[go: up one dir, main page]

CN113190828B - A request proxy method, client device and proxy service device - Google Patents

A request proxy method, client device and proxy service device Download PDF

Info

Publication number
CN113190828B
CN113190828B CN202110572059.8A CN202110572059A CN113190828B CN 113190828 B CN113190828 B CN 113190828B CN 202110572059 A CN202110572059 A CN 202110572059A CN 113190828 B CN113190828 B CN 113190828B
Authority
CN
China
Prior art keywords
browser
authentication
proxy
authentication credential
tunnel establishment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110572059.8A
Other languages
Chinese (zh)
Other versions
CN113190828A (en
Inventor
谢文伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wangsu Science and Technology Co Ltd
Original Assignee
Wangsu Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wangsu Science and Technology Co Ltd filed Critical Wangsu Science and Technology Co Ltd
Priority to CN202110572059.8A priority Critical patent/CN113190828B/en
Publication of CN113190828A publication Critical patent/CN113190828A/en
Priority to PCT/CN2021/121738 priority patent/WO2022247090A1/en
Application granted granted Critical
Publication of CN113190828B publication Critical patent/CN113190828B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44521Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
    • G06F9/44526Plug-ins; Add-ons

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses a request proxy method, client equipment and proxy service equipment, which solve the problem of lower safety and service efficiency of proxy service of the existing browser, and the request proxy method comprises the following steps: after the browser finishes loading the proxy plugin, the proxy plugin acquires an authentication credential authorized by the proxy server from a Cookie information list cached by the browser, and verifies the validity of the authentication credential; if the authentication credentials are determined to be valid, starting proxy service for the browser, so that an access request sent by the browser is received by the proxy server; if the authentication credentials are determined to be invalid, displaying login authentication prompts to a user through a browser, and returning to execute the step of acquiring the authentication credentials after login authentication is completed; when the browser needs to provide the authentication credentials to the proxy server, the obtained effective authentication credentials are provided for the browser, so that the proxy server performs identity authentication based on the effective authentication credentials.

Description

一种请求代理方法、客户端设备及代理服务设备A request proxy method, client device and proxy service device

技术领域Technical Field

本发明涉及代理服务技术领域,尤其涉及一种请求代理方法、客户端设备及代理服务设备。The present invention relates to the technical field of proxy services, and in particular to a request proxy method, a client device and a proxy service device.

背景技术Background Art

在使用代理服务器对浏览器进行代理服务时,代理服务器需要先对浏览器用户的身份信息进行认证,认证通过后,再对浏览器发送的请求进行代理。在现有的浏览器代理认证中,当浏览器需要通过代理服务器访问目标服务器时,在浏览器上通过人工配置代理服务器为浏览器用户指定的登录认证信息,当浏览器通过代理服务器与目标站点建立连接时,则直接从本地的浏览器配置信息中获取登录认证信息携带在连接建立请求中发送至代理服务器,代理服务器基于登录认证信息对浏览器用户的账户进行身份认证,若认证通过,则与目标服务器建立连接,进而对浏览器发送至目标服务器的请求进行代理。When using a proxy server to provide proxy services to a browser, the proxy server needs to first authenticate the identity information of the browser user. After the authentication is passed, the proxy server can then proxy the request sent by the browser. In the existing browser proxy authentication, when the browser needs to access the target server through the proxy server, the proxy server is manually configured on the browser to specify the login authentication information for the browser user. When the browser establishes a connection with the target site through the proxy server, the login authentication information is directly obtained from the local browser configuration information and carried in the connection establishment request and sent to the proxy server. The proxy server authenticates the browser user's account based on the login authentication information. If the authentication is passed, a connection is established with the target server, and then the request sent by the browser to the target server is proxyed.

然而,上述代理服务过程中,由于通过人工预先配置的登录认证信息可以被使用该浏览器的其他用户明文查看到,存在泄漏风险,使得代理服务的安全性较低,另外,由于登录认证信息是固定配置的,当其发生变更时,需要通过人工重新在浏览器上进行配置来进行同步更新,影响代理服务效率。However, in the above-mentioned proxy service process, since the login authentication information pre-configured manually can be viewed in plain text by other users using the browser, there is a risk of leakage, which makes the security of the proxy service low. In addition, since the login authentication information is fixed, when it changes, it needs to be manually reconfigured on the browser for synchronous update, which affects the efficiency of the proxy service.

发明内容Summary of the invention

为了解决现有的浏览器代理服务安全性与服务效率较低的问题,本发明实施例提供了一种请求代理方法、客户端设备及代理服务设备。In order to solve the problems of low security and service efficiency of existing browser proxy services, an embodiment of the present invention provides a request proxy method, a client device and a proxy service device.

第一方面,本发明实施例提供了一种请求代理方法,应用于代理插件,所述方法包括:当浏览器完成所述代理插件的加载后,从所述浏览器缓存的Cookie信息列表中获取由代理服务器授权的认证凭证,并验证所述认证凭证的有效性;若确定所述认证凭证有效,则为所述浏览器开启代理服务,使得所述浏览器发出的访问请求被所述代理服务器接收;若确定所述认证凭证无效,则通过所述浏览器向用户展示登录认证提示,并在登录认证完成后,返回执行所述获取认证凭证的步骤;当所述浏览器需要向所述代理服务器提供所述认证凭证时,将获取到的所述有效的认证凭证提供给所述浏览器,以使所述代理服务器基于所述有效的认证凭证进行身份认证。In the first aspect, an embodiment of the present invention provides a request proxy method, which is applied to a proxy plug-in, and the method includes: when the browser completes loading of the proxy plug-in, obtaining the authentication credentials authorized by the proxy server from the cookie information list cached by the browser, and verifying the validity of the authentication credentials; if it is determined that the authentication credentials are valid, enabling the proxy service for the browser so that the access request issued by the browser is received by the proxy server; if it is determined that the authentication credentials are invalid, displaying a login authentication prompt to the user through the browser, and after the login authentication is completed, returning to execute the step of obtaining the authentication credentials; when the browser needs to provide the authentication credentials to the proxy server, providing the obtained valid authentication credentials to the browser, so that the proxy server performs identity authentication based on the valid authentication credentials.

