CN112702319A - Access request port standardization method and device, electronic equipment and storage medium - Google Patents
Access request port standardization method and device, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN112702319A CN112702319A CN202011453178.3A CN202011453178A CN112702319A CN 112702319 A CN112702319 A CN 112702319A CN 202011453178 A CN202011453178 A CN 202011453178A CN 112702319 A CN112702319 A CN 112702319A
- Authority
- CN
- China
- Prior art keywords
- port
- standard
- request
- server
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000011425 standardization method Methods 0.000 title description 3
- 238000000034 method Methods 0.000 claims abstract description 52
- 238000012545 processing Methods 0.000 claims abstract description 16
- 238000012544 monitoring process Methods 0.000 claims abstract description 15
- 230000005540 biological transmission Effects 0.000 claims description 34
- 238000004590 computer program Methods 0.000 claims description 9
- 238000006243 chemical reaction Methods 0.000 claims description 5
- 230000000977 initiatory effect Effects 0.000 abstract description 3
- 238000005516 engineering process Methods 0.000 description 9
- 238000004891 communication Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 4
- 230000005236 sound signal Effects 0.000 description 4
- 238000012423 maintenance Methods 0.000 description 3
- 238000012217 deletion Methods 0.000 description 2
- 230000037430 deletion Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 239000000284 extract Substances 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000002265 prevention Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 101000652292 Homo sapiens Serotonin N-acetyltransferase Proteins 0.000 description 1
- 102100030547 Serotonin N-acetyltransferase Human genes 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000012216 screening Methods 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000013519 translation Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
Abstract
本申请公开了一种访问请求端口的标准化方法、装置、电子设备及计算机可读存储介质,该方法包括:获取访问请求,并提取访问请求对应的目的端口;判断目的端口是否为预设端口;若为预设端口,则获取目的端口对应的标准端口,并利用标准端口生成标准请求;将标准请求发送至监听目标端口的代理模块,并利用代理模块根据服务器配置进行代理访问;目标端口包括标准端口;该方法利用与属于预设端口的目的端口对应的标准端口生成标准请求,可以使得代理模块监听到标准请求并进行对应的代理访问,完成对访问请求的处理;由于代理模块只需监听目标端口,而标准端口的数量很少,因此可以保留大量端口用于向网站服务器发起连接,避免出现端口冲突。
The present application discloses a standardized method, device, electronic device, and computer-readable storage medium for accessing a request port. The method includes: acquiring an access request, and extracting a destination port corresponding to the access request; and determining whether the destination port is a preset port; If it is a preset port, obtain the standard port corresponding to the destination port, and use the standard port to generate a standard request; send the standard request to the proxy module monitoring the target port, and use the proxy module to perform proxy access according to the server configuration; the target port includes standard port; this method uses the standard port corresponding to the destination port belonging to the preset port to generate a standard request, so that the proxy module can monitor the standard request and perform corresponding proxy access to complete the processing of the access request; since the proxy module only needs to monitor the target The number of standard ports is very small, so a large number of ports can be reserved for initiating connections to the website server to avoid port conflicts.
Description
Technical Field
The present application relates to the field of network security technologies, and in particular, to a method for standardizing an access request port, a device for standardizing an access request port, an electronic device, and a computer-readable storage medium.
Background
The cloud WAF is a WAF (Web Application Firewall, website Application level intrusion prevention System) deployed on the cloud, is another expression form of the WAF, has Domain Name resolution, changes the original flow direction of network traffic by using a Domain Name System (DNS) scheduling technology, draws the network traffic to itself, purifies and filters the network traffic, and then returns the safe traffic to the server, thereby finally achieving the effects of safe filtering and protection. When the cloud WAF needs to access more website servers, because many websites do not provide services by adopting standard ports, the cloud WAF needs to occupy ports of the cloud WAF to monitor ports of all servers providing services, so as to obtain access requests of users to the websites. The cloud WAF itself needs to serve as a client to initiate connection to a website server, and a local port is randomly consumed, so that a situation that the randomly consumed local port is a port to be monitored may occur at a certain moment, at this moment, a port conflict occurs, and a user may fail to access the website.
Therefore, the problem of port collision in the related art is a technical problem to be solved by those skilled in the art.
Disclosure of Invention
In view of the above, an object of the present invention is to provide a method for standardizing an access request port, a device for standardizing an access request port, an electronic device, and a computer-readable storage medium, which avoid port collision and ensure that a user can access the port normally.
