WO2017049908A1 - Method and device for redirection - Google Patents

Method and device for redirection Download PDF

Info

Publication number
WO2017049908A1
WO2017049908A1 PCT/CN2016/081431 CN2016081431W WO2017049908A1 WO 2017049908 A1 WO2017049908 A1 WO 2017049908A1 CN 2016081431 W CN2016081431 W CN 2016081431W WO 2017049908 A1 WO2017049908 A1 WO 2017049908A1
Authority
WO
WIPO (PCT)
Prior art keywords
redirection
data stream
http data
media gateway
feature
Prior art date
Application number
PCT/CN2016/081431
Other languages
French (fr)
Chinese (zh)
Inventor
卢仲君
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2017049908A1 publication Critical patent/WO2017049908A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/40Support for services or applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/55Push-based network services

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Multimedia (AREA)
  • Information Transfer Between Computers (AREA)
  • Computer And Data Communications (AREA)

Abstract

A method and a device for redirection. The method comprises the following steps: a media gateway intercepting an HTTP data stream interacted between a client and a server (step 201); the media gateway detecting whether the HTTP data stream intercepted supports redirection (step 202); the media gateway performing redirection operations according to a predetermined strategy and the detection result of whether the HTTP data stream supports redirection (step 203).

Description

一种重定向的方法及装置Method and device for redirection 技术领域Technical field
本申请涉及但不限于互联网协议(Internet Protocol,简称为:IP)或传输控制协议(Transmission Control Protocol,简称为:TCP)网络中的超文本传送协议(Hyper-Text Transfer Protocol,简称为:HTTP)重定向技术领域。The present application relates to, but is not limited to, the Hyper-Text Transfer Protocol (HTTP) in the Internet Protocol (IP) or the Transmission Control Protocol (TCP) network. Redirection technology area.
背景技术Background technique
HTTP协议,即请求注解2616(Request For Comments2616,简称为:RFC2616)超文本传输协议,是TCP/IP网络上访问网络资源的主流协议。HTTP协议使用请求/响应方式,对应为客户端和服务端,客户端通过协议获取数据内容,服务端提供数据内容。服务端通过响应码指示客户端当前请求的结果,其中重定向码表示当前资源需要到另外一个统一资源定位符(Uniform Resource Locator,简称为:URL)上取获取,默认客户端收到该指示后会向新的URL发起连接并请求数据内容。The HTTP protocol, request for comment 2616 (Request For Comments 2616, referred to as: RFC2616) hypertext transfer protocol, is the mainstream protocol for accessing network resources on a TCP/IP network. The HTTP protocol uses the request/response method, which corresponds to the client and the server. The client obtains the data content through the protocol, and the server provides the data content. The server indicates the result of the current request by the client by using the response code, where the redirection code indicates that the current resource needs to be obtained by using another Uniform Resource Locator (URL), and the default client receives the indication. A connection is initiated to the new URL and the data content is requested.
在移动互联网领域,HTTP协议是移动终端访问网络使用的主流方式,是网络浏览器使用的默认协议。网络运营商(即服务端)经常使用HTTP重定向方式来向用户(即客户端)推送提醒信息(例如用户流量状况、特定服务迁移、充值、友情提醒、广告等),一般会部署于带深度包检测(Deep Packet Inspection,简称为:DPI)功能的媒体网关。但随着网络发展,越来越多小型应用程序(Application,简称为:APP)也使用HTTP协议,这类基于非浏览器的HTTP访问很多并不响应重定向,同时某些HTTP下载业务在服务端返回重定向时也会当作失败处理,此时主动使用重定向技术来推送提醒信息会造成用户业务失败,用户体验不佳。In the field of mobile Internet, the HTTP protocol is the mainstream way for mobile terminals to access the network, and is the default protocol used by web browsers. Network operators (ie, server) often use HTTP redirection to push reminders (such as user traffic status, specific service migration, recharge, friendship reminders, advertisements, etc.) to users (ie, clients), which are generally deployed in depth. Media gateway for packet detection (Deep Packet Inspection, DPI for short). However, with the development of the network, more and more small applications (Application, referred to as: APP) also use the HTTP protocol. This type of non-browser-based HTTP access does not respond to redirects, and some HTTP download services are in service. When the device returns to the redirect, it will also be treated as a failure. At this time, the active use of the redirection technology to push the reminder information will cause the user to fail the service and the user experience is not good.
在移动互联网络中,客户端(对应为用户终端实体)通过网络通道使用网络服务,数据内容经媒体网关转发至网络服务器,媒体网关能截获客户端和服务端之间交互的任何数据报文。配置实体是将策略配置应用在媒体网关上的配置源,通常地,该配置实体可以为策略与计费规则功能(Policy and  Charging Rules Function,简称为:PCRF)网元实体,当然也可以为本地配置源。如图1所示,为相关技术提供的一种重定向的装置的结构示意图,相关技术中主动重定向推送流程可以为:客户端访问服务端A的内容,数据报文到达媒体网关时,媒体网关检测出该HTTP流,并根据配置的策略,将服务端B的URL地址通过重定向带给客户端,客户端再发起访问服务端B(携带了服务端A的原始地址),即成功将服务端B的内容推送给客户端;作为可选步骤,通过服务端B提供的URL地址也可以再切换回服务端A。以上应用场景中,如果客户端是某些应用APP等非网络浏览器,可能不响应媒体网关返回的重定向码,此时客户端无法继续访问服务端B上的内容,这样客户端访问网络就会失败。