本发明实施例提供的请求代理方法,当浏览器完成代理插件的加载后,代理插件从浏览器缓存的Cookie信息列表中获取由代理服务器授权的认证凭证,并验证所述认证凭证的有效性,如果确定所述认证凭证有效,代理插件则为浏览器开启代理服务,以使得浏览器后续发出的访问请求被代理服务器接收,并由代理服务器提供代理服务,如果确定所述认证凭证无效,则通过浏览器向用户展示登录认证提示,以提醒用户通过完成登录认证来获取有效的认证凭证,如此,代理插件可在登录认证完成后,返回执行从浏览器缓存的Cookie信息列表中获取由代理服务器授权的认证凭证的步骤;当浏览器需要向代理服务器提供所述认证凭证时,代理插件将获取到的有效的认证凭证提供给浏览器,以使浏览器向代理服务器提供所述有效的认证凭证,由代理服务器基于所述有效的认证凭证对访问请求进行身份认证,相比于现有技术,本发明在浏览器上安装并加载代理插件,通过代理插件实现自动代理认证和代理功能的开关控制,无需在浏览器上预先配置固定的用户凭证(如用户名和密码),保证了访问会话的安全性,同时提高了浏览器代理服务的服务效率。In the request proxy method provided by the embodiment of the present invention, when the browser completes loading of the proxy plug-in, the proxy plug-in obtains the authentication credential authorized by the proxy server from the Cookie information list cached by the browser, and verifies the validity of the authentication credential. If it is determined that the authentication credential is valid, the proxy plug-in starts the proxy service for the browser, so that the subsequent access request sent by the browser is received by the proxy server, and the proxy server provides the proxy service. If it is determined that the authentication credential is invalid, the browser displays a login authentication prompt to the user to remind the user to obtain a valid authentication credential by completing the login authentication. In this way, the proxy plug-in can return to execute the C from the browser cache after the login authentication is completed. The invention relates to a step of obtaining the authentication credentials authorized by the proxy server from the ookie information list; when the browser needs to provide the authentication credentials to the proxy server, the proxy plug-in provides the obtained valid authentication credentials to the browser, so that the browser provides the valid authentication credentials to the proxy server, and the proxy server performs identity authentication on the access request based on the valid authentication credentials. Compared with the prior art, the present invention installs and loads the proxy plug-in on the browser, realizes automatic proxy authentication and switch control of the proxy function through the proxy plug-in, and does not need to pre-configure fixed user credentials (such as user name and password) on the browser, thereby ensuring the security of the access session and improving the service efficiency of the browser proxy service.

一种较佳的实施方式中,所述从所述浏览器缓存的Cookie信息列表中获取由代理服务器授权的认证凭证,具体包括:从所述Cookie信息列表中查询满足预设条件的认证凭证。In a preferred implementation manner, the obtaining of the authentication credentials authorized by the proxy server from the Cookie information list cached by the browser specifically includes: querying the authentication credentials that meet preset conditions from the Cookie information list.

一种较佳的实施方式中,所述Cookie信息列表中保存有所述认证凭证的有效期,所述验证所述认证凭证的有效性,具体包括:基于系统当前时间及所述认证凭证的有效期判断所述认证凭证是否已过期,若已过期,则确定所述认证凭证无效,否则有效。在本实施中,通过代理插件来实现认证凭证有效性的验证,可在一定程度上保证认证凭证的有效性,进一步减轻代理服务器的处理压力。In a preferred implementation, the validity period of the authentication credential is stored in the Cookie information list, and the verification of the validity of the authentication credential specifically includes: judging whether the authentication credential has expired based on the current system time and the validity period of the authentication credential, and if so, determining that the authentication credential is invalid, otherwise valid. In this implementation, the verification of the validity of the authentication credential is implemented through a proxy plug-in, which can ensure the validity of the authentication credential to a certain extent and further reduce the processing pressure of the proxy server.

一种可选的实施方式中,在为所述浏览器开启代理服务后,所述方法还包括:周期性地从所述Cookie信息列表中获取所述认证凭证,并验证所述认证凭证的有效性;若确定所述认证凭证无效,则关闭所述代理服务,通过所述浏览器向用户展示登录认证提示,并在登录认证完成后,返回执行所述获取认证凭证的步骤。在本实施中,通过周期性的获取认证凭证,一方面可及时获取到用户状态的变化,另一方面,可及时获取到最新的认证凭证。In an optional implementation, after the proxy service is enabled for the browser, the method further includes: periodically obtaining the authentication credentials from the cookie information list and verifying the validity of the authentication credentials; if the authentication credentials are determined to be invalid, the proxy service is closed, a login authentication prompt is displayed to the user through the browser, and after the login authentication is completed, the step of obtaining the authentication credentials is returned. In this implementation, by periodically obtaining the authentication credentials, on the one hand, the changes in the user status can be obtained in a timely manner, and on the other hand, the latest authentication credentials can be obtained in a timely manner.

第二方面,本发明实施例提供了一种请求代理方法,应用于代理服务器,所述方法包括:接收浏览器发送的隧道建立请求,其中,所述隧道建立请求用于指示所述代理服务器与源站服务器建立连接;验证所述隧道建立请求的合法性;若所述隧道建立请求不合法,则向所述浏览器发送认证需求消息,以指示所述浏览器在所述隧道建立请求中携带有效的认证凭证,其中,所述认证凭证由所述浏览器上的代理插件向所述浏览器提供;若所述隧道建立请求合法,则与所述源站服务器建立连接。In a second aspect, an embodiment of the present invention provides a request proxy method, which is applied to a proxy server, and the method includes: receiving a tunnel establishment request sent by a browser, wherein the tunnel establishment request is used to instruct the proxy server to establish a connection with a source server; verifying the legality of the tunnel establishment request; if the tunnel establishment request is illegal, sending an authentication requirement message to the browser to instruct the browser to carry a valid authentication credential in the tunnel establishment request, wherein the authentication credential is provided to the browser by a proxy plug-in on the browser; if the tunnel establishment request is legal, establishing a connection with the source server.