In order to solve the above technical problem, the present application provides a method for standardizing an access request port, including:
acquiring an access request, and extracting a destination port corresponding to the access request;
judging whether the destination port is a preset port or not;
if the port is the preset port, acquiring a standard port corresponding to the target port, and generating a standard request by using the standard port;
sending the standard request to an agent module of a monitoring target port, and carrying out agent access by utilizing the agent module according to server configuration; the destination port comprises the standard port.
Optionally, the determining whether the destination port is a preset port includes:
identifying a transmission protocol corresponding to the access request;
acquiring port information corresponding to the transmission protocol, and judging whether the port information comprises the target port;
and if the destination port is included, determining that the destination port is the preset port.
Optionally, before acquiring the port information corresponding to the transmission protocol, the method further includes:
acquiring a plurality of port configuration data, and extracting a non-standard port and the transmission protocol corresponding to each port configuration data;
classifying the non-standard ports based on the transmission protocol to obtain initial port information;
and carrying out duplicate removal processing on the initial port information to obtain the port information.
Optionally, the method further comprises:
and acquiring updating data, and updating the port information by using the updating data.
Optionally, the obtaining of the standard port corresponding to the destination port includes:
and identifying a transmission protocol corresponding to the access request, and acquiring the standard port according to the transmission protocol.
Optionally, the performing, by using the proxy module, proxy access according to server configuration includes:
acquiring host data in the standard request by using the agent module;
determining target server configuration corresponding to the host data from the server configuration;
and carrying out proxy access by utilizing the target server configuration.
Optionally, the performing, by using the target server configuration, a proxy access includes:
analyzing the configuration of the target server to obtain a server address and a server port:
generating a server access request by using the server address and the server port;
and sending the server access request to a target server corresponding to the target server configuration.
The present application also provides a standardized apparatus for an access request port, comprising:
the acquisition module is used for acquiring an access request and extracting a destination port corresponding to the access request;
the judging module is used for judging whether the destination port is a preset port or not;
the port conversion module is used for acquiring a standard port corresponding to the target port if the preset port is the target port, and generating a standard request by using the standard port;
the proxy access module is used for sending the standard request to a proxy module of a monitoring target port and carrying out proxy access according to server configuration by utilizing the proxy module; the destination port comprises the standard port.
The present application further provides an electronic device comprising a memory and a processor, wherein:
the memory is used for storing a computer program;
the processor is used for executing the computer program to realize the standardized method of the access request port.
The present application also provides a computer readable storage medium for storing a computer program, wherein the computer program, when executed by a processor, implements the standardized method of access request port described above.
The standardized method of the access request port obtains the access request and extracts the destination port corresponding to the access request; judging whether the destination port is a preset port or not; if the port is the preset port, acquiring a standard port corresponding to the target port, and generating a standard request by using the standard port; sending the standard request to an agent module of a monitoring target port, and carrying out agent access by using the agent module according to the server configuration; the destination port comprises a standard port.
It can be seen that in this method, the agent module is used to perform the work of agent access, which only listens to the segment port, i.e. receives and responds to the requests of the standard port. After the access request is obtained, whether a corresponding destination port is a standard port or not is judged, and the destination port is a port for providing service for the server. If the destination port is not a standard port, the request is not monitored by the agent module, so that the corresponding standard port is obtained, a standard request is generated, and the standard request is sent to the agent module. The proxy module can monitor the target port, and the target port comprises a standard port, so that the proxy module can monitor the standard request, and can determine the server which the standard request wants to access according to the server configuration to complete the proxy access. The proxy module only needs to monitor the target port and does not need to monitor the ports of all the servers, and the standard port corresponding to the target port belonging to the preset port is used for generating the standard request, so that the proxy module can monitor the standard request and perform corresponding proxy access to complete the processing of the access request. The access request with the preset ports is converted into the standard request, so that the number of the ports monitored by the agent module can be reduced, the number of the target ports is far smaller than that of the ports for providing services to the outside by the server, a large number of ports can be reserved for initiating connection to the website server, port conflict is avoided, normal access of a user is guaranteed, and the problem of port conflict existing in the related technology is solved.
In addition, the application also provides a standardized device of the access request port, the electronic equipment and a computer readable storage medium, which also have the beneficial effects.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments or related technologies of the present application, the drawings needed to be used in the description of the embodiments or related technologies are briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of a standardized method for accessing a request port according to an embodiment of the present disclosure;
fig. 2 is a flowchart of a specific standardized process of an access request port according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of a standardized apparatus for accessing a request port according to an embodiment of the present disclosure;
fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, fig. 1 is a flowchart illustrating a standardized method for accessing a request port according to an embodiment of the present disclosure. The method comprises the following steps:
s101: and acquiring the access request and extracting a destination port corresponding to the access request.
