+

CN112702319B - Access request port standardization method and device, electronic equipment and storage medium - Google Patents

Access request port standardization method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN112702319B
CN112702319B CN202011453178.3A CN202011453178A CN112702319B CN 112702319 B CN112702319 B CN 112702319B CN 202011453178 A CN202011453178 A CN 202011453178A CN 112702319 B CN112702319 B CN 112702319B
Authority
CN
China
Prior art keywords
port
standard
request
access
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011453178.3A
Other languages
Chinese (zh)
Other versions
CN112702319A (en
Inventor
代刚
范渊
杨勃
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
DBAPPSecurity Co Ltd
Original Assignee
DBAPPSecurity Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by DBAPPSecurity Co Ltd filed Critical DBAPPSecurity Co Ltd
Priority to CN202011453178.3A priority Critical patent/CN112702319B/en
Publication of CN112702319A publication Critical patent/CN112702319A/en
Application granted granted Critical
Publication of CN112702319B publication Critical patent/CN112702319B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

本申请公开了一种访问请求端口的标准化方法、装置、电子设备及计算机可读存储介质,该方法包括:获取访问请求,并提取访问请求对应的目的端口;判断目的端口是否为预设端口;若为预设端口,则获取目的端口对应的标准端口,并利用标准端口生成标准请求;将标准请求发送至监听目标端口的代理模块,并利用代理模块根据服务器配置进行代理访问;目标端口包括标准端口;该方法利用与属于预设端口的目的端口对应的标准端口生成标准请求,可以使得代理模块监听到标准请求并进行对应的代理访问,完成对访问请求的处理;由于代理模块只需监听目标端口,而标准端口的数量很少,因此可以保留大量端口用于向网站服务器发起连接,避免出现端口冲突。

Figure 202011453178

The present application discloses a standardization method, device, electronic equipment, and computer-readable storage medium for an access request port. The method includes: obtaining an access request, and extracting a destination port corresponding to the access request; judging whether the destination port is a preset port; If it is a preset port, obtain the standard port corresponding to the destination port, and use the standard port to generate a standard request; send the standard request to the proxy module that monitors the target port, and use the proxy module to perform proxy access according to the server configuration; the target port includes standard port; this method uses the standard port corresponding to the destination port belonging to the preset port to generate a standard request, which can make the proxy module monitor the standard request and perform corresponding proxy access to complete the processing of the access request; since the proxy module only needs to monitor the target Ports, and the number of standard ports is very small, so a large number of ports can be reserved for initiating connections to the web server to avoid port conflicts.

Figure 202011453178

Description

访问请求端口的标准化方法、装置、电子设备及存储介质Standardized method, device, electronic device and storage medium for accessing request port

技术领域technical field

本申请涉及网络安全技术领域,特别涉及一种访问请求端口的标准化方法、访问请求端口的标准化装置、电子设备及计算机可读存储介质。The present application relates to the technical field of network security, and in particular to a method for standardizing an access request port, a device for standardizing an access request port, electronic equipment, and a computer-readable storage medium.

背景技术Background technique

云WAF即为部署在云端上的WAF(Web Application Firewall,网站应用级入侵防御系统),是WAF的另一种表现形态,云WAF具有域名的解析权,利用DNS(Domain NameSystem,域名系统)调度技术,改变网络流量的原始流向,将网络流量牵引到本身,对网络流量进行净化和过滤后,将安全的流量回传给服务器,最终达到安全过滤和保护的作用。在云WAF需要接入较多网站服务器时,由于很多网站没有采用标准端口提供服务,因此云WAF需要占用自身的端口用于监听所有服务器提供服务的端口,以便获取用户对网站的访问请求。而云WAF本身需要作为客户端向网站服务器发起连接,会随机消耗本机端口,因此可能在某一瞬间,出现被随机消耗本机端口是需要监听的端口的情况,此时即出现了端口冲突,会导致用户访问网站失败。Cloud WAF is a WAF (Web Application Firewall, website application-level intrusion prevention system) deployed on the cloud. Technology changes the original flow of network traffic, pulls the network traffic to itself, purifies and filters the network traffic, and sends the safe traffic back to the server, finally achieving the role of security filtering and protection. When the cloud WAF needs to access many website servers, because many websites do not use standard ports to provide services, the cloud WAF needs to occupy its own ports to monitor the ports provided by all servers, so as to obtain user access requests to websites. The cloud WAF itself needs to initiate a connection to the website server as a client, and will consume the local port at random. Therefore, at a certain moment, the randomly consumed local port is the port that needs to be monitored. At this time, a port conflict occurs. , which will cause users to fail to access the website.

因此,相关技术存在的会出现端口冲突的问题,是本领域技术人员需要解决的技术问题。Therefore, the problem of port conflict existing in related technologies is a technical problem to be solved by those skilled in the art.

发明内容Contents of the invention

有鉴于此,本申请的目的在于提供一种访问请求端口的标准化方法、访问请求端口的标准化装置、电子设备及计算机可读存储介质,避免出现端口冲突,保证用户能够正常访问。In view of this, the purpose of this application is to provide a method for standardizing access request ports, a device for standardizing access request ports, electronic equipment, and computer-readable storage media, so as to avoid port conflicts and ensure normal access by users.

为解决上述技术问题,本申请提供了一种访问请求端口的标准化方法,包括:In order to solve the above technical problems, this application provides a standardized method for accessing request ports, including:

获取访问请求,并提取所述访问请求对应的目的端口;Obtaining an access request, and extracting a destination port corresponding to the access request;

判断所述目的端口是否为预设端口;judging whether the destination port is a preset port;

若为所述预设端口,则获取所述目的端口对应的标准端口,并利用所述标准端口生成标准请求;If it is the preset port, then obtain a standard port corresponding to the destination port, and use the standard port to generate a standard request;

将所述标准请求发送至监听目标端口的代理模块,并利用所述代理模块根据服务器配置进行代理访问;所述目标端口包括所述标准端口。The standard request is sent to a proxy module monitoring a target port, and the proxy module is used to perform proxy access according to server configuration; the target port includes the standard port.

可选地,所述判断所述目的端口是否为预设端口,包括:Optionally, the judging whether the destination port is a preset port includes:

识别所述访问请求对应的传输协议;identifying the transport protocol corresponding to the access request;

获取所述传输协议对应的端口信息,并判断所述端口信息是否包括所述目的端口;Obtain port information corresponding to the transport protocol, and determine whether the port information includes the destination port;

若包括所述目的端口,则确定所述目的端口为所述预设端口。If the destination port is included, it is determined that the destination port is the preset port.

可选地,在获取所述传输协议对应的端口信息之前,还包括:Optionally, before obtaining the port information corresponding to the transport protocol, it also includes:

获取多个端口配置数据,并提取各个所述端口配置数据对应的非标准端口和所述传输协议;Obtain multiple port configuration data, and extract the non-standard port and the transmission protocol corresponding to each port configuration data;

基于所述传输协议对所述非标准端口进行分类,得到初始端口信息;Classifying the non-standard ports based on the transmission protocol to obtain initial port information;

对所述初始端口信息进行去重处理,得到所述端口信息。Deduplication processing is performed on the initial port information to obtain the port information.

可选地,还包括:Optionally, also include:

获取更新数据,并利用所述更新数据对所述端口信息进行更新。Acquiring update data, and using the update data to update the port information.

可选地,所述获取所述目的端口对应的标准端口,包括:Optionally, the obtaining the standard port corresponding to the destination port includes:

识别所述访问请求对应的传输协议,并根据所述传输协议获取所述标准端口。Identify the transmission protocol corresponding to the access request, and acquire the standard port according to the transmission protocol.