本发明实施例提供的请求代理方法中,代理服务器接收浏览器发送的隧道建立请求,隧道建立请求用于指示代理服务器与浏览器请求访问的源站服务器建立连接,代理服务器对隧道建立请求的合法性进行验证,如果隧道建立请求不合法,代理服务器则向浏览器发送认证需求消息,以指示浏览器在隧道建立请求中携带有效的认证凭证,所述认证凭证是由浏览器上安装并加载的代理插件向浏览器提供的,如果隧道建立请求合法,代理服务器则与源站服务器建立连接,以对浏览器发出的对源站服务器的访问请求进行代理,相比于现有技术,本发明代理服务器通过对隧道建立请求中携带的认证凭证的有效性进行有效性验证,来确定隧道建立请求的合法性,只有在隧道建立请求合法性验证通过时,才会与源站服务器建立连接,以此通过代理服务器实现对用户的合法性验证,从而提高访问代理的安全性,而且避免与源站服务器建立不必要的连接,节省服务资源。更进一步的,由于隧道建立请求中携带的认证凭证是由代理插件自动提供的,减少了浏览器配置的过程,保证了用户信息的安全性。In the request proxy method provided by the embodiment of the present invention, the proxy server receives the tunnel establishment request sent by the browser, the tunnel establishment request is used to instruct the proxy server to establish a connection with the source server requested by the browser to access, the proxy server verifies the legitimacy of the tunnel establishment request, if the tunnel establishment request is not legal, the proxy server sends an authentication requirement message to the browser to instruct the browser to carry a valid authentication credential in the tunnel establishment request, the authentication credential is provided to the browser by a proxy plug-in installed and loaded on the browser, if the tunnel establishment request is legal, the proxy server establishes a connection with the source server to proxy the access request to the source server issued by the browser, compared with the prior art, the proxy server of the present invention verifies the legitimacy of the tunnel establishment request by verifying the validity of the authentication credential carried in the tunnel establishment request, and only when the legitimacy verification of the tunnel establishment request is passed, will it establish a connection with the source server, so as to realize the legitimacy verification of the user through the proxy server, thereby improving the security of the access proxy, and avoiding the establishment of unnecessary connections with the source server, saving service resources. Furthermore, since the authentication credential carried in the tunnel establishment request is automatically provided by the proxy plug-in, the browser configuration process is reduced, and the security of user information is guaranteed.

一种较佳的实施方式中,所述验证所述隧道建立请求的合法性,具体包括:In a preferred implementation manner, the verifying the legitimacy of the tunnel establishment request specifically includes:

检测所述隧道建立请求中是否有携带有效的认证凭证,若携带,则确定所述隧道建立请求合法;若未携带,则确定所述隧道建立请求不合法。It is detected whether the tunnel establishment request carries a valid authentication credential. If so, it is determined that the tunnel establishment request is legal; if not, it is determined that the tunnel establishment request is illegal.

一种较佳的实施方式中,检测所述隧道建立请求中是否有携带有效的认证凭证,具体包括:若所述隧道建立请求中携带有认证凭证,且所述认证凭证为所述代理服务器向所述浏览器提供的、还未过期的认证凭证,则确定所述隧道建立请求中携带了有效的认证凭证。In a preferred implementation, it is detected whether the tunnel establishment request carries a valid authentication credential, specifically including: if the tunnel establishment request carries an authentication credential, and the authentication credential is an authentication credential provided by the proxy server to the browser and has not expired, then it is determined that the tunnel establishment request carries a valid authentication credential.

一种较佳的实施方式中,检测所述隧道建立请求中是否有携带有效的认证凭证,具体包括:基于所述隧道建立请求中携带的认证凭证确定所述隧道建立请求是否满足权限要求,若满足,则确定所述隧道建立请求合法;若不满足,则反馈无权限访问的提示信息给所述浏览器。In a preferred implementation, detecting whether the tunnel establishment request carries valid authentication credentials specifically includes: determining whether the tunnel establishment request meets the authority requirements based on the authentication credentials carried in the tunnel establishment request; if so, determining that the tunnel establishment request is legal; if not, feeding back a prompt message indicating that there is no authority to access to the browser.

一种可选的实施方式中,所述方法还包括:接收所述浏览器发送的登录请求,所述登录请求中携带有用户认证信息;基于所述用户认证信息生成对应的认证凭证,并保存所述认证凭证与所述用户认证信息对应的访问权限的映射关系;对所述登录请求进行响应,并在响应信息中携带所述认证凭证。In an optional implementation, the method further includes: receiving a login request sent by the browser, the login request carrying user authentication information; generating a corresponding authentication credential based on the user authentication information, and saving a mapping relationship between the authentication credential and the access rights corresponding to the user authentication information; responding to the login request, and carrying the authentication credential in the response information.

第三方面,本发明实施例提供了一种客户端设备,所述客户端设备上运行有浏览器,所述浏览器中加载有代理插件,其中,所述代理插件用于实现本发明所述的请求代理方法。In a third aspect, an embodiment of the present invention provides a client device, on which a browser is running, and a proxy plug-in is loaded in the browser, wherein the proxy plug-in is used to implement the request proxy method described in the present invention.

第四方面,本发明实施例提供了一种代理服务设备,包括存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机程序,所述处理器执行所述程序时实现本发明所述的请求代理方法中的步骤。In a fourth aspect, an embodiment of the present invention provides a proxy service device, comprising a memory, a processor, and a computer program stored in the memory and executable on the processor, wherein the processor implements the steps in the request proxy method described in the present invention when executing the program.

本发明的其它特征和优点将在随后的说明书中阐述,并且,部分地从说明书中变得显而易见,或者通过实施本发明而了解。本发明的目的和其他优点可通过在所写的说明书、权利要求书、以及附图中所特别指出的结构来实现和获得。Other features and advantages of the present invention will be described in the following description, and partly become apparent from the description, or understood by practicing the present invention. The purpose and other advantages of the present invention can be realized and obtained by the structures particularly pointed out in the written description, claims, and drawings.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

此处所说明的附图用来提供对本发明的进一步理解,构成本发明的一部分,本发明的示意性实施例及其说明用于解释本发明,并不构成对本发明的不当限定。在附图中:The drawings described herein are used to provide a further understanding of the present invention and constitute a part of the present invention. The exemplary embodiments of the present invention and their descriptions are used to explain the present invention and do not constitute an improper limitation of the present invention. In the drawings:

图1为本发明实施例提供的请求代理方法的应用场景示意图;FIG1 is a schematic diagram of an application scenario of a request proxy method provided by an embodiment of the present invention;

图2为本发明一实施例提供的请求代理方法的实施流程示意图;FIG2 is a schematic diagram of an implementation flow of a request proxy method provided by an embodiment of the present invention;

图3为本发明一实施例提供的请求代理方法的实施流程示意图;FIG3 is a schematic diagram of an implementation flow of a request proxy method provided by an embodiment of the present invention;

图4为本发明一实施例提供的请求代理方法的实施流程示意图。FIG. 4 is a schematic diagram of an implementation flow of a request proxy method provided in an embodiment of the present invention.