Some or all of the steps in this embodiment may be executed by a cloud WAF, which is a WAF (Web Application Firewall, website Application level intrusion prevention system) deployed in the cloud. The cloud WAF may change an original flow direction of the network traffic through a DNS (Domain Name System) scheduling technology, and pull the network traffic to itself so as to process the access request. The access request is transmitted based on an HTTP (HyperText Transfer Protocol) Protocol or an HTTPs (HyperText Transfer Protocol over Secure Socket Layer), and specific contents thereof are not limited. The embodiment does not limit the specific obtaining manner of the access request, and may refer to related technologies, which are not described herein. After obtaining the access request, the destination port that the access request wants to access may be extracted. The destination port is a port for providing services to the outside of the website server, and may be a standard port, for example, an 80 port corresponding to the HTTP protocol, or a non-standard port, for example, an 8080 port or 60000 port.
S102: and judging whether the destination port is a preset port or not.
Since the port through which the website server provides the service may be a standard port or a non-standard port, in order to process the service request corresponding to each website server in the related art, a plurality of interfaces are required to monitor the interfaces through which all the servers provide the service, so as to respond to the access request of any one website server after the access request is obtained. However, this occupies the ports of the cloud WAF itself, and is liable to cause port collision.
In order to solve the problem, in the application, only the target port is monitored, that is, the proxy module for monitoring the target port is used for proxy access, and an access request corresponding to a preset port is standardized. The target port comprises a standard port and can also comprise a part of non-standard ports in one embodiment, and the preset port and the target port can cover all the non-standard ports; or only the non-standard ports may be covered, in which case the non-standard ports that are not covered cannot be processed, and therefore, it is preferable that the preset ports and the destination ports include all the non-standard ports. It can be understood that, when an access request is obtained, in order to determine whether the access request can be directly processed, it is necessary to determine whether a destination port of the access request is a preset port, and in order to enable the proxy module to identify the access request having the preset port, the access request needs to be converted to generate a corresponding standard request.
Specifically, after the destination port is obtained, it is first determined whether the destination port is a preset port, it can be understood that the preset port is necessarily a non-standard port, and if the destination port is a standard port, the preset port can be directly monitored and processed by the proxy module. The preset port may be any one of non-standard ports, or may be any one of non-standard ports for providing services to the outside by a plurality of website servers corresponding to the proxy module. The present embodiment does not limit a specific determination manner, and the determination manner is different according to different actual meanings of the preset port, for example, when the preset port is a non-standard port, it may be directly determined whether the destination port is a standard port, and if not, the destination port is determined as the preset port.
In a specific embodiment, the step S102 may include:
step 11: a transport protocol corresponding to the access request is identified.
The transmission protocol specifically refers to an HTTP protocol or an HTTPs protocol, and since the two transmission protocols respectively correspond to different standard ports, the HTTP protocol corresponds to an 80 port, and the HTTPs protocol corresponds to a 443 port, the transmission protocol corresponding to the access request is identified before determining whether the destination port is a preset port. The present embodiment does not limit the specific identification manner, and any existing identification manner may be adopted, which is not described herein again.
Step 12: and acquiring port information corresponding to the transmission protocol, and judging whether the port information comprises a destination port.
The embodiment does not determine the specific acquisition mode of the port information, and for example, the port information may be locally generated and then stored, and directly read when being acquired; or may be input externally, such as by transmission from other electronic devices or manually by a user. By identifying the transmission protocol and selecting the corresponding port information, whether the destination port is a preset port can be accurately judged.
In order to flexibly adjust the processing mode of the access request, the preset port can be recorded by using the port information, and the non-standard port which is not recorded by the port information is determined as the target port. For example, in an implementation, in order to increase the overall processing speed of the access request, the port information may record a non-standard port corresponding to a part of the servers, so as to convert a part of the access request into a standard request, and process another part of the access request in the original manner, which may also reduce the number of ports that the proxy module needs to listen to. Or in another embodiment, in order to reduce the number of ports that the proxy module needs to monitor as much as possible, all non-standard ports except the standard port of the transport protocol may be recorded by using the port information, or all non-standard ports corresponding to the server may be recorded by using the port information.
After the port information is obtained, the port information is screened to judge whether a target port exists. If the destination port is not included, it indicates that the destination port may be a standard port or a non-standard port that does not need to be converted, and in this case, the destination port may be directly sent to the proxy module so that the proxy module directly processes the destination port.
Step 13: and if the destination port is included, determining the destination port as a preset port.
If the port information includes the destination port, the destination port is a preset port. The access request needs to be converted into a standard request.