可选地,所述利用所述代理模块根据服务器配置进行代理访问,包括:Optionally, using the proxy module to perform proxy access according to server configuration includes:

利用所述代理模块获取所述标准请求中的host数据;Using the proxy module to obtain host data in the standard request;

从所述服务器配置中确定所述host数据对应的目标服务器配置;determining the target server configuration corresponding to the host data from the server configuration;

利用所述目标服务器配置进行代理访问。Use the target server configuration for proxy access.

可选地,所述利用所述目标服务器配置进行代理访问,包括:Optionally, the proxy access using the target server configuration includes:

解析目标服务器配置,得到服务器地址和服务器端口:Parse the target server configuration to get the server address and server port:

利用所述服务器地址和所述服务器端口生成服务器访问请求;generating a server access request by using the server address and the server port;

将所述服务器访问请求发送至所述目标服务器配置对应的目标服务器。Send the server access request to the target server corresponding to the target server configuration.

本申请还提供了一种访问请求端口的标准化装置,包括:The present application also provides a standardized device for accessing a request port, including:

获取模块,用于获取访问请求,并提取所述访问请求对应的目的端口;An acquisition module, configured to acquire an access request, and extract a destination port corresponding to the access request;

判断模块,用于判断所述目的端口是否为预设端口;A judging module, configured to judge whether the destination port is a preset port;

端口转换模块,用于若为所述预设端口,则获取所述目的端口对应的标准端口,并利用所述标准端口生成标准请求;A port conversion module, configured to obtain a standard port corresponding to the destination port if it is the preset port, and use the standard port to generate a standard request;

代理访问模块,用于将所述标准请求发送至监听目标端口的代理模块,并利用所述代理模块根据服务器配置进行代理访问;所述目标端口包括所述标准端口。A proxy access module, configured to send the standard request to a proxy module monitoring a target port, and use the proxy module to perform proxy access according to server configuration; the target port includes the standard port.

本申请还提供了一种电子设备,包括存储器和处理器,其中:The present application also provides an electronic device, including a memory and a processor, wherein:

所述存储器,用于保存计算机程序;The memory is used to store computer programs;

所述处理器,用于执行所述计算机程序,以实现上述的访问请求端口的标准化方法。The processor is configured to execute the computer program, so as to realize the above-mentioned standardized method for accessing a request port.

本申请还提供了一种计算机可读存储介质,用于保存计算机程序,其中,所述计算机程序被处理器执行时实现上述的访问请求端口的标准化方法。The present application also provides a computer-readable storage medium for storing a computer program, wherein when the computer program is executed by a processor, the above-mentioned standardized method for accessing a request port is realized.

本申请提供的访问请求端口的标准化方法,获取访问请求,并提取访问请求对应的目的端口;判断目的端口是否为预设端口;若为预设端口,则获取目的端口对应的标准端口,并利用标准端口生成标准请求;将标准请求发送至监听目标端口的代理模块,并利用代理模块根据服务器配置进行代理访问;目标端口包括标准端口。The method for standardizing the access request port provided by this application obtains the access request, and extracts the destination port corresponding to the access request; judges whether the destination port is a preset port; if it is a preset port, obtains the standard port corresponding to the destination port, and uses The standard port generates a standard request; the standard request is sent to the proxy module monitoring the target port, and the proxy module is used to perform proxy access according to the server configuration; the target port includes the standard port.

可见,该方法中,代理模块用于执行代理访问的工作,其仅监听标段端口,即接收和响应标准端口的请求。在获取到访问请求后,先判断其对应的目的端口是否为标准端口,目的端口即为服务器提供服务的端口。若目的端口不为标准端口,则说明该请求不会被代理模块监听到,因此获取其对应的标准端口,生成标准请求,并将标准请求发送给代理模块。代理模块可以监听到目标端口,而目标端口包括标准端口,因此代理模块可以监听到标准请求,可以根据服务器配置确定标准请求想要访问的服务器,完成代理访问。代理模块只需要监听目标端口,不需要监听全部服务器的端口,利用与属于预设端口的目的端口对应的标准端口生成标准请求,可以使得代理模块监听到标准请求并进行对应的代理访问,完成对访问请求的处理。通过将具有预设端口的访问请求转换为标准请求,可以减少代理模块监听的端口数量,使得目标端口数量远远小于服务器向外提供服务的端口数量,可以保留大量端口用于向网站服务器发起连接,避免出现端口冲突,保证用户能够正常访问,解决了相关技术存在的端口冲突的问题。It can be seen that in this method, the proxy module is used to perform the work of proxy access, and it only listens to the label port, that is, receives and responds to the request of the standard port. After obtaining the access request, it is first judged whether the corresponding destination port is a standard port, and the destination port is the port that the server provides services. If the destination port is not a standard port, it means that the request will not be monitored by the proxy module, so the corresponding standard port is obtained, a standard request is generated, and the standard request is sent to the proxy module. The proxy module can monitor the target port, and the target port includes a standard port, so the proxy module can monitor the standard request, and can determine the server that the standard request wants to access according to the server configuration, and complete the proxy access. The proxy module only needs to monitor the target port, and does not need to monitor the ports of all servers. The standard port corresponding to the destination port belonging to the preset port is used to generate a standard request, so that the proxy module can monitor the standard request and perform corresponding proxy access. Processing of access requests. By converting access requests with preset ports into standard requests, the number of ports monitored by the proxy module can be reduced, so that the number of target ports is much smaller than the number of ports that the server provides services to, and a large number of ports can be reserved for initiating connections to the website server , to avoid port conflicts, to ensure that users can access normally, and to solve the problem of port conflicts in related technologies.

此外,本申请还提供了一种访问请求端口的标准化装置、电子设备及计算机可读存储介质,同样具有上述有益效果。In addition, the present application also provides a standardized device for accessing a request port, an electronic device, and a computer-readable storage medium, which also have the above beneficial effects.

附图说明Description of drawings

为了更清楚地说明本申请实施例或相关技术中的技术方案,下面将对实施例或相关技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据提供的附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present application or related technologies, the following will briefly introduce the accompanying drawings that need to be used in the description of the embodiments or related technologies. Obviously, the accompanying drawings in the following description are only For the embodiments of the application, those skilled in the art can also obtain other drawings according to the provided drawings without creative work.

图1为本申请实施例提供的一种访问请求端口的标准化方法流程图;FIG. 1 is a flow chart of a method for standardizing an access request port provided by an embodiment of the present application;

图2为本申请实施例提供的一种具体的访问请求端口的标准化过程流程图;FIG. 2 is a flow chart of a specific standardization process of an access request port provided by an embodiment of the present application;

图3为本申请实施例提供的一种访问请求端口的标准化装置的结构示意图;FIG. 3 is a schematic structural diagram of an access request port standardization device provided in an embodiment of the present application;

图4为本申请实施例提供的一种电子设备的结构示意图。FIG. 4 is a schematic structural diagram of an electronic device provided by an embodiment of the present application.

具体实施方式Detailed ways

为使本申请实施例的目的、技术方案和优点更加清楚,下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。In order to make the purposes, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below in conjunction with the drawings in the embodiments of the present application. Obviously, the described embodiments It is only a part of the embodiments of the present application, but not all the embodiments. Based on the embodiments in this application, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the scope of protection of this application.

请参考图1,图1为本申请实施例提供的一种访问请求端口的标准化方法流程图。该方法包括:Please refer to FIG. 1 . FIG. 1 is a flow chart of a method for standardizing an access request port provided by an embodiment of the present application. The method includes:

S101:获取访问请求,并提取访问请求对应的目的端口。S101: Obtain an access request, and extract a destination port corresponding to the access request.