In the mobile internet, the client (corresponding to the user terminal entity) uses the network service through the network channel, and the data content is forwarded to the network server by the media gateway, and the media gateway can intercept any data packet exchanged between the client and the server. The configuration entity is a configuration source that applies the policy configuration to the media gateway. Generally, the configuration entity can be a policy and charging rule function (Policy and Charging Rules Function (referred to as: PCRF) network element entity, of course, can also be a local configuration source. FIG. 1 is a schematic structural diagram of a redirection device provided by the related art. In the related art, the active redirection push process may be: the client accesses the content of the server A, and the data packet arrives at the media gateway, and the media The gateway detects the HTTP stream, and according to the configured policy, the URL of the server B is redirected to the client, and the client then initiates access to the server B (which carries the original address of the server A), that is, the gateway successfully The content of the server B is pushed to the client; as an optional step, the URL address provided by the server B can also be switched back to the server A. In the above application scenario, if the client is a non-web browser such as an application APP, it may not respond to the redirect code returned by the media gateway. At this time, the client cannot continue to access the content on the server B, so that the client accesses the network. Will fail.
发明内容Summary of the invention
以下是对本文详细描述的主题的概述。本概述并非是为了限制权利要求的保护范围。The following is an overview of the topics detailed in this document. This Summary is not intended to limit the scope of the claims.
本文提供一种重定向的方法及装置,解决了相关技术中媒体网关主动使用HTTP重定向技术来向用户推送提醒信息,在一定程度上可能造成用户访问业务失败的问题。The present invention provides a method and a device for redirection, which solves the problem that the media gateway actively uses the HTTP redirection technology to push the reminder information to the user in the related art, which may cause the user to access the service to a certain extent.
一种重定向的方法,包括以下步骤:A method of redirecting, including the following steps:
媒体网关截获客户端与服务端之间交互的HTTP数据流;The media gateway intercepts the HTTP data stream exchanged between the client and the server;
所述媒体网关检测所截获的HTTP数据流是否支持重定向;The media gateway detects whether the intercepted HTTP data stream supports redirection;
所述媒体网关根据所述HTTP数据流是否支持重定向的检测结果以及预定策略,执行重定向操作。The media gateway performs a redirection operation according to whether the HTTP data stream supports the detection result of the redirection and the predetermined policy.
可选地,所述媒体网关检测所截获的HTTP数据流是否支持重定向,包括:Optionally, the media gateway detects whether the intercepted HTTP data stream supports redirection, including:
所述媒体网关检测所述HTTP数据流的特征与预置的特征库是否匹配;The media gateway detects whether the feature of the HTTP data stream matches a preset feature database;
当所述媒体网关检测到所述HTTP数据流的特征与预置的特征库匹配时,将所述HTTP数据流作为支持重定向的第一检测结果。When the media gateway detects that the feature of the HTTP data stream matches the preset feature database, the HTTP data stream is used as a first detection result that supports redirection.
可选地,所述媒体网关检测所截获的HTTP数据流是否支持重定向,还包括: Optionally, the media gateway detects whether the intercepted HTTP data stream supports redirection, and further includes:
当所述媒体网关检测到所述HTTP数据流的特征与所述预置的特征库不匹配时,将所述HTTP数据流作为支持重定向的第二检测结果。When the media gateway detects that the feature of the HTTP data stream does not match the preset feature database, the HTTP data stream is used as a second detection result that supports redirection.
可选地,所述媒体网关根据所述HTTP数据流是否支持重定向的检测结果以及预定策略,执行重定向操作,包括:Optionally, the media gateway performs a redirection operation according to whether the HTTP data stream supports the detection result of the redirection and the predetermined policy, including:
所述媒体网关根据所述HTTP数据流作为支持重定向的所述第一检测结果或所述第二检测结果,以及所述预定策略中需要支持的重定向业务时,执行所述重定向操作。The media gateway performs the redirection operation according to the HTTP data stream as the first detection result or the second detection result that supports redirection, and the redirection service that needs to be supported in the predetermined policy.
可选地,当所述媒体网关根据所述HTTP数据流作为支持重定向的所述第二检测结果执行所述重定向操作之后,还包括:Optionally, after the media gateway performs the redirection operation according to the second detection result of the HTTP data flow as the redirection, the method further includes:
所述媒体网关对所执行重定向操作的结果进行验证。The media gateway verifies the result of the redirect operation performed.
可选地,所述媒体网关对所执行重定向操作的结果进行验证,包括:Optionally, the media gateway verifies the result of the performed redirection operation, including:
所述媒体网关通过跟踪执行所述重定向操作的客户端,在设定时间内验证所述客户端是否重新获取指定的重定向资源;The media gateway checks whether the client re-acquires the specified redirect resource within a set time by tracking the client performing the redirection operation;
当所述媒体网关验证出所述客户端重新获取所述指定的重定向资源时,在作为所述第二检测结果的所述HTTP数据流的特征上添加验证成功标识,并保存到预置的特征库中;When the media gateway verifies that the client re-acquires the specified redirect resource, adds a verification success identifier to the feature of the HTTP data stream as the second detection result, and saves the preset identifier In the feature library;
当所述媒体网关验证出所述客户端未重新获取所述指定的重定向资源时,在作为所述第二检测结果的所述HTTP数据流的特征上添加验证失败标识,并保存到预置的特征库中。When the media gateway verifies that the specified resource is not re-acquired by the client, adding a verification failure identifier to the feature of the HTTP data stream as the second detection result, and saving the preset In the feature library.
