CN103366134A - Network connection management system and method - Google Patents
Network connection management system and method Download PDFInfo
- Publication number
- CN103366134A CN103366134A CN2013102959352A CN201310295935A CN103366134A CN 103366134 A CN103366134 A CN 103366134A CN 2013102959352 A CN2013102959352 A CN 2013102959352A CN 201310295935 A CN201310295935 A CN 201310295935A CN 103366134 A CN103366134 A CN 103366134A
- Authority
- CN
- China
- Prior art keywords
- client host
- outer net
- website
- webpage
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention relates to a network connection management system and method. The network connection management method can manage one or more client-side host machines and comprises the following steps: when the client-side host machines start external network connection process to access external website, a route regulation is inquired, the client-side host machines are connected to a preset agent internet server according to the inquired route regulation to response to the external network connection process, so as to enable the client-side host machines to access external website through the preset agent internet server. Through the adoption of the method provided by the invention, accessing of external website through internal network user side can be effectively managed.
Description
Technical field
The present invention relates to a kind of administrative skill of information security, particularly for the administrative skill of the information security of closed network system.
Background technology
In large and medium-sized enterprise, particularly take research and development in main high-tech enterprise, can be because the aspect such as information security factor be considered and the internet behavior of restriction enterprise staff.By the network technology means, most employee only allows to connect internal network, can not arbitrarily access the internet.Yet because real work needs, the interior employee sometimes also needs to access some specific outer net websites, and just need to open the outer net authority and could access the outer net website this moment.
In existing technology, by building the proxy surfing server, and IP address and the port of proxy surfing server are set in the browser of user side, just can allow Intranet user access outer net website.Yet, carry out in this way proxy surfing, not only the client maintenance workload is large, and the efficiency of management is low.In addition, in case proxy surfing server ip address or port change, user side just need to arrange IP address or the port of new proxy surfing server again could normally access outer net, very inconvenient.
In addition, above-mentioned existing technology also is difficult to realize proxy surfing server cluster mode (being that user side carries out the automatically corresponding proxy surfing server of selection of load balancing), therefore also is difficult to realize expansion.On the other hand, because Intranet user only allows to access specific outer net website, and in the webpage of the outer net website that is allowed to access, often being represented by page elements such as a plurality of different domain name pictures or information, even the direct webpage of embedded other websites of some webpage.At this moment, if visit outer net by above-mentioned existing mode, the function that then set network address is filtered in the proxy surfing server just need to set in each webpage of all outer net websites that are allowed to access the website information of different domain names.
At large-scale website, all webpages of a website of possibility have just comprised tens to the different domain name of hundreds of especially.In addition, the website is not except Main Domain generally changes, because the needs of website revision or optimization, webpage also often changes thereupon, and the page elements that causes different domain names to form may change.At this moment, in case do not set the website information that allows the access domain name, the problem of webpage partial page element inaccessible will occur, thereby cause the management of Intranet user access authority comparatively complicated, user experience is relatively poor.
Summary of the invention
In view of this, the present invention just provides a kind of network connectivity management system, the outer net website that user side access that can managing intranet is allowed to.
The present invention more provides a kind of network connectivity management method, has better simply outer net rights management mode, and the outer net website that is allowed to of managing intranet client-access effectively, and have better hardware expansion.
The invention provides a kind of network connectivity management system, can manage the client host of at least one Intranet.And this network connectivity management system comprises routing server and connection system.Routing server stores routing rule, and can with the client host line.Connection system then is to install in this client host, and when starting outer net line program when client host wish access outer net website, connection system can arrive first the route server query routing rule, client host is linked to a default proxy surfing server.When connection system receives that client host is wanted to link to the webpage of outer net website and opened request, can determine according to routing rule whether webpage to be opened to require to be sent to default proxy surfing server.Wherein when the connection system decision required the webpage unlatching to be sent to default proxy surfing server, then the proxy surfing server can allow the unlatching of client host accessed web page to require corresponding outer net website according to this webpage unlatching requirement.
On the other hand, the present invention more provides a kind of network connectivity management method, can manage at least one client host.Network connectivity management method of the present invention comprises when starting outer net line program when client host wish access outer net website, then the query routing rule.Then, according to the routing rule of inquiring about client host is linked to default proxy surfing server, with response outer net line program, and allow client host can pass through default proxy surfing server access outer net website.
In an embodiment of the present invention, routing rule comprises IP address, the port of at least one proxy surfing server and is allowed to the IP information of the client host of line, and the network address of the outer net website that is allowed to access and a rule set.Wherein, rule set comprises at least one keyword character string.In addition, the IP information that is allowed to the client host of line comprises IP address or the address field of the client host that is allowed to line.
