JP4917666B2 - Information processing apparatus, information processing method, and computer program - Google Patents

Description

  The present invention relates to a technology for performing relay control of communication between a terminal device of an internal network and a server device that provides information resources such as a home page on an external network such as the Internet.

  With the development of network technology, it is possible to exchange information very easily and efficiently. For example, it is possible to attach materials used for a conference to an e-mail in advance and send them to participants in advance without trouble and trouble. However, while network technology has been developed in this way, information exchange can be easily performed, but important confidential information can easily be leaked to the outside, and harmful information such as computer viruses can be leaked from the outside. The degree of danger of inflow is also increasing.

  Therefore, companies have taken measures such as prohibiting access to servers that provide information not directly related to business. For example, by introducing a computer device that performs URL filtering, which is communication control that prohibits access to a specific URL, and does not forward a request for a URL that is not permitted to access to an external server that provides the information resource indicated by the URL, The information resource indicated by the URL cannot be accessed.

  In the case of performing URL filtering, a white list that is a list of URLs that are permitted to access and a black list that is a list of URLs that are prohibited to access are created, and control over them, that is, registered in the white list. A request for a certain URL is relayed for the communication, and a request for a URL registered in the black list is controlled not to relay the communication.

  For example, Patent Document 1 discloses an invention that facilitates whitelist registration editing for URL filtering. According to the present invention, it is easy for an administrator to perform URL filter setting. In addition, in communication control by URL filtering, it is difficult to create a rule that satisfies all user requests. For example, regardless of the URL filtering rule, filtering is canceled by inputting a predetermined password, for example. There are also URL filtering applications that have a function of permitting connection to URLs registered in the black list. In addition to the URL of the access destination, the data transmitted to the web server specified by the URL includes a specific keyword, the data received from the web server includes a file of a specific file type, etc. There are also applications that further set the above conditions and determine whether to permit / deny communication according to the conditions.

JP 2009-277156 A

  When URL filtering rules that prohibit the acquisition of a file of a specific file type (for example, image data) from a web server belonging to a specific category are created by conventional URL filtering, the following problems occur: Conceivable. In a site where the entire page is configured from a plurality of URL accesses as well as a user-specified URL, a file acquisition destination such as an image or a video may be specified by another URL. In such a case, the file acquisition destination If the URL belongs to a category different from the user-specified URL and the extension that is prohibited in the category to which the user-specified URL belongs is not prohibited in the category to which the file acquisition destination URL belongs, a file having that extension is displayed. The problem is that it can be downloaded.

  For example, if the destination URL belongs to the portal site category and the file extension is .gif, the HTTP request for obtaining the file is relayed with the intention of prohibiting the display of the .gif file displayed on the portal site. If the rule "No" is set, request to the link destination for file acquisition http://example.co.jp/.../example.gif (example.co.jp does not belong to the portal site) Is sent, the request is relayed and the .gif file can be downloaded. As a result, the .gif file is displayed on the portal site.

Accordingly, the present invention is, referring to the original URL is retrieve the URL of each kind of data, by using the destination URL is an acquisition destination of the URL of the data, which can perform relay control of the communication data processing An object is to provide an apparatus, an information processing method, and a computer program.

An information processing apparatus of the present invention is an information processing apparatus that performs relay control of communication data of a data acquisition request transmitted from a terminal device to a web server, and is transmitted from the terminal device to the web server. Among the communication data, a relay control rule in which operation conditions for determining conditions for specifying communication data to be subjected to relay control and determination of whether or not to relay communication data meeting the conditions are set, Among the communication data transmitted from the terminal device to the web server, a condition for specifying communication data to be subjected to relay control, and whether or not to relay communication data meeting the condition are determined. A relay control rule in which operation information is set, and a referrer that is a URL of an original web page that is obtained from the communication data and that makes a data acquisition request And RL, the A information for relay control of the communication data using the destination URL is a previously performing data acquisition request, at least, the information specified from the referring URL, or referrer URL, First storage means for storing at least one relay control rule capable of setting a relay condition including the destination URL or information specified from the destination URL as the condition, and from the terminal device to the web server First acquisition means for acquiring transmitted communication data, second acquisition means for acquiring the reference source URL from communication data acquired by the first acquisition means, and acquisition by the first acquisition means A third acquisition unit that acquires the destination URL from the communication data, a reference URL acquired by the second acquisition unit, and a destination UR acquired by the third acquisition unit. Using a combination of, in the case where the communication data is determined to be consistent with the conditions determining means and said determining means for determining whether meets the conditions set in the relay control rules, According to the operation information set in the relay control rule, a determination unit that determines whether or not to relay the communication data, and relays the communication data to the web server when the determination unit determines that relaying is possible characterized in that it comprises a relay unit.

The information processing method of the present invention includes a condition for specifying communication data to be subject to relay control among the communication data transmitted from the terminal device to the web server, and relay of communication data that matches the condition. Is a relay control rule in which operation information for determining whether or not it is possible, and is obtained from the communication data, a reference source URL that is a URL of an original web page that makes a data acquisition request, and the data acquisition request Information for performing relay control of the communication data using a destination URL that is a destination, and specified from at least the reference source URL or the reference source URL and the destination URL or the destination URL relay conditions including the information that the settable to said condition, comprising a storage device for storing at least one relay control rule from the terminal device An information processing method performed by an information processing apparatus that performs relay control of the communication data to be transmitted to Ebusaba, the first acquisition means, the communication data to be transmitted to the web server from the terminal device A first acquisition step to acquire, a second acquisition step in which the second acquisition means acquires the reference source URL from the communication data acquired in the first acquisition step, and a third acquisition means. The third acquisition step of acquiring the destination URL from the communication data acquired by the first acquisition unit, and the reference source URL and the third acquisition by the determination unit acquired by the second acquisition step using a combination of the destination URL obtained in step, a determining step of the communication data to determine whether meets the conditions set in the relay control rules, the decision means, said at the determination step If it is determined that meets the matter, according to the operation information set in the relay control rules, a determination step of determining whether to relay the communication data, the relay unit, and can relay in the determination step determines when, characterized in that it comprises a and a relay step of relaying the communication data to the web server.

The computer program of the present invention includes a condition for specifying communication data to be subjected to relay control among the communication data transmitted from the terminal device to the web server, and relay of communication data that matches the condition. It is a relay control rule in which operation information for determining availability is set, and a reference source URL , which is a URL of an original web page for which a data acquisition request is made, is acquired from the communication data, and the data acquisition request is made Information for performing relay control of the communication data using a destination URL that is a destination , and at least information specified from the reference source URL or the reference source URL, and specified from the destination URL or the destination URL that information and that can be set in the condition relay conditions including, co comprising a storage device for storing at least one relay control rule A computer program for causing a computer to function as an information processing apparatus that performs relay control of communication data transmitted from a terminal device to a web server, the computer being transmitted from the terminal device to the web server An information processing apparatus that performs relay control of communication data for a data acquisition request, for identifying communication data that is subject to relay control from among the communication data transmitted from the terminal device to the web server It is a relay control rule in which operation information for determining whether or not to relay communication data that meets the condition and whether to relay the communication data is set, and is obtained from the communication data and is the URL of the original web page that makes the data acquisition request and there referrer URL, among the communication data based on the destination URL is a previously performing the data acquisition request A relay conditions for control can be set to the condition, first obtains a first storage means for storing at least one relay control rules, the communication data to be transmitted to the web server from the terminal device The first acquisition unit, the second acquisition unit for acquiring the reference source URL from the communication data acquired by the first acquisition unit, and the destination URL from the communication data acquired by the first acquisition unit. The communication data is set in the relay control rule using a combination of the third acquisition means to be acquired, the reference URL acquired by the second acquisition means and the destination URL acquired by the third acquisition means. A determination unit that determines whether the condition is met, and the operation information set in the relay control rule when the determination unit determines that the condition is met. And determining means for determining whether to relay the communication data, when it is determined to allow the relay by the determining means and Rukoto to function as a relay unit that relays the communication data to the web server.