一种重定向的装置,设置在媒体网关中,所述重定向的装置包括:A redirection device is disposed in a media gateway, where the redirecting device includes:
获取模块,设置为:截获客户端与服务端之间交互的HTTP数据流;The obtaining module is configured to: intercept an HTTP data stream exchanged between the client and the server;
检测模块,设置为:检测所述获取模块截获的HTTP数据流是否支持重定向;The detecting module is configured to: detect whether the HTTP data stream intercepted by the acquiring module supports redirection;
执行模块,设置为:根据所述检测模块检测出所述HTTP数据流是否支持重定向的检测结果以及预定策略,执行重定向操作。The execution module is configured to: perform a redirection operation according to whether the detection module detects whether the HTTP data stream supports the detection result of the redirection and the predetermined policy.
可选地,所述检测模块包括:Optionally, the detecting module includes:
第一检测单元,设置为:检测所述HTTP数据流的特征与所述预置的特征 库是否匹配,当检测到所述HTTP数据流的特征与预置的特征库匹配时,将所述HTTP数据流作为支持重定向的第一检测结果。a first detecting unit, configured to: detect a feature of the HTTP data stream and the preset feature Whether the library matches, when detecting that the feature of the HTTP data stream matches the preset feature database, the HTTP data stream is used as a first detection result supporting redirection.
可选地,所述检测模块还包括:Optionally, the detecting module further includes:
第二检测单元,设置为:检测所述HTTP数据流的特征与所述预置的特征库是否匹配,当检测到所述HTTP数据流的特征与预置的特征库不匹配时,将所述HTTP数据流作为支持重定向的第二检测结果。a second detecting unit, configured to: detect whether a feature of the HTTP data stream matches the preset feature database, and when detecting that the feature of the HTTP data stream does not match a preset feature database, The HTTP data stream serves as the second detection result that supports redirection.
可选地,所述执行模块包括:Optionally, the execution module includes:
执行单元,设置为:根据所述HTTP数据流作为支持重定向的所述第一检测结果或所述第二检测结果,以及所述预定策略中需要支持的重定向业务时,执行所述重定向操作。An execution unit, configured to: perform the redirection according to the HTTP data flow as the first detection result or the second detection result that supports redirection, and a redirection service that needs to be supported in the predetermined policy operating.
本发明实施例提供的重定向的方法及装置,通过媒体网关截获客户端与服务端之间交互的HTTP数据流,并检测所截获的HTTP数据流是否支持重定向,从而根据检测结果和预定策略执行重定向操作;本发明实施例解决了相关技术中媒体网关主动使用HTTP重定向技术来向用户推送提醒信息,在一定程度上可能造成用户访问业务失败的问题,并减少了失败场景的出现,提高了用户体验。The method and device for redirecting provided by the embodiment of the present invention intercepts an HTTP data stream exchanged between a client and a server through a media gateway, and detects whether the intercepted HTTP data stream supports redirection, thereby determining a result according to the detection result and a predetermined policy. The redirection operation is performed. The embodiment of the present invention solves the problem that the media gateway actively uses the HTTP redirection technology to push the reminder information to the user in the related art, which may cause the user to fail to access the service to a certain extent, and reduces the occurrence of the failure scenario. Improve the user experience.
在阅读并理解了附图和详细描述后,可以明白其他方面。Other aspects will be apparent upon reading and understanding the drawings and detailed description.
附图概述BRIEF abstract
图1为相关技术提供的一种重定向的装置的结构示意图;1 is a schematic structural diagram of a redirection device provided by the related art;
图2为本发明实施例提供的一种重定向的方法的流程图;2 is a flowchart of a method for redirecting according to an embodiment of the present invention;
图3为本发明实施例提供的一种重定向的装置的结构示意图;FIG. 3 is a schematic structural diagram of a device for redirecting according to an embodiment of the present disclosure;
图4为本发明实施例提供的另一种重定向的装置的结构示意图。FIG. 4 is a schematic structural diagram of another apparatus for redirecting according to an embodiment of the present invention.
本发明的实施方式Embodiments of the invention
下文中将结合附图对本发明的实施方式进行详细说明。需要说明的是,在不冲突的情况下,本文中的实施例及实施例中的特征可以相互任意组合。 Embodiments of the present invention will be described in detail below with reference to the accompanying drawings. It should be noted that, in the case of no conflict, the features in the embodiments and the embodiments herein may be arbitrarily combined with each other.
在附图的流程图示出的步骤可以在诸如一组计算机可执行指令的计算机系统中执行。并且,虽然在流程图中示出了逻辑顺序,但是在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤。The steps illustrated in the flowchart of the figures may be executed in a computer system such as a set of computer executable instructions. Also, although logical sequences are shown in the flowcharts, in some cases the steps shown or described may be performed in a different order than the ones described herein.
图2为本发明实施例提供的一种重定向的方法的流程图,如图2所示,包括以下步骤,即步骤201~步骤203:FIG. 2 is a flowchart of a method for redirection according to an embodiment of the present invention. As shown in FIG. 2, the method includes the following steps, that is, steps 201 to 203:
步骤201:媒体网关截获客户端与服务端之间交互的HTTP数据流;Step 201: The media gateway intercepts an HTTP data stream exchanged between the client and the server.
步骤202:媒体网关检测所截获的HTTP数据流是否支持重定向;Step 202: The media gateway detects whether the intercepted HTTP data stream supports redirection;