In one embodiment, before determining whether the destination port is a preset port by using the port information, the port information may be locally generated. Specifically, before acquiring the port information corresponding to the transmission protocol, the method may further include:
step 21: and acquiring a plurality of port configuration data, and extracting a non-standard port and a transmission protocol corresponding to each port configuration data.
Step 22: and classifying the non-standard ports based on the transmission protocol to obtain initial port information.
Step 23: and carrying out duplicate removal processing on the initial port information to obtain the port information.
In this embodiment, the port configuration data corresponds to each website server, and records a transmission protocol used by the access request and a port providing a service. Therefore, after the port configuration data is obtained, the corresponding port and the transmission protocol can be extracted, after the standard port is filtered based on the transmission protocol, the non-standard ports corresponding to all the port configuration data can be obtained, and the non-standard ports are classified based on the transmission protocol to obtain the initial port information. Because different website servers may adopt the same non-standard port, the original port information is subjected to deduplication processing, and repeated parts are deleted to obtain the port information. The port information obtained by the generation mode records all nonstandard ports adopted by the website server, namely, the nonstandard ports adopted by the website server are all determined as preset ports, so that the number of the ports which need to be monitored by the proxy module can be reduced to the maximum extent, and the problem of port conflict is avoided to the maximum extent.
Further, the port information may be updated in real time, and therefore, the method may further include:
step 31: and acquiring the updating data, and updating the port information by using the updating data.
The embodiment does not limit the specific content of the update data, for example, in an implementation, the update data may be completely new port information, and at this time, the update data is used to replace the original port information, so that the update of the port information can be completed. In another embodiment, the update data may include a non-standard port having a mark, and the mark may include an addition mark and a deletion mark, and the addition or deletion of the non-standard port recorded in the port information may be performed by adding a mark to the non-standard port. It can be understood that, in the port information, the non-standard port with the added mark in the update data is not recorded originally, and the non-standard port with the deleted mark in the update data should be recorded in the port information. By updating the port information, the specific content of the preset port can be flexibly adjusted, and the processing mode of the access request can be flexibly adjusted.
S103: and acquiring a standard port corresponding to the destination port, and generating a standard request by using the standard port.
After the destination port is determined to be the preset port, it indicates that the agent module does not monitor the destination port, and the access request can be monitored and processed by the agent module only if the access request needs to be converted into a standard request. Therefore, the standard port corresponding to the destination port is obtained, and the standard port is used for generating the standard request. The standard request differs from the access request only in the destination port, and is otherwise identical. Specifically, a transmission protocol corresponding to the access request may be identified, and the standard port may be obtained according to the transmission protocol.
S104: and sending the standard request to an agent module of the monitoring target port, and carrying out agent access by using the agent module according to the server configuration.
After generating the standard request, it may be sent to the agent module listening to the target port. The agent module can monitor the standard request, and after the standard request is obtained, the agent module is used for carrying out agent access. It should be noted that, in the present application, the server configuration records server ports corresponding to all the web servers corresponding to the proxy module, and the server port provides a port for providing services to the web server, that is, a destination port in the access request. Because the destination port in the standard request is the standard port, and the target server corresponding to the access request does not provide service through the standard port, the purpose of converting the access request into the standard request is only to enable the proxy module to monitor the request, and the target server cannot be normally accessed through the standard port. Therefore, when actually performing proxy access, it is also necessary to determine a server port by using server configuration and perform proxy access by using the server port.
Specifically, in an embodiment, the step of performing proxy access according to the server configuration by using the proxy module may include:
step 41: and acquiring host data in the standard request by using the proxy module.
Step 42: and determining the target server configuration corresponding to the host data from the server configurations.
Step 43: proxy access is performed using the target server configuration.
The host data in the standard request is the host data in the access request, and can be used to determine which website server the access request wants to access, and the proxy access can be performed only after determining the website server the access request wants to access (i.e. the target server). Therefore, when the proxy access is carried out, the host data in the standard request is obtained, the host data is used for screening in the server configuration, the target server configuration corresponding to the target server is obtained, and the proxy access is carried out by using the target server configuration.
Further, step 43 may comprise:
step 44: and analyzing the configuration of the target server to obtain the address and the port of the server.
Step 45: a server access request is generated using the server address and the server port.
Step 46: and sending the server access request to a target server configuration corresponding to the target server.
The target server configuration records a server address and a server port, and the server address is specifically an IP address. And after the server address and the server port are obtained, generating a server access request by using the server address and the server port, sending the server access request to the target server to realize the access to the target server, and responding the server access request by the target server to realize the access of the user to the target server.
S105: and (5) presetting operation.
