CN117640189A - Access method, device, equipment and storage medium - Google Patents
Access method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN117640189A CN117640189A CN202311596631.XA CN202311596631A CN117640189A CN 117640189 A CN117640189 A CN 117640189A CN 202311596631 A CN202311596631 A CN 202311596631A CN 117640189 A CN117640189 A CN 117640189A
- Authority
- CN
- China
- Prior art keywords
- domain name
- user
- target domain
- verification
- tunnel
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 69
- 238000012795 verification Methods 0.000 claims abstract description 174
- 239000002957 persistent organic pollutant Substances 0.000 claims description 30
- 230000004044 response Effects 0.000 claims description 16
- 238000001514 detection method Methods 0.000 claims description 11
- 238000012360 testing method Methods 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 3
- 238000004458 analytical method Methods 0.000 claims description 2
- 238000004891 communication Methods 0.000 abstract description 5
- 238000010586 diagram Methods 0.000 description 17
- 230000001133 acceleration Effects 0.000 description 7
- 238000012545 processing Methods 0.000 description 7
- 230000002159 abnormal effect Effects 0.000 description 4
- 230000000694 effects Effects 0.000 description 3
- 230000006978 adaptation Effects 0.000 description 2
- 239000013256 coordination polymer Substances 0.000 description 2
- 238000001914 filtration Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000004140 cleaning Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000003252 repetitive effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present disclosure provides an access method, a system, a device and a storage medium, which relate to the technical field of communication, and are characterized in that a user access request is analyzed to obtain a user target domain name, then whether the domain name is in a domain name list is determined based on the user target domain name and a dynamically updated domain name list, a verification tunnel is established between network service providing points POP corresponding to the user and the user target domain name respectively under the condition that the domain name is not in the domain name list, the user target domain name is verified based on the verification tunnel to obtain a verification result, and a user address is configured under the condition that the verification result indicates that the target domain name can be accessed, so that the user accesses the target domain name based on the configured address, the user can timely learn whether the target domain name can be accessed, and user experience is improved.
Description
Technical Field
The present disclosure relates to the field of communications technologies, and in particular, to an access method, apparatus, device, and storage medium.
Background
In the current society, the informatization degree is gradually increased. Users often need access to cross-border websites. When a user accesses data of a cross-border website and an application, the effect of current access is poor due to the limited link bandwidth. In addition, in the cross-border resource access, a website request needing filtering may exist, and when a user accesses, it is difficult to know whether the currently accessed address can be accessed, so that the effect of the current user on the cross-border website access is poor.
Disclosure of Invention
The disclosure provides an access method, an access device and a storage medium, which at least improve the effect of a user on cross-border website access to a certain extent.
Other features and advantages of the present disclosure will be apparent from the following detailed description, or may be learned in part by the practice of the disclosure.
According to one aspect of the present disclosure, there is provided an access method including:
analyzing the user access request to obtain a user target domain name;
determining whether the target domain name is in the domain name list based on the target domain name and the dynamically updated domain name list;
under the condition that the domain name is not in the domain name list, a verification tunnel is established between the network service providing points POPs respectively corresponding to the user and the target domain name;
verifying the target domain name based on the verification tunnel to obtain a verification result;
and under the condition that the verification result indicates that the target domain name can be accessed, configuring the user address, so that the user accesses the target domain name based on the configured address.
In one embodiment of the present disclosure, the method further comprises:
and adding the target domain name into a white list contained in the domain name list under the condition that the verification result indicates that the target domain name can be accessed.
In one embodiment of the present disclosure, the method further comprises:
and adding the target domain name into a blacklist contained in the domain name list under the condition that the verification result indicates that the target domain name is inaccessible.
In one embodiment of the present disclosure, verifying the target domain name based on the verification tunnel, the obtaining a verification result includes:
performing dial testing on the target domain name based on the plurality of verification tunnels to obtain data response contents and connection states fed back by the plurality of verification tunnels respectively;
and determining a verification result based on the data response content and the connection state fed back by the plurality of verification tunnels respectively.
In one embodiment of the present disclosure, the method further comprises:
checking the domain names in the domain name list according to a preset period;
and updating the domain name list based on the verification result corresponding to each domain name in the domain name list.
In one embodiment of the present disclosure, before verifying the target domain name based on the verification tunnel, the method further includes:
detecting the connectivity of the verification tunnel;
and destroying the tunnel under the condition that the verification tunnel does not pass the detection.
In one embodiment of the present disclosure, the method further comprises:
and accelerating the access of the user under the condition that the verification result indicates that the target domain name can be accessed.
According to another aspect of the present disclosure, there is provided an access apparatus including:
the analysis module is used for analyzing the user access request to obtain a user target domain name;
the determining module is used for determining whether the target domain name is in the domain name list or not based on the target domain name and the dynamically updated domain name list;
the establishment module is used for establishing a verification tunnel between the network service providing points POPs respectively corresponding to the user and the target domain name under the condition that the domain name is not in the domain name list;
the first verification module is used for verifying the target domain name based on the verification tunnel to obtain a verification result;
and the configuration module is used for configuring the user address under the condition that the verification result indicates that the target domain name can be accessed, so that the user accesses the target domain name based on the configured address.