Because the present invention can install connection system in client host, and when client host starts outer net line program, this connection system can be inquired about the routing rule that is installed in the routing server, so the present invention managing intranet user side access outer net website effectively.
Above-mentioned explanation only is the general introduction of technical solution of the present invention, for can clearer understanding technological means of the present invention, and can be implemented according to the content of instructions, and for above and other purpose of the present invention, feature and advantage can be become apparent, below especially exemplified by preferred embodiment, and the cooperation accompanying drawing, be described in detail as follows.
Description of drawings
Fig. 1 is the calcspar according to a kind of network connectivity management system of a preferred embodiment of the present invention.
Fig. 2 is the flow chart of steps according to a kind of network connectivity management method of a preferred embodiment of the present invention.
Fig. 3 is the flow chart of steps according to a kind of network connectivity management method of another embodiment of the present invention.
Embodiment
Reach technological means and the effect that predetermined goal of the invention is taked for further setting forth the present invention, below in conjunction with accompanying drawing and preferred embodiment, network connectivity management system and its embodiment of method, structure, feature and effect to foundation the present invention proposes are described in detail as follows.
Relevant aforementioned and other technology contents of the present invention, Characteristic can clearly present in describing in detail with reference to graphic preferred embodiment in following the cooperation.By the explanation of embodiment, when can being to reach technological means and the effect that predetermined purpose takes to be able to more deeply and concrete understanding to the present invention, yet appended graphic only provide with reference to the usefulness of explanation, the present invention is limited.
Fig. 1 is the calcspar according to a kind of network connectivity management system of a preferred embodiment of the present invention.Please refer to Fig. 1, the network connectivity management system 100 that present embodiment provides comprises routing server 102, its can with internal network system 110 lines.Internal network system 110 comprises a client host at least.In the present embodiment, internal network system 110 has comprised a plurality of client hosts, for example 112,114 and 116.These client hosts 112,114 and 116 can be personal computers, and each client host 112,114 and 116 all has corresponding IP address.For example, the IP address of client host 112 is the IP address 172.18.1.2 of 172.18.1.1, client host 114 and the IP address 172.18.1.3 of client host 114.
In addition, routing server 102 can also link to proxy surfing server farm 130.Wherein, proxy surfing server farm 130 comprises at least one proxy surfing server.In the present embodiment, proxy surfing server farm 130 comprises a plurality of proxy surfing servers, for example 132,134 and 136.Wherein, each proxy surfing server all has corresponding IP address and port.
Specifically, routing server 102 stores routing rule 104.Wherein, this routing rule 104 comprises IP address, the port of each proxy surfing server and is allowed to the IP information of the client host of line, and the network address of the outer net website that is allowed to access and a rule set.Wherein, what is called is allowed to the IP information of the client host of line, comprises IP address or the address field of the client host that is allowed to line.For example, the IP address setting that is allowed to link to the client host of proxy surfing server 132 is that IP address setting that 172.18.1.1 (being single IP address) is allowed to link to the client host of proxy surfing server 134 is that the IP address setting that 172.18.1.2-172.18.1.3 (being the IP address field) and being allowed to links to the client host of proxy surfing server 136 is 172.18.*.* (also being an IP address field).In the present embodiment, as long as front two sections of the IP address of client host is 172.18, just can be allowed to link to proxy surfing server 136.
In addition, the network connectivity management system 100 of present embodiment also comprises connection system 122, can be installed in respectively each client host, for example in 112,114 and 116.In preferred embodiment, connection system 122 can utilize the form of software to realize.
Fig. 2 is the flow chart of steps according to a kind of network connectivity management method of a preferred embodiment of the present invention.Please see figures.1.and.2 in the lump, when the user starts an outer net line program by client host, when for example starting the browser that is installed in the client host, then connection system 122 can be sent to routing server 102 with the IP address of client host, and as described in step S202, active inquiry and comparison are stored in the routing rule 104 in the routing server 102.When the IP address of the default proxy surfing server that the client host under connection system 122 finds from routing rule 104 is corresponding and port, will be information settings such as the IP address of this default proxy surfing server and ports to the browser in the affiliated client host.Thus, the client host of connection system 122 under just can allowing links to default proxy surfing server, to respond above-mentioned outer net line program as described in the step S204.