  According to the present invention, it is possible to perform data relay control using not only the destination of communication data but also the information of the URL of the reference source of the URL of the original web page from which the data acquisition request is obtained, obtained from the communication data. It becomes. Therefore, even if a web page is configured to create one page by accessing a plurality of URLs, the URL that is the source is set as the reference URL when accessing the plurality of URLs. It is possible to perform data communication control according to the URL that is the main page creation.

It is a figure which shows an example of a structure of the information processing system of this invention. It is a figure which shows an example of the hardware constitutions of the information processing apparatus applicable as the proxy server 101 of FIG. It is a figure which shows an example of a function structure of the proxy server 101 of FIG. 4 is a flowchart illustrating an outline of processing performed by a proxy server 101. It is a flowchart which shows the detail of the relay control rule setting process of step S402 of FIG. 5 is a flowchart showing details of HTTP request communication control processing in step S404 of FIG. 4. 7 is a flowchart showing details of URL category determination processing in steps S602 and S603 of FIG. 6. It is a flowchart which shows the detail of the request detailed information acquisition process of step S604 of FIG. It is a flowchart which shows the detail of the relay control rule application process of step S605 of FIG. It is a flowchart which shows the detail of the relay control rule collation process of step S903 of FIG. It is a flowchart which shows the detail of URL condition inspection process of step S1002 of FIG. It is a flowchart which shows the detail of the category condition inspection process of step S1005 of FIG. 13 is a flowchart showing details of category condition determination processing in steps S1202 and S1209 in FIG. It is a figure which shows an example of a relay control rule setting screen. It is a figure which shows an example of a relay control rule detailed setting screen. It is a figure which shows the structure of the request header of the HTTP request data transmitted with respect to the web server 105 from the client PC102. It is a figure which shows an example of a structure of relay control rule DB (database). It is a figure which shows an example of a structure of URL category DB (database). It is a figure which shows an example of a structure of file format management DB (database).

  Embodiments of the present invention will be described below with reference to the drawings. FIG. 1 is a diagram showing an example of a system configuration of an information processing system according to the present invention. As shown in FIG. 1, the information processing system according to this embodiment includes a proxy server 101, client PCs 102-1 to 102-3 (hereinafter collectively referred to as “client PCs 102”), a LAN 103, a wide area network 104, and a web server 105-. 1 to 105-3 (hereinafter collectively referred to as “web server 105”). Hereinafter, each apparatus which comprises the information processing system of this invention is demonstrated.

  The proxy server 101 is a device that functions as an information processing device of the present invention, and relays data communication between the client PC 102 and the web server 105. Further, the proxy server 101 permits (relays) / rejects (not relays) data transmitted from the client PC 102 to the web server 105, and transmits data transmitted from the web server 105 to the client PC 102. Web server function that provides data communication control according to relay control rules such as permitting / rejecting relaying of data, and various setting pages used for registering, correcting, and deleting the relay control rules have.

  The client PC 102 is a terminal device used by a user who uses various services (such as browsing a home page) provided by the web server 105. The LAN 103 is a network that connects the proxy server 101 and the client PC 102 so as to allow data communication with each other.

  The web server 105 is a server device installed by a service provider that provides various web services. Examples of the services provided here include, but are not limited to, a homepage browsing service, a product sales service, an airline ticket, a reservation service for hotels, and the like. The proxy server 101 and the web server 105 are connected to each other via a wide area network 104 such as the Internet so that data communication is possible. The above is an example of the configuration of the information processing system according to the present invention.

  Next, an example of the hardware configuration of the information processing apparatus applicable to the proxy server 101 in FIG. 1 will be described with reference to FIG.

  In the figure, a CPU 201 comprehensively controls each device and controller described later connected to a system bus 204. Further, the ROM 203 or the external memory 211 is necessary for the BIOS (Basic Input / Output System) or an operating system program (hereinafter referred to as OS) that is a control program of the CPU 201 or the proxy server 101 to execute various processes described later. Various programs and data are stored. The RAM 202 functions as a main memory, work area, and the like for the CPU 201.

  The CPU 201 implements various processes to be described later by loading a program or the like necessary for executing the process into the RAM 202 and executing the program. An input controller (input C) 205 controls input from an input device 209 configured with a keyboard, a pointing device, and the like. A video controller (VC) 206 controls display on a display device such as the display device 210. The display device 210 is composed of, for example, a CRT display or a liquid crystal display.

  A memory controller (MC) 207 is a hard disk (HD), floppy disk (registered trademark FD) or PCMCIA card slot for storing boot programs, browser software, various applications, font data, user files, editing files, various data, and the like. Controls access to an external memory 211 such as a CompactFlash (registered trademark) memory connected via an adapter.

  A communication I / F controller (communication I / FC) 208 is connected to and communicates with an external device via a network, and executes communication control processing in the network. For example, Internet communication using TCP / IP is possible.

  Note that the CPU 201 enables display on the display device 210 by executing outline font rasterization processing on a display information area in the RAM 202, for example. Further, the CPU 201 enables a user instruction with a mouse cursor (not shown) on the display device 210. The above is the description of the hardware configuration of the information processing apparatus applicable to the proxy server 101. However, the hardware configuration illustrated in FIG. Needless to say, it doesn't matter.

  Next, an example of a functional configuration of the proxy server 101 in FIG. 1 will be described with reference to FIG. As shown in FIG. 3, the proxy server 101 includes a relay control rule setting unit 301, a URL category determination unit 302, a request detailed information acquisition unit 303, a communication relay control unit 304, and a communication permission / denial response transmission unit 305. Yes.

  The relay control rule setting unit 301 is a functional unit that performs update processing such as addition, correction, and deletion of relay control rules used for relay control of relaying / not relaying HTTP data. The URL category determination unit 302 uses a category information registered in the URL category DB 312 and a URL correspondence table to determine a category to which a URL set as an HTTP data transmission destination or reference destination belongs. It is.

  The request detailed information acquisition unit 303 is a functional unit that acquires information, files, and the like transmitted to the web server 105 from the acquired HTTP data. The communication relay control unit 304 is a functional unit that performs communication control (relay / not relay) of the HTTP data by applying a relay control rule to the acquired HTTP data. The communication permission / denial response transmission unit 305 is a functional unit that transmits the processing result of the communication relay control unit 304 to the client PC 102. When relaying HTTP data, the communication permission / denial response transmission unit 305 transmits HTTP data (HTTP response) transmitted from the web server 105 to the client PC 102 in response to the HTTP data (HTTP request). If relaying is not performed, an HTTP response indicating that communication has not been performed is transmitted to the client PC 102.