In one embodiment of the present disclosure, the apparatus further comprises:
and the first adding module is used for adding the target domain name into a white list contained in the domain name list under the condition that the verification result indicates that the target domain name can be accessed.
In one embodiment of the present disclosure, the apparatus further comprises:
and the second adding module is used for adding the target domain name into a blacklist contained in the domain name list under the condition that the verification result indicates that the target domain name cannot be accessed.
In one embodiment of the present disclosure, a first verification module includes:
the dial testing unit is used for dial testing the target domain name based on the plurality of verification tunnels to obtain data response contents and connection states fed back by the plurality of verification tunnels respectively;
and the determining unit is used for determining a check result based on the data response content and the connection state fed back by the plurality of check tunnels respectively.
In one embodiment of the present disclosure, the apparatus further comprises:
the second checking module is used for checking the domain names in the domain name list according to a preset period;
and the updating module is used for updating the domain name list based on the verification result corresponding to each domain name in the domain name list.
In one embodiment of the present disclosure, the apparatus further comprises:
the detection module is used for detecting the connectivity of the verification tunnel before verifying the target domain name based on the verification tunnel to obtain a verification result;
the destroying module is used for destroying the tunnel under the condition that the checking tunnel does not pass the detection.
In one embodiment of the present disclosure, the apparatus further comprises:
and the acceleration module is used for accelerating the access of the user under the condition that the verification result indicates that the target domain name can be accessed.
According to still another aspect of the present disclosure, there is provided an electronic apparatus including: a processor; and a memory for storing executable instructions of the processor; wherein the processor is configured to perform the above-described access method via execution of the executable instructions.
According to yet another aspect of the present disclosure, there is provided a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the above-described access method.
According to the access method provided by the embodiment of the disclosure, the user access request is analyzed to obtain the user target domain name, then whether the domain name is in the domain name list is determined based on the user target domain name and the dynamically updated domain name list, a verification tunnel is established between the network service providing points POPs respectively corresponding to the user and the user target domain name under the condition that the domain name is not in the domain name list, the user target domain name is verified based on the verification tunnel to obtain a verification result, and the user address is configured under the condition that the verification result indicates that the target domain name can be accessed, so that the user can access the target domain name based on the configured address, and the user can verify the target domain name of the user, so that the user can timely know whether the target domain name can be accessed, and user experience is improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description, serve to explain the principles of the disclosure. It will be apparent to those of ordinary skill in the art that the drawings in the following description are merely examples of the disclosure and that other drawings may be derived from them without undue effort.
FIG. 1 illustrates a block diagram of an access system in an embodiment of the present disclosure;
FIG. 2 is a flow chart of an access method in an embodiment of the disclosure;
FIG. 3 illustrates another access method flow diagram in an embodiment of the present disclosure;
FIG. 4 is a flow chart illustrating yet another access method in an embodiment of the present disclosure;
FIG. 5 illustrates a flow diagram of yet another access method in an embodiment of the present disclosure;
FIG. 6 illustrates a flow diagram of yet another access method in an embodiment of the present disclosure;
FIG. 7 illustrates a flow diagram of yet another access method in an embodiment of the present disclosure;
FIG. 8 illustrates a flow diagram of yet another access method in an embodiment of the present disclosure;
FIG. 9 illustrates a schematic diagram of an access device in an embodiment of the present disclosure; and
fig. 10 shows a block diagram of an electronic device in an embodiment of the disclosure.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. However, the exemplary embodiments may be embodied in many forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the example embodiments to those skilled in the art. The described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
Furthermore, the drawings are merely schematic illustrations of the present disclosure and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and thus a repetitive description thereof will be omitted. Some of the block diagrams shown in the figures are functional entities and do not necessarily correspond to physically or logically separate entities. These functional entities may be implemented in software or in one or more hardware modules or integrated circuits or in different networks and/or processor devices and/or microcontroller devices.
It should be understood that the various steps recited in the method embodiments of the present disclosure may be performed in a different order and/or performed in parallel. Furthermore, method embodiments may include additional steps and/or omit performing the illustrated steps. The scope of the present disclosure is not limited in this respect.
It should be noted that the terms "first," "second," and the like in this disclosure are merely used to distinguish between different devices, modules, or units and are not used to define an order or interdependence of functions performed by the devices, modules, or units.
It should be noted that references to "one", "a plurality" and "a plurality" in this disclosure are intended to be illustrative rather than limiting, and those of ordinary skill in the art will appreciate that "one or more" is intended to be understood as "one or more" unless the context clearly indicates otherwise.
In order to solve the above problems, embodiments of the present disclosure provide an access method, apparatus, device, and storage medium.
For ease of understanding, the disclosed embodiments will first be described with respect to an access system.
Fig. 1 illustrates a block diagram of an access system in an embodiment of the present disclosure.
As shown in fig. 1, the access system may include: the system comprises a user terminal 101, an acceleration channel service module 102, an access module 103, an address library service module 104 and a dial testing service module 105.