步骤203:媒体网关根据所述HTTP数据流是否支持重定向的检测结果以及预定策略,执行重定向操作。Step 203: The media gateway performs a redirection operation according to whether the HTTP data stream supports the detection result of the redirection and the predetermined policy.
可选地,所述媒体网关检测所截获的HTTP数据流是否支持重定向,包括:媒体网关检测所述HTTP数据流的特征与预置的特征库是否匹配;当媒体网关检测到所述HTTP数据流的特征与预置的特征库匹配时,将所述HTTP数据流作为支持重定向的第一检测结果。Optionally, the media gateway detects whether the intercepted HTTP data stream supports redirection, including: the media gateway detects whether the feature of the HTTP data stream matches a preset feature database; and when the media gateway detects the HTTP data When the feature of the stream matches the preset feature database, the HTTP data stream is used as the first detection result supporting the redirection.
可选地,所述媒体网关检测所截获的HTTP数据流是否支持重定向,还包括:当媒体网关检测到所述HTTP数据流的特征与预置的特征库不匹配时,将所述HTTP数据流作为支持重定向的第二检测结果。Optionally, the media gateway detects whether the intercepted HTTP data stream supports redirection, and further includes: when the media gateway detects that the feature of the HTTP data stream does not match the preset feature database, the HTTP data is used. The stream serves as the second test result that supports redirection.
可选地,所述媒体网关根据所述HTTP数据流是否支持重定向的检测结果以及预定策略,执行重定向操作,包括:媒体网关根据所述HTTP数据流作为支持重定向的第一检测结果或第二检测结果,以及预定策略中需要支持的重定向业务时,执行重定向操作。Optionally, the media gateway performs a redirection operation according to whether the HTTP data stream supports the detection result of the redirection and the predetermined policy, where the media gateway uses the HTTP data stream as a first detection result that supports redirection or The second detection result, and the redirection service that needs to be supported in the predetermined policy, performs a redirection operation.
可选地,当媒体网关根据所述HTTP数据流作为支持重定向的第二检测结果执行重定向操作之后,还包括:媒体网关对所执行重定向操作的结果进行验证。在实际应用中,媒体网关对所执行重定向操作的结果进行验证,可以包括:媒体网关通过跟踪执行重定向操作的客户端,在设定时间内验证客户端是否重新获取指定的重定向资源;当媒体网关验证出客户端重新获取指定的重定向资源时,在作为第二检测结果的所述HTTP数据流的特征上添加验证成功标识,并保存到预置的特征库中;当媒体网关验证出客户端未重新获取指定的重定向资源时,在作为第二检测结果的所述HTTP数据流的特征上添加 验证失败标识,并保存到预置的特征库中。Optionally, after the media gateway performs the redirection operation according to the HTTP data flow as the second detection result that supports the redirection, the method further includes: the media gateway verifying the result of the performing the redirection operation. In the actual application, the media gateway verifies the result of the redirection operation, which may include: the media gateway, by tracking the client performing the redirection operation, verifying whether the client re-acquires the specified redirection resource within a set time; When the media gateway verifies that the client reacquires the specified redirection resource, the verification success identifier is added to the feature of the HTTP data stream as the second detection result, and is saved in the preset feature database; when the media gateway verifies When the client does not re-acquire the specified redirect resource, add the feature of the HTTP data stream as a result of the second detection. Verify the failure ID and save it to the preset signature database.
图3为本发明实施例提供的一种重定向的装置的结构示意图,该重定向的装置设置在媒体网关中,如图3所示,该重定向的装置包括:获取模块301、检测模块302以及执行模块303。FIG. 3 is a schematic structural diagram of a redirection device according to an embodiment of the present invention. The redirection device is disposed in a media gateway. As shown in FIG. 3, the redirection device includes: an obtaining module 301, and a detecting module 302. And executing module 303.
其中,所述获取模块301,设置为:截获客户端与服务端之间交互的HTTP数据流;The obtaining module 301 is configured to: intercept an HTTP data stream that is exchanged between the client and the server;
所述检测模块302,设置为:检测获取模块301截获的HTTP数据流是否支持重定向;The detecting module 302 is configured to: detect whether the HTTP data stream intercepted by the obtaining module 301 supports redirection;
所述执行模块303,设置为:根据检测模块302检测出所述HTTP数据流是否支持重定向的检测结果以及预定策略,执行重定向操作。The executing module 303 is configured to perform a redirection operation according to whether the detection module 302 detects whether the HTTP data stream supports the detection result of the redirection and the predetermined policy.
可选地,所述检测模块302包括:第一检测单元,设置为:检测所述HTTP数据流的特征与预置的特征库是否匹配,当检测到所述HTTP数据流的特征与预置的特征库匹配时,将所述HTTP数据流作为支持重定向的第一检测结果;第二检测单元,设置为:检测所述HTTP数据流的特征与预置的特征库是否匹配,当检测到所述HTTP数据流的特征与预置的特征库不匹配时,将所述HTTP数据流作为支持重定向的第二检测结果。所述执行模块303包括:执行单元,设置为:根据所述HTTP数据流作为支持重定向的第一检测结果或第二检测结果,以及预定策略中需要支持的重定向业务时,执行重定向操作。Optionally, the detecting module 302 includes: a first detecting unit, configured to: detect whether a feature of the HTTP data stream matches a preset feature database, when detecting a feature of the HTTP data stream and a preset When the signature database is matched, the HTTP data stream is used as a first detection result for supporting redirection; and the second detecting unit is configured to: detect whether the feature of the HTTP data stream matches a preset feature database, and when detecting When the feature of the HTTP data stream does not match the preset feature database, the HTTP data stream is used as a second detection result that supports redirection. The execution module 303 includes: an execution unit, configured to: perform a redirection operation according to the HTTP data flow as a first detection result or a second detection result that supports redirection, and a redirection service that needs to be supported in a predetermined policy .