If the destination port is not the preset port, it means that it is not necessary to convert it into a standard port for the agent module to monitor, and at this time, it may be directly sent to the agent module, or no operation may be performed, i.e., no operation is performed.
By applying the standardized method for accessing the request port provided by the embodiment of the application, the agent module is used for executing the work of agent access, and only monitors the mark section port, namely, receives and responds the request of the standard port. After the access request is obtained, whether a corresponding destination port is a standard port or not is judged, and the destination port is a port for providing service for the server. If the destination port is not a standard port, the request is not monitored by the agent module, so that the corresponding standard port is obtained, a standard request is generated, and the standard request is sent to the agent module. The proxy module can monitor the target port, and the target port comprises a standard port, so that the proxy module can monitor the standard request, and can determine the server which the standard request wants to access according to the server configuration to complete the proxy access. The proxy module only needs to monitor the target port and does not need to monitor the ports of all the servers, and the standard port corresponding to the target port belonging to the preset port is used for generating the standard request, so that the proxy module can monitor the standard request and perform corresponding proxy access to complete the processing of the access request. The access request with the preset ports is converted into the standard request, so that the number of the ports monitored by the agent module can be reduced, the number of the target ports is far smaller than that of the ports for providing services to the outside by the server, a large number of ports can be reserved for initiating connection to the website server, port conflict is avoided, normal access of a user is guaranteed, and the problem of port conflict existing in the related technology is solved.
Based on the above embodiments, this embodiment describes an overall process of processing an access request. Referring to fig. 2, fig. 2 is a flowchart illustrating a standardized procedure of an access request port according to an embodiment of the present disclosure. The client is a client, specifically a generation and sending end of the access request, a destination IP of the access request is a service IP, the service IP is an IP used by the cloud WAF to obtain the access request, and a domain name of a website server corresponding to the cloud WAF is analyzed to obtain the service IP. In this embodiment, a firewall FW is further provided in front of the cloud WAF, and is configured to perform destination address translation (i.e., DNAT), direct traffic corresponding to the service IP to a monitoring IP of the cloud WAF, where the monitoring IP is an intranet IP of the cloud WAF, and receive HTTP and HTTPs traffic sent by the client by monitoring the IP, so as to obtain the access request. And after obtaining the access request, the cloud WAF executes the processing step of the access request, and performs source returning by using a source returning IP (Internet protocol), wherein the source returning is a process of accessing the website server by the cloud WAF, namely a process of performing proxy access. It should be noted that, because the proxy module in the cloud WAF only monitors a small number of target ports, the monitoring IP may provide a large number of ports for the cloud WAF to establish connection with the web server through the proxy module, and therefore, in this embodiment, the source-returning IP is the monitoring IP. When proxy access is actually performed, the IP that reaches the source station (i.e., web1, web2, etc. in the figure) is usually the public network IP obtained after source address conversion (i.e., SNAT) processing through a firewall. In another related technology, the back source IP is set to be any IP other than the monitoring IP, so that the number of usable ports in the back source is increased, and the effect of avoiding port collision is achieved. However, this related art requires a change to the back-source IP so that it cannot be the same as the listening IP, which makes development workload and maintenance costs large.
It can be understood that the number of ports monitored by the proxy module can be reduced by converting the destination port belonging to the preset port into the standard port, so that port conflict is avoided, and meanwhile, the back source IP does not need to be set, so that the back source IP can be the same as the monitored IP, extra development and maintenance are not needed, and the workload and the maintenance cost are reduced.
The following describes an access request port standardization apparatus provided in an embodiment of the present application, and the access request port standardization apparatus described below and the access request port standardization method described above may be referred to in correspondence with each other.
Referring to fig. 3, fig. 3 is a schematic structural diagram of a standardized apparatus for accessing a request port according to an embodiment of the present application, including:
an obtaining module 110, configured to obtain an access request and extract a destination port corresponding to the access request;
a judging module 120, configured to judge whether the destination port is a preset port;
a port conversion module 130, configured to, if the port is a preset port, obtain a standard port corresponding to the destination port, and generate a standard request by using the standard port;
the proxy access module 140 is used for sending the standard request to a proxy module of the monitoring target port and carrying out proxy access by using the proxy module according to the server configuration; the destination port comprises a standard port.
Optionally, the determining module 120 includes:
the first identification unit is used for identifying a transmission protocol corresponding to the access request;
the port information judging unit is used for acquiring port information corresponding to the transmission protocol and judging whether the port information comprises a target port;
and the preset port determining unit is used for determining the destination port as the preset port if the destination port is included.