The user terminal 101 sends a user access request to the access module 103, and the access module determines a user target domain name based on the user access request. The user target domain name is then sent to the address library service module 104, and the address library service module 104 determines whether the user target domain name is on a blacklist or a whitelist based on the user target domain name. And under the condition that the user target domain name is in a blacklist, cleaning and filtering the access traffic. The blacklist and the whitelist stored by the address library service module are detected by the dial testing service module 105 based on the original blacklist and whitelist and the user access record by using a dynamic dial algorithm. In the case where the user target domain name is on the white list, the access system may send the user target domain name to the acceleration channel service module 102, so that the acceleration channel service module 102 provides acceleration services to provide acceleration for access by the user based on the target domain name access system traffic.
Fig. 2 shows a flow chart of an access method in an embodiment of the disclosure.
As shown in fig. 2, the access method may include:
s210, analyzing the user access request to obtain the user target domain name.
In some embodiments, the user access request may be resolved based on a domain name system (Domain Name System, DNS) resolution service to obtain the user target domain name.
S220, determining whether the target domain name is in the domain name list based on the target domain name and the dynamically updated domain name list.
In some embodiments, the dynamically updated domain name list may include a domain name list updated at a preset period or a domain name list updated according to domain name changes within the domain name list.
In some embodiments, a comparison-based approach may be used to determine whether the user-target domain name is within the domain name list.
And S230, under the condition that the domain name is not in the domain name list, a verification tunnel is established between the network service providing points POPs respectively corresponding to the user and the target domain name.
In some embodiments, the verification tunnel may have multiple verification tunnels.
In some embodiments, the verification tunnel may be generated in a CP connection corresponding to the IP quad [ IP1, port1, IP2, port2].
S240, verifying the target domain name based on the verification tunnel to obtain a verification result.
In some embodiments, verifying the user target domain name may include verifying whether the target domain name is accessible.
In some embodiments, verifying the user target domain name may include determining whether the target domain name is capable of completing the data communication within a preset period of time.
For example, a timing may be turned on, a timeout time set, and a detection of whether the data is timeout may be performed. It should be noted that, detecting the target domain name based on the verification tunnel may include determining whether the target domain name will return response data based on the verification tunnel accessing the target domain name.
For example, the connection state may be detected, and the identification marks rst and fin may be recorded by grasping the connection packet. Wherein rst is one of 6 flag bits in the CP header, indicating a reset connection, a reset connection. Fin is a segment flag in a network communication protocol, collectively referred to as "finish," that indicates the end of a network session. Indicating that the sender is no longer transmitting data and requires acknowledgement from the recipient, the recipient will typically transmit an acknowledgement segment after receiving the fin segment.
S250, under the condition that the verification result indicates that the target domain name can be accessed, configuring the user address, so that the user accesses the target domain name based on the configured address.
In some embodiments, it may be that the user accesses the target domain name based on verifying the tunnel.
According to the access method provided by the embodiment of the disclosure, the user access request is analyzed to obtain the user target domain name, then whether the domain name is in the domain name list is determined based on the user target domain name and the dynamically updated domain name list, a verification tunnel is established between the network service providing points POPs respectively corresponding to the user and the user target domain name under the condition that the domain name is not in the domain name list, the user target domain name is verified based on the verification tunnel to obtain a verification result, and the user address is configured under the condition that the verification result indicates that the target domain name can be accessed, so that the user can access the target domain name based on the configured address, and the user can verify the target domain name of the user, so that the user can timely know whether the target domain name can be accessed, and user experience is improved.
FIG. 3 illustrates a flow diagram of another access method in an embodiment of the present disclosure.
As shown in fig. 3, the access method may include:
s310, analyzing the user access request to obtain a user target domain name;
s320, determining whether the target domain name is in the domain name list based on the target domain name and the dynamically updated domain name list;
s330, under the condition that the domain name is not in the domain name list, a verification tunnel is established between the network service providing points POPs respectively corresponding to the user and the target domain name;
S340, verifying the target domain name based on the verification tunnel to obtain a verification result;
and S350, adding the target domain name into a white list contained in the domain name list under the condition that the verification result indicates that the target domain name can be accessed.
According to the access method provided by the embodiment of the disclosure, the user access request is analyzed to obtain the user target domain name, then whether the domain name is in the domain name list is determined based on the user target domain name and the dynamically updated domain name list, a verification tunnel is established between the network service providing points POPs respectively corresponding to the user and the user target domain name under the condition that the domain name is not in the domain name list, the user target domain name is verified based on the verification tunnel to obtain a verification result, and the user address is configured under the condition that the verification result indicates that the target domain name can be accessed, so that the user can access the target domain name based on the configured address, and the user can verify the target domain name of the user, so that the user can timely know whether the target domain name can be accessed, and user experience is improved.
Fig. 4 shows a flow diagram of yet another access method in an embodiment of the disclosure.
As shown in fig. 4, the access method may include:
S410, analyzing the user access request to obtain a user target domain name;
s420, determining whether the target domain name is in the domain name list based on the target domain name and the dynamically updated domain name list;
s430, under the condition that the domain name is not in the domain name list, a verification tunnel is established between the network service providing points POPs respectively corresponding to the user and the target domain name;
s440, verifying the target domain name based on the verification tunnel to obtain a verification result;
and S450, adding the target domain name into a blacklist contained in the domain name list under the condition that the verification result indicates that the target domain name cannot be accessed.
In some embodiments, a fast wrap-around response and 163 a normal internet response may be performed in the event that the target domain name is determined to be within the blacklist. Wherein the quick return packet response is directed to a local quick response DNS server and the 163 ordinary internet response is directed to a conventional internet DNS server.