  In addition, the proxy server 101 specifies a relay control rule DB 311 that records a relay control rule used for HTTP data relay control, a URL category DB 312 that stores a URL category, a correspondence between a file format and its extension, and a file format. A file format management DB 313 for storing a signature to be used. These data structures will be described with reference to FIGS. The above is the description of the functional configuration of the proxy server 101 in FIG.

  With reference to FIGS. 17 to 19, the data configuration of the relay control rule DB 311, URL category DB 312, and file format management DB 313 stored in the external memory 211 of the proxy server 101 of FIG. 1 will be described.

FIG. 17 is a diagram illustrating an example of the configuration of the relay control rule DB 311 illustrated in FIG. As shown in FIG. 17, the relay control rule DB 311 includes, as data items, a rule ID 1701, an application order 1702, a rule name 1703, a URL check 1704, a destination URL 1705, a reference source URL 1706, a check condition 1707, a category check 1708, a destination category 1709, A reference source category 1710, an inspection condition 1711, a file format 1712, a size 1713, a size condition 1714, a file and extension 1715, a keyword 1716, and an operation 1717 are set. That is, the conditions for specifying the communication data subject to relay control among the communication data transmitted from the terminal device to the web server and the operation information for determining whether or not to relay the communication data meeting the conditions are set. A reference source condition for performing relay control of the communication data based on a reference source URL that is a URL of an original web page for which a data acquisition request is made, obtained from the communication data. It can be set in the condition. Further, in the relay control rule, a destination condition used when relay control of the communication data is performed based on a destination URL that is a data acquisition request destination in the communication data set in the communication data, and the destination URL and The category information that can classify the referrer URL, the attachment file condition, the size condition and the keyword condition can be set.

  In the rule ID 1701, identification information for uniquely identifying the relay control rule is registered. In the application order 1702, priority information to which the relay control rule is applied when relay control of HTTP data is performed is registered. In the rule name 1703, information input as a relay control rule name is registered.

  In the URL check 1704, information indicating whether or not to perform relay control with a URL as a condition is registered. In FIG. 17, “◯” means that relay control is performed on the condition of URL, and “x” does not. In the destination URL 1705, destination URL conditions are registered. The CPU 201 of the proxy server 101 determines that the HTTP data in which the URL registered in the destination URL 1705 is set as the destination (request URL) matches this condition. In the reference source URL 1706, the conditions of the reference source URL are registered. The CPU 201 of the proxy server 101 determines that the URL registered in the reference source URL 1706 matches the HTTP data set in the reference source (referrer) to this condition.

  Here, the data structure of the HTTP request will be described with reference to FIG. As shown in FIG. 16, in the request lines 1601 and 1602 of HTTP data, a method, URL information (request URL) as a destination, and HTTP version information are set. In the present invention, the URL information set in the request lines 1601 and 1602 is collated with the relay control rule as the destination URL.

  Also, the Referer 1603 is set with URL information that is the source of this HTTP data transmission. In the present invention, the URL information set in the Referer 1603 is collated with the relay control rule as reference source URL information. The above is the description of FIG.

  Returning to the description of FIG. In the inspection condition 1707, a combination condition of the destination URL 1705 and the reference source URL 1706 is registered. When “AND” is registered in the inspection condition 1707, the CPU 201 of the proxy server 101 determines that the HTTP data to be subjected to relay control matches both the conditions of the destination URL 1705 and the reference source URL 1706. It is determined that the URL inspection condition is satisfied. Further, when “OR” is registered in the inspection condition 1707, the CPU 201 in the proxy server 101 matches the HTTP data to be subjected to relay control with at least one of the destination URL 1705 and the reference source URL 1706. If the URL check condition is satisfied, it is determined that the URL inspection condition is satisfied.

  In the category check 1708, information indicating whether or not to perform relay control on the condition of the category to which the URL belongs is registered. In FIG. 17, “◯” means that relay control is performed with a category as a condition, and “×” means that no relay control is performed. In the destination category 1709, the condition of the category to which the URL as the destination belongs is registered. In the category condition, a file extension condition that can be acquired from the URL as well as the category to which the destination URL belongs can be registered. The CPU 201 of the proxy server 101 determines that the HTTP data in which the URL belonging to the category registered in the destination category 1709 is set as the destination (request URL) matches this condition. When the file extension is also registered, the CPU 201 of the proxy server 101 belongs to the category in which the destination URL is registered, and the file extension that can be acquired from the destination URL matches the registered file extension. It is determined that such HTTP data matches this condition. In the reference source category 1710, the conditions of the reference source category are registered. Similar to the destination category 1709, the conditions of the file extension that can be acquired from the referrer (Referer) can be registered together with the referrer category. The CPU 201 of the proxy server 101 determines that the HTTP data in which the URL belonging to the category registered in the reference source category is set as the reference source (Referer) matches this condition. When the file extension is also registered, the CPU 201 of the proxy server 101 belongs to the category in which the reference source URL is registered, and the file extension that can be acquired from the reference source URL is the registered file extension. It is determined that HTTP data that matches the above condition meets this condition.

  In the inspection condition 1711, a combination condition of the destination category 1709 and the reference source category 1710 is registered. When “AND” is registered in the inspection condition 1711, the CPU 201 of the proxy server 101 determines that the HTTP data to be subjected to relay control matches both the conditions of the destination category 1709 and the reference source category 1710. Then, it is determined that the category inspection condition is satisfied. When “OR” is registered, if the HTTP data to be subjected to relay control satisfies at least one of the conditions of the destination category 1709 and the reference source category 1710, the category check condition is satisfied. to decide.

  In the file format 1712, a file format of a file (attached file) included in the HTTP data is registered. In the size 1713, a threshold condition for the size of the attached file is registered. In the size condition 1714, a file size condition (above, below, etc.) is registered. In the file and extension 1715, conditions for whether or not the file format and extension of the attached file match are registered.

  A keyword condition included in the HTTP data is registered in the keyword 1716. In operation 1717, processing to be performed on HTTP data that matches the relay control rule is registered. If “permitted” is registered in operation 1717, the CPU 201 of the proxy server 101 relays HTTP data that matches the relay control rule to the web server 105. When “not permitted” is registered, the CPU 201 of the proxy server 101 performs communication control such that HTTP data matching the relay control rule is not relayed to the web server. Become. The above is the description of the configuration of the relay control rule DB 311 in FIG.

  18 is a diagram showing an example of the configuration of the URL category DB 312 shown in FIG. As shown in FIG. 18, in the URL category DB 312, a large category 1801, a small category 1802, and a URL 1803 are set as data items.

  In the large category 1801, large category data of URL is registered. In the small category 1802, small category data that is a category obtained by further subdividing the large category is registered. In the URL, URL information belonging to the category is registered. Of course, one URL data may belong to a plurality of categories. The above is the description of the configuration of the URL category DB 312 in FIG.

  FIG. 19 is a diagram showing an example of the configuration of the file format management DB 313 shown in FIG. As shown in FIG. 19, the file format management DB 313 stores a file format / extension correspondence table 1900 and a file format / signature correspondence table 1910.

  The file format-extension correspondence table 1900 records the correspondence between the file format identifier 1901 and the extension 1902, and the file format-signature correspondence table 1910 records the correspondence between the file format identifier 1911 and the signature 1912. The above is the description of the configuration of the file format management DB 313 in FIG.

  Next, an overview of processing performed by the proxy server 101 will be described with reference to FIG. A program for causing the CPU 201 to execute the processing shown in FIG. 4 is stored in the external memory 211. The program is loaded into the RAM 202 as necessary, and the CPU 201 performs this processing according to the control of the program. .