图4为本发明实施例提供的另一种重定向的装置的结构示意图,如图4所示,HTTP协议使用请求/响应方式,对应为客户端和服务器,客户端通过HTTP协议获取数据内容,服务端提供数据内容。服务器通过响应码指示客户端当前请求的结果,其中重定向码表示当前资源需要到另外一个URL上取获取,默认客户端收到该指示后会向新的URL发起连接并请求数据内容。在需要主动使用HTTP重定向方式推送提醒信息的媒体网关上,HTTP业务报文首先在媒体网关被截获。在媒体网关中部署了以下三个模块:4 is a schematic structural diagram of another apparatus for redirecting according to an embodiment of the present invention. As shown in FIG. 4, the HTTP protocol uses a request/response mode, corresponding to a client and a server, and the client obtains data content through an HTTP protocol. The server provides data content. The server indicates the result of the current request by the client through the response code, wherein the redirect code indicates that the current resource needs to be obtained by another URL, and the default client will initiate a connection to the new URL and request the data content after receiving the indication. On the media gateway that needs to actively use the HTTP redirect method to push the reminder information, the HTTP service packet is first intercepted at the media gateway. The following three modules are deployed in the media gateway:
1)、检测模块401:设置为:检测HTTP流是否可被重定向;1), detection module 401: set to: detect whether the HTTP stream can be redirected;
2)、执行模块402:设置为:根据检测模块401的输入和策略决策,执行重定向; 2) Execution module 402: configured to: perform redirection according to input and policy decision of the detection module 401;
3)、验证模块403:设置为:验证客户端是否按预期进行了重定向行为,并更新特征。3), the verification module 403: set to: verify whether the client performs the redirection behavior as expected, and update the feature.
在本实施例中,所述检测模块401通过可更新的特征库来识别支持重定向的HTTP流,可选地,可以使用公开的用户代理(User-Agent)域或私有域特征;这些特征可以是人为配置(可更新的特征库)或自动检测。如果当前特征库没有匹配的特征时,自动检测启动,可以提取域的关键字信息,比如可以使用基于莱文斯坦距离的近似匹配检测方法提取;当前HTTP流按照可重定向来输出结果,提取的特征传递后续模块。综上检测模块401对HTTP输出的检测信息包括:是否支持重定向、匹配的特征是否经过了验证模块403验证成功、是否存在新提取的特征。也就是说,在网络浏览器或应用APP访问网络时,HTTP头域中类似User-Agent等域会携带客户端信息;部分APP会携带一些私有特征,这些特征会指示客户端的相关信息;同时对于下载业务,请求行里也会携带一些关键字;这些特征都可以作为HTTP业务检测的备选信息。随着APP等应用增加,这些特征可能变化,因此检测模块401是可更新的。检测模块401的目标是检测出哪些HTTP流可以被重定向,检测模块401需要一个基础的特征库(这个库可以人工设置或更新),用于匹配决策;如果检测模块401基于当前特征库无法识别,则根据设定的框架(比如哪些域可能存在关键信息)提取关键信息,并将结果传递给后续模块。In this embodiment, the detecting module 401 identifies an HTTP stream that supports redirection through an updateable feature library. Alternatively, a public User-Agent domain or a private domain feature may be used; It is artificially configured (updateable signature library) or automatically detected. If the current feature library has no matching features, the automatic detection starts, and the keyword information of the domain can be extracted, for example, the approximate matching detection method based on the Levinstein distance can be extracted; the current HTTP stream is outputted according to the redirection, and the extracted The feature passes the subsequent module. The detection information of the HTTP output by the detection module 401 includes whether the redirection is supported, whether the matched feature has been verified by the verification module 403, and whether there is a newly extracted feature. That is to say, when the web browser or the application APP accesses the network, the domain such as User-Agent in the HTTP header field carries the client information; some APPs carry some private features, which indicate the relevant information of the client; Download the service, the request line will also carry some keywords; these features can be used as alternative information for HTTP service detection. As applications such as APP increase, these features may change, so the detection module 401 is updatable. The target of the detection module 401 is to detect which HTTP streams can be redirected, and the detection module 401 needs a basic feature library (this library can be manually set or updated) for matching decisions; if the detection module 401 is not recognized based on the current feature library , according to the set framework (such as which domains may have key information) to extract key information, and pass the results to subsequent modules.
检测模块401的结果会传递到执行模块402,执行模块402根据系统的策略(本地配置或远程配置指示是否需要执行主动重定向),以及检测模块401的检测结果作为输入,决策是否执行重定向。如果HTTP流被执行了重定向,且检测模块401匹配的特征未经过验证模块403或属于本次新识别的特征,则当前HTTP流信息需要被记录下来,即如果检测模块401提示当前HTTP特征未经确认或者属于新检测到的关键信息,则将当前报文的特征记录下来传递给验证模块403,后续通过验证模块403来更新特征库。The result of the detection module 401 is passed to the execution module 402, which determines whether to perform the redirection according to the policy of the system (local configuration or remote configuration indicates whether active redirection needs to be performed) and the detection result of the detection module 401 as an input. If the HTTP stream is redirected, and the feature matched by the detection module 401 has not passed the verification module 403 or belongs to the newly identified feature, the current HTTP stream information needs to be recorded, that is, if the detection module 401 prompts that the current HTTP feature is not After confirming or belonging to the newly detected key information, the feature of the current message is recorded and transmitted to the verification module 403, and the signature library is updated by the verification module 403.