具体实施方式DETAILED DESCRIPTION

为了解决背景技术中的问题,本发明实施例提供了一种请求代理方法、客户端设备及代理服务设备。In order to solve the problem in the background technology, the embodiment of the present invention provides a request proxy method, a client device and a proxy service device.

以下结合说明书附图对本发明的优选实施例进行说明,应当理解,此处所描述的优选实施例仅用于说明和解释本发明,并不用于限定本发明,并且在不冲突的情况下,本发明中的实施例及实施例中的特征可以相互组合。The preferred embodiments of the present invention are described below in conjunction with the drawings. It should be understood that the preferred embodiments described herein are only used to illustrate and explain the present invention, and are not used to limit the present invention. In addition, the embodiments of the present invention and the features in the embodiments may be combined with each other if there is no conflict.

首先参考图1,其为本发明实施例提供的请求代理方法的应用场景示意图,客户端11上运行有浏览器,当用户10通过客户端11上运行的浏览器需要请求代理服务时,可在客户端11上运行的浏览器上安装代理插件,完成代理插件的安装与加载后,代理插件可以从浏览器缓存的Cookie信息列表中获取由代理服务器12授权的认证凭证,并验证获取到的认证凭证的有效性,如果确定认证凭证有效,则为浏览器开启代理服务,如果确定认证凭证无效,则代理插件通过浏览器向用户展示登录认证提示,并在登录认证完成后,重新从浏览器缓存的Cookie信息列表中获取由代理服务器12授权的认证凭证,用于提供给浏览器,在一实施中,代理插件还可周期性地从浏览器缓存的cookie信息列表中获取认证凭证,并验证其有效性,当确定认证凭证无效时,可关闭已开启的代理服务,并通过浏览器向用户展示登录认证提示,基于此,代理插件可周期性的对认证凭证的有效性进行检验,保证了向浏览器提供的认证凭证的有效性。First, refer to Figure 1, which is a schematic diagram of an application scenario of the request proxy method provided by an embodiment of the present invention. A browser is running on the client 11. When the user 10 needs to request a proxy service through the browser running on the client 11, a proxy plug-in can be installed on the browser running on the client 11. After the installation and loading of the proxy plug-in are completed, the proxy plug-in can obtain the authentication credential authorized by the proxy server 12 from the cookie information list cached by the browser, and verify the validity of the obtained authentication credential. If it is determined that the authentication credential is valid, the proxy service is enabled for the browser. If it is determined that the authentication credential is invalid, the proxy plug-in displays a login authentication prompt to the user through the browser, and after the login authentication is completed, the authentication credential authorized by the proxy server 12 is obtained from the cookie information list cached by the browser again for providing to the browser. In one implementation, the proxy plug-in can also periodically obtain the authentication credential from the cookie information list cached by the browser and verify its validity. When it is determined that the authentication credential is invalid, the enabled proxy service can be closed, and the login authentication prompt can be displayed to the user through the browser. Based on this, the proxy plug-in can periodically check the validity of the authentication credential to ensure the validity of the authentication credential provided to the browser.

当浏览器需要向源站服务器13发送业务访问请求前,可先通过发送隧道建立请求,以请求建立安全传输隧道用于传输后续的业务访问请求,其中,隧道建立请求用于请求建立TCP(Transmission Control Protocol,传输控制协议)代理隧道。Before the browser needs to send a service access request to the source server 13, it can first send a tunnel establishment request to request the establishment of a secure transmission tunnel for transmitting subsequent service access requests, wherein the tunnel establishment request is used to request the establishment of a TCP (Transmission Control Protocol) proxy tunnel.

由于浏览器的代理功能被代理插件开启,该隧道建立请求会被转发至代理服务器12,代理服务器12接收到浏览器发送的隧道建立请求后,可验证隧道建立请求的合法性,若隧道建立请求合法,代理服务器12则在与源站服务器13建立隧道连接后,再响应该隧道建立请求,以完成与客户端的隧道连接,从而完成了客户端与代理服务器,代理服务器与源站服务器之间的隧道的建立;如果确定隧道建立请求不合法,代理服务器12则向浏览器发送认证需求消息,以指示浏览器在隧道建立请求中携带有效的认证凭证。浏览器在接收到认证需求消息后,可向代理插件获取认证凭证,并重新发送隧道建立请求,同时在隧道建立请求中携带获取到的认证凭证。Since the proxy function of the browser is enabled by the proxy plug-in, the tunnel establishment request will be forwarded to the proxy server 12. After receiving the tunnel establishment request sent by the browser, the proxy server 12 can verify the legitimacy of the tunnel establishment request. If the tunnel establishment request is legitimate, the proxy server 12 will respond to the tunnel establishment request after establishing a tunnel connection with the source server 13 to complete the tunnel connection with the client, thereby completing the establishment of the tunnel between the client and the proxy server, and the proxy server and the source server; if it is determined that the tunnel establishment request is not legitimate, the proxy server 12 will send an authentication requirement message to the browser to instruct the browser to carry a valid authentication credential in the tunnel establishment request. After receiving the authentication requirement message, the browser can obtain the authentication credential from the proxy plug-in and resend the tunnel establishment request, while carrying the obtained authentication credential in the tunnel establishment request.

在实施中,代理服务器12验证隧道建立请求是否合法的方法包括检测所述隧道建立请求中是否携带有效的认证凭证,若携带,则确定所述隧道建立请求合法;若未携带,则确定所述隧道建立请求不合法,具体而言,在确定认证凭证是否有效时,可通过确定该认证凭证是否由代理服务器向浏览器提供的,以及该认证凭证是否过期来进行判断。In implementation, the method for the proxy server 12 to verify whether the tunnel establishment request is legal includes detecting whether the tunnel establishment request carries a valid authentication credential. If so, the tunnel establishment request is determined to be legal; if not, the tunnel establishment request is determined to be illegal. Specifically, when determining whether the authentication credential is valid, a judgment can be made by determining whether the authentication credential is provided by the proxy server to the browser and whether the authentication credential is expired.

在此应用场景下,客户端11和代理服务器12之间通过网络进行通信连接,代理服务器12与源站服务器13之间通过网络进行通信连接,该网络可以为局域网、广域网等,较佳的,代理服务器12与源站服务器13之间可基于VPN网络进行通信连接,其中,该VPN网络可基于SD-WAN(Software-Defined Wide Area Network,软件定义广域网络)技术实现。In this application scenario, the client 11 and the proxy server 12 are communicated and connected via a network, and the proxy server 12 and the source station server 13 are communicated and connected via a network, which may be a local area network, a wide area network, etc. Preferably, the proxy server 12 and the source station server 13 may be communicated and connected based on a VPN network, wherein the VPN network may be implemented based on SD-WAN (Software-Defined Wide Area Network) technology.

客户端11可以为安装有浏览器的终端设备(例如:智能手机、平板、笔记本电脑、个人电脑(PC,Personal Computer)等)。代理服务器12可以为任何能够提供代理服务的一台服务器、若干台服务器组成的服务器集群或云计算中心,源站服务器可为部署在局域网内的应用服务器。The client 11 may be a terminal device with a browser installed (e.g., a smart phone, a tablet, a laptop, a personal computer (PC), etc.). The proxy server 12 may be any server that can provide proxy services, a server cluster consisting of several servers, or a cloud computing center, and the source server may be an application server deployed in a local area network.

基于上述应用场景,下面将参照附图2~图4更详细地描述本发明的示例性实施例,可以理解的是,上述应用场景仅是为了便于理解本发明的精神和原理而示出,本发明的实施方式在此不受任何限制。相反,本发明的实施方式可以应用于适用的任何场景。Based on the above application scenarios, the exemplary embodiments of the present invention will be described in more detail below with reference to Figures 2 to 4. It can be understood that the above application scenarios are only shown to facilitate understanding of the spirit and principle of the present invention, and the embodiments of the present invention are not limited in any way. On the contrary, the embodiments of the present invention can be applied to any applicable scenario.

如图2所示,其为本发明实施例提供的一种请求代理方法的实施流程示意图,所述请求代理方法,应用于上述应用场景中,可以包括以下步骤:As shown in FIG. 2 , it is a schematic diagram of an implementation flow of a request proxy method provided by an embodiment of the present invention. The request proxy method, applied in the above application scenario, may include the following steps:

S21、当浏览器完成代理插件的加载后,代理插件从浏览器缓存的Cookie信息列表中获取由代理服务器授权的认证凭证。S21. After the browser completes loading of the proxy plug-in, the proxy plug-in obtains the authentication credential authorized by the proxy server from the cookie information list cached by the browser.

具体实施时,当需要使用代理服务时,可以在客户端运行的浏览器上安装代理插件,当浏览器完成代理插件的加载后,代理插件可自动从浏览器本地缓存的Cookie信息列表中查询满足预设条件的认证凭证。In specific implementation, when the proxy service is needed, a proxy plug-in can be installed on the browser running on the client. After the browser completes loading the proxy plug-in, the proxy plug-in can automatically query the authentication credentials that meet the preset conditions from the cookie information list cached locally in the browser.

具体地,认证凭证是由代理服务器在完成用户身份认证后生成并发送给客户端的,具体可以cookie设置项(set-cookie)的形式发送给客户端浏览器,使得浏览器基于cookie设置项生成对应的cookie信息缓存在本地的cookie信息列表中。其中,代理服务器在生成认证凭证时可根据预设算法计算得到具有唯一标识性的指定长度字符串,例如,基于加密算法对用户身份信息进行加密,或基于登录请求时间计算生成的指定长度字符串,或者基于随机算法计算生成的指定长度字符串,作为认证凭证的部分内容值,同时可按照预设的格式来设置认证凭证,具体而言,认证凭证可为cookie信息中的“名称”和“值”,例如指定浏览器基于cookie设置项生成的Cookie信息的Cookie名称为“slweb_id”,Cookie值为基于随机算法生成的具有唯一标识性的32位的字符串,具体可以为以下形式:Specifically, the authentication credential is generated by the proxy server after completing the user identity authentication and sent to the client. Specifically, it can be sent to the client browser in the form of a cookie setting item (set-cookie), so that the browser generates the corresponding cookie information based on the cookie setting item and caches it in the local cookie information list. Among them, when generating the authentication credential, the proxy server can calculate a uniquely identifiable specified length string according to a preset algorithm, for example, encrypting the user identity information based on an encryption algorithm, or calculating a specified length string generated based on the login request time, or calculating a specified length string generated based on a random algorithm, as part of the content value of the authentication credential, and can set the authentication credential according to a preset format. Specifically, the authentication credential can be the "name" and "value" in the cookie information, for example, the cookie name of the cookie information generated by the specified browser based on the cookie setting item is "slweb_id", and the cookie value is a uniquely identifiable 32-bit string generated based on a random algorithm, which can be in the following form:

slweb_id=db066cab0F729bf1695ddbf3ceb8ffc7slweb_id=db066cab0F729bf1695ddbf3ceb8ffc7

在具体实施过程中,代理插件可从cookie信息列表中查询名称为“slweb_id”的cookie值,作为认证凭证,当查询结果为空时,则表示无法获取有效的认证凭证。In the specific implementation process, the proxy plug-in can query the cookie value named "slweb_id" from the cookie information list as the authentication credential. When the query result is empty, it means that the valid authentication credential cannot be obtained.

S22、代理插件验证所述认证凭证的有效性。S22. The proxy plug-in verifies the validity of the authentication credential.

具体实施时,代理服务器在生成cookie设置项时,可指定有效期,用于指示cookie信息的有效期限,因此,浏览器在基于cookie设置项生成相应的cookie信息时,会记录对应的有效期。换言之,Cookie信息列表中保存有所述认证凭证的有效期,代理插件在查询到认证凭证时,可进一步基于系统当前时间及所述认证凭证的有效期判断所述认证凭证是否已过期,若已过期,则确定所述认证凭证无效,否则有效。In specific implementation, when the proxy server generates the cookie setting item, it can specify the validity period to indicate the validity period of the cookie information. Therefore, when the browser generates the corresponding cookie information based on the cookie setting item, it will record the corresponding validity period. In other words, the validity period of the authentication credential is saved in the cookie information list. When the proxy plug-in queries the authentication credential, it can further determine whether the authentication credential has expired based on the current system time and the validity period of the authentication credential. If it has expired, it is determined that the authentication credential is invalid, otherwise it is valid.

S23、代理插件若确定所述认证凭证有效,则为浏览器开启代理服务。S23. If the proxy plug-in determines that the authentication credential is valid, the proxy service is enabled for the browser.

具体实施时,代理插件若确定所述认证凭证有效,则为浏览器开启代理服务,以使得浏览器发出的访问请求被转发至代理服务器。In a specific implementation, if the proxy plug-in determines that the authentication credential is valid, the proxy service is enabled for the browser so that the access request sent by the browser is forwarded to the proxy server.

S24、代理插件若确定所述认证凭证无效,则通过浏览器向用户展示登录认证提示。S24. If the proxy plug-in determines that the authentication credential is invalid, it displays a login authentication prompt to the user through the browser.

具体实施时,代理插件若确定所述认证凭证无效,则表示用户认证无效,如尚未登录认证,或认证失效,需要重新登录进行认证,此时,代理插件可通过浏览器向用户展示登录认证提示,提示用户访问代理服务器提供的登录认证页面进行登录认证。In specific implementation, if the proxy plug-in determines that the authentication credentials are invalid, it means that the user authentication is invalid. For example, if the user has not logged in for authentication, or the authentication has expired, he needs to log in again for authentication. At this time, the proxy plug-in can display a login authentication prompt to the user through the browser, prompting the user to access the login authentication page provided by the proxy server for login authentication.

具体地,可以通过浏览器展示代理插件图标指示的登录认证入口,如可以通过变换插件图标的颜色来提示用户需要进行登录认证,用户通过点击插件图标,进入代理服务器提供的登录认证页面,也就是说,可以将插件图标链接到所述登录认证页面。还可以向用户发送登录提醒通知,由用户直接在浏览器上输入登录认证页面的URL(Uniform ResourceLocator,统一资源定位符)地址,进入登录认证页面,输入用户认证信息,即用户名和密码。本发明实施例对此不作限定。Specifically, the browser may display the login authentication entry indicated by the proxy plug-in icon, such as by changing the color of the plug-in icon to prompt the user that login authentication is required, and the user clicks the plug-in icon to enter the login authentication page provided by the proxy server, that is, the plug-in icon may be linked to the login authentication page. A login reminder notification may also be sent to the user, and the user directly enters the URL (Uniform Resource Locator) address of the login authentication page on the browser to enter the login authentication page and enter the user authentication information, i.e., the user name and password. This is not limited in the embodiments of the present invention.

S25、浏览器接收用户输入的用户认证信息,向代理服务器发送携带有所述用户认证信息的登录请求。S25. The browser receives the user authentication information input by the user, and sends a login request carrying the user authentication information to the proxy server.

具体实施时,浏览器接收用户输入的用户名和密码,将该用户名和密码携带在登录请求中发送至代理服务器,由代理服务器进行认证。In specific implementation, the browser receives the user name and password input by the user, carries the user name and password in a login request and sends it to the proxy server, which performs authentication.

S26、代理服务器基于所述用户认证信息生成对应的认证凭证,并保存所述认证凭证与所述用户认证信息对应的访问权限的映射关系。S26. The proxy server generates a corresponding authentication credential based on the user authentication information, and saves a mapping relationship between the authentication credential and the access authority corresponding to the user authentication information.

具体实施时,代理服务器可先基于用户认证信息对用户身份进行认证,当认证通过后,可为本次登录生成对应的认证凭证,认证凭证的生成过程已在步骤S21中进行了说明,此处不作赘述,进而,为了便于后续对浏览器发送的隧道建立请求进行验证,以及向源站服务器提供用户认证信息,代理服务器可保存认证凭证与用户认证信息的映射关系,以供后续查询验证,更进一步的,代理服务器可预先配置有各用户的访问权限,如此可根据用户认证信息确定用户的访问权限,并将该访问权限一并保存在该映射关系中,所述访问权限用于确定该用户可以访问的源站服务器信息。In specific implementation, the proxy server may first authenticate the user identity based on the user authentication information. When the authentication is passed, a corresponding authentication credential may be generated for this login. The process of generating the authentication credential has been described in step S21 and will not be repeated here. Furthermore, in order to facilitate the subsequent verification of the tunnel establishment request sent by the browser and provide the user authentication information to the source server, the proxy server may save the mapping relationship between the authentication credential and the user authentication information for subsequent query and verification. Furthermore, the proxy server may be pre-configured with access rights for each user, so that the user's access rights may be determined based on the user authentication information, and the access rights may be saved in the mapping relationship. The access rights are used to determine the source server information that the user can access.

S27、代理服务器对所述登录请求进行响应,并在响应信息中携带所述认证凭证,将所述响应消息返回至浏览器。S27. The proxy server responds to the login request and carries the authentication credentials in the response information, and returns the response message to the browser.

S28、浏览器将所述认证凭证缓存至Cookie信息列表中,代理插件返回执行步骤S21中获取认证凭证的步骤。S28. The browser caches the authentication credentials into a cookie information list, and the proxy plug-in returns to execute the step of obtaining the authentication credentials in step S21.

S29、浏览器向代理服务器发送隧道建立请求。S29. The browser sends a tunnel establishment request to the proxy server.

在具体实施过程中,浏览器可以通过HTTPS(Hyper Text Transfer Protocolover Secure Socket Layer,安全套接层超文本传输协议)或者HTTP(HyperText TransferProtocol,超文本传输协议)发送隧道建立请求,以请求通过隧道与源站服务器进行数据交互。In a specific implementation process, the browser may send a tunnel establishment request via HTTPS (Hyper Text Transfer Protocol over Secure Socket Layer) or HTTP (HyperText Transfer Protocol) to request data interaction with the source server through the tunnel.

S210、代理服务器验证所述隧道建立请求的合法性,若合法,则执行步骤S211,若不合法,则执行步骤S213。S210. The proxy server verifies the legitimacy of the tunnel establishment request. If it is legitimate, execute step S211; if it is not legitimate, execute step S213.

具体实施时,代理服务器通过以下方式验证所述隧道建立请求的合法性:代理服务器检测所述隧道建立请求中是否携带有效的认证凭证,若携带,则确定所述隧道建立请求合法,若未携带,则确定所述隧道建立请求不合法。In specific implementation, the proxy server verifies the legitimacy of the tunnel establishment request in the following manner: the proxy server detects whether the tunnel establishment request carries valid authentication credentials. If so, the tunnel establishment request is determined to be legal; if not, the tunnel establishment request is determined to be illegal.

具体地,代理服务器通过以下方式检测所述隧道建立请求中是否携带有效的认证凭证:若所述隧道建立请求中携带有认证凭证,且所述认证凭证为代理服务器向浏览器提供的、还未过期的认证凭证,则确定所述隧道建立请求中携带了有效的认证凭证。在实施中,代理服务器在获取到隧道建立请求中携带的认证凭证后,可基于该认证凭证查询本地保存的映射关系,来确定该认证凭证是否由代理服务器生成。Specifically, the proxy server detects whether the tunnel establishment request carries a valid authentication credential in the following manner: if the tunnel establishment request carries an authentication credential, and the authentication credential is an authentication credential provided by the proxy server to the browser and has not expired, then it is determined that the tunnel establishment request carries a valid authentication credential. In implementation, after obtaining the authentication credential carried in the tunnel establishment request, the proxy server can query a locally stored mapping relationship based on the authentication credential to determine whether the authentication credential is generated by the proxy server.

一种较佳的实施方式中,若所述隧道建立请求中携带有认证凭证,且所述认证凭证为代理服务器向浏览器提供的、还未过期的认证凭证,还可以进一步基于所述认证凭证确定所述隧道建立请求是否满足权限要求,若满足,则确定所述隧道建立请求合法,若不满足,则反馈无权限访问的提示信息给所述浏览器。In a preferred implementation, if the tunnel establishment request carries an authentication credential, and the authentication credential is an authentication credential provided by the proxy server to the browser and has not expired, it is further possible to determine whether the tunnel establishment request meets the authority requirements based on the authentication credential. If so, the tunnel establishment request is determined to be legal; if not, a prompt message indicating that there is no authority to access is fed back to the browser.

基于所述认证凭证确定所述隧道建立请求是否满足权限要求,具体包括:Determining whether the tunnel establishment request meets the authority requirement based on the authentication credential specifically includes:

代理服务器根据存储的映射关系中查找所述隧道建立请求中携带的认证凭证对应的访问权限,如果所述访问权限中包含用户请求代理服务器建立连接的源站服务器信息,则确定对所述隧道建立请求进行代理,否则,确定所述隧道建立请求不需要进行代理,可直接对其进行转发。The proxy server searches for the access rights corresponding to the authentication credentials carried in the tunnel establishment request according to the stored mapping relationship. If the access rights include the source server information of the user requesting the proxy server to establish a connection, it determines to proxy the tunnel establishment request. Otherwise, it determines that the tunnel establishment request does not need to be proxied and can be forwarded directly.

S211、代理服务器向源站服务器发送连接建立请求,与源站服务器建立连接。S211. The proxy server sends a connection establishment request to the source server and establishes a connection with the source server.

具体实施时,代理服务器向源站服务器发送连接建立请求,以与源站服务器建立TCP代理隧道连接。During specific implementation, the proxy server sends a connection establishment request to the source server to establish a TCP proxy tunnel connection with the source server.

S212、源站服务器与代理服务器建立TCP代理隧道连接。S212: The source server establishes a TCP proxy tunnel connection with the proxy server.

S213、代理服务器向浏览器发送认证需求消息,以指示浏览器在所述隧道建立请求中携带有效的认证凭证。S213. The proxy server sends an authentication requirement message to the browser to instruct the browser to carry a valid authentication credential in the tunnel establishment request.

具体实施时,若所述隧道建立请求不合法,代理服务器则向浏览器发送407响应码,以指示浏览器在所述隧道建立请求中携带有效的认证凭证。In specific implementation, if the tunnel establishment request is illegal, the proxy server sends a 407 response code to the browser to instruct the browser to carry valid authentication credentials in the tunnel establishment request.

一种较佳的实施方式中,为了进一步保证认证凭证的有效性,代理插件在为所述浏览器开启代理服务后,可以周期性地从所述Cookie信息列表中获取代理服务器授权的认证凭证,并验证所述认证凭证的有效性;若确定所述认证凭证无效,则关闭所述代理服务,通过浏览器向用户展示登录认证提示,并在登录认证完成后,返回执行(步骤S21中)获取认证凭证的步骤,在关闭代理服务后,浏览器发出的访问请求将不再转发至代理服务器,可有效减轻代理服务器的处理压力。其中,获取认证凭证的周期可以自行设定,本发明实例不作限定。In a preferred implementation, in order to further ensure the validity of the authentication credentials, after the proxy service is turned on for the browser, the proxy plug-in can periodically obtain the authentication credentials authorized by the proxy server from the Cookie information list and verify the validity of the authentication credentials; if it is determined that the authentication credentials are invalid, the proxy service is turned off, and a login authentication prompt is displayed to the user through the browser, and after the login authentication is completed, the step of obtaining the authentication credentials (in step S21) is returned to execute. After the proxy service is turned off, the access request sent by the browser will no longer be forwarded to the proxy server, which can effectively reduce the processing pressure of the proxy server. Among them, the period for obtaining the authentication credentials can be set by oneself, and the examples of the present invention are not limited.