本实施例中的部分或全部步骤可以由云WAF执行,云WAF即为部署在云端的WAF(Web Application Firewall,网站应用级入侵防御系统)。云WAF可以通过DNS(DomainName System,域名系统)调度技术,改变网络流量的原始流向,将网络流量牵引到本身,以便对访问请求进行处理。访问请求基于HTTP(HyperText Transfer Protocol,超文本传输协议)协议或HTTPS(Hyper Text Transfer Protocol over Secure Socket Layer,超文本传输安全协议)协议传输,其具体内容不做限定。本实施例并不限定访问请求的具体获取方式,可以参考相关技术,在此不做赘述。在获取访问请求后,可以提取访问请求想要访问的目的端口。目的端口为网站服务器向外提供服务的端口,其可以为标准端口,例如与HTTP协议对应的80端口,也可以为非标准端口,例如8080端口或60000端口。Part or all of the steps in this embodiment can be executed by a cloud WAF, which is a WAF (Web Application Firewall, website application-level intrusion prevention system) deployed on the cloud. Cloud WAF can use DNS (DomainName System, domain name system) scheduling technology to change the original flow of network traffic and pull network traffic to itself to process access requests. The access request is transmitted based on the HTTP (HyperText Transfer Protocol, Hypertext Transfer Protocol) protocol or the HTTPS (Hyper Text Transfer Protocol over Secure Socket Layer, Hypertext Transfer Security Protocol) protocol, and its specific content is not limited. This embodiment does not limit the specific manner of obtaining the access request, and reference may be made to related technologies, which will not be repeated here. After the access request is obtained, the destination port to be accessed by the access request can be extracted. The destination port is a port for the website server to provide services to the outside. It can be a standard port, such as port 80 corresponding to the HTTP protocol, or a non-standard port, such as port 8080 or port 60000.

S102:判断目的端口是否为预设端口。S102: Determine whether the destination port is a preset port.

由于网站服务器向外提供服务的端口可能为标准端口或非标准端口,相关技术为了对各个网站服务器对应的服务请求进行处理,需要多个接口对所有服务器向外提供服务的接口进行监听工作,以便在获取到任意一个网站服务器的访问请求后对其进行响应。然而,这样会占用云WAF本身的端口,容易造成端口冲突。Because the port that the website server provides services to the outside may be a standard port or a non-standard port, in order to process the service requests corresponding to each website server in related technologies, multiple interfaces are required to monitor the interfaces that all servers provide services to the outside, so that Respond to any access request from any web server. However, this will occupy the port of the cloud WAF itself, which is likely to cause port conflicts.

为了解决该问题,本申请中仅监听目标端口,即利用监听目标端口的代理模块进行代理访问,对预设端口对应的访问请求进行标准化。目标端口包括标准端口,在一种实施方式中,还可以包括部分非标准端口,预设端口和目标端口可以覆盖全部非标准端口;或者可以仅覆盖部分非标准端口,在这种情况下,则无法对未被覆盖到的非标准端口进行处理,因此优选的,预设端口和目标端口包括全部非标准端口。可以理解的是,在获取到访问请求时,为了判断其是否可以被直接处理,需要判断其目的端口是否为预设端口,而为了使代理模块能够识别具有预设端口的访问请求,需要对访问请求进行转换,生成对应的标准请求。In order to solve this problem, in this application, only the target port is monitored, that is, the proxy module that monitors the target port is used for proxy access, and the access request corresponding to the preset port is standardized. The target port includes a standard port. In one embodiment, it may also include some non-standard ports. The preset port and the target port may cover all non-standard ports; or may only cover some non-standard ports. In this case, Uncovered non-standard ports cannot be processed, so preferably, the preset port and the target port include all non-standard ports. It can be understood that when an access request is obtained, in order to determine whether it can be directly processed, it is necessary to determine whether its destination port is a preset port, and in order to enable the proxy module to identify an access request with a preset port, it is necessary to determine whether the access request has a preset port. The request is converted to generate the corresponding standard request.

具体的,在获取到目的端口后,先判断目的端口是否为预设端口,可以理解的是,预设端口必然是非标准端口,若目的端口为标准端口,则可以直接被代理模块监听并处理。预设端口可以为任意一个非标准端口,或者可以为与代理模块相对应的多个网站服务器向外提供服务的任意一个非标准端口。本实施例并不限定具体的判断方式,根据预设端口实际意义的不同,判断方式也不同,例如当预设端口为非标准端口时,可以直接判断目的端口是否为标准端口,若否,则确定为预设端口。Specifically, after obtaining the destination port, first determine whether the destination port is a preset port. It is understandable that the preset port must be a non-standard port. If the destination port is a standard port, it can be directly monitored and processed by the proxy module. The preset port can be any non-standard port, or can be any non-standard port that provides external services for multiple web servers corresponding to the proxy module. This embodiment does not limit the specific judgment method, and the judgment method is different according to the actual meaning of the preset port. For example, when the preset port is a non-standard port, it can be directly judged whether the destination port is a standard port. Determined as the default port.

在一种具体的实施方式中,S102步骤可以包括:In a specific implementation manner, step S102 may include:

步骤11:识别访问请求对应的传输协议。Step 11: Identify the transport protocol corresponding to the access request.

传输协议具体指HTTP协议或HTTPS协议,由于上述两种传输协议分别对应不同的标准端口,HTTP协议对应于80端口,HTTPS协议对应于443端口,因此在判断目的端口是否为预设端口前,先识别访问请求对应的传输协议。本实施例并不限定具体的识别方式,可以采用当前已有的任意识别方式,本实施例在此不做赘述。The transmission protocol specifically refers to the HTTP protocol or the HTTPS protocol. Since the above two transmission protocols correspond to different standard ports, the HTTP protocol corresponds to port 80, and the HTTPS protocol corresponds to port 443. Therefore, before judging whether the destination port is a preset port, first Identify the transport protocol corresponding to the access request. This embodiment does not limit a specific identification manner, and any currently existing identification manner may be used, which will not be described in detail here in this embodiment.

步骤12:获取传输协议对应的端口信息,并判断端口信息是否包括目的端口。Step 12: Obtain port information corresponding to the transport protocol, and determine whether the port information includes the destination port.

本实施例并不判断端口信息的具体获取方式,例如可以在本地生成后存储,在获取时直接进行读取;或者可以由外部输入,例如由其他电子设备发送或由用户手动输入。通过识别传输协议并选择对应的端口信息,可以准确地判断目的端口是否为预设端口。This embodiment does not determine the specific acquisition method of the port information, for example, it may be generated locally and stored, and read directly during acquisition; or it may be input externally, such as sent by other electronic devices or manually input by the user. By identifying the transmission protocol and selecting the corresponding port information, it can be accurately determined whether the destination port is a preset port.

为了灵活调整对访问请求的处理方式,可以利用端口信息记录预设端口,而将未被端口信息记录的非标准端口确定为目标端口。本实施例并不限定端口信息的具体内容,例如在一种实施方式中,为了提高对访问请求的总体处理速度,可以利用端口信息记录部分服务器对应的非标准端口,以便将部分访问请求转换为标准请求,利用原有方式处理另外一部分访问请求,这样同样可以减少代理模块需要监听的端口数量。或者在另外一种实施方式中,为了尽可能地减少代理模块需要监听的端口数量,可以利用端口信息记录传输协议的标准端口以外的全部非标准端口,或者利用端口信息记录全部服务器对应的非标准端口。In order to flexibly adjust the processing method of the access request, the port information can be used to record the preset port, and the non-standard port not recorded in the port information can be determined as the target port. This embodiment does not limit the specific content of the port information. For example, in one implementation, in order to improve the overall processing speed of access requests, the port information can be used to record the non-standard ports corresponding to some servers, so as to convert some access requests into For standard requests, use the original method to process another part of access requests, which can also reduce the number of ports that the proxy module needs to monitor. Or in another embodiment, in order to reduce the number of ports that the proxy module needs to monitor as much as possible, port information can be used to record all non-standard ports other than the standard ports of the transport protocol, or port information can be used to record non-standard ports corresponding to all servers. port.