为了验证客户端是否执行了预期重定向行为,提高检测模块401的正确率,部署一个重定向成功的验证模块403,验证模块403是设置为:跟踪和验证主动执行了重定向推送的HTTP流程是否发起了重新获取指定资源的流程,即通过跟踪执行了重定向的客户端,检查客户端在一定的时限内是否访问了 指定的重定向资源。该验证模块403根据检测结果反向地更新检测模块401的特征库,比如修改特征库或者往特征库中加入新的特征。也就是说,对于验证成功的特征,需要反向更新特征库,比如设置可信字段或插入新的特征内容等;对于验证失败的特征,也同样需要在特征库中进行标识。所以该验证模块403的作用包括校正识别结果、固化可信特征以及增加候选特征。In order to verify whether the client performs the expected redirection behavior, improve the correct rate of the detection module 401, and deploy a redirection successful verification module 403, the verification module 403 is configured to: track and verify whether the HTTP process actively performing the redirection push is The process of re-acquiring the specified resource is initiated, that is, by tracking the client that performed the redirection, checking whether the client has accessed within a certain time limit. The specified redirect resource. The verification module 403 inversely updates the feature library of the detection module 401 according to the detection result, such as modifying the feature library or adding a new feature to the feature library. That is to say, for the feature of successful verification, it is necessary to update the feature library in reverse, such as setting a trusted field or inserting a new feature content; for the feature that fails to be verified, it is also required to identify in the feature library. Therefore, the role of the verification module 403 includes correcting the recognition result, solidifying the trusted feature, and increasing the candidate feature.
三个模块经过如此反复,达到自动检测并执行重定向的目标。After repeated, the three modules reach the goal of automatically detecting and performing the redirection.
综上所述,本发明实施例具有以下技术效果:In summary, the embodiments of the present invention have the following technical effects:
采用本发明实施例通过检测模块401和验证模块403,在正常需要重定向的HTTP流中有选择性地执行重定向,提高了HTTP重定向推送的成功率,减少因主动推送造成的认为失败场景,提升用户体验。The detection module 401 and the verification module 403 are used to selectively perform redirection in the HTTP stream that needs to be redirected, which improves the success rate of the HTTP redirection push and reduces the perceived failure scenario caused by the active push. To enhance the user experience.
本领域普通技术人员可以理解上述实施例的全部或部分步骤可以使用计算机程序流程来实现,所述计算机程序可以存储于一计算机可读存储介质中,所述计算机程序在相应的硬件平台上(如系统、设备、装置、器件等)执行,在执行时,包括方法实施例的步骤之一或其组合。One of ordinary skill in the art will appreciate that all or a portion of the steps of the above-described embodiments can be implemented using a computer program flow, which can be stored in a computer readable storage medium, such as on a corresponding hardware platform (eg, The system, device, device, device, etc. are executed, and when executed, include one or a combination of the steps of the method embodiments.
可选地,上述实施例的全部或部分步骤也可以使用集成电路来实现,这些步骤可以被分别制作成一个个集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。Alternatively, all or part of the steps of the above embodiments may also be implemented by using an integrated circuit. These steps may be separately fabricated into individual integrated circuit modules, or multiple modules or steps may be fabricated into a single integrated circuit module. achieve.
上述实施例中的装置/功能模块/功能单元可以采用通用的计算装置来实现,它们可以集中在单个的计算装置上,也可以分布在多个计算装置所组成的网络上。The devices/function modules/functional units in the above embodiments may be implemented by a general-purpose computing device, which may be centralized on a single computing device or distributed over a network of multiple computing devices.
上述实施例中的装置/功能模块/功能单元以软件功能模块的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。上述提到的计算机可读取存储介质可以是只读存储器,磁盘或光盘等。When the device/function module/functional unit in the above embodiment is implemented in the form of a software function module and sold or used as a stand-alone product, it can be stored in a computer readable storage medium. The above mentioned computer readable storage medium may be a read only memory, a magnetic disk or an optical disk or the like.
工业实用性Industrial applicability
本发明实施例通过媒体网关截获客户端与服务端之间交互的HTTP数据流,并检测所截获的HTTP数据流是否支持重定向,从而根据检测结果和预定策略执行重定向操作;解决了相关技术中媒体网关主动使用HTTP重定向技术 来向用户推送提醒信息,在一定程度上可能造成用户访问业务失败的问题,并减少了失败场景的出现,提高了用户体验。 The embodiment of the present invention intercepts the HTTP data flow exchanged between the client and the server through the media gateway, and detects whether the intercepted HTTP data stream supports redirection, thereby performing a redirection operation according to the detection result and the predetermined policy; Medium Media Gateway actively uses HTTP redirection technology To push the reminder information to the user, the user may fail to access the service to a certain extent, and reduce the occurrence of the failure scenario and improve the user experience.

Claims (10)

  1. 一种重定向的方法,包括:A method of redirection, including:
    媒体网关截获客户端与服务端之间交互的HTTP数据流;The media gateway intercepts the HTTP data stream exchanged between the client and the server;
    所述媒体网关检测所截获的HTTP数据流是否支持重定向;The media gateway detects whether the intercepted HTTP data stream supports redirection;
    所述媒体网关根据所述HTTP数据流是否支持重定向的检测结果以及预定策略,执行重定向操作。The media gateway performs a redirection operation according to whether the HTTP data stream supports the detection result of the redirection and the predetermined policy.
  2. 根据权利要求1所述的方法,其中,所述媒体网关检测所截获的HTTP数据流是否支持重定向,包括:The method of claim 1, wherein the media gateway detects whether the intercepted HTTP data stream supports redirection, including:
    所述媒体网关检测所述HTTP数据流的特征与预置的特征库是否匹配;The media gateway detects whether the feature of the HTTP data stream matches a preset feature database;
    当所述媒体网关检测到所述HTTP数据流的特征与预置的特征库匹配时,将所述HTTP数据流作为支持重定向的第一检测结果。When the media gateway detects that the feature of the HTTP data stream matches the preset feature database, the HTTP data stream is used as a first detection result that supports redirection.
  3. 根据权利要求2所述的方法,其中,所述媒体网关检测所截获的HTTP数据流是否支持重定向,还包括:The method of claim 2, wherein the media gateway detects whether the intercepted HTTP data stream supports redirection, and further includes:
    当所述媒体网关检测到所述HTTP数据流的特征与所述预置的特征库不匹配时,将所述HTTP数据流作为支持重定向的第二检测结果。When the media gateway detects that the feature of the HTTP data stream does not match the preset feature database, the HTTP data stream is used as a second detection result that supports redirection.
  4. 根据权利要求3所述的方法,其中,所述媒体网关根据所述HTTP数据流是否支持重定向的检测结果以及预定策略,执行重定向操作,包括:The method of claim 3, wherein the media gateway performs a redirection operation according to whether the HTTP data stream supports the detection result of the redirection and the predetermined policy, including:
    所述媒体网关根据所述HTTP数据流作为支持重定向的所述第一检测结果或所述第二检测结果,以及所述预定策略中需要支持的重定向业务时,执行所述重定向操作。The media gateway performs the redirection operation according to the HTTP data stream as the first detection result or the second detection result that supports redirection, and the redirection service that needs to be supported in the predetermined policy.
  5. 根据权利要求4所述的方法,其中,当所述媒体网关根据所述HTTP数据流作为支持重定向的所述第二检测结果执行所述重定向操作之后,还包括:The method of claim 4, further comprising: after the performing, by the media gateway, the redirection operation according to the second detection result of the redirection of the HTTP data stream,
    所述媒体网关对所执行重定向操作的结果进行验证。The media gateway verifies the result of the redirect operation performed.
  6. 根据权利要求5所述的方法,其中,所述媒体网关对所执行重定向操作的结果进行验证,包括:The method of claim 5, wherein the media gateway verifies the result of the performed redirection operation, including:
    所述媒体网关通过跟踪执行所述重定向操作的客户端,在设定时间内验 证所述客户端是否重新获取指定的重定向资源;The media gateway checks the client performing the redirection operation and checks the set time Whether the client re-acquires the specified redirect resource;
    当所述媒体网关验证出所述客户端重新获取所述指定的重定向资源时,在作为所述第二检测结果的所述HTTP数据流的特征上添加验证成功标识,并保存到预置的特征库中;When the media gateway verifies that the client re-acquires the specified redirect resource, adds a verification success identifier to the feature of the HTTP data stream as the second detection result, and saves the preset identifier In the feature library;
    当所述媒体网关验证出所述客户端未重新获取所述指定的重定向资源时,在作为所述第二检测结果的所述HTTP数据流的特征上添加验证失败标识,并保存到预置的特征库中。When the media gateway verifies that the specified resource is not re-acquired by the client, adding a verification failure identifier to the feature of the HTTP data stream as the second detection result, and saving the preset In the feature library.
  7. 一种重定向的装置,设置在媒体网关中,所述重定向的装置包括:A redirection device is disposed in a media gateway, where the redirecting device includes:
    获取模块,设置为:截获客户端与服务端之间交互的HTTP数据流;The obtaining module is configured to: intercept an HTTP data stream exchanged between the client and the server;
    检测模块,设置为:检测所述获取模块截获的HTTP数据流是否支持重定向;The detecting module is configured to: detect whether the HTTP data stream intercepted by the acquiring module supports redirection;
    执行模块,设置为:根据所述检测模块检测出所述HTTP数据流是否支持重定向的检测结果以及预定策略,执行重定向操作。The execution module is configured to: perform a redirection operation according to whether the detection module detects whether the HTTP data stream supports the detection result of the redirection and the predetermined policy.
  8. 根据权利要求7所述的装置,其中,所述检测模块包括:The apparatus of claim 7 wherein said detecting module comprises:
    第一检测单元,设置为:检测所述HTTP数据流的特征与预置的特征库是否匹配,当检测到所述HTTP数据流的特征与预置的特征库匹配时,将所述HTTP数据流作为支持重定向的第一检测结果。a first detecting unit, configured to: detect whether a feature of the HTTP data stream matches a preset feature database, and when the feature of the HTTP data stream is detected to match a preset feature database, the HTTP data stream is As the first test result to support redirection.
  9. 根据权利要求8所述的装置,其中,所述检测模块还包括:The apparatus of claim 8, wherein the detecting module further comprises:
    第二检测单元,设置为:检测所述HTTP数据流的特征与所述预置的特征库是否匹配,当检测到所述HTTP数据流的特征与预置的特征库不匹配时,将所述HTTP数据流作为支持重定向的第二检测结果。a second detecting unit, configured to: detect whether a feature of the HTTP data stream matches the preset feature database, and when detecting that the feature of the HTTP data stream does not match a preset feature database, The HTTP data stream serves as the second detection result that supports redirection.
  10. 根据权利要求9所述的装置,其中,所述执行模块包括:The apparatus of claim 9, wherein the execution module comprises:
    执行单元,设置为:根据所述HTTP数据流作为支持重定向的所述第一检测结果或所述第二检测结果,以及所述预定策略中需要支持的重定向业务时,执行所述重定向操作。 An execution unit, configured to: perform the redirection according to the HTTP data flow as the first detection result or the second detection result that supports redirection, and a redirection service that needs to be supported in the predetermined policy operating.
PCT/CN2016/081431 2015-09-23 2016-05-09 Method and device for redirection WO2017049908A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510612656.3A CN106550001B (en) 2015-09-23 2015-09-23 Redirection method and device
CN201510612656.3 2015-09-23

Publications (1)

Publication Number Publication Date
WO2017049908A1 true WO2017049908A1 (en) 2017-03-30

Family

ID=58365157

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/081431 WO2017049908A1 (en) 2015-09-23 2016-05-09 Method and device for redirection

Country Status (2)

Country Link
CN (1) CN106550001B (en)
WO (1) WO2017049908A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109257242B (en) * 2017-07-13 2020-06-26 中国电信股份有限公司 Service identification method and device and packet data network gateway

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050078668A1 (en) * 2003-10-08 2005-04-14 Wittenberg Joel L. Network element having a redirect server
CN201100950Y (en) * 2008-01-21 2008-08-13 中国移动通信集团河北有限公司 Intelligent redirection WAP gateway
US20120290724A1 (en) * 2011-05-09 2012-11-15 Nomadix, Inc. System and method for network redirection
CN103283250A (en) * 2012-12-13 2013-09-04 华为技术有限公司 Method, device and system of video redirection, and computer readable medium
CN103384993A (en) * 2012-12-14 2013-11-06 华为技术有限公司 Redirection method of visiting web pages by user equipment, gateway and server
CN103905395A (en) * 2012-12-27 2014-07-02 中国移动通信集团陕西有限公司 WEB access control method and system based on redirection
CN104811462A (en) * 2014-01-26 2015-07-29 中国移动通信集团北京有限公司 Access gateway redirection method and access gateway

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101662464A (en) * 2008-08-26 2010-03-03 阿里巴巴集团控股有限公司 System for realizing HTTP request service and method thereof
CN101478387B (en) * 2008-12-31 2012-02-15 成都市华为赛门铁克科技有限公司 Defense method, apparatus and system for hyper text transmission protocol attack
US10560509B2 (en) * 2013-07-05 2020-02-11 Qualcomm Incorporated Method and apparatus for using HTTP redirection to mediate content access via policy execution
BR112016007657A2 (en) * 2013-10-07 2017-08-01 Telefonica Digital Espana Slu ? procedure and system for setting the order of obtaining web resources by a web browser?

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050078668A1 (en) * 2003-10-08 2005-04-14 Wittenberg Joel L. Network element having a redirect server
CN201100950Y (en) * 2008-01-21 2008-08-13 中国移动通信集团河北有限公司 Intelligent redirection WAP gateway
US20120290724A1 (en) * 2011-05-09 2012-11-15 Nomadix, Inc. System and method for network redirection
CN103283250A (en) * 2012-12-13 2013-09-04 华为技术有限公司 Method, device and system of video redirection, and computer readable medium
CN103384993A (en) * 2012-12-14 2013-11-06 华为技术有限公司 Redirection method of visiting web pages by user equipment, gateway and server
CN103905395A (en) * 2012-12-27 2014-07-02 中国移动通信集团陕西有限公司 WEB access control method and system based on redirection
CN104811462A (en) * 2014-01-26 2015-07-29 中国移动通信集团北京有限公司 Access gateway redirection method and access gateway

Also Published As

Publication number Publication date
CN106550001A (en) 2017-03-29
CN106550001B (en) 2021-02-23

Similar Documents

Publication Publication Date Title
US8448233B2 (en) Dealing with web attacks using cryptographically signed HTTP cookies
US8806040B2 (en) Accessing external network via proxy server
US10083322B2 (en) Obscuring user web usage patterns
JP2018536232A (en) System and method for controlling sign-on to a web application
US10601831B2 (en) Accessing local information based on a browser session
US8028089B2 (en) On-deck detection for a web site
CN112261172B (en) Service addressing access method, device, system, equipment and medium
US9699177B2 (en) Secure transfer of web application client persistent state information into a new domain
US9471533B1 (en) Defenses against use of tainted cache
US20210083881A1 (en) Dynamically analyzing third-party application website certificates across users to detect malicious activity
WO2017166806A1 (en) Browser-based method for jumping to access authentication page, and user terminal
US11818149B2 (en) Content delivery network (CDN) edge server-based bot detection with session cookie support handling
WO2016146007A1 (en) Method and device for checking verification code
CN107819639B (en) Test method and device
JP6249964B2 (en) Real-time dialogue in communication networks
US20230385454A1 (en) Cryptographically secure dynamic third party resources
WO2017049908A1 (en) Method and device for redirection
US11848960B2 (en) Content delivery network (CDN)-based bot detection service with stop and reset protocols
JP2013522936A (en) Block malicious access
CN115189897A (en) Access processing method and device for zero trust network, electronic equipment and storage medium
WO2016188315A1 (en) Method for pushing multimedia information and terminal
US20220329622A1 (en) Low touch integration of a bot detection service in association with a content delivery network
US20230396601A1 (en) Intelligent Access Redirection
US20220272127A1 (en) Automatic insertion of security policies for web applications

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16847790

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16847790

Country of ref document: EP

Kind code of ref document: A1