  When the CPU 201 receives a relay control rule setting request (YES in step S401), the CPU 201 performs a relay control rule setting process (step S402). Details of the relay control rule setting process will be described later with reference to FIG. When the CPU 201 receives HTTP data (HTTP request) transmitted from the client PC 102 to the web server 105 (YES in step S403), the CPU 201 performs communication control processing for the HTTP request. Details of this processing will be described later with reference to FIG. The above processing is performed until an HTTP request communication control end instruction is received (YES in step S405). The above is an outline of the processing performed by the proxy server 101.

  Next, details of the relay control rule setting process in step S402 of FIG. 4 will be described with reference to FIG. This process is a process performed in accordance with control of a program for causing the CPU 201 of the proxy server 101 to function as the relay control rule setting unit 301.

  When the CPU 201 receives a relay control rule setting request from the client PC 102, the CPU 201 displays relay control rule setting screen information for causing the display unit of the client PC 102 to display the relay control rule setting screen 1400 shown in FIG. It transmits to (step S501). Upon receiving the relay control rule setting screen information from the proxy server 101, the client PC 102 displays the relay control rule setting screen 1400 on the display unit.

  FIG. 14 is a diagram illustrating an example of the configuration of the relay control rule setting screen 1400. As shown in FIG. 14, ID 1401, rule name 1402, and operation 1403 are set on the relay control rule setting screen 1400, and the operation button display unit 1404 updates, deletes, and deletes each relay control rule data. An update button 1405, a delete button 1406, a move button 1407, and an add button for moving are set. Furthermore, an add button 1408 for adding a new relay control rule is set.

  An ID 1401 is a display unit for displaying the ID of the relay control rule. The data displayed in the ID 1401 is registered in the ID 1701 of the relay control rule DB 311 in FIG. The rule name 1402 is a display unit for displaying the rule name of the relay control rule. Data displayed in the rule name 1402 is registered in the rule name 1703 of the relay control rule DB 311 in FIG. An operation 1403 is a display unit that displays processing performed by the proxy server 101 for data that matches the relay control rule. The data displayed in this operation 1403 is registered in the operation 1717 of the relay control rule DB 311 in FIG.

  The update button 1405 is a control used to make a detailed setting request for the relay control data to the proxy server 101. The delete button 1406 is a control used for making a request for deleting the relay control data to the proxy server 101.

  The move button 1407 is a control used to request the proxy server 101 to change the priority order of relay control data. An add button 1408 is a control for making a detailed setting request for the relay control rule to the proxy server 101 in order to register a new relay control rule. The above is the description of the configuration of the relay control rule setting screen 1400 shown in FIG.

  Then, after transmitting the relay control rule setting screen transmission information, it is determined that the relay control rule setting request sent from the client PC 102 is received by receiving an instruction to press the update button 1405 and the add button 1408 in the relay control rule setting screen 1400. If so (YES in step S502), the relay control rule detailed setting screen information for displaying the relay control rule detailed setting screen 1500 shown in FIG. 15 on the display unit of the client PC 102 is transmitted to the client PC 102 (step). S503).

  FIG. 15 is a diagram illustrating an example of a configuration of a relay control rule detail setting screen 1500 displayed on the display unit of the client PC 102 that has received the relay control rule detail setting screen information from the proxy server 101.

  As shown in FIG. 15, the relay control rule detail setting screen 1500 includes a rule ID display section 1501, a rule name input field 1502, a URL condition setting check box 1503, a destination setting check box 1504, a destination URL input field 1505, a reference source Setting check box 1506, reference source URL input field 1507, URL inspection condition specifying unit 1508, category condition setting check box 1509, destination setting check box 1510, destination category specifying unit 1511, reference source setting check box 1512, reference source category specifying unit 1513, category inspection condition specifying unit 1514, file format specifying unit 1515, size threshold value input field 1516, size condition specifying unit 1517, file type extension matching condition specifying unit 1518, keyword input field 1519, operation specifying unit 520 has been set.

  The rule ID display unit 1501 is a display unit that displays identification information for uniquely identifying the relay control rule. Information displayed on the rule ID display unit 1501 is registered in the rule ID 1701 of the relay control rule DB 1700. The rule name input field 1502 is an input field for inputting the rule name of the relay control rule. Information input in the rule name input field 1502 is registered in the rule name 1703 of the relay control rule DB 1700.

  A URL condition setting check box 1503 is a check box used for setting a URL condition. When the URL condition setting check box 1503 is checked, a destination setting check box 1504 and a reference source setting check box 1506 described later are enabled. When the URL condition setting check box 1503 is checked, “◯” is registered in the URL check 1704 of the relay control rule DB 1700, and “X” is registered when it is not entered.

  A destination setting check box 1504 is a check box used when inputting a destination URL condition. When the destination setting check box 1504 is checked, the destination URL input field 1505 is validated, and URL information can be input. A destination URL input field 1505 is an input unit for inputting destination URL conditions. Information input in the destination URL input field 1505 is registered in the destination URL 1705 of the relay control rule DB 1700.

  A reference source setting check box 1506 is a check box used when inputting a reference source URL condition. When the reference source setting check box 1506 is checked, the reference source URL input field 1507 is enabled, and URL information can be input. A reference source URL input field 1507 is an input unit for inputting a reference source URL condition. Information input in the reference source URL input field 1507 is registered in the reference source URL 1706 of the relay control rule DB 1700.

  The URL inspection condition specifying unit 1508 is effective when both the destination setting check box 1504 and the reference source setting check box 1506 are checked. Here, designation of a combination condition of a destination URL condition and a reference source URL condition is accepted. Here, when “AND” is designated, when “OR” is designated as the relay control rule that is determined to match the URL condition when both the destination URL condition and the reference URL condition are met. In this case, a relay control rule is generated that is determined to match the URL condition when at least one of the destination URL condition and the reference source URL condition is met. The designation information of the URL inspection condition specifying unit 1508 is registered in the inspection condition 1707 of the relay control rule DB 1700.

  A category condition setting check box 1509 is a check box used for setting a category condition. When the category condition setting check box 1509 is checked, a destination category setting check box 1510 and a reference source setting check box 1512 described later are enabled. When the category condition setting check box 1509 is checked, “◯” is registered in the category check 1708 of the relay control rule DB 1700, and “x” is registered when it is not entered.

  The destination category setting check box 1510 is a check box used when specifying a destination category condition. When the destination category setting check box 1510 is checked, the destination category designation unit 1511 is enabled, and category designation can be input. A destination category designation unit 1511 is a designation unit that designates a destination category condition. In the destination category condition, a file extension can be specified together with the category. If the file extension is also specified, it is determined that the condition is met if the destination URL belongs to the specified category and the file extension that can be acquired from the destination URL matches the specified file extension. . The category information specified by the destination category specifying unit 1511 is registered in the destination category 1709 of the relay control rule DB 1700.

  The reference source setting check box 1512 is a check box used when specifying a reference source category condition. When the reference source setting check box 1512 is checked, the reference source category specifying unit 1513 is enabled, and category specification can be input. A reference source category specifying unit 1513 is a specifying unit for specifying a reference source category condition. In the reference source category condition, a file extension can be specified together with the category. If the file extension is also specified, it is determined that this condition is met when the reference source URL belongs to the specified category and the file extension that can be acquired from the reference source URL matches the specified file extension. Is done. The category information specified by the reference source category specifying unit 1513 is registered in the reference source category 1710 of the relay control rule DB 1700.