According to the access method provided by the embodiment of the disclosure, the user access request is analyzed to obtain the user target domain name, then whether the domain name is in the domain name list is determined based on the user target domain name and the dynamically updated domain name list, a verification tunnel is established between the network service providing points POPs respectively corresponding to the user and the user target domain name under the condition that the domain name is not in the domain name list, the user target domain name is verified based on the verification tunnel to obtain a verification result, and the user address is configured under the condition that the verification result indicates that the target domain name can be accessed, so that the user can access the target domain name based on the configured address, and the user can verify the target domain name of the user, so that the user can timely know whether the target domain name can be accessed, and user experience is improved.
Fig. 5 shows a flow diagram of yet another access method in an embodiment of the present disclosure.
As shown in fig. 5, the access method may include:
s510, analyzing the user access request to obtain a user target domain name;
s520, determining whether the target domain name is in the domain name list based on the target domain name and the dynamically updated domain name list.
In some embodiments, in determining whether the target domain name is within the domain name list, it may be first matched whether the target domain name belongs to a white list or a black list, and then the sub domain name and the main domain name of the target domain name may be determined based on the user access request.
S530, under the condition that the domain name is not in the domain name list, a verification tunnel is established between the network service providing points POPs respectively corresponding to the user and the target domain name;
s540, performing dial testing on the target domain name based on the plurality of verification tunnels to obtain data response contents and connection states fed back by the plurality of verification tunnels respectively.
In some embodiments, the target domain name r may be obtained from a user initial request access and log access library. Requesting a target domain name to issue a plurality of verification tunnels for detection, and obtaining a domain name detection state [ (r, p, t); (s, d), according to the target domain name r, POP point p and time t, the target domain name accesses the result s, and the POP point can reach the data d. And then outputting a verification result aiming at the POP point according to the result in the time period. Wherein the detection result is as follows:
And counting abnormal probability of the verification result, and determining that the target domain name is abnormal in access if the abnormal probability P (f (r) =0) > 20% of the verification result.
S550, determining a verification result based on the data response content and the connection state fed back by the plurality of verification tunnels respectively.
S560, if the verification result indicates that the target domain name can be accessed, configuring the user address, so that the user can access the target domain name based on the configured address.
According to the access method provided by the embodiment of the disclosure, the user access request is analyzed to obtain the user target domain name, then whether the domain name is in the domain name list is determined based on the user target domain name and the dynamically updated domain name list, a verification tunnel is established between the network service providing points POPs respectively corresponding to the user and the user target domain name under the condition that the domain name is not in the domain name list, the user target domain name is verified based on the verification tunnel to obtain a verification result, and the user address is configured under the condition that the verification result indicates that the target domain name can be accessed, so that the user can access the target domain name based on the configured address, and the user can verify the target domain name of the user, so that the user can timely know whether the target domain name can be accessed, and user experience is improved.
Fig. 6 shows a flow diagram of yet another access method in an embodiment of the disclosure.
As shown in fig. 6, the access method may include:
s610, analyzing the user access request to obtain a user target domain name;
s620, determining whether the target domain name is in the domain name list based on the target domain name and the dynamically updated domain name list.
S630, checking the domain names in the domain name list according to a preset period.
In some embodiments, the preset period may comprise a user-defined period.
In order to avoid the change of the connection state of the domain names in the domain name list, the domain names in the domain name list can be checked according to a preset period, and under the condition that the connection state of the domain names is inconsistent with the list, the domain names are re-classified into the list again based on the connection state of the domain names.
And S640, updating the domain name list based on the verification result corresponding to each domain name in the domain name list.
According to the access method provided by the embodiment of the disclosure, the user access request is analyzed to obtain the user target domain name, then whether the domain name is in the domain name list is determined based on the user target domain name and the dynamically updated domain name list, a verification tunnel is established between the network service providing points POPs respectively corresponding to the user and the user target domain name under the condition that the domain name is not in the domain name list, the user target domain name is verified based on the verification tunnel to obtain a verification result, and the user address is configured under the condition that the verification result indicates that the target domain name can be accessed, so that the user can access the target domain name based on the configured address, and the user can verify the target domain name of the user, so that the user can timely know whether the target domain name can be accessed, and user experience is improved.
Fig. 7 shows a flow diagram of yet another access method in an embodiment of the disclosure.
As shown in fig. 7, the access method may include:
s710, analyzing the user access request to obtain a user target domain name;
s720, determining whether the target domain name is in the domain name list based on the target domain name and the dynamically updated domain name list;
s730, detecting the connectivity of the check tunnel;
in some embodiments, the tunnel may be detected by a firewall to determine if there is abnormal content access.
In some embodiments, connectivity of the tunnel may be detected based on an internet packet explorer (Packet Internet Groper, ping).
S740, destroying the tunnel under the condition that the verification tunnel does not pass the detection.
S750, under the condition that the domain name is not in the domain name list, a verification tunnel is established between the network service providing points POPs respectively corresponding to the user and the target domain name;
s760, verifying the target domain name based on the verification tunnel to obtain a verification result.