For example, when client host 122 started outer net line program, the connection system 122 that is installed in the client host 112 can query routing rule 104.If be installed in connection system 122 the learning from routing rule 104 in the client host 112, the IP address is that the client host of 172.18.1.1 can link to proxy surfing server 132, then connection system 122 can be obtained IP address and the port of proxy surfing server 132 from routing rule 104, and is set in the browser of client host 112.Thus, connection system 122 just can make client host 112 link to proxy surfing server 132, and links to the Internet 140 by proxy surfing server 132, with access outer net website.
After execution of step S204, the network address of the outside default website of connection system 122 meeting transmission is given the proxy surfing server of line, with as described in step 206, links to this outside by proxy surfing server on line and presets the website.Then, connection system 122 can carry out step S208, and whether the browser of client host can open the webpage of the default website of said external under checking.When if the browser of client hosts can successfully be opened the webpage of the default website of said external under the connection system 122 (being exactly the "Yes" that step S208 indicates), then as described in the step S210, finish outer net line program.
Relatively, if when the browser of client host can't normally be opened the webpage of the default website of said external under connection system 122 was found (being exactly the "No" that step S208 indicates), problem may occur in the default proxy surfing server that then represents client host institute line.At this moment, connection system 122 is query routing rule 122 again, and obtains IP address and the port information of default proxy surfing server for subsequent use.
For example, when acting on behalf of service on net device 132 can't normal operation the time, the connection system 122 that is installed in the client host 112 learns from routing rule 104, as long as front two sections of IP address is that 172.18 client host all is allowed to link to proxy surfing server 136.At this moment, proxy surfing server 136 will be taken as proxy surfing server for subsequent use.Therefore, connection system 122 will be obtained from routing rule 104 IP address and the port information of proxy surfing server 136, and is arranged in the browser in the client host 112.Like this, even if proxy surfing server 132 can't normal operation, connection system 122 also can make client host 112 as described in the step S212, links to default proxy surfing server 136 for subsequent use, to link to the Internet 140 by default proxy surfing server 136 for subsequent use.
When connection system 112 links to routing server 102 and during query routing rule 104, except the IP address and port information that can obtain each proxy surfing server, can also obtain the network address of the outer net website that is allowed to or the rule set of an online.Wherein, above-mentioned rule set comprises at least one keyword string.And by this rule set, client host can only be accessed the outer net website that is authorized under connection system 122 just can be managed effectively.
Fig. 3 is the flow chart of steps according to a kind of network connectivity management method of another embodiment of the present invention.Please in the lump with reference to Fig. 1 and Fig. 3, the client host wish is accessed an outer net website and the webpage that sends is opened when requiring under management system 122 is received, then as described in the step S302, obtains the info web of institute wish access outer net website.Wherein, info web for example is a network address character string.Then, management system 122 can be carried out step S304, the info web that obtains and above-mentioned rule set is compared the website that whether is authorized to the outer net website of client host institute wish access under judging.Whether for example, judgment rule is concentrated has the keyword character string to conform to contained network address character string in the info web that obtains.In certain embodiments, above-mentioned step S304 judges whether the contained network address of info web that obtains is the outer net website that is allowed in the routing rule.
If in step S304, connection system 122 judgment rules are concentrated when not having keyword character string to meet the contained network address character string of info web (being exactly the "No" that step S304 indicates), and then the outer net website of client host institute wish access is not the website that is authorized under the representative.At this moment, connection system 122 can not opened above-mentioned webpage and require send to default proxy surfing server as described in the step S306, with the operation of client host access outer net website under blocking.
Relatively, if connection system 122 judgment rules are concentrated when having the keyword character string that meets the contained network address character string of info web (being exactly the "Yes" that step S304 indicates), then the outer net website of client host institute wish access is the website that is authorized under the representative.At this moment, connection system 122 will be as described in the step S308, above-mentioned webpage is opened the default proxy surfing server (for example the proxy surfing server 132) that requires to send to affiliated client host (for example client host 112) line, open by the above-mentioned webpage of the default proxy surfing server access of correspondence with client host under allowing and require corresponding outer net website.
Above embodiment is that explanation connection system 122 can be learnt the outer net website that is authorized to by rule set, and in other embodiments, routing rule 104 also can record the keyword character string of forbidden outer net website.In these embodiments, when the outer net website that client host will be accessed under connection system 122 is found is forbidden website, then above-mentioned webpage can not be opened and require to send to the default proxy surfing server of line.Otherwise, if when connection system 122 confirms that the outer net website of affiliated client host institute wish access is not forbidden website, just above-mentioned webpage can be opened and require send to the default proxy surfing server of line.