在获取端口信息后,在端口信息进行筛选,判断其中是否存在目的端口。若不包括目的端口,则说明目的端口可能为标准端口,或者为不需要进行转换的非标准端口,在这种情况下,可以直接将其发送至代理模块,以便代理模块直接对其进行处理。After obtaining the port information, filter the port information to determine whether there is a destination port. If the destination port is not included, it means that the destination port may be a standard port or a non-standard port that does not need to be converted. In this case, it can be directly sent to the proxy module so that the proxy module can directly process it.

步骤13:若包括目的端口,则确定目的端口为预设端口。Step 13: If the destination port is included, determine that the destination port is a default port.

若端口信息包括目的端口,则说明目的端口为预设端口。访问请求需要被转换为标准请求。If the port information includes the destination port, it means that the destination port is a default port. Access requests need to be converted to standard requests.

在一种实施方式中,在利用端口信息判断目的端口是否为预设端口前,可以先在本地生成端口信息。具体的,在获取传输协议对应的端口信息之前,还可以包括:In an implementation manner, before using the port information to determine whether the destination port is a preset port, the port information may be locally generated first. Specifically, before obtaining the port information corresponding to the transport protocol, it may also include:

步骤21:获取多个端口配置数据,并提取各个端口配置数据对应的非标准端口和传输协议。Step 21: Obtain multiple port configuration data, and extract non-standard ports and transmission protocols corresponding to each port configuration data.

步骤22:基于传输协议对非标准端口进行分类,得到初始端口信息。Step 22: Classify the non-standard ports based on the transmission protocol to obtain initial port information.

步骤23:对初始端口信息进行去重处理,得到端口信息。Step 23: Perform deduplication processing on the initial port information to obtain port information.

本实施例中,端口配置数据与各个网站服务器相对应,其记录了访问请求采用的传输协议和提供服务的端口。因此在获取端口配置数据后,可以提取到对应的端口和传输协议,在基于传输协议将其中的标准端口滤除后,可以得到全部端口配置数据对应的非标准端口,并基于传输协议对非标准端口进行分类,得到初始端口信息。由于不同的网站服务器可能采用了相同的非标准端口,因此对初始端口信息进行去重处理,删除其中重复的部分,得到端口信息。该生成方式得到的端口信息记录了全部网站服务器采用的非标准端口,即将网站服务器采用的非标准端口均确定为预设端口,可以最大限度地减少代理模块需要监听的端口数量,最大程度上避免出现端口冲突问题。In this embodiment, the port configuration data corresponds to each website server, which records the transmission protocol adopted by the access request and the port providing the service. Therefore, after obtaining the port configuration data, the corresponding port and transport protocol can be extracted. After filtering out the standard ports based on the transport protocol, the non-standard ports corresponding to all the port configuration data can be obtained, and the non-standard port can be analyzed based on the transport protocol. Ports are classified to obtain initial port information. Since different web servers may use the same non-standard port, the initial port information is deduplicated, and the duplicated part is deleted to obtain the port information. The port information obtained by this generation method records the non-standard ports used by all web servers, that is, all non-standard ports used by the web server are determined as preset ports, which can minimize the number of ports that the proxy module needs to monitor, and avoid There is a port conflict problem.

进一步的,端口信息可以实时更新,因此还可以包括:Furthermore, the port information can be updated in real time, so it can also include:

步骤31:获取更新数据,并利用更新数据对端口信息进行更新。Step 31: Acquire update data, and use the update data to update port information.

本实施例并不限定更新数据的具体内容,例如在一种实施方式中,可以为全新的端口信息,此时,利用更新数据对原有的端口信息进行替换,即可完成对端口信息的更新。在另一种实施方式中,更新数据可以包括具有标记的非标准端口,标记可以包括新增标记和删除标记,通过对非标准端口添加标记,可以对端口信息中记录的非标准端口进行新增或删除。可以理解的是,端口信息中原本没有记录更新数据中具有新增标记的非标准端口,端口信息中应当记录更新数据中具有删除标记的非标准端口。通过对端口信息进行更新,可以灵活调节预设端口的具体内容,进而灵活调节对访问请求的处理方式。This embodiment does not limit the specific content of the update data. For example, in one embodiment, it may be brand new port information. At this time, the update of the port information can be completed by replacing the original port information with the update data. . In another embodiment, the update data may include a non-standard port with a mark, and the mark may include a new mark and a delete mark, and by adding a mark to the non-standard port, the non-standard port recorded in the port information may be added or delete. It can be understood that the port information originally did not record the non-standard port with the new mark in the update data, and the port information should record the non-standard port with the delete mark in the update data. By updating the port information, the specific content of the preset port can be flexibly adjusted, thereby flexibly adjusting the processing method of the access request.

S103:获取目的端口对应的标准端口,并利用标准端口生成标准请求。S103: Obtain a standard port corresponding to the destination port, and use the standard port to generate a standard request.

在确定目的端口为预设端口后,说明代理模块没有对其进行监听,该访问请求需要被转换为标准请求才能够被代理模块监听并进行处理。因此获取目的端口对应的标准端口,并利用标准端口生成标准请求。标准请求与访问请求的区别仅在于目的端口不同,其他内容均相同。具体的,可以识别访问请求对应的传输协议,并根据传输协议获取标准端口。After determining that the destination port is the preset port, it means that the proxy module does not monitor it, and the access request needs to be converted into a standard request before it can be monitored and processed by the proxy module. Therefore, the standard port corresponding to the destination port is obtained, and a standard request is generated using the standard port. The difference between a standard request and an access request is only the destination port, and the other contents are the same. Specifically, the transmission protocol corresponding to the access request may be identified, and a standard port may be obtained according to the transmission protocol.

S104:将标准请求发送至监听目标端口的代理模块,并利用代理模块根据服务器配置进行代理访问。S104: Send the standard request to the proxy module monitoring the target port, and use the proxy module to perform proxy access according to the server configuration.

在生成标准请求后,可以将其发送至监听目标端口的代理模块。代理模块可以监听到标准请求,在得到标准请求后,利用代理模块进行代理访问。需要说明的是,本申请中服务器配置记录有代理模块对应的全部网站服务器对应的服务器端口,服务器端口为网站服务器提供服务的端口,即访问请求中的目的端口。由于标准请求中的目的端口为标准端口,而访问请求对应的目标服务器并不是通过标准端口提供服务,将访问请求转换为标准请求的目的仅在于使得代理模块能够监听到该请求,通过标准端口无法正常访问目标服务器。因此在实际进行代理访问时,还需要利用服务器配置确定服务器端口,并利用服务器端口进行代理访问。After a standard request is generated, it can be sent to a proxy module listening on the target port. The proxy module can monitor the standard request, and use the proxy module to perform proxy access after receiving the standard request. It should be noted that the server configuration records in this application include the server ports corresponding to all the website servers corresponding to the proxy module, and the server port is the port that the website server provides services, that is, the destination port in the access request. Since the destination port in the standard request is a standard port, and the target server corresponding to the access request does not provide services through the standard port, the purpose of converting the access request into a standard request is only to enable the proxy module to monitor the request, and the standard port cannot Access the target server normally. Therefore, when actually performing proxy access, it is also necessary to use server configuration to determine the server port, and use the server port to perform proxy access.