According to the access method provided by the embodiment of the disclosure, the user access request is analyzed to obtain the user target domain name, then whether the domain name is in the domain name list is determined based on the user target domain name and the dynamically updated domain name list, a verification tunnel is established between the network service providing points POPs respectively corresponding to the user and the user target domain name under the condition that the domain name is not in the domain name list, the user target domain name is verified based on the verification tunnel to obtain a verification result, and the user address is configured under the condition that the verification result indicates that the target domain name can be accessed, so that the user can access the target domain name based on the configured address, and the user can verify the target domain name of the user, so that the user can timely know whether the target domain name can be accessed, and user experience is improved.
Fig. 8 shows a flow diagram of yet another access method in an embodiment of the disclosure.
As shown in fig. 8, the access method may include:
s810, analyzing the user access request to obtain a user target domain name;
s820, determining whether the target domain name is in the domain name list based on the target domain name and the dynamically updated domain name list;
s830, under the condition that the domain name is not in the domain name list, a verification tunnel is established between the network service providing points POPs respectively corresponding to the user and the target domain name;
s840, verifying the target domain name based on the verification tunnel to obtain a verification result;
s850, configuring a user address to enable the user to access the target domain name based on the configured address under the condition that the verification result indicates that the target domain name can be accessed;
s860, in the case that the verification result indicates that the target domain name can be accessed, the access of the user is accelerated.
In some embodiments, access to system traffic may be accelerated within the user's access.
According to the access method provided by the embodiment of the disclosure, the user access request is analyzed to obtain the user target domain name, then whether the domain name is in the domain name list is determined based on the user target domain name and the dynamically updated domain name list, a verification tunnel is established between the network service providing points POPs respectively corresponding to the user and the user target domain name under the condition that the domain name is not in the domain name list, the user target domain name is verified based on the verification tunnel to obtain a verification result, and the user address is configured under the condition that the verification result indicates that the target domain name can be accessed, so that the user can access the target domain name based on the configured address, and the user can verify the target domain name of the user, so that the user can timely know whether the target domain name can be accessed, and user experience is improved.
For ease of understanding, the disclosed embodiments will first describe access methods.
Based on the same inventive concept, an access device is also provided in the embodiments of the present disclosure, as follows. Since the principle of solving the problem of the embodiment of the device is similar to that of the embodiment of the method, the implementation of the embodiment of the device can be referred to the implementation of the embodiment of the method, and the repetition is omitted.
Fig. 9 shows a schematic diagram of an access device in an embodiment of the disclosure, as shown in fig. 9, the device 900 may include:
the resolving module 901 is configured to resolve a user access request to obtain a user target domain name;
a determining module 902, configured to determine whether the target domain name is in the domain name list based on the target domain name and the dynamically updated domain name list;
the establishing module 903 is configured to establish a verification tunnel between the network service points POP corresponding to the user and the target domain name respectively when the domain name is not in the domain name list;
the first verification module 904 is configured to verify the target domain name based on the verification tunnel, to obtain a verification result;
and a configuration module 905, configured to configure the address of the user to enable the user to access the target domain name based on the configured address, if the verification result indicates that the target domain name is accessible.
According to the access device provided by the embodiment of the disclosure, the user access request is analyzed to obtain the user target domain name, then whether the domain name is in the domain name list is determined based on the user target domain name and the dynamically updated domain name list, a verification tunnel is established between the network service providing points POPs respectively corresponding to the user and the user target domain name under the condition that the domain name is not in the domain name list, the user target domain name is verified based on the verification tunnel to obtain a verification result, and the user address is configured under the condition that the verification result indicates that the target domain name can be accessed, so that the user can access the target domain name based on the configured address, and the target domain name of the user is verified, so that the user can timely know whether the target domain name can be accessed, and user experience is improved.
In one embodiment of the present disclosure, the apparatus further comprises:
and the first adding module is used for adding the target domain name into a white list contained in the domain name list under the condition that the verification result indicates that the target domain name can be accessed.
According to the access device provided by the embodiment of the disclosure, the user access request is analyzed to obtain the user target domain name, then whether the domain name is in the domain name list is determined based on the user target domain name and the dynamically updated domain name list, a verification tunnel is established between the network service providing points POPs respectively corresponding to the user and the user target domain name under the condition that the domain name is not in the domain name list, the user target domain name is verified based on the verification tunnel to obtain a verification result, and the user address is configured under the condition that the verification result indicates that the target domain name can be accessed, so that the user can access the target domain name based on the configured address, and the target domain name of the user is verified, so that the user can timely know whether the target domain name can be accessed, and user experience is improved.
In one embodiment of the present disclosure, the apparatus further comprises:
and the second adding module is used for adding the target domain name into a blacklist contained in the domain name list under the condition that the verification result indicates that the target domain name cannot be accessed.
According to the access device provided by the embodiment of the disclosure, the user access request is analyzed to obtain the user target domain name, then whether the domain name is in the domain name list is determined based on the user target domain name and the dynamically updated domain name list, a verification tunnel is established between the network service providing points POPs respectively corresponding to the user and the user target domain name under the condition that the domain name is not in the domain name list, the user target domain name is verified based on the verification tunnel to obtain a verification result, and the user address is configured under the condition that the verification result indicates that the target domain name can be accessed, so that the user can access the target domain name based on the configured address, and the target domain name of the user is verified, so that the user can timely know whether the target domain name can be accessed, and user experience is improved.