In sum, in network connectivity management system of the present invention, be provided with routing server, and store routing rule, to such an extent as to all client hosts in internal network all are to link to default proxy surfing server according to routing rule.Thus, if will expand new acting server, only need the content of change routing rule to get final product, and do not need the client host in all internal network systems is set one by one, so the present invention has larger elasticity in expansion.
In addition, in network connectivity management system of the present invention, also include connection system, can be installed in each client host.Connection system can be obtained IP address and the port of proxy surfing server from routing rule, and with these information automatic settings in the browser of affiliated client host.In addition, when default proxy surfing server can't normal operation, management system can also obtain IP address and the port of proxy surfing server for subsequent use automatically, and automatically is set in the browser of affiliated client host, so the present invention does not need the user to carry out repeatedly setting.
In addition, management system can also be according to the online rule set in the routing rule, the outer net website that the client host access is authorized under managing.Thus, if in the time of will authorizing new website allow the client host access, only need the content of update rule collection to get final product.Therefore, the present invention also can simplify the formality of mandate.
The above, it only is preferred embodiment of the present invention, be not that the present invention is done any pro forma restriction, although the present invention discloses as above with preferred embodiment, yet be not to limit the present invention, any those skilled in the art, within not breaking away from the technical solution of the present invention scope, when the technology contents that can utilize above-mentioned announcement is made a little change or is modified to the equivalent embodiment of equivalent variations, in every case be not break away from the technical solution of the present invention content, any simple modification that foundation technical spirit of the present invention is done above embodiment, equivalent variations and modification all still belong in the scope of technical solution of the present invention.
Claims (8)
1. network connectivity management system be suitable for managing at least one client host, and this network connectivity management system comprises:
Routing server be used for to store routing rule, and with this client host line; And
Connection system, be installed in this client host, when starting outer net line program when this client host wish access outer net website, this connection system can arrive first this routing rule of this route server query, this client host is linked to a default proxy surfing server, and when this connection system receives that this client host is wanted to link to the webpage unlatching request of an outer net website, meeting is according to this routing rule, and whether decision requires to be sent to this default proxy surfing server with this webpage unlatching;
Wherein when this connection system decision required this webpage unlatching to be sent to this default proxy surfing server, then this proxy surfing server can require allow this client host to access this webpage unlatching according to this webpage unlatching and require corresponding outer net website.
2. a network connectivity management method be suitable for managing at least one client host, and this network connectivity management method comprises the following steps:
When starting outer net line program when this client host wish access outer net website, then query routing is regular; And
According to this routing rule this client host is linked to a default proxy surfing server, responding this outer net line program, and allow this client host can be by should default proxy surfing server access outer net website.
3. network connectivity management method according to claim 2 is characterized in that: also comprise the following steps:
When this client host is linked to this default proxy surfing server, then link to default website, an outside by default proxy surfing server on line;
Check the webpage that whether can normally open default website, this outside;
In the time can normally opening the webpage of default website, this outside, then finish this line program; And
In the time can't normally opening the webpage of default website, this outside, then according to this routing rule this client host is linked to default proxy surfing server for subsequent use, so that this client host is by default proxy surfing server access outer net website for subsequent use.
4. network connectivity management method according to claim 3, it is characterized in that: this routing rule is to be stored in the routing server, and this routing server is not identical with this client host.
5. network connectivity management method according to claim 3, it is characterized in that: this routing rule comprises IP address, the port of at least one proxy surfing server and is allowed to the IP information of the client host of line, and network address and the rule set of the outer net website that is allowed to access.
6. network connectivity management method according to claim 5, it is characterized in that: this rule set comprises at least one keyword character string.
7. network connectivity management method according to claim 5, it is characterized in that: the IP information that is allowed to the client host of line comprises IP address or the address field of the client host that is allowed to line.