具体的,在一种实施方式中,利用所述代理模块根据服务器配置进行代理访问的步骤可以包括:Specifically, in an implementation manner, the step of using the proxy module to perform proxy access according to server configuration may include:

步骤41:利用代理模块获取标准请求中的host数据。Step 41: Use the proxy module to obtain the host data in the standard request.

步骤42:从服务器配置中确定host数据对应的目标服务器配置。Step 42: Determine the target server configuration corresponding to the host data from the server configuration.

步骤43:利用目标服务器配置进行代理访问。Step 43: Use the target server configuration for proxy access.

标准请求中的host数据即为访问请求中的host数据,其可以用于确定该访问请求想要访问哪一个网站服务器,只有确定访问请求想要访问的网站服务器(即目标服务器)后才能进行代理访问。因此在代理访问时,先获取标准请求中的host数据,并利用host数据在服务器配置中进行筛选,得到与目标服务器对应的目标服务器配置,并利用目标服务器配置进行代理访问。The host data in the standard request is the host data in the access request, which can be used to determine which web server the access request wants to access, and the proxy can only be performed after determining the web server (ie, the target server) the access request wants to access access. Therefore, during proxy access, first obtain the host data in the standard request, and use the host data to filter in the server configuration to obtain the target server configuration corresponding to the target server, and use the target server configuration to perform proxy access.

进一步,步骤43可以包括:Further, step 43 may include:

步骤44:解析目标服务器配置,得到服务器地址和服务器端口。Step 44: Parse the configuration of the target server to obtain the server address and server port.

步骤45:利用服务器地址和服务器端口生成服务器访问请求。Step 45: Generate a server access request by using the server address and server port.

步骤46:将服务器访问请求发送至目标服务器配置对应的目标服务器。Step 46: Send the server access request to the target server corresponding to the target server configuration.

目标服务器配置中记录有服务器地址和服务器端口,服务器地址具体为IP地址。在得到服务器地址和服务器端口后利用其生成服务器访问请求,并将其发送至目标服务器实现对目标服务器的访问,目标服务器对服务器访问请求进行响应,实现用户对目标服务器的访问。The server address and server port are recorded in the target server configuration, and the server address is specifically an IP address. After obtaining the server address and server port, use it to generate a server access request, and send it to the target server to achieve access to the target server, and the target server responds to the server access request to achieve user access to the target server.

S105:预设操作。S105: preset operation.

若目的端口不是预设端口,则说明不需要将其转换为标准端口以便代理模块监听,此时可以直接将其发送给代理模块,或者可以不做任何操作,即无操作。If the destination port is not a preset port, it means that it does not need to be converted into a standard port so that the proxy module can monitor it. At this time, it can be directly sent to the proxy module, or no operation can be performed, that is, no operation.

应用本申请实施例提供的访问请求端口的标准化方法,代理模块用于执行代理访问的工作,其仅监听标段端口,即接收和响应标准端口的请求。在获取到访问请求后,先判断其对应的目的端口是否为标准端口,目的端口即为服务器提供服务的端口。若目的端口不为标准端口,则说明该请求不会被代理模块监听到,因此获取其对应的标准端口,生成标准请求,并将标准请求发送给代理模块。代理模块可以监听到目标端口,而目标端口包括标准端口,因此代理模块可以监听到标准请求,可以根据服务器配置确定标准请求想要访问的服务器,完成代理访问。代理模块只需要监听目标端口,不需要监听全部服务器的端口,利用与属于预设端口的目的端口对应的标准端口生成标准请求,可以使得代理模块监听到标准请求并进行对应的代理访问,完成对访问请求的处理。通过将具有预设端口的访问请求转换为标准请求,可以减少代理模块监听的端口数量,使得目标端口数量远远小于服务器向外提供服务的端口数量,可以保留大量端口用于向网站服务器发起连接,避免出现端口冲突,保证用户能够正常访问,解决了相关技术存在的端口冲突的问题。Applying the standardized method for accessing the request port provided by the embodiment of the present application, the proxy module is used to perform the work of proxying access, and it only listens to the marker port, that is, receives and responds to the request of the standard port. After obtaining the access request, it is first judged whether the corresponding destination port is a standard port, and the destination port is the port that the server provides services. If the destination port is not a standard port, it means that the request will not be monitored by the proxy module, so the corresponding standard port is obtained, a standard request is generated, and the standard request is sent to the proxy module. The proxy module can monitor the target port, and the target port includes a standard port, so the proxy module can monitor the standard request, and can determine the server that the standard request wants to access according to the server configuration, and complete the proxy access. The proxy module only needs to monitor the target port, and does not need to monitor the ports of all servers. The standard port corresponding to the destination port belonging to the preset port is used to generate a standard request, so that the proxy module can monitor the standard request and perform corresponding proxy access. Processing of access requests. By converting access requests with preset ports into standard requests, the number of ports monitored by the proxy module can be reduced, so that the number of target ports is much smaller than the number of ports that the server provides services to, and a large number of ports can be reserved for initiating connections to the website server , to avoid port conflicts, to ensure that users can access normally, and to solve the problem of port conflicts in related technologies.

基于上述实施例,本实施例说明一种访问请求的处理全过程。请参考图2,图2为本申请实施例提供的一种具体的访问请求端口的标准化过程流程图。其中client即为客户端,具体为访问请求的生成和发送端,访问请求的目的IP为服务IP,服务IP为云WAF用于获取访问请求的IP,云WAF对应的网站服务器的域名经解析即可得到服务IP。在本实施例中,云WAF前还具有防火墙FW,其用于进行目的地址转换(即DNAT),将服务IP对应的流量引导至云WAF的监听IP,监听IP为云WAF的内网IP,通过监听此IP可收到客户端发送的HTTP和HTTPS流量,即可获取到访问请求。云WAF在获取到访问请求后执行上述访问请求的处理步骤,并利用回源IP进行回源,回源就是云WAF访问网站服务器的过程,即为进行代理访问的过程。需要说明的是,由于云WAF中的代理模块仅监听数量较少的目标端口,因此监听IP可以提供较多的端口用于云WAF通过代理模块与网站服务器之间建立连接,因此本实施例中,回源IP即为监听IP。在实际进行代理访问时,到达源站(即图中的web1、web2等)的IP通常为经过防火墙进行源地址转换(即SNAT)处理后得到的公网IP。在另一种相关技术中,通过将回源IP设置为非监听IP的任意IP,扩充回源时可以使用的端口数量,起到避免端口冲突的效果。然而,该相关技术需要对回源IP进行更改,使得其无法与监听IP相同,使得开发工作量和维护成本较大。Based on the foregoing embodiments, this embodiment describes a whole process of processing an access request. Please refer to FIG. 2 . FIG. 2 is a flow chart of a specific standardization process of an access request port provided by an embodiment of the present application. The client is the client, specifically the generation and sending end of the access request, the destination IP of the access request is the service IP, the service IP is the IP used by the cloud WAF to obtain the access request, and the domain name of the website server corresponding to the cloud WAF is resolved. Service IP is available. In this embodiment, there is also a firewall FW in front of the cloud WAF, which is used to perform destination address translation (i.e. DNAT), and guide the traffic corresponding to the service IP to the monitoring IP of the cloud WAF, where the monitoring IP is the intranet IP of the cloud WAF. By listening to this IP, the HTTP and HTTPS traffic sent by the client can be received, and the access request can be obtained. After the cloud WAF obtains the access request, it performs the above-mentioned processing steps of the access request, and uses the back-to-source IP to go back to the source. The back-to-source is the process of the cloud WAF accessing the website server, that is, the process of proxy access. It should be noted that since the proxy module in the cloud WAF only monitors a small number of target ports, the monitoring IP can provide more ports for the cloud WAF to establish a connection with the website server through the proxy module, so in this embodiment , the back-to-source IP is the listening IP. In actual proxy access, the IPs arriving at the source site (ie, web1, web2, etc. in the figure) are usually public network IPs obtained after source address translation (ie, SNAT) processing by the firewall. In another related technology, by setting the back-to-source IP as any IP other than the listening IP, the number of ports that can be used when back-to-source is expanded, thereby avoiding port conflicts. However, this related technology needs to change the back-to-source IP so that it cannot be the same as the listening IP, resulting in a large development workload and maintenance costs.