In one embodiment of the present disclosure, a first verification module includes:
the dial testing unit is used for dial testing the target domain name based on the plurality of verification tunnels to obtain data response contents and connection states fed back by the plurality of verification tunnels respectively;
And the determining unit is used for determining a check result based on the data response content and the connection state fed back by the plurality of check tunnels respectively.
According to the access device provided by the embodiment of the disclosure, the user access request is analyzed to obtain the user target domain name, then whether the domain name is in the domain name list is determined based on the user target domain name and the dynamically updated domain name list, a verification tunnel is established between the network service providing points POPs respectively corresponding to the user and the user target domain name under the condition that the domain name is not in the domain name list, the user target domain name is verified based on the verification tunnel to obtain a verification result, and the user address is configured under the condition that the verification result indicates that the target domain name can be accessed, so that the user can access the target domain name based on the configured address, and the target domain name of the user is verified, so that the user can timely know whether the target domain name can be accessed, and user experience is improved.
In one embodiment of the present disclosure, the apparatus further comprises:
the second checking module is used for checking the domain names in the domain name list according to a preset period;
and the updating module is used for updating the domain name list based on the verification result corresponding to each domain name in the domain name list.
According to the access device provided by the embodiment of the disclosure, the user access request is analyzed to obtain the user target domain name, then whether the domain name is in the domain name list is determined based on the user target domain name and the dynamically updated domain name list, a verification tunnel is established between the network service providing points POPs respectively corresponding to the user and the user target domain name under the condition that the domain name is not in the domain name list, the user target domain name is verified based on the verification tunnel to obtain a verification result, and the user address is configured under the condition that the verification result indicates that the target domain name can be accessed, so that the user can access the target domain name based on the configured address, and the target domain name of the user is verified, so that the user can timely know whether the target domain name can be accessed, and user experience is improved.
In one embodiment of the present disclosure, the apparatus further comprises:
the detection module is used for detecting the connectivity of the verification tunnel before verifying the target domain name based on the verification tunnel to obtain a verification result;
the destroying module is used for destroying the tunnel under the condition that the checking tunnel does not pass the detection.
According to the access device provided by the embodiment of the disclosure, the user access request is analyzed to obtain the user target domain name, then whether the domain name is in the domain name list is determined based on the user target domain name and the dynamically updated domain name list, a verification tunnel is established between the network service providing points POPs respectively corresponding to the user and the user target domain name under the condition that the domain name is not in the domain name list, the user target domain name is verified based on the verification tunnel to obtain a verification result, and the user address is configured under the condition that the verification result indicates that the target domain name can be accessed, so that the user can access the target domain name based on the configured address, and the target domain name of the user is verified, so that the user can timely know whether the target domain name can be accessed, and user experience is improved.
In one embodiment of the present disclosure, the apparatus further comprises:
and the acceleration module is used for accelerating the access of the user under the condition that the verification result indicates that the target domain name can be accessed.
According to the access device provided by the embodiment of the disclosure, the user access request is analyzed to obtain the user target domain name, then whether the domain name is in the domain name list is determined based on the user target domain name and the dynamically updated domain name list, a verification tunnel is established between the network service providing points POPs respectively corresponding to the user and the user target domain name under the condition that the domain name is not in the domain name list, the user target domain name is verified based on the verification tunnel to obtain a verification result, and the user address is configured under the condition that the verification result indicates that the target domain name can be accessed, so that the user can access the target domain name based on the configured address, and the target domain name of the user is verified, so that the user can timely know whether the target domain name can be accessed, and user experience is improved.
Those skilled in the art will appreciate that the various aspects of the present disclosure may be implemented as a system, method, or program product. Accordingly, various aspects of the disclosure may be embodied in the following forms, namely: an entirely hardware embodiment, an entirely software embodiment (including firmware, micro-code, etc.) or an embodiment combining hardware and software aspects may be referred to herein as a "circuit," module "or" system.
An electronic device 1000 according to such an embodiment of the present disclosure is described below with reference to fig. 10. The electronic device 1000 shown in fig. 10 is merely an example and should not be construed as limiting the functionality and scope of use of the disclosed embodiments.
As shown in fig. 10, the electronic device 1000 is embodied in the form of a general purpose computing device. Components of electronic device 1000 may include, but are not limited to: the at least one processing unit 1010, the at least one memory unit 1020, and a bus 1030 that connects the various system components, including the memory unit 1020 and the processing unit 1010.
Wherein the storage unit stores program code that is executable by the processing unit 1010 such that the processing unit 1010 performs steps according to various exemplary embodiments of the present disclosure described in the above section of the present specification. For example, the processing unit 1010 may perform the following steps of the method embodiment described above:
analyzing the user access request to obtain a user target domain name;
determining whether the target domain name is in the domain name list based on the target domain name and the dynamically updated domain name list;
under the condition that the domain name is not in the domain name list, a verification tunnel is established between the network service providing points POPs respectively corresponding to the user and the target domain name;
Verifying the target domain name based on the verification tunnel to obtain a verification result;
and under the condition that the verification result indicates that the target domain name can be accessed, configuring the user address, so that the user accesses the target domain name based on the configured address.