8. network connectivity management method according to claim 5 is characterized in that: also comprise the following steps:
When receiving that the webpage that sends this client host wish access outer net website opens when requiring, obtain this webpage and open the info web that requires corresponding outer net website;
The info web and this rule set that obtain are compared the outer net website that whether is authorized to the outer net website of judging wish access of this client host institute;
When the outer net website of judging this client host institute wish access according to this rule set is the outer net website that is authorized to, then this webpage is opened the default proxy surfing server that requires to send to this client host line, opened and require corresponding outer net website to allow this client host to access this webpage; And
When the outer net website of judging this client host institute wish access according to this rule set is not the outer net website that is authorized to, then this webpage is not opened the default proxy surfing server that requires to send to this client host line, to block the requirement of this client host access outer net website.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013102959352A CN103366134A (en) | 2013-07-12 | 2013-07-12 | Network connection management system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013102959352A CN103366134A (en) | 2013-07-12 | 2013-07-12 | Network connection management system and method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103366134A true CN103366134A (en) | 2013-10-23 |
Family
ID=49367448
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2013102959352A Pending CN103366134A (en) | 2013-07-12 | 2013-07-12 | Network connection management system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103366134A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103607333A (en) * | 2013-11-22 | 2014-02-26 | 深圳维盟科技有限公司 | Local area network port proxy method for port proxy server |
| CN105162763A (en) * | 2015-07-29 | 2015-12-16 | 网神信息技术(北京)股份有限公司 | Method and device for processing communication data |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6892235B1 (en) * | 1999-03-05 | 2005-05-10 | International Business Machines Corporation | Method and system for optimally selecting a web firewall in a TCB/IP network |
| US20080162698A1 (en) * | 2003-12-10 | 2008-07-03 | Chirs Hopen | Rule-Based Routing to Resources through a Network |
| CN101699793A (en) * | 2008-04-23 | 2010-04-28 | 北京恒泰实达科技发展有限公司 | Method for implementing automatic backup and load balance of proxy servers |
| CN102724189A (en) * | 2012-06-06 | 2012-10-10 | 杭州华三通信技术有限公司 | Method and device for controlling user URL (uniform resource locator) access |
-
2013
- 2013-07-12 CN CN2013102959352A patent/CN103366134A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6892235B1 (en) * | 1999-03-05 | 2005-05-10 | International Business Machines Corporation | Method and system for optimally selecting a web firewall in a TCB/IP network |
| US20080162698A1 (en) * | 2003-12-10 | 2008-07-03 | Chirs Hopen | Rule-Based Routing to Resources through a Network |
| CN101699793A (en) * | 2008-04-23 | 2010-04-28 | 北京恒泰实达科技发展有限公司 | Method for implementing automatic backup and load balance of proxy servers |
| CN102724189A (en) * | 2012-06-06 | 2012-10-10 | 杭州华三通信技术有限公司 | Method and device for controlling user URL (uniform resource locator) access |
Non-Patent Citations (3)
| Title |
|---|
| 《计算机网络案例教程》;王德铭等;《计算机网络案例教程》;国防工业出版社;20120831;210-212页 * |
| 周学广等: "《信息内容安全》", 30 November 2012 * |
| 王德铭等: "《计算机网络案例教程》", 31 August 2012 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103607333A (en) * | 2013-11-22 | 2014-02-26 | 深圳维盟科技有限公司 | Local area network port proxy method for port proxy server |
| CN105162763A (en) * | 2015-07-29 | 2015-12-16 | 网神信息技术(北京)股份有限公司 | Method and device for processing communication data |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100464518C (en) | Green internet-accessing system based on concentrated management and dictributed control, and method therefor | |
| CN102724189B (en) | A kind of method and device controlling user URL access | |
| CN102724186B (en) | Phishing website detection system and detection method | |
| CN105684391A (en) | Automated generation of label-based access control rules | |
| CA2810823A1 (en) | Method, system and apparatus for accessing and managing a plurality of wind turbines via a network | |
| CN104769908A (en) | LDAP-based multi-tenant in-cloud identity management system | |
| CN102291280A (en) | Intelligent measuring and controlling Internet of things platform based on cloud computing and measuring and controlling method thereof | |
| CN100433645C (en) | Network device management method and network management system | |
| US20240297828A1 (en) | Network management system, method, and apparatus, and electronic device | |
| CN106452798B (en) | The network equipment command identifying method and command identifying of high-volume deployment | |
| JP2016537894A (en) | Security gateway for local / home networks | |
| CN104346559A (en) | Authority request response method and device thereof | |
| CN110188543A (en) | White list library, white list program library update method and industrial control system | |
| CN105765901A (en) | Intelligent firewall access rules | |
| CN105553999A (en) | Application program user behavior analysis and security control method and corresponding device | |
| CN114745145B (en) | Business data access method, device and equipment and computer storage medium | |
| CN112291264B (en) | Security control method, device, server and storage medium | |
| CN102253948A (en) | Method and device for searching information in multi-source information system | |
| CN111427703A (en) | Industrial data real-time display method and system | |
| CN103366134A (en) | Network connection management system and method | |
| CN116760640B (en) | Access control method, device, equipment and storage medium | |
| KR101076999B1 (en) | System for providing resource of sensor node in sensor network | |
| CN105959248A (en) | Message access control method and device | |
| CN107800715A (en) | A kind of portal authentication method and access device | |
| CN111542001B (en) | Network system with distributed server clusters and construction method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20131023 |
|
| RJ01 | Rejection of invention patent application after publication |