可以理解的是,通过将属于预设端口的目的端口转换为标准端口,可以减少代理模块监听的端口数量,避免了端口冲突,同时无需对回源IP进行设置,使其可以与监听IP相同,无需进行额外的开发和维护,降低了工作量和维护成本。It can be understood that by converting the destination port belonging to the preset port into a standard port, the number of ports monitored by the proxy module can be reduced, port conflicts can be avoided, and there is no need to set the back-to-source IP so that it can be the same as the listening IP. No need for additional development and maintenance, reducing workload and maintenance costs.

下面对本申请实施例提供的访问请求端口的标准化装置进行介绍,下文描述的访问请求端口的标准化装置与上文描述的访问请求端口的标准化方法可相互对应参照。The apparatus for standardizing the access request port provided by the embodiment of the present application is introduced below. The apparatus for standardizing the access request port described below and the method for standardizing the access request port described above may be referred to in correspondence.

请参考图3,图3为本申请实施例提供的一种访问请求端口的标准化装置的结构示意图,包括:Please refer to FIG. 3. FIG. 3 is a schematic structural diagram of a standardized device for accessing a request port provided by an embodiment of the present application, including:

获取模块110,用于获取访问请求,并提取访问请求对应的目的端口;An acquisition module 110, configured to acquire an access request, and extract a destination port corresponding to the access request;

判断模块120,用于判断目的端口是否为预设端口;A judging module 120, configured to judge whether the destination port is a preset port;

端口转换模块130,用于若为预设端口,则获取目的端口对应的标准端口,并利用标准端口生成标准请求;The port conversion module 130 is configured to obtain a standard port corresponding to the destination port if it is a preset port, and generate a standard request using the standard port;

代理访问模块140,用于将标准请求发送至监听目标端口的代理模块,并利用代理模块根据服务器配置进行代理访问;目标端口包括标准端口。The proxy access module 140 is configured to send the standard request to the proxy module monitoring the target port, and use the proxy module to perform proxy access according to the server configuration; the target port includes a standard port.

可选地,判断模块120,包括:Optionally, the judging module 120 includes:

第一识别单元,用于识别访问请求对应的传输协议;a first identifying unit, configured to identify a transmission protocol corresponding to the access request;

端口信息判断单元,用于获取传输协议对应的端口信息,并判断端口信息是否包括目的端口;A port information judging unit, configured to obtain port information corresponding to the transmission protocol, and judge whether the port information includes a destination port;

预设端口确定单元,用于若包括目的端口,则确定目的端口为预设端口。The default port determining unit is configured to determine that the destination port is the default port if the destination port is included.

可选地,还包括:Optionally, also include:

端口配置数据获取单元,用于获取多个端口配置数据,并提取各个端口配置数据对应的非标准端口和传输协议;A port configuration data acquisition unit, configured to acquire multiple port configuration data, and extract non-standard ports and transmission protocols corresponding to each port configuration data;

分类单元,用于基于传输协议对非标准端口进行分类,得到初始端口信息;A classification unit, configured to classify non-standard ports based on transmission protocols, to obtain initial port information;

去重处理单元,用于对初始端口信息进行去重处理,得到端口信息。The deduplication processing unit is configured to deduplicate the initial port information to obtain port information.

可选地,还包括:Optionally, also include:

更新单元,用于获取更新数据,并利用更新数据对端口信息进行更新。The update unit is used to obtain update data, and use the update data to update the port information.

可选地,端口转换模块130,包括:Optionally, the port conversion module 130 includes:

第二识别单元,用于识别访问请求对应的传输协议,并根据传输协议获取标准端口。The second identification unit is configured to identify the transmission protocol corresponding to the access request, and obtain the standard port according to the transmission protocol.

可选地,代理访问模块140,包括:Optionally, the proxy access module 140 includes:

数据获取单元,用于利用代理模块获取标准请求中的host数据;The data acquisition unit is used to acquire the host data in the standard request by using the proxy module;

配置确定单元,用于从服务器配置中确定host数据对应的目标服务器配置;The configuration determining unit is used to determine the target server configuration corresponding to the host data from the server configuration;

访问单元,用于利用目标服务器配置进行代理访问。Access unit for proxy access with target server configuration.

可选地,访问单元,包括:Optionally, the access unit includes:

解析子单元,用于解析目标服务器配置,得到服务器地址和服务器端口:The parsing subunit is used to parse the target server configuration to obtain the server address and server port:

请求生成子单元,用于利用服务器地址和服务器端口生成服务器访问请求;The request generation subunit is used to generate a server access request by using the server address and server port;

发送子单元,用于将服务器访问请求发送至目标服务器配置对应的目标服务器。The sending subunit is configured to send the server access request to the target server corresponding to the target server configuration.

下面对本申请实施例提供的电子设备进行介绍,下文描述的电子设备与上文描述的访问请求端口的标准化方法可相互对应参照。The electronic device provided by the embodiment of the present application is introduced below, and the electronic device described below and the method for standardizing the access request port described above may be referred to in correspondence.

请参考图4,图4为本申请实施例提供的一种电子设备的结构示意图。其中电子设备100可以包括处理器101和存储器102,还可以进一步包括多媒体组件103、信息输入/信息输出(I/O)接口104以及通信组件105中的一种或多种。Please refer to FIG. 4 , which is a schematic structural diagram of an electronic device provided in an embodiment of the present application. The electronic device 100 may include a processor 101 and a memory 102 , and may further include one or more of a multimedia component 103 , an information input/information output (I/O) interface 104 and a communication component 105 .

其中,处理器101用于控制电子设备100的整体操作,以完成上述的访问请求端口的标准化方法中的全部或部分步骤;存储器102用于存储各种类型的数据以支持在电子设备100的操作,这些数据例如可以包括用于在该电子设备100上操作的任何应用程序或方法的指令,以及应用程序相关的数据。该存储器102可以由任何类型的易失性或非易失性存储设备或者它们的组合实现,例如静态随机存取存储器(Static Random Access Memory,SRAM)、电可擦除可编程只读存储器(Electrically Erasable Programmable Read-OnlyMemory,EEPROM)、可擦除可编程只读存储器(Erasable Programmable Read-Only Memory,EPROM)、可编程只读存储器(Programmable Read-Only Memory,PROM)、只读存储器(Read-Only Memory,ROM)、磁存储器、快闪存储器、磁盘或光盘中的一种或多种。Among them, the processor 101 is used to control the overall operation of the electronic device 100, so as to complete all or part of the steps in the above-mentioned standardized method for accessing the request port; the memory 102 is used to store various types of data to support the operation of the electronic device 100 , these data may include, for example, instructions for any application or method operating on the electronic device 100 , as well as application-related data. The memory 102 can be implemented by any type of volatile or non-volatile memory device or their combination, such as Static Random Access Memory (Static Random Access Memory, SRAM), Electrically Erasable Programmable Read-Only Memory (Electrically Erasable Programmable Read-Only Memory, EEPROM), Erasable Programmable Read-Only Memory (Erasable Programmable Read-Only Memory, EPROM), Programmable Read-Only Memory (Programmable Read-Only Memory, PROM), Read-Only Memory (Read-Only One or more of Memory, ROM), magnetic memory, flash memory, magnetic disk or optical disk.

多媒体组件103可以包括屏幕和音频组件。其中屏幕例如可以是触摸屏,音频组件用于输出和/或输入音频信号。例如,音频组件可以包括一个麦克风,麦克风用于接收外部音频信号。所接收的音频信号可以被进一步存储在存储器102或通过通信组件105发送。音频组件还包括至少一个扬声器,用于输出音频信号。I/O接口104为处理器101和其他接口模块之间提供接口,上述其他接口模块可以是键盘,鼠标,按钮等。这些按钮可以是虚拟按钮或者实体按钮。通信组件105用于电子设备100与其他设备之间进行有线或无线通信。无线通信,例如Wi-Fi,蓝牙,近场通信(Near Field Communication,简称NFC),2G、3G或4G,或它们中的一种或几种的组合,因此相应的该通信组件105可以包括:Wi-Fi部件,蓝牙部件,NFC部件。Multimedia components 103 may include screen and audio components. The screen can be, for example, a touch screen, and the audio component is used for outputting and/or inputting audio signals. For example, an audio component may include a microphone for receiving external audio signals. The received audio signal may be further stored in the memory 102 or sent via the communication component 105 . The audio component also includes at least one speaker for outputting audio signals. The I/O interface 104 provides an interface between the processor 101 and other interface modules, which may be a keyboard, a mouse, buttons, and the like. These buttons can be virtual buttons or physical buttons. The communication component 105 is used for wired or wireless communication between the electronic device 100 and other devices. Wireless communication, such as Wi-Fi, Bluetooth, Near Field Communication (Near Field Communication, NFC for short), 2G, 3G or 4G, or one or a combination of them, so the corresponding communication component 105 may include: Wi-Fi parts, Bluetooth parts, NFC parts.

电子设备100可以被一个或多个应用专用集成电路(Application SpecificIntegrated Circuit,简称ASIC)、数字信号处理器(Digital Signal Processor,简称DSP)、数字信号处理设备(Digital Signal Processing Device,简称DSPD)、可编程逻辑器件(Programmable Logic Device,简称PLD)、现场可编程门阵列(Field ProgrammableGate Array,简称FPGA)、控制器、微控制器、微处理器或其他电子元件实现,用于执行上述实施例给出的访问请求端口的标准化方法。The electronic device 100 may be implemented by one or more application-specific integrated circuits (Application Specific Integrated Circuit, ASIC for short), digital signal processors (Digital Signal Processor, DSP for short), digital signal processing devices (Digital Signal Processing Device, DSPD for short), Programmable logic device (Programmable Logic Device, be called for short PLD), field programmable gate array (Field ProgrammableGate Array, be called for short FPGA), controller, microcontroller, microprocessor or other electronic components realize, be used to carry out the above-mentioned embodiment given A standardized way of accessing request ports.

下面对本申请实施例提供的计算机可读存储介质进行介绍,下文描述的计算机可读存储介质与上文描述的访问请求端口的标准化方法可相互对应参照。The computer-readable storage medium provided by the embodiment of the present application is introduced below, and the computer-readable storage medium described below and the standardization method for accessing a request port described above may be referred to in correspondence.

本申请还提供一种计算机可读存储介质,计算机可读存储介质上存储有计算机程序,计算机程序被处理器执行时实现上述的访问请求端口的标准化方法的步骤。The present application also provides a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the steps of the above-mentioned standardized method for accessing a request port are implemented.

该计算机可读存储介质可以包括:U盘、移动硬盘、只读存储器(Read-OnlyMemory,ROM)、随机存取存储器(Random Access Memory,RAM)、磁碟或者光盘等各种可以存储程序代码的介质。The computer-readable storage medium may include: U disk, mobile hard disk, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disk or optical disk, etc., which can store program codes. medium.

本说明书中各个实施例采用递进的方式描述,每个实施例重点说明的都是与其它实施例的不同之处,各个实施例之间相同或相似部分互相参见即可。对于实施例公开的装置而言,由于其与实施例公开的方法相对应,所以描述的比较简单,相关之处参见方法部分说明即可。Each embodiment in this specification is described in a progressive manner, each embodiment focuses on the difference from other embodiments, and the same or similar parts of each embodiment can be referred to each other. As for the device disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and for the related information, please refer to the description of the method part.

本领域技术人员还可以进一步意识到,结合本文中所公开的实施例描述的各示例的单元及算法步骤,能够以电子硬件、计算机软件或者二者的结合来实现,为了清楚地说明硬件和软件的可互换性,在上述说明中已经按照功能一般性地描述了各示例的组成及步骤。这些功能究竟以硬件还是软件的方式来执行,取决于技术方案的特定应用和设计约束条件。本领域技术人员可以对每个特定的应用来使用不同方法来实现所描述的功能,但是这种实现不应该认为超出本申请的范围。Those skilled in the art can further appreciate that the units and algorithm steps of the examples described in conjunction with the embodiments disclosed herein can be implemented by electronic hardware, computer software, or a combination of the two. In order to clearly illustrate the hardware and software In the above description, the components and steps of each example have been generally described according to their functions. Whether these functions are executed by means of hardware or software depends on the specific application and design constraints of the technical solution. Those skilled in the art may implement the described functionality using different methods for each particular application, but such implementation should not be considered as exceeding the scope of the present application.

结合本文中所公开的实施例描述的方法或算法的步骤可以直接用硬件、处理器执行的软件模块,或者二者的结合来实施。软件模块可以置于随机存储器(RAM)、内存、只读存储器(ROM)、电可编程ROM、电可擦除可编程ROM、寄存器、硬盘、可移动磁盘、CD-ROM、或技术领域内所公知的任意其它形式的存储介质中。The steps of the methods or algorithms described in connection with the embodiments disclosed herein may be directly implemented by hardware, software modules executed by a processor, or a combination of both. Software modules can be placed in random access memory (RAM), internal memory, read-only memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, removable disk, CD-ROM, or any other Any other known storage medium.

最后,还需要说明的是,在本文中,诸如第一和第二等之类的关系属于仅仅用来将一个实体或者操作与另一个实体或者操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且,术语包括、包含或者其他任何变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者设备所固有的要素。Finally, it should also be noted that in this article, relationships such as first and second etc. are only used to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply that these entities or operations, any such actual relationship or order exists. Furthermore, the term comprises, comprises, or any other variation is intended to cover a non-exclusive inclusion such that a process, method, article, or apparatus comprising a set of elements includes not only those elements but also other elements not expressly listed, or Yes also includes elements inherent to such a process, method, article, or device.

本文中应用了具体个例对本申请的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本申请的方法及其核心思想;同时,对于本领域的一般技术人员,依据本申请的思想,在具体实施方式及应用范围上均会有改变之处,综上所述,本说明书内容不应理解为对本申请的限制。In this paper, specific examples are used to illustrate the principles and implementation methods of the application. The descriptions of the above embodiments are only used to help understand the method and core idea of the application; meanwhile, for those of ordinary skill in the art, according to the application There will be changes in the specific implementation and scope of application. In summary, the content of this specification should not be construed as limiting the application.