The memory unit 1020 may include readable media in the form of volatile memory units such as Random Access Memory (RAM) 10201 and/or cache memory unit 10202, and may further include Read Only Memory (ROM) 10203.
The storage unit 1020 may also include a program/utility 10204 having a set (at least one) of program modules 10205, such program modules 10205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment.
Bus 1030 may be representing one or more of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.
The electronic device 1000 can also communicate with one or more external devices 1040 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device 1000, and/or with any device (e.g., router, modem, etc.) that enables the electronic device 1000 to communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 1050. Also, electronic device 1000 can communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the Internet, through network adapter 1060. As shown, the network adapter 1060 communicates with other modules of the electronic device 1000 over the bus 1030. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with the electronic device 1000, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.
From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware. Thus, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, including several instructions to cause a computing device (may be a personal computer, a server, a terminal device, or a network device, etc.) to perform the method according to the embodiments of the present disclosure.
In an exemplary embodiment of the present disclosure, a computer-readable storage medium, which may be a readable signal medium or a readable storage medium, is also provided. On which a program product is stored which enables the implementation of the method described above of the present disclosure. In some possible implementations, various aspects of the disclosure may also be implemented in the form of a program product comprising program code for causing a terminal device to carry out the steps according to the various exemplary embodiments of the disclosure as described in the "exemplary methods" section of this specification, when the program product is run on the terminal device.
More specific examples of the computer readable storage medium in the present disclosure may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
In this disclosure, a computer readable storage medium may include a data signal propagated in baseband or as part of a carrier wave, with readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Alternatively, the program code embodied on a computer readable storage medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
In particular implementations, the program code for carrying out operations of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
It should be noted that although in the above detailed description several modules or units of a device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit in accordance with embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into a plurality of modules or units to be embodied.
Furthermore, although the steps of the methods in the present disclosure are depicted in a particular order in the drawings, this does not require or imply that the steps must be performed in that particular order or that all illustrated steps be performed in order to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step to perform, and/or one step decomposed into multiple steps to perform, etc.
From the description of the above embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware. Thus, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, including several instructions to cause a computing device (may be a personal computer, a server, a mobile terminal, or a network device, etc.) to perform the method according to the embodiments of the present disclosure.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This disclosure is intended to cover any adaptations, uses, or adaptations of the disclosure following the general principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
Claims (10)
1. An access method, comprising:
analyzing the user access request to obtain a user target domain name;
determining whether the target domain name is within the domain name list based on the target domain name and a dynamically updated domain name list;
under the condition that the domain name is not in the domain name list, a verification tunnel is established between the network service providing points POPs respectively corresponding to the user and the target domain name;
verifying the target domain name based on the verification tunnel to obtain a verification result;
and under the condition that the verification result indicates that the target domain name can be accessed, configuring a user address, so that the user accesses the target domain name based on the configured address.
2. The access method of claim 1, wherein the method further comprises:
and adding the target domain name into a white list contained in the domain name list under the condition that the verification result indicates that the target domain name can be accessed.
3. The access method of claim 1, wherein the method further comprises:
and adding the target domain name into a blacklist contained in the domain name list under the condition that the verification result indicates that the target domain name is inaccessible.
4. The access method according to claim 1, wherein the verifying the target domain name based on the verification tunnel, to obtain a verification result includes:
performing dial testing on the target domain name based on the plurality of verification tunnels to obtain data response contents and connection states fed back by the plurality of verification tunnels respectively;
and determining the verification result based on the data response content and the connection state fed back by the verification tunnels respectively.
5. The access method of claim 1, wherein the method further comprises:
checking the domain names in the domain name list according to a preset period;
and updating the domain name list based on the verification result corresponding to each domain name in the domain name list.
6. The access method according to claim 1, wherein before the verifying the target domain name based on the verification tunnel, the method further comprises:
detecting the connectivity of the verification tunnel;
and destroying the tunnel under the condition that the verification tunnel does not pass the detection.
7. The access method of claim 1, wherein the method further comprises:
And accelerating the access of the user under the condition that the verification result indicates that the target domain name can be accessed.
8. An access device, comprising:
the analysis module is used for analyzing the user access request to obtain a user target domain name;
a determining module, configured to determine whether the target domain name is in the domain name list based on the target domain name and a dynamically updated domain name list;
the establishing module is used for establishing a verification tunnel between the network service providing points POPs respectively corresponding to the user and the target domain name under the condition that the domain name is not in the domain name list;
the first verification module is used for verifying the target domain name based on the verification tunnel to obtain a verification result;
and the configuration module is used for configuring the address of the user under the condition that the verification result indicates that the target domain name can be accessed, so that the user can access the target domain name based on the configured address.
9. An electronic device, comprising:
a processor; and
a memory for storing executable instructions of the processor;
wherein the processor is configured to perform the access method of any one of claims 1 to 7 via execution of the executable instructions.
10. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the access method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311596631.XA CN117640189B (en) | 2023-11-27 | 2023-11-27 | Access method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311596631.XA CN117640189B (en) | 2023-11-27 | 2023-11-27 | Access method, device, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117640189A true CN117640189A (en) | 2024-03-01 |
| CN117640189B CN117640189B (en) | 2024-08-23 |
Family
ID=90031531
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311596631.XA Active CN117640189B (en) | 2023-11-27 | 2023-11-27 | Access method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117640189B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104317938A (en) * | 2014-10-31 | 2015-01-28 | 北京国双科技有限公司 | Webpage validation method and device |
| US20180343232A1 (en) * | 2016-08-11 | 2018-11-29 | Baidu Online Network Technology (Beijing) Co., Ltd | Method and device for accessing website |
| CN113726808A (en) * | 2021-09-06 | 2021-11-30 | 杭州安恒信息安全技术有限公司 | Website monitoring method, device, equipment and storage medium |
| CN114039944A (en) * | 2021-10-08 | 2022-02-11 | 中移(杭州)信息技术有限公司 | Website access address selection method, equipment, storage medium and device |
| US20220131782A1 (en) * | 2019-02-19 | 2022-04-28 | Smartsky Networks LLC | Method and Apparatus for Providing Network Experience Testing |
| CN115379016A (en) * | 2022-08-22 | 2022-11-22 | 深信服科技股份有限公司 | Resource access method, access service platform, device, equipment and storage medium |
| WO2023090756A1 (en) * | 2021-11-18 | 2023-05-25 | 프라이빗테크놀로지 주식회사 | Controller-based network access control system, and method therefor |
| CN116781782A (en) * | 2023-07-20 | 2023-09-19 | 中国电信国际有限公司 | Request processing method, request processing device, electronic equipment and storage medium |
| CN117040804A (en) * | 2023-07-17 | 2023-11-10 | 中国银行股份有限公司 | Network attack detection method, device, equipment, medium and program product for website |
-
2023
- 2023-11-27 CN CN202311596631.XA patent/CN117640189B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104317938A (en) * | 2014-10-31 | 2015-01-28 | 北京国双科技有限公司 | Webpage validation method and device |
| US20180343232A1 (en) * | 2016-08-11 | 2018-11-29 | Baidu Online Network Technology (Beijing) Co., Ltd | Method and device for accessing website |
| US20220131782A1 (en) * | 2019-02-19 | 2022-04-28 | Smartsky Networks LLC | Method and Apparatus for Providing Network Experience Testing |
| CN113726808A (en) * | 2021-09-06 | 2021-11-30 | 杭州安恒信息安全技术有限公司 | Website monitoring method, device, equipment and storage medium |
| CN114039944A (en) * | 2021-10-08 | 2022-02-11 | 中移(杭州)信息技术有限公司 | Website access address selection method, equipment, storage medium and device |
| WO2023090756A1 (en) * | 2021-11-18 | 2023-05-25 | 프라이빗테크놀로지 주식회사 | Controller-based network access control system, and method therefor |
| CN115379016A (en) * | 2022-08-22 | 2022-11-22 | 深信服科技股份有限公司 | Resource access method, access service platform, device, equipment and storage medium |
| CN117040804A (en) * | 2023-07-17 | 2023-11-10 | 中国银行股份有限公司 | Network attack detection method, device, equipment, medium and program product for website |
| CN116781782A (en) * | 2023-07-20 | 2023-09-19 | 中国电信国际有限公司 | Request processing method, request processing device, electronic equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117640189B (en) | 2024-08-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108809890A (en) | Leak detection method, test server and client | |
| CN112929241B (en) | Network testing method and device | |
| CN113098733B (en) | Network address translation equipment test system and method | |
| CN113765846A (en) | Intelligent detection and response method and device for network abnormal behavior and electronic equipment | |
| CN112600908A (en) | Method, device, equipment and storage medium for acquiring communication link | |
| CN113596017A (en) | Protocol analysis method, device, soft gateway and storage medium | |
| CN113206850B (en) | Malicious sample message information acquisition method, device, equipment and storage medium | |
| CN111031148B (en) | Address resolution method and device, electronic equipment and storage medium | |
| CN115102781B (en) | Network attack processing method, device, electronic equipment and medium | |
| CN112887289A (en) | Network data processing method and device, computer equipment and storage medium | |
| CN111355817B (en) | Domain name resolution method, device, security server and medium | |
| CN114071544B (en) | Network testing method and device and electronic equipment | |
| CN113179317B (en) | Test system and method for content rewriting device | |
| CN117640189B (en) | Access method, device, equipment and storage medium | |
| CN115086183B (en) | Message association method and device of application layer gateway | |
| CN113672416A (en) | Method and device for positioning reasons of memory resource leakage | |
| CN110177096B (en) | Client authentication method, device, medium and computing equipment | |
| CN113329035B (en) | Method and device for detecting attack domain name, electronic equipment and storage medium | |
| CN113839948B (en) | DNS tunnel traffic detection method and device, electronic equipment and storage medium | |
| CN113965392B (en) | Malicious server detection method, system, readable medium and electronic equipment | |
| CN112866005B (en) | Method, device and equipment for processing user access log and storage medium | |
| CN116260643A (en) | Security testing method, device and equipment for web service of Internet of things | |
| CN111669376B (en) | Method and device for identifying safety risk of intranet | |
| CN114070633A (en) | Address scanning behavior detection method and device | |
| CN110120895B (en) | Method, device, medium and electronic equipment for testing communication of mobile terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |