (a) the value of “Host:” is “wrs.search.yahoo.co.jp”, which matches the host of the pattern file, and therefore is determined to be a proxy type request. Note that (a) The case where it is difficult to determine by “Host:” is a case where it is difficult to limit the pattern because a plurality of patterns are assumed because the IP address is specified instead of the domain name. is there.

  Next, the original URL is extracted with reference to the pattern file. First, for the prefix “& u =” of the pattern file, there is (c) “& u =” in the HTTP request. Next, regarding the suffix “&” of the pattern file, there is (e) “&” in the HTTP request. Thereby, (d) “www.xxx.com/” between (c) “& u =” and (e) “&” can be extracted as an original URL. The original URL is often specified by a specific parameter (in the example of FIG. 5, it is surrounded by “& u =” and “&”). Therefore, the extraction can be performed by specifying the prefix and suffix, which are extraction points of the original URL, in the pattern file. In addition, since there is a possibility that the same description is seen in one URL, the original URL may be extracted by a plurality of prefixes. Here, even if it is a proxy type request, if it does not match the pattern file, the request URL is used without extraction.

  Next, the request URL can be made by combining (f) with (a) “Host:” of the HTTP request. In the example of FIG. 5, “http://wrs.search.yahoo.co.jp/S=2111473003/K (abbreviated)... Intl = jp” is the request URL. Here, “http://wrs.search.yahoo.co.jp” of the request URL is a domain, and “S = 211476003 / K (omitted)... Intl = jp” is a page. By listing and referring to the domain in advance, it can be determined whether the server is a proxy type service.

[System Overview of URL Filtering Processing]
FIG. 6 is a diagram showing a system outline of a conventional URL filtering process.

  In the example of FIG. 6, a filtering module 201 included in the control unit 23 of the user terminal 20 receives an HTTP request from a Web browser, and URL filtering processing is performed. The filtering module 201 refers to the determination result cache (access log) of the cache module 204 for the same URL as the URL included in the HTTP request. If there is no cache, a URL determination request is transmitted to the harmful determination server 40. The harmfulness determination server 40 determines and transmits the URL determination result to the filtering module 201.

  Here, in the case of an HTTP request (proxy type request) to the cache server 50, the URL of the site providing the cache server 50 becomes a filtering target, and URL filtering for the displayed content is not possible. It becomes possible. Further, the conventional URL filtering service has a specification that does not block or URL-filter all the sites that provide the cache server 50, and cannot correctly perform URL filtering. In other words, if the Web page of the harmful site is passed through the cache server 50, URL filtering can be bypassed.

  FIG. 7 is a diagram showing a system overview of URL filtering processing improved by adding a proxy type request determination module 202 and an original URL extraction module 203 according to an example of a preferred embodiment of the present invention to the conventional system of FIG. It is.

  In the example of FIG. 7, URL filtering is performed by adding a proxy type / request determination module 202 and an original URL extraction module 203 to the example of FIG. 6 described above. The HTTP request (proxy type request) to the cache server 50 is analyzed by the proxy type request determination module 202 and the original URL extraction module 203, and the cache server 50 caches the original URL of the content copied from the original website. Refer to module 204. If it is not in the cache module 204, an original URL determination request is transmitted to the harmfulness determination server 40. The harmfulness determination server 40 determines and transmits the determination result to the user terminal 20.

  By doing so, URL filtering can be performed on the cached Web page without impairing the function of the URL filtering service. That is, URL filtering can be performed for each content copied from the original Web site of the cache server 50, the cache of the harmful site of the cache server 50 is blocked, and the cache with access permission can be accessed.

  Here, an example of performing URL filtering on the user terminal 20 has been described. However, for example, the user terminal 20 connected to a company network cannot be directly connected to a network such as the Internet. Server). The URL filtering process can be performed by an in-house server. This eliminates the need for URL filtering processing for each user terminal 20. It should be noted that even if it is not an in-house network but a school, a home, etc., it can be similarly performed if it is an external access network via a server.

[Application to web translation site]
In the best mode for carrying out the invention, an example of the cache server 50 is taken up. However, it is possible to correctly perform URL filtering processing on a site that provides a Web translation service by using the technology of the present invention. . The site that provides the web translation service accepts the input of the URL from the user, or automatically translates the content (web page) of the original site, generates another web page, and transmits it to the user terminal 20. . In this case, the URL of the translation service site including the original URL, that is, the Web page of the request URL is displayed.

  Here, the web page obtained by translating the contents (web page) of the harmful site by the web translation service is a URL (proxy type request) in which the original URL is added to the web translation service site URL. The site is determined, and the harmful determination cannot be correctly performed by the conventional URL filtering. Therefore, by using the proxy type request determination module 202 and the original URL extraction module 203 that determine that the request is an access request to the site that performs the web translation service, the original URL is extracted and the harmful determination is performed. URL filtering processing can be performed.

[Hardware configuration of server and terminal]
FIG. 8 is a diagram illustrating a hardware configuration of the WWW server 10, the harmfulness determination server 40, the cache server 50 (hereinafter referred to as a server), and the user terminal 20 according to an example of the preferred embodiment of the present invention. Hereinafter, a server will be described as an example, but the same applies to the user terminal 20 that is a client.

  The server includes a CPU (Central Processing Unit) 110 (a plurality of CPUs such as the CPU 120 may be added in a multiprocessor configuration), a bus line 105, a communication I / F 140, a main memory 150, a BIOS (Basic). (Input Output System) 160, USB port 190, I / O controller 170, keyboard and mouse 180, and other input means and display device 122.

  A storage unit 102 such as a tape drive 172, a hard disk 174, an optical disk drive 176, or a semiconductor memory 178 can be connected to the I / O controller 170.

  The BIOS 160 stores a boot program executed by the CPU 110 when the server is started, a program depending on the server hardware, and the like.

  The hard disk 174 stores various programs for functioning as a server and programs for executing the functions of the present invention.

  As the optical disk drive 176, for example, a DVD-ROM drive, a CD-ROM drive, a DVD-RAM drive, or a CD-RAM drive can be used. In this case, the optical disk 177 corresponding to each drive is used. A program or data may be read from the optical disk 177 by the optical disk drive 176 and provided to the main memory 150 or the hard disk 174 via the I / O controller 170. Similarly, the tape medium 171 corresponding to the tape drive 172 can be used mainly for backup.

  The program provided to the server is provided by being stored in a recording medium such as the hard disk 174, the optical disk 177, or a memory card. This program may be installed in the server and executed by being read from the recording medium via the I / O controller 170 or downloaded via the communication I / F 140.

  The above-described program may be stored in an internal or external storage medium. Here, in addition to the hard disk 174, the optical disk 177, or the memory card, a magneto-optical recording medium such as an MD, or a tape medium 171 can be used as the storage medium. Further, a storage device such as a hard disk 174 or an optical disk library provided in a server system connected to a communication line such as a dedicated communication line or the Internet may be used as a recording medium, and a program may be provided to the server via the communication line 30. Good.

  Here, the display device 122 displays a screen for accepting input of data by the user, displays a screen of calculation processing results by the WWW server 10 and the harmfulness determination server 40, and is a cathode ray tube display device (CRT). And a display device such as a liquid crystal display (LCD).

  Here, the input means accepts input by the user, and may be constituted by a keyboard and a mouse 180 or the like.

  The communication I / F 140 is a network adapter that enables the server to be connected to a terminal via a dedicated network or a public network. The communication I / F 140 may include a modem, a cable modem, and an Ethernet (registered trademark) adapter. The user terminal 20 may have the same configuration as the server, but it goes without saying that the user terminal 20 may have a minimum hardware configuration necessary for the terminal.

  In the above example, the hardware configuration of the server has been mainly described. However, the functions described above can also be realized by installing a program in a computer and operating the computer as a server. Therefore, the functions realized by the server described as an embodiment in the present invention can be realized by executing the above method by the computer, or by introducing the above program to the computer and executing it. It is.

  As mentioned above, although embodiment of this invention was described, this invention is not restricted to embodiment mentioned above. The effects described in the embodiments of the present invention are only the most preferable effects resulting from the present invention, and the effects of the present invention are limited to those described in the embodiments of the present invention. is not.

1 is a diagram illustrating an overall configuration of a system 1 according to an example of a preferred embodiment of the present invention. It is a functional block diagram of the user terminal 20 which concerns on an example of suitable embodiment of this invention, and the harmfulness determination server 40. It is a flowchart of the URL filtering process which concerns on an example of suitable embodiment of this invention. It is a flowchart which shows the process of the proxy type request judgment module 202 which concerns on an example of suitable embodiment of this invention. It is a figure which shows an example of the pattern file which concerns on an example of suitable embodiment of this invention, original URL, and request URL. It is a figure which shows the system outline | summary of the conventional URL filtering process. It is a figure which shows the system outline | summary of the URL filtering process improved by adding the proxy type request judgment module 202 and the original URL extraction module 203 which concern on an example of suitable embodiment of this invention to the conventional system of FIG. It is a figure which shows the hardware constitutions of the WWW server 10, the harmfulness determination server 40, the cache server 50, and the user terminal 20 which concern on an example of suitable embodiment of this invention.

Explanation of symbols

1 System 10 WWW Server 20 User Terminal 30 Communication Line 40 Hazard Determination Server 50 Cache Server 201 Filtering Module 202 Proxy Type Request Determination Module 203 Original URL Extraction Module 204 Cache Module

Claims (6)

A Web page can be acquired from a first server that distributes a Web page of the original site and a second server that distributes a Web page having the same content as the original site, and the access to the second server In a filtering device that performs filtering,
Monitoring the access request transmitted from the user terminal, means for detecting a character string indicating an access request to the first server from the string of the access request,
Filtering access to the second server based on a character string indicating the detected access request with reference to a storage device storing at least the harmfulness determination information for each Web page distributed from the first server and means for performing,
A filtering device comprising: Means for detecting a character string indicating the access request,
  Access to the first server having the same content as the second server by obtaining the URL of the first server based on the character string pattern of the access request transmitted from the user terminal The filtering device according to claim 1, wherein a character string indicating a request is detected. The means for performing filtering is:
  The filtering apparatus according to claim 1, wherein an inquiry is made to a harmful determination server that stores the harmful determination information as to whether or not the second server can be accessed, and the filtering is performed according to the inquiry result. Means for storing a history of access to the server as a result of an inquiry to the harmful determination server;
  The means for performing filtering is:
  The filtering device according to claim 3, wherein whether or not the second server is accessible is determined with reference to the stored history before making an inquiry to the harmful determination server. A Web page can be acquired from a first server that distributes a Web page of the original site and a second server that distributes a Web page having the same content as the original site, and the access to the second server In a computer program that performs filtering,
On the computer,
A step of monitoring the access request, detects a character string indicating an access request to the first server from the string of the access request transmitted from the user terminal,
Filtering access to the second server based on a character string indicating the detected access request with reference to a storage device storing at least the harmfulness determination information for each Web page distributed from the first server and the step of performing,
A computer program that runs A Web page can be acquired from a first server that distributes a Web page of the original site and a second server that distributes a Web page having the same content as the original site, and the access to the second server In the method of filtering,
A step of monitoring the access request, detects a character string indicating an access request to the first server from the string of the access request transmitted from the user terminal,
Filtering access to the second server based on a character string indicating the detected access request with reference to a storage device storing at least the harmfulness determination information for each Web page distributed from the first server and the step of performing,
Including methods.

Images