Claims (10)

1. A method for standardizing access to a request port, comprising:
acquiring an access request, and extracting a destination port corresponding to the access request;
judging whether the destination port is a preset port or not;
if the port is the preset port, acquiring a standard port corresponding to the target port, and generating a standard request by using the standard port;
sending the standard request to an agent module of a monitoring target port, and carrying out agent access by utilizing the agent module according to server configuration; the destination port comprises the standard port.
2. The method of claim 1, wherein the determining whether the destination port is a default port comprises:
identifying a transmission protocol corresponding to the access request;
acquiring port information corresponding to the transmission protocol, and judging whether the port information comprises the target port;
and if the destination port is included, determining that the destination port is the preset port.
3. The method of claim 2, further comprising, before obtaining port information corresponding to the transport protocol:
acquiring a plurality of port configuration data, and extracting a non-standard port and the transmission protocol corresponding to each port configuration data;
classifying the non-standard ports based on the transmission protocol to obtain initial port information;
and carrying out duplicate removal processing on the initial port information to obtain the port information.
4. The method of claim 2, further comprising:
and acquiring updating data, and updating the port information by using the updating data.
5. The method according to claim 1, wherein the obtaining the standard port corresponding to the destination port comprises:
and identifying a transmission protocol corresponding to the access request, and acquiring the standard port according to the transmission protocol.
6. The method of claim 1, wherein the utilizing the proxy module for proxy access according to a server configuration comprises:
acquiring host data in the standard request by using the proxy module;
determining target server configuration corresponding to the host data from the server configuration;
and carrying out proxy access by utilizing the target server configuration.
7. The method of claim 6, wherein said utilizing the target server configuration for proxy access comprises:
analyzing the configuration of the target server to obtain a server address and a server port:
generating a server access request by using the server address and the server port;
and sending the server access request to a target server corresponding to the target server configuration.
8. A standardized apparatus for accessing a request port, comprising:
the acquisition module is used for acquiring an access request and extracting a destination port corresponding to the access request;
the judging module is used for judging whether the destination port is a preset port or not;
the port conversion module is used for acquiring a standard port corresponding to the target port if the preset port is the target port, and generating a standard request by using the standard port;
the proxy access module is used for sending the standard request to a proxy module of a monitoring target port and carrying out proxy access according to server configuration by utilizing the proxy module; the destination port comprises the standard port.
9. An electronic device comprising a memory and a processor, wherein:
the memory is used for storing a computer program;
the processor for executing the computer program to implement the standardized method of accessing a request port of any one of claims 1 to 7.
10. A computer-readable storage medium for storing a computer program, wherein the computer program, when executed by a processor, implements the standardized method of accessing a request port of any one of claims 1 through 7.
CN202011453178.3A 2020-12-11 2020-12-11 Access request port standardization method and device, electronic equipment and storage medium Active CN112702319B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011453178.3A CN112702319B (en) 2020-12-11 2020-12-11 Access request port standardization method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011453178.3A CN112702319B (en) 2020-12-11 2020-12-11 Access request port standardization method and device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN112702319A CN112702319A (en) 2021-04-23
CN112702319B true CN112702319B (en) 2023-03-24

Family

ID=75508785

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011453178.3A Active CN112702319B (en) 2020-12-11 2020-12-11 Access request port standardization method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN112702319B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116260855B (en) * 2023-05-12 2023-08-25 北京百度网讯科技有限公司 Communication method, communication device, electronic equipment and storage medium

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103533314A (en) * 2013-11-04 2014-01-22 富盛科技股份有限公司 Method for accessing standardized interface and unified architecture of differentiation security and protection equipment

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8886773B2 (en) * 2010-08-14 2014-11-11 The Nielsen Company (Us), Llc Systems, methods, and apparatus to monitor mobile internet activity
KR101701158B1 (en) * 2010-12-15 2017-02-01 주식회사 케이티 Method and system of providing remote access for device within home network
CN104506802B (en) * 2014-12-17 2018-06-05 浙江宇视科技有限公司 The method of video monitoring system, passing through NAT monitor video data
CN106506512A (en) * 2016-11-18 2017-03-15 乐视控股(北京)有限公司 The method of agency network agreement, device and electronic equipment
CN108616490B (en) * 2016-12-13 2020-11-03 腾讯科技(深圳)有限公司 Network access control method, device and system
CN108777709A (en) * 2018-05-31 2018-11-09 康键信息技术(深圳)有限公司 Website access method, device, computer equipment and storage medium
CN109040316B (en) * 2018-09-19 2021-08-27 天津字节跳动科技有限公司 HTTP service processing method and device
CN110519380B (en) * 2019-08-29 2022-06-21 北京旷视科技有限公司 Data access method and device, storage medium and electronic equipment
CN111294399B (en) * 2020-02-04 2023-06-23 网宿科技股份有限公司 A data transmission method and device
CN111866124B (en) * 2020-07-17 2022-06-24 北京金山云网络技术有限公司 Method, device, server and machine-readable storage medium for accessing webpage

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103533314A (en) * 2013-11-04 2014-01-22 富盛科技股份有限公司 Method for accessing standardized interface and unified architecture of differentiation security and protection equipment

Also Published As

Publication number Publication date
CN112702319A (en) 2021-04-23

Similar Documents

Publication Publication Date Title
US11722496B2 (en) Tracking or storing of equipment configuration data using immutable ledger functionality of blockchains
CN108134816B (en) Access to data on remote device
CN111132120A (en) Method, system and equipment for identifying camera device in room local area network
CN101459571B (en) Method, system and apparatus for website mirroring
CN108985053B (en) Distributed data processing method and device
CN106161617A (en) Reverse proxy method based on NODEJS, Reverse Proxy and system
CN108156038A (en) Request distribution method, device, access gateway and storage medium
CN110928934A (en) Data processing method and device for business analysis
CN115314483A (en) API asset determining method and abnormal calling early warning method
CN114880641A (en) API asset detection method, device, equipment and medium
CN112702319B (en) Access request port standardization method and device, electronic equipment and storage medium
CN107995321A (en) A kind of VPN client acts on behalf of the method and device of DNS
CN113923192A (en) Flow auditing method, device, system, equipment and medium
CN112887333A (en) Abnormal equipment detection method and device, electronic equipment and readable storage medium
CN106254515A (en) A kind of load-balancing method storing system and equipment
CN114301872B (en) Domain name based access method and device, electronic equipment and storage medium
CN107911496A (en) A kind of VPN service terminal acts on behalf of the method and device of DNS
KR101395830B1 (en) Session checking system via proxy and checkhing method thereof
CN112968914A (en) System, method, device and medium for requesting data to be imported into vulnerability scanner in real time
CN111026607A (en) Server monitoring system and method and server data acquisition method and system
CN112822305B (en) Method, device, router and storage medium for processing DNS query request
JP4952531B2 (en) Recording apparatus, recording program, and recording method
CN113810310A (en) Flow acquisition method, device, equipment and storage medium
CN110620682B (en) Resource information acquisition method and device, storage medium, terminal
CN114793180A (en) Method and device for intercepting abnormal network traffic, intercepting equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20210423

Assignee: Hangzhou Anheng Information Security Technology Co.,Ltd.

Assignor: Dbappsecurity Co.,Ltd.

Contract record no.: X2024980043364

Denomination of invention: Standardization methods, devices, electronic devices, and storage media for accessing request ports

Granted publication date: 20230324

License type: Common License

Record date: 20241231

EE01 Entry into force of recordation of patent licensing contract
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载