Optionally, the method further comprises:
the port configuration data acquisition unit is used for acquiring a plurality of port configuration data and extracting a non-standard port and a transmission protocol corresponding to each port configuration data;
the classification unit is used for classifying the non-standard ports based on the transmission protocol to obtain initial port information;
and the duplicate removal processing unit is used for carrying out duplicate removal processing on the initial port information to obtain the port information.
Optionally, the method further comprises:
and the updating unit is used for acquiring the updating data and updating the port information by using the updating data.
Optionally, the port conversion module 130 includes:
and the second identification unit is used for identifying the transmission protocol corresponding to the access request and acquiring the standard port according to the transmission protocol.
Optionally, the agent access module 140 includes:
the data acquisition unit is used for acquiring host data in the standard request by using the agent module;
the configuration determining unit is used for determining target server configuration corresponding to host data from the server configuration;
and the access unit is used for carrying out proxy access by utilizing the configuration of the target server.
Optionally, the access unit comprises:
the analysis subunit is used for analyzing the configuration of the target server to obtain a server address and a server port:
a request generation subunit, configured to generate a server access request using the server address and the server port;
and the sending subunit is used for sending the server access request to a target server corresponding to the target server configuration.
In the following, the electronic device provided by the embodiment of the present application is introduced, and the electronic device described below and the standardized method for accessing the request port described above may be referred to correspondingly.
Referring to fig. 4, fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure. Wherein the electronic device 100 may include a processor 101 and a memory 102, and may further include one or more of a multimedia component 103, an information input/information output (I/O) interface 104, and a communication component 105.
The processor 101 is configured to control the overall operation of the electronic device 100 to complete all or part of the steps in the standardized method for accessing the request port; the memory 102 is used to store various types of data to support operation at the electronic device 100, such data may include, for example, instructions for any application or method operating on the electronic device 100, as well as application-related data. The Memory 102 may be implemented by any type or combination of volatile and non-volatile Memory devices, such as one or more of Static Random Access Memory (SRAM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Erasable Programmable Read-Only Memory (EPROM), Programmable Read-Only Memory (PROM), Read-Only Memory (ROM), magnetic Memory, flash Memory, magnetic or optical disk.
The multimedia component 103 may include a screen and an audio component. Wherein the screen may be, for example, a touch screen and the audio component is used for outputting and/or inputting audio signals. For example, the audio component may include a microphone for receiving external audio signals. The received audio signal may further be stored in the memory 102 or transmitted through the communication component 105. The audio assembly also includes at least one speaker for outputting audio signals. The I/O interface 104 provides an interface between the processor 101 and other interface modules, such as a keyboard, mouse, buttons, etc. These buttons may be virtual buttons or physical buttons. The communication component 105 is used for wired or wireless communication between the electronic device 100 and other devices. Wireless Communication, such as Wi-Fi, bluetooth, Near Field Communication (NFC), 2G, 3G, or 4G, or a combination of one or more of them, so that the corresponding Communication component 105 may include: Wi-Fi part, Bluetooth part, NFC part.
The electronic Device 100 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, microcontrollers, microprocessors or other electronic components, and is used to perform the standardized method for the access request port according to the above embodiments.
The following describes a computer-readable storage medium provided by an embodiment of the present application, and the computer-readable storage medium described below and the standardized method of the access request port described above may be referred to correspondingly.
The present application further provides a computer-readable storage medium having a computer program stored thereon, which, when executed by a processor, implements the steps of the standardized method of accessing a request port described above.
The computer-readable storage medium may include: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other. The device disclosed by the embodiment corresponds to the method disclosed by the embodiment, so that the description is simple, and the relevant points can be referred to the method part for description.
Those of skill would further appreciate that the various illustrative components and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate this interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art.
Finally, it should also be noted that, herein, relationships such as first and second, etc., are intended only to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms include, or any other variation is intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that includes a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.
The principle and the implementation of the present application are explained herein by applying specific examples, and the above description of the embodiments is only used to help understand the method and the core idea of the present application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.
Claims (10)
1. A method for standardizing access to a request port, comprising:
acquiring an access request, and extracting a destination port corresponding to the access request;
judging whether the destination port is a preset port or not;
if the port is the preset port, acquiring a standard port corresponding to the target port, and generating a standard request by using the standard port;
sending the standard request to an agent module of a monitoring target port, and carrying out agent access by utilizing the agent module according to server configuration; the destination port comprises the standard port.
2. The method of claim 1, wherein the determining whether the destination port is a default port comprises:
identifying a transmission protocol corresponding to the access request;
acquiring port information corresponding to the transmission protocol, and judging whether the port information comprises the target port;
and if the destination port is included, determining that the destination port is the preset port.
3. The method of claim 2, further comprising, before obtaining port information corresponding to the transport protocol:
acquiring a plurality of port configuration data, and extracting a non-standard port and the transmission protocol corresponding to each port configuration data;
classifying the non-standard ports based on the transmission protocol to obtain initial port information;
and carrying out duplicate removal processing on the initial port information to obtain the port information.
4. The method of claim 2, further comprising:
and acquiring updating data, and updating the port information by using the updating data.
5. The method according to claim 1, wherein the obtaining the standard port corresponding to the destination port comprises:
and identifying a transmission protocol corresponding to the access request, and acquiring the standard port according to the transmission protocol.
6. The method of claim 1, wherein the utilizing the proxy module for proxy access according to a server configuration comprises:
acquiring host data in the standard request by using the agent module;
determining target server configuration corresponding to the host data from the server configuration;
and carrying out proxy access by utilizing the target server configuration.
7. The method of claim 6, wherein the utilizing the target server configuration for proxy access comprises:
analyzing the configuration of the target server to obtain a server address and a server port:
generating a server access request by using the server address and the server port;
and sending the server access request to a target server corresponding to the target server configuration.
8. A standardized apparatus for accessing a request port, comprising:
the acquisition module is used for acquiring an access request and extracting a destination port corresponding to the access request;
the judging module is used for judging whether the destination port is a preset port or not;
the port conversion module is used for acquiring a standard port corresponding to the target port if the preset port is the target port, and generating a standard request by using the standard port;
the proxy access module is used for sending the standard request to a proxy module of a monitoring target port and carrying out proxy access according to server configuration by utilizing the proxy module; the destination port comprises the standard port.
9. An electronic device comprising a memory and a processor, wherein:
the memory is used for storing a computer program;
the processor for executing the computer program to implement the standardized method of accessing a request port of any one of claims 1 to 7.
10. A computer-readable storage medium for storing a computer program, wherein the computer program, when executed by a processor, implements the standardized method of accessing a request port of any one of claims 1 through 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011453178.3A CN112702319B (en) | 2020-12-11 | 2020-12-11 | Access request port standardization method and device, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011453178.3A CN112702319B (en) | 2020-12-11 | 2020-12-11 | Access request port standardization method and device, electronic equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112702319A true CN112702319A (en) | 2021-04-23 |
| CN112702319B CN112702319B (en) | 2023-03-24 |
Family
ID=75508785
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011453178.3A Active CN112702319B (en) | 2020-12-11 | 2020-12-11 | Access request port standardization method and device, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112702319B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116260855A (en) * | 2023-05-12 | 2023-06-13 | 北京百度网讯科技有限公司 | Communication method, device, electronic device and storage medium |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102377616A (en) * | 2010-08-14 | 2012-03-14 | 尼尔森(美国)有限公司 | System, method and device for monitoring mobile Internet activities |
| US20120158900A1 (en) * | 2010-12-15 | 2012-06-21 | Kt Corporation | Method and system for allowing remote access device to access remote access target device within home network |
| CN103533314A (en) * | 2013-11-04 | 2014-01-22 | 富盛科技股份有限公司 | Method for accessing standardized interface and unified architecture of differentiation security and protection equipment |
| CN104506802A (en) * | 2014-12-17 | 2015-04-08 | 浙江宇视科技有限公司 | Video monitoring system, and method for monitoring video data through traversing NAT (Network Address Translation) |
| CN106506512A (en) * | 2016-11-18 | 2017-03-15 | 乐视控股(北京)有限公司 | The method of agency network agreement, device and electronic equipment |
| CN108616490A (en) * | 2016-12-13 | 2018-10-02 | 腾讯科技(深圳)有限公司 | A kind of method for network access control, apparatus and system |
| CN108777709A (en) * | 2018-05-31 | 2018-11-09 | 康键信息技术(深圳)有限公司 | Website access method, device, computer equipment and storage medium |
| CN109040316A (en) * | 2018-09-19 | 2018-12-18 | 天津字节跳动科技有限公司 | HTTP service treating method and apparatus |
| CN110519380A (en) * | 2019-08-29 | 2019-11-29 | 北京旷视科技有限公司 | A kind of data access method, device, storage medium and electronic equipment |
| CN111294399A (en) * | 2020-02-04 | 2020-06-16 | 网宿科技股份有限公司 | A data transmission method and device |
| CN111866124A (en) * | 2020-07-17 | 2020-10-30 | 北京金山云网络技术有限公司 | Method, device, server and machine-readable storage medium for accessing webpage |
-
2020
- 2020-12-11 CN CN202011453178.3A patent/CN112702319B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102377616A (en) * | 2010-08-14 | 2012-03-14 | 尼尔森(美国)有限公司 | System, method and device for monitoring mobile Internet activities |
| US20120158900A1 (en) * | 2010-12-15 | 2012-06-21 | Kt Corporation | Method and system for allowing remote access device to access remote access target device within home network |
| CN103533314A (en) * | 2013-11-04 | 2014-01-22 | 富盛科技股份有限公司 | Method for accessing standardized interface and unified architecture of differentiation security and protection equipment |
| CN104506802A (en) * | 2014-12-17 | 2015-04-08 | 浙江宇视科技有限公司 | Video monitoring system, and method for monitoring video data through traversing NAT (Network Address Translation) |
| CN106506512A (en) * | 2016-11-18 | 2017-03-15 | 乐视控股(北京)有限公司 | The method of agency network agreement, device and electronic equipment |
| CN108616490A (en) * | 2016-12-13 | 2018-10-02 | 腾讯科技(深圳)有限公司 | A kind of method for network access control, apparatus and system |
| CN108777709A (en) * | 2018-05-31 | 2018-11-09 | 康键信息技术(深圳)有限公司 | Website access method, device, computer equipment and storage medium |
| CN109040316A (en) * | 2018-09-19 | 2018-12-18 | 天津字节跳动科技有限公司 | HTTP service treating method and apparatus |
| CN110519380A (en) * | 2019-08-29 | 2019-11-29 | 北京旷视科技有限公司 | A kind of data access method, device, storage medium and electronic equipment |
| CN111294399A (en) * | 2020-02-04 | 2020-06-16 | 网宿科技股份有限公司 | A data transmission method and device |
| CN111866124A (en) * | 2020-07-17 | 2020-10-30 | 北京金山云网络技术有限公司 | Method, device, server and machine-readable storage medium for accessing webpage |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116260855A (en) * | 2023-05-12 | 2023-06-13 | 北京百度网讯科技有限公司 | Communication method, device, electronic device and storage medium |
| CN116260855B (en) * | 2023-05-12 | 2023-08-25 | 北京百度网讯科技有限公司 | Communication method, communication device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112702319B (en) | 2023-03-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20220360591A1 (en) | Tracking or storing of equipment configuration data using immutable ledger functionality of blockchains | |
| CN111132120B (en) | Method, system and equipment for identifying camera device in room local area network | |
| CA2937863C (en) | Method and system for comparing different versions of a cloud based application in a production environment using segregated backend systems | |
| JP6881949B2 (en) | Management system and control method | |
| CN115189897B (en) | Access processing method and device of zero trust network, electronic equipment and storage medium | |
| CN108985053B (en) | Distributed data processing method and device | |
| CN108134816B (en) | Access to data on remote device | |
| WO2015024490A1 (en) | Monitoring nat behaviors through uri dereferences in web browsers | |
| JP6763898B2 (en) | Communication control device, communication control method and communication control program | |
| CN115314483A (en) | API asset determining method and abnormal calling early warning method | |
| WO2023109524A1 (en) | Information leakage monitoring method and system, and electronic device | |
| CN112887333A (en) | Abnormal equipment detection method and device, electronic equipment and readable storage medium | |
| CN112702319A (en) | Access request port standardization method and device, electronic equipment and storage medium | |
| CN106254515A (en) | A kind of load-balancing method storing system and equipment | |
| CN113923056B (en) | Matching authentication method and device for multi-network segment network disk, network disk and storage medium | |
| JPWO2019043804A1 (en) | Log analysis device, log analysis method and program | |
| KR101395830B1 (en) | Session checking system via proxy and checkhing method thereof | |
| CN111026607A (en) | Server monitoring system and method and server data acquisition method and system | |
| JP2010287189A (en) | Information processing apparatus, control method thereof, and program | |
| CN114531345A (en) | Method, device and equipment for storing flow comparison result and storage medium | |
| US8429458B2 (en) | Method and apparatus for system analysis | |
| JP7581268B2 (en) | Information processing device, method for controlling information processing device, and program | |
| JP6605149B2 (en) | Method and apparatus for detecting shared terminal | |
| CN112822305B (en) | Method, device, router and storage medium for processing DNS query request | |
| CN110620682B (en) | Resource information acquisition method and device, storage medium, terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20210423 Assignee: Hangzhou Anheng Information Security Technology Co.,Ltd. Assignor: Dbappsecurity Co.,Ltd. Contract record no.: X2024980043364 Denomination of invention: Standardization methods, devices, electronic devices, and storage media for accessing request ports Granted publication date: 20230324 License type: Common License Record date: 20241231 |
|
| EE01 | Entry into force of recordation of patent licensing contract |