  The category inspection condition specifying unit 1514 is effective when both the destination setting check box 1510 and the reference source setting check box 1512 are checked. Here, designation of a combination condition of a destination category condition and a reference source category condition is accepted. Here, when “AND” is designated, when “OR” is designated as the relay control rule that is determined to match the category condition when both the destination category condition and the reference source category condition are met, A relay control rule that is determined to match the category condition when it matches at least one of the destination category condition and the reference source category condition is created. The designation information of the category inspection condition designation unit 1514 is registered in the inspection condition 1711 of the relay control rule DB 1700.

  The file format designation unit 1515 is a designation unit that designates the file format of a file included in HTTP data. It is determined that HTTP data to which a file having the specified file format is attached satisfies this condition. The designation information designated by the file format designation unit 1515 is registered in the file format 1712 of the relay control rule DB 1700. A size threshold value input field 1516 is an input field for inputting a size threshold value of an attached file, and a size condition specifying unit 1517 is a specifying unit for specifying a size condition (above threshold value and below threshold value). The information input in the size threshold input field 1516 is registered in the size 1713 of the relay control rule DB 1700, and the specification information in the size condition specifying unit 1517 is registered in the size condition 1714.

  The file type extension matching condition designation unit 1518 is a designation unit that designates a matching condition between the file format of the attached file and the extension. The designation information designated by the file type extension matching condition designation unit 1518 is registered in the file format and extension 1715 of the relay control rule DB 1700.

  The keyword input field 1519 is an input field for inputting a keyword condition. For example, when creating a relay control rule that targets HTTP data including any of “confidential”, “confidential group”, and “confidential”, the separator “|” Enter "Group Confidential | Confidential". The input rule is not limited to this method. Information input in the keyword input field 1519 is registered in the keyword 1716 of the relay control rule DB 1700.

  The operation designation unit 1520 is a designation unit that designates an operation to be performed by the proxy server 101 for HTTP data that matches a relay control rule created based on input information to the relay control rule detail setting screen 1500. When “permitted” is designated, the process of relaying the HTTP data to the web server 105 is performed. When “not permitted” is designated, the HTTP data is not relayed to the web server 105. The CPU 201 of the proxy server 101 performs processing for notifying the client PC 102 that communication has been stopped. The designation information in the action designation unit 1520 is registered in the action 1717 of the relay control rule DB 1700. The above is the description of the configuration of the relay control rule detailed setting screen 1500.

  Returning to the description of FIG. If the CPU 201 of the proxy server 101 receives an instruction to press the move button 1407 on the relay control rule setting screen 1400 and determines that the relay control rule move request sent from the client PC 102 has been received (YES in step S504). ), Relay control rule moving screen information for displaying a relay control rule moving screen (not shown) on the display unit of the client PC 102 is transmitted to the client PC 102 (step S505). The client PC 102 transmits update information for changing the priority order to the proxy server 101 after receiving an update request for changing the priority order from the relay control rule moving screen.

  When the proxy server 101 receives the relay control rule update information from the client PC 102 (YES in step S506), the proxy server 101 updates the relay control rule DB 311 according to the received update information (step S507). Thereafter, the relay control rule setting screen information is regenerated according to the updated relay control rule DB 311 and transmitted to the client PC 102. The above processing is performed until it is determined that a setting processing end instruction has been received from the client PC 102 (YES in step S509). The above is the details of the relay control rule setting process in step S402 of FIG.

  Next, the HTTP request communication control process in step S404 of FIG. 4 will be described with reference to FIG.

  The CPU 201 of the proxy server 101 acquires HTTP request data transmitted from the client PC 102 (step S601). That is, communication data transmitted from the terminal device to the web server is acquired (corresponding to a first acquisition unit). Then, category determination processing of the destination URL of the acquired HTTP request data is performed (step S602). Thereafter, the category determination process of the referrer URL in the HTTP request data is performed (step S603). Details of this category determination processing will be described with reference to FIG.

  FIG. 7 is a flowchart showing details of the category determination processing in steps S602 and S603 of FIG. This processing is performed according to control of a program for causing the CPU 201 to function as the URL category determination unit 302.

The CPU 201 stores, in the URL category DB 312, the URL to be inspected, that is, the request URL included in the request lines 1601 and 1602 shown in FIG. 16 in the case of the destination URL and the URL set in the Referrer 1603 in the case of the reference source URL. It is searched whether it is registered ( step S701 ). That is, a reference source URL is acquired from the acquired communication data (corresponding to a second acquisition unit). Then, the acquired reference source URL is searched. As a result of the search, if there is a record in which the URL to be searched is registered in the URL 1803 of the URL category DB 312 (YES in step S702 ), the category information (large category 1801 and small category 1802) of each record is stored. The URL category is determined ( step S703 ). The above is the detailed description of the category determination processing in steps S602 and S603 in FIG. 6 shown in FIG.

  Returning to the description of FIG. After the process of step S603 is completed, a request detailed information acquisition process is performed (step S604). Details of this processing will be described with reference to FIG.

  FIG. 8 describes details of the request detailed information acquisition processing in step S604 of FIG. This processing is performed according to control of a program for causing the CPU 201 to function as the request detailed information acquisition unit 303.

  First, the CPU 201 determines whether a data file is attached to the HTTP request data acquired in step S601 (step S801). If it is determined that a data file is attached (YES in step S801), the CPU 201 acquires the file format of the data file (step S802). Thereafter, the CPU 201 acquires the extension of the data file (step S803) and the size of the data file (step S804). If the file format acquired in step S802 is a file format including text data (YES in step S805), the CPU 201 acquires text information from the data file (step S806).

  If NO is determined in step S801 and NO is determined in step S805, the CPU 201 proceeds to step S807 after the process of step S806 is completed, and the text information transmitted to the web server 105 is transmitted from a field other than the attached file. get. Then, the proxy server 101 performs relay control processing of the HTTP request data according to various information acquired by this processing. The above is the detailed description of the request information acquisition process in step S604 of FIG.

  Returning to the description of FIG. After completing the request detailed information acquisition process in step S604, the CPU 201 advances the process to step S605 and performs a relay control rule application process. Details of this processing will be described with reference to FIG.

  FIG. 9 is a flowchart showing details of the relay control rule application processing in step S605 of FIG. This process is performed according to a program control for causing the CPU 201 to function as the communication relay control unit 304. In this process, a process of applying the relay control rules registered in the relay control rule DB 311 to the HTTP request data according to the priority order is performed.

  First, the CPU 201 determines whether there is a relay control rule in the relay control rule DB 311 that is not applied (not applied) to the HTTP data (step S901). If it is determined that there is an unapplied relay control rule (YES in step S901), the relay control rule to be applied next to HTTP data is acquired in accordance with the priority order (step S902). Thereafter, the process proceeds to step S903, and relay control rule matching processing is performed. Details of the relay control rule matching process will be described with reference to FIG.

  FIG. 10 is a flowchart showing details of the relay control rule matching process in step S903 of FIG.

  First, the CPU 201 determines whether a URL condition is set in the relay control rule acquired in step S902 (step S1001). This determination process is determined according to the value registered in the URL check 1704 of the relay control rule. If the CPU 201 determines that the URL condition is set (YES in step S1001), the process proceeds to step S1002. If the URL condition is not set (NO in step S1001), the process proceeds to step S1004.

  In step S1002, the CPU 201 determines whether the URL set in the HTTP data matches the URL condition of the relay control rule. Details of this processing will be described with reference to FIG.

  FIG. 11 is a flowchart showing details of the URL condition checking process in step S1002 of FIG. First, the CPU 201 determines whether or not the destination URL 1705 is registered in the relay control rule acquired in step S902 (step S1101). If it is determined that it is registered (YES in step S1101), the process proceeds to step S1102, and if it is determined that it is not registered (NO in step S1101), the process proceeds to step S1105.

  In step S1102, the CPU 201 determines whether the request URL of the HTTP data to be inspected matches the URL set in the destination URL 1705. That is, when the destination condition is set in the relay control rule that is collated with the communication data, it is determined whether the destination URL acquired from the communication data matches the destination condition (corresponding to a determination unit). If it is determined that they match (YES in step S1102), the process proceeds to step S1103. If it is determined that they do not match (NO in step S1102), the process proceeds to step S1106.

  In step S1103, the CPU 201 determines whether the inspection condition 1707 of the relay control rule is AND. If it is determined to be AND (YES in step S1103), the process proceeds to step S1104. If it is determined not to be AND (NO in step S1103), the process proceeds to step S1109.

  In step S1104, the CPU 201 determines whether the reference source URL 1706 is registered in the relay control rule acquired in step S902 of FIG. If CPU 201 determines that it is registered (YES in step S1104), the process proceeds to step S1108, and if NO (NO in step S1104), the process proceeds to step S1109.

  In step S1105, the CPU 201 determines whether the reference source URL 1706 is registered in the relay control rule acquired in step S902. If CPU 201 determines that it is registered (YES in step S1105), the process proceeds to step S1108, and if NO (NO in step S1105), the process proceeds to step S1110.

  In step S1106, the CPU 201 determines whether the inspection condition 1707 of the relay control rule is AND. If it is determined to be AND (YES in step S1106), the process proceeds to step S1110. If it is determined not to be AND (NO in step S1106), the process proceeds to step S1107.

  In step S1107, the CPU 201 determines whether the reference source URL 1706 is registered in the relay control rule acquired in step S902. If CPU 201 determines that it is registered (YES in step S1107), the process proceeds to step S1108, and if NO (NO in step S1107), the process proceeds to step S1110.

  In step S <b> 1108, the CPU 201 determines whether the reference source URL of the HTTP data to be inspected matches the URL set in the reference source URL 1706. If CPU 201 determines that they match (YES in step S1108), the process proceeds to step S1109. If CPU 201 determines that they do not match (NO in step S1108), the process proceeds to step S1110.

  As a result of performing the processing from step S1101 to S1108, the CPU 201 determines that the URL condition is met when the processing proceeds to step S1109. On the other hand, if the process proceeds to step S1110, it is determined that the URL condition is not met. The above is the details of the URL condition determination processing in step S1002 of FIG.

  Returning to the description of FIG. If the CPU 201 determines in the URL condition checking process in step S1002 that the URL condition is met (YES in step S1003), the process proceeds to step S1004. On the other hand, if it is determined that the URL condition is not met (NO in step S1003), the process proceeds to step S1016.

  If NO is determined in step S1001 and YES is determined in step S1003, the CPU 201 determines whether a category condition is set in the relay control rule acquired in step S902 (step S1004). The CPU 201 makes a determination according to the value registered in the category check 1708 of the relay control rule. If the CPU 201 determines that the category condition is set (YES in step S1004), the process proceeds to step S1005. If the category condition is not set (NO in step S1004), the process proceeds to step S1007.

  In step S1005, the CPU 201 determines whether the category to which the URL set in the HTTP data belongs matches the URL condition of the relay control rule. Details of this processing will be described with reference to FIG.

  FIG. 12 is a flowchart showing details of the category condition inspection process in step S1005 of FIG. First, the CPU 201 determines whether the destination category 1709 is registered in the relay control rule acquired in step S902 (step S1201). If CPU 201 determines that it is registered (YES in step S1201), the process proceeds to step S1202. If CPU 201 determines that it is not registered (NO in step S1201), the process proceeds to step S1206.

  In step S1202, the CPU 201 performs category determination processing (destination). Details of this processing will be described with reference to FIG.

  FIG. 13 is a flowchart showing details of the category condition determination processing in steps S1202 and S1209 in FIG.

  First, the CPU 201 acquires category conditions registered in the relay control rule (step S1301). The destination category 1709 is acquired when the destination category condition is determined, and the reference source category 1710 is acquired when the reference source category is determined.

  In step S1302, the URL category determination process (destination) in step S602 in FIG. 6 is performed when the destination category condition is determined, and the URL category determination process (reference source) in step S603 is determined when the reference source category is determined. ) For all the categories determined in () (determined in step S703 in FIG. 7).

  If it is determined in step S1302 that inspection has not been completed for all categories to which the URL to be inspected belongs (NO in step S1302), an uninspected category is acquired (step S1303). Thereafter, it is determined whether or not the matching processing of all category conditions registered in the relay control rule has been completed for the uninspected category acquired in step S1303 (step S1304).

  If it is determined that the verification processing for all category conditions has not been completed, the CPU 201 acquires an unmatched category (step S1305). Then, it is determined whether the category acquired in step S1303 matches the category acquired in step S1305 (step S1306).

  If it is determined that the category to which the URL belongs matches the category set in the relay control rule (YES in step S1306), the process proceeds to step S1307 to determine whether an extension condition is specified for the category. If it is determined that the extension condition is specified (YES in step S1307), the process proceeds to step S1308. If it is determined that the extension condition is not specified (NO in step S1307), the process proceeds to step S1309. Proceed to

  In step S1308, the CPU 201 determines whether the extensions match. If it is determined that the extensions match, the process advances to step S1309.

  If it is determined NO in steps S1306 and S1308, the CPU 201 advances the processing to step S1304 and determines again whether there is an unmatched category. If it is determined that there is an unmatched category, the CPU 201 performs processing from step S1305 onward. On the other hand, if it is determined in step S1304 that collation of all categories registered in all category conditions has been completed (YES in step S1304), the CPU 201 advances the process to step S1302, and again includes all URLs to which the URL belongs. It is determined whether the category inspection process is completed. If it is determined in the determination process in step S1302 that all categories have not been inspected (NO in step S1303), the CPU 201 performs the processes in and after step S1303. On the other hand, if it is determined in step S1302 that all categories have been inspected (YES in step S1302), the process proceeds to step S1310.

  If the CPU 201 proceeds to step S1309 as a result of the processing from step S1301 to step S1308, the CPU 201 determines that the category of the URL of the HTTP data matches the category condition of the relay control rule. On the other hand, when the process proceeds to step S1310, the CPU 201 determines that the category condition is not met. The above is the details of the category condition determination processing in steps S1202 and S1209 in FIG.

  Returning to the description of FIG. If the CPU 201 determines that the destination category condition is met by the process of step S1202 (YES in step S1203), the process proceeds to step S1204. On the other hand, if it is determined that the destination category condition is not met (NO in step S1203), the process proceeds to step S1207.

  In step S1204, the CPU 201 determines whether the inspection condition 1711 of the relay control rule is AND. If it is determined to be AND (YES in step S1204), the process proceeds to step S1205. If it is determined not to be AND (NO in step S1204), the process proceeds to step S1211.

  In step S1205, the CPU 201 determines whether the reference source category 1710 is registered in the relay control rule acquired in step S902. If CPU 201 determines that it is registered (YES in step S1205), the process proceeds to step S1209, and if NO is determined (NO in step S1205), the process proceeds to step S1211.

  In step S1206, the CPU 201 determines whether the reference source category 1710 is registered in the relay control rule acquired in step S902. If CPU 201 determines that it is registered (YES in step S1206), the process proceeds to step S1209. If CPU 201 determines that it is not registered (NO in step S1206), the process proceeds to step S1212.

  In step S1207, the CPU 201 determines whether the inspection condition 1711 of the relay control rule is AND. If the CPU 201 determines that it is AND (YES in step S1207), the process proceeds to step S1212. If it is determined that it is not AND (NO in step S1106), the process proceeds to step S1208.

  In step S1208, the CPU 201 determines whether the reference source category 1710 is registered in the relay control rule acquired in step S902. If CPU 201 determines that it is registered (YES in step S1208), the process proceeds to step S1209, and if NO is determined (NO in step S1208), the process proceeds to step S1212.

  In step S <b> 1209, the CPU 201 determines whether the category to which the URL set in the reference source URL of the HTTP data to be inspected matches the category set in the reference source category 1710. Since this process is substantially the same as the process of step S1202, detailed description thereof is omitted.

  If the CPU 201 determines in step S1209 that the reference source category condition is met (YES in step S1210), the process proceeds to step S1211. On the other hand, if it is determined that the reference source category condition is not met (NO in step S1210), the process proceeds to step S1212.

  As a result of performing the processing of steps S1201 to S1210 described above, the CPU 201 determines that the category condition is met when the processing proceeds to step S1211. On the other hand, if the process proceeds to step S1212, it is determined that the category condition is not met. The above is the details of the category condition determination processing in step S1005 of FIG.

  Returning to the description of FIG. If the CPU 201 determines in step S1005 that the category condition is met (YES in step S1006), the process proceeds to step S1007. On the other hand, if it is determined that the category condition is not met (NO in step S1006), the process proceeds to step S1016.

  If NO is determined in step S1004 and YES is determined in step S1006, the CPU 201 determines whether a file format condition is set in the relay control rule acquired in step S902 of FIG. 9 (step S1007). The CPU 201 determines whether the file format is registered in the file format 1712 of the relay control rule. If the CPU 201 determines that the file format condition is set (YES in step S1007), the process proceeds to step S1008. If the CPU 201 determines that the file format condition is not set (NO in step S1007), the process proceeds to step S1007. The process proceeds to S1009.

  In step S1008, the CPU 201 determines whether the HTTP request data matches a file format condition set in the relay control rule. If any one of the file formats acquired in step S802 in FIG. 8 is included in the file format 1712 of the relay control rule, the CPU 201 determines that the file format matches (YES in step S1008), and the process proceeds to step S802. The process proceeds to S1009. On the other hand, if the file format acquired in step S802 of FIG. 8 is not included in the file format 1712, the CPU 201 determines that the file format does not match (NO in step S1008), and advances the process to step S1016.

  If NO is determined in step S1007 and YES is determined in step S1008, the CPU 201 determines whether the size and the size condition are set in the relay control rule acquired in step S902 (step S1009). The CPU 201 makes a determination according to the values registered in the size 1713 and the size condition 1714 of the relay control rule. If the CPU 201 determines that the size and the size condition are set (YES in step S1009), the process proceeds to step S1010. If the CPU 201 determines that the size is not set, the process proceeds to step S1011.

  The CPU 201 determines whether the size of the data file acquired in step S804 in FIG. 8 matches the size 1713 and the size condition 1714 (step S1010). If it is determined that they match (YES in step S1010), the process proceeds to step S1011. If it is determined that they do not match (NO in step S1010), the process proceeds to step S1016.

  If NO is determined in step S1009 and YES is determined in step S1010, the CPU 201 determines whether a matching condition between the file format and the extension is set in the relay control rule acquired in step S902 (step S1011). If it is determined that the file format is set (YES in step S1011), the file format management DB 313 is used to determine whether the relationship between the file format acquired in step S802 of FIG. 8 and the extension acquired in step S803 is correct. In accordance with the file format-extension correspondence table 1900 and the file format-signature correspondence table 1910, it is determined whether or not the file format and the extension match. Then, it is determined from the determination result whether the matching condition of the file format and the extension is met. If it is determined that they match (YES in step S1012), the process proceeds to step S1013. If it is determined that they do not match (NO in step S1012), the process proceeds to step S1016.

  If NO is determined in step S1011 and YES is determined in step S1012, the CPU 201 determines whether a keyword condition is set in the relay control rule acquired in step S902 (step S1013). The CPU 201 makes this determination based on whether or not information is registered in the keyword 1716 in the relay control rule. If it is determined that the keyword condition is set (YES in step S1013), the process proceeds to step S1014. If it is determined that the keyword condition is not set (NO in step S1013), the process proceeds to step S1015.

  In step S1014, the CPU 201 determines whether the text information acquired in steps S806 and S807 in FIG. 8 matches the keyword condition (step S1014). If it is determined that they match (YES in step S1014), the process proceeds to step S1015. If it is determined that they do not match (NO in step S1014), the process proceeds to step S1016.

  As a result of performing the processing from step S1001 to S1014, when the processing proceeds to step S1015, the CPU 201 determines that the HTTP data matches the relay control rule. That is, it is determined whether the communication data meets the conditions set in the relay control rule (corresponding to a determination unit). The above is the description of the relay control rule matching process in step S903 in FIG.

  Returning to the description of FIG. If it is determined in the relay control rule application process in step S903 that the HTTP request matches the relay control rule (YES in step S904), the process proceeds to step S905, and the relay control rule operation 1717 is set. It is determined to execute the process.

  On the other hand, if NO is determined in step S904, the CPU 201 advances the processing to step S901, and determines whether there are still unapplied relay control rules. If it is determined that it still remains (YES in step S901), the processing from step S902 is performed. On the other hand, if it is determined that all relay control rule application processes have been completed (NO in step S901), the process advances to step S906 to determine that the operation set as the default operation is to be executed. The above is the description of the relay control rule application process in step S605 of FIG.

  Returning to the description of FIG. In step S606, the CPU 201 determines whether the operation set in step S605 in FIG. 6 is communication permission. If the operation is to permit communication (YES in step 606), the CPU 201 relays (transmits) the HTTP request acquired in step S601 to the web server 105 indicated by the request URL (step S607). After that, when the HTTP response data in response to the HTTP request data relayed in step S607 is received from the web server 105 (YES in step S608), the CPU 201 relays the response (HTTP response data) to the client PC 102. . That is, whether to relay the communication data is determined according to the operation information set in the relay control rule (corresponding to a determination unit). When it is determined that relaying is possible, the communication data is relayed to the web server (corresponding to a relay unit).

  If it is determined in the determination process in step S606 that the operation for disabling communication is performed (NO in step S606), the process proceeds to step S610, and a disapproval response is transmitted to the client PC 102. The above is the detailed description of the HTTP data communication control process in step S404 of FIG.

As described above, according to the present invention, it is possible to perform relay control of communication data by using a reference source URL that is a URL from which various data are acquired and a destination URL that is a URL from which data is acquired. Become. Therefore, even for a web page configured to create one page by accessing a plurality of URLs, for example, content that allows display with respect to image data displayed on the web page by a combination of a reference source and a reference destination And content that is not permitted to be displayed.

  An object of the present invention is to supply a recording medium (or storage medium) that records software program codes for realizing the functions of the above-described embodiments to a system or apparatus, and the computer of the system or apparatus (or CPU or MPU). Needless to say, this can also be achieved by reading and executing the program code stored in the recording medium. In this case, the program code itself read from the recording medium realizes the functions of the above-described embodiment, and the recording medium on which the program code is recorded constitutes the present invention.

  Further, by executing the program code read by the computer, not only the functions of the above-described embodiments are realized, but also an operating system (OS) running on the computer based on the instruction of the program code. It goes without saying that a case where the function of the above-described embodiment is realized by performing part or all of the actual processing and the processing is included.

  Furthermore, after the program code read from the recording medium is written into a memory provided in a function expansion card inserted into the computer or a function expansion unit connected to the computer, the function is based on the instruction of the program code. It goes without saying that the CPU or the like provided in the expansion card or the function expansion unit performs part or all of the actual processing and the functions of the above-described embodiments are realized by the processing.

  When the present invention is applied to the recording medium, program code corresponding to the flowchart described above is stored in the recording medium.

101 Proxy server 102-1, 102-2, 102-3 Client PC
103 LAN (Local Area Network)
104 Wide area network 105-1, 105-2, 105-3 Web server 201 CPU
202 RAM
203 ROM
204 System bus 205 Input controller 206 Video controller 207 Memory controller 208 Communication I / F controller 209 Input device 210 Display device 210
211 External memory

Claims (7)

An information processing device that performs relay control of communication data of a data acquisition request transmitted from a terminal device to a web server,
Among the communication data transmitted from the terminal device to the web server, a condition for specifying communication data to be subjected to relay control, and whether or not to relay communication data meeting the condition are determined. A relay control rule in which operation information is set, which is acquired from the communication data, is a reference source URL that is a URL of an original web page that makes a data acquisition request, and a destination URL that is a destination to which the data acquisition request is made Is information for performing relay control of the communication data using, and includes at least information specified from the reference source URL or reference source URL and information specified from the destination URL or destination URL First storage means for storing at least one relay control rule capable of setting a condition to the condition;
First acquisition means for acquiring communication data transmitted from the terminal device to the web server;
Second acquisition means for acquiring a reference source URL from the communication data acquired by the first acquisition means;
Third acquisition means for acquiring a destination URL from the communication data acquired by the first acquisition means;
Whether the communication data matches the conditions set in the relay control rule using a combination of the reference source URL acquired by the second acquisition unit and the destination URL acquired by the third acquisition unit A judging means for judging
A determination unit that determines whether or not to relay the communication data according to operation information set in the relay control rule when the determination unit determines that the condition is satisfied;
When the determination unit determines that relaying is possible, the relay unit relays the communication data to the web server;
The information processing apparatus comprising: a. Second storage means for storing category information obtained by classifying the reference source URL;
Using the reference source URL acquired by the second acquisition means, category specifying means for specifying the category to which the reference source URL belongs from the second storage means;
Further comprising
In the relay control rule, the category stored in the second storage means can be set as the relay condition.
The determination unit determines whether the reference source URL acquired from the communication data belongs to the category set in the relay condition when the category of the reference source URL is set in the relay condition. The information processing apparatus according to claim 1. A file format specifying unit for specifying a file format of the file acquired from the destination URL acquired by the third acquiring unit;
In the relay control rule, the file format can be set as the relay condition,
The determination means determines whether the file format of the file acquired from the destination URL acquired from the communication data matches the file format set in the relay condition when the file format is set in the relay condition. The information processing apparatus according to claim 1, wherein the information processing apparatus determines. In the relay control rule, a priority order to apply the relay control rule is set,
2. The determination unit according to claim 1, wherein the determination unit compares the relay control rule and the communication data in order according to the priority order, and determines whether the communication data matches the relay control rule as a result of the comparison. 4. The information processing apparatus according to any one of 3.   The information processing apparatus according to claim 1, wherein a size condition and a keyword condition can be further set in the relay control rule. Among the communication data transmitted from the terminal device to the web server, a condition for specifying communication data to be subjected to relay control and an operation for determining whether or not to relay communication data that matches the condition It is a relay control rule in which information is set, and a reference source URL , which is a URL of an original web page to which a data acquisition request is made, obtained from the communication data , and a destination URL which is a destination to which the data acquisition request is made Information for performing relay control of the used communication data , including at least information specified from the reference source URL or reference source URL and information specified from the destination URL or destination URL Including at least one relay control rule that can be set as the above condition, and transmitted from the terminal device to the web server An information processing method performed by an information processing apparatus that performs relay control of communication data,
A first acquisition means for acquiring communication data transmitted from the terminal device to the web server;
A second acquisition step in which a second acquisition unit acquires the reference source URL from the communication data acquired in the first acquisition step;
A third acquisition step in which a third acquisition unit acquires the destination URL from the communication data acquired by the first acquisition unit;
The determination means uses a combination of the reference source URL acquired in the second acquisition step and the destination URL acquired in the third acquisition step to satisfy the condition that the communication data is set in the relay control rule. A determination process for determining whether or not they match,
A determination step of determining whether or not to relay the communication data according to the operation information set in the relay control rule when the determination unit determines that the condition is met in the determination step;
When the relay unit determines that relaying is possible in the determination step, the relay step of relaying the communication data to the web server;
An information processing method comprising : Among the communication data transmitted from the terminal device to the web server, a condition for specifying communication data to be subjected to relay control and an operation for determining whether or not to relay communication data that matches the condition It is a relay control rule in which information is set, and a reference source URL , which is a URL of an original web page to which a data acquisition request is made, obtained from the communication data , and a destination URL which is a destination to which the data acquisition request is made Information for performing relay control of the used communication data , including at least information specified from the reference source URL or reference source URL and information specified from the destination URL or destination URL From the terminal device to the web server. A computer program for functioning as an information processing apparatus that performs relay control of the communication data to be transmitted to server,
The computer,
An information processing device that performs relay control of communication data of a data acquisition request transmitted from a terminal device to a web server,
Among the communication data transmitted from the terminal device to the web server, a condition for specifying communication data to be subjected to relay control, and whether or not to relay communication data meeting the condition are determined. A relay control rule in which operation information is set, which is acquired from the communication data, is a reference source URL that is a URL of an original web page that makes a data acquisition request, and a destination URL that is a destination to which the data acquisition request is made First storage means for storing at least one relay control rule capable of setting a relay condition for performing the relay control of the communication data based on the condition;
First acquisition means for acquiring communication data transmitted from the terminal device to the web server;
Second acquisition means for acquiring the reference source URL from the communication data acquired by the first acquisition means;
Third acquisition means for acquiring the destination URL from the communication data acquired by the first acquisition means;
Whether the communication data matches the conditions set in the relay control rule using a combination of the reference source URL acquired by the second acquisition unit and the destination URL acquired by the third acquisition unit A judging means for judging
A determination unit that determines whether or not to relay the communication data according to operation information set in the relay control rule when the determination unit determines that the condition is satisfied;
If it is determined that allows the relay by the determining means, the information processing program characterized Rukoto to function as a relay unit that relays the communication data to the web server.

Images