浏览器在接收到认证需求消息后,可从代理插件处获取到认证凭证,并重新生成隧道建立请求,同时携带该认证凭证,发送至代理服务器。在一实施中,代理插件注册有认证回调函数,所述认证回调函数用于将代理服务器对用户认证信息(如代理服务器为用户设置的唯一用户名和密码)进行身份认证后授权的Cookie信息作为认证凭证返回,当浏览器需要向代理插件获取认证凭证时,可通过调用认证回调函数来获取认证凭证。After receiving the authentication requirement message, the browser can obtain the authentication credential from the proxy plug-in, and regenerate a tunnel establishment request, and carry the authentication credential at the same time, and send it to the proxy server. In one implementation, the proxy plug-in is registered with an authentication callback function, and the authentication callback function is used to return the cookie information authorized after the proxy server authenticates the user authentication information (such as the unique user name and password set by the proxy server for the user) as the authentication credential. When the browser needs to obtain the authentication credential from the proxy plug-in, it can obtain the authentication credential by calling the authentication callback function.

由此可见,相比于现有技术,本发明实施例通过代理服务器生成的认证凭证来验证浏览器发送的隧道建立请求的合法性,可在一定程度上保证网络访问的安全性,同时,通过在浏览器上安装并加载代理插件,通过代理插件自动实现代理认证和代理功能,无需在浏览器上预先配置用户认证信息(即代理服务器提供的用户名和密码),只需进行登录认证,登录认证需要用户手动输入用户名和密码,不存在泄露风险,认证成功后,代理服务器生成对应的认证凭证,通过浏览器的代理插件自动获取认证凭证,代理插件的代理功能则自动生效,从而,提高了浏览器代理服务的安全性与服务效率。It can be seen that compared with the prior art, the embodiment of the present invention verifies the legitimacy of the tunnel establishment request sent by the browser through the authentication credentials generated by the proxy server, which can ensure the security of network access to a certain extent. At the same time, by installing and loading the proxy plug-in on the browser, the proxy authentication and proxy functions are automatically implemented through the proxy plug-in. There is no need to pre-configure user authentication information on the browser (that is, the user name and password provided by the proxy server). Only login authentication is required. Login authentication requires the user to manually enter the user name and password, and there is no risk of leakage. After the authentication is successful, the proxy server generates the corresponding authentication credentials, and the authentication credentials are automatically obtained through the browser's proxy plug-in. The proxy function of the proxy plug-in automatically takes effect, thereby improving the security and service efficiency of the browser proxy service.

基于同一发明构思,本发明实施例还提供了一种代理插件侧实施的请求代理方法,由于所述代理插件侧实施的请求代理方法解决问题的原理与上述请求代理方法相似,因此上述代理插件侧实施的请求代理方法的实施可以参见上述请求代理方法的实施,重复之处不再赘述。Based on the same inventive concept, an embodiment of the present invention also provides a request proxy method implemented on a proxy plug-in side. Since the principle of solving the problem by the request proxy method implemented on the proxy plug-in side is similar to that of the above-mentioned request proxy method, the implementation of the request proxy method implemented on the above-mentioned proxy plug-in side can refer to the implementation of the above-mentioned request proxy method, and the repeated parts will not be repeated.

如图3所示,其为本发明实施例提供的一种请求代理方法的实施流程示意图,所述请求代理方法,应用于代理插件,可以包括以下步骤:As shown in FIG. 3 , it is a schematic diagram of an implementation flow of a request proxy method provided by an embodiment of the present invention. The request proxy method, applied to a proxy plug-in, may include the following steps:

S31、当浏览器完成代理插件的加载后,代理插件从浏览器缓存的Cookie信息列表中获取由代理服务器授权的认证凭证,并验证所述认证凭证的有效性。S31. After the browser completes loading of the proxy plug-in, the proxy plug-in obtains the authentication credential authorized by the proxy server from the cookie information list cached by the browser, and verifies the validity of the authentication credential.

较佳地,所述从所述浏览器缓存的Cookie信息列表中获取由代理服务器授权的认证凭证,具体包括:Preferably, the obtaining of the authentication credentials authorized by the proxy server from the Cookie information list cached by the browser specifically includes:

从所述Cookie信息列表中查询满足预设条件的认证凭证。Query the authentication credentials that meet the preset conditions from the Cookie information list.

较佳地,所述Cookie信息列表中保存有所述认证凭证的有效期,所述验证所述认证凭证的有效性,具体包括:Preferably, the validity period of the authentication credential is stored in the Cookie information list, and the verification of the validity of the authentication credential specifically includes:

基于系统当前时间及所述认证凭证的有效期判断所述认证凭证是否已过期,若已过期,则确定所述认证凭证无效,否则有效。Based on the current system time and the validity period of the authentication credential, it is determined whether the authentication credential has expired. If it has expired, the authentication credential is determined to be invalid; otherwise, it is valid.

S32、代理插件若确定所述认证凭证有效,则为所述浏览器开启代理服务,使得所述浏览器发出的访问请求被所述代理服务器接收。S32: If the proxy plug-in determines that the authentication credential is valid, the proxy service is enabled for the browser so that the access request sent by the browser is received by the proxy server.

S33、代理插件若确定所述认证凭证无效,则通过所述浏览器向用户展示登录认证提示,并在登录认证完成后,返回执行所述获取认证凭证的步骤。S33: If the proxy plug-in determines that the authentication credential is invalid, it displays a login authentication prompt to the user through the browser, and after the login authentication is completed, returns to execute the step of obtaining the authentication credential.

S34、当所述浏览器需要向所述代理服务器提供所述认证凭证时,代理插件将获取到的所述有效的认证凭证提供给所述浏览器,以使所述代理服务器基于所述有效的认证凭证进行身份认证。S34: When the browser needs to provide the authentication credential to the proxy server, the proxy plug-in provides the acquired valid authentication credential to the browser, so that the proxy server performs identity authentication based on the valid authentication credential.

可选地,在为所述浏览器开启代理服务后,所述方法还包括:Optionally, after enabling the proxy service for the browser, the method further includes:

周期性地从所述Cookie信息列表中获取所述认证凭证,并验证所述认证凭证的有效性;Periodically obtaining the authentication credential from the Cookie information list and verifying the validity of the authentication credential;

若确定所述认证凭证无效,则关闭所述代理服务,通过所述浏览器向用户展示登录认证提示,并在登录认证完成后,返回执行所述获取认证凭证的步骤。If it is determined that the authentication credential is invalid, the proxy service is closed, a login authentication prompt is displayed to the user through the browser, and after the login authentication is completed, the step of obtaining the authentication credential is returned to be executed.

基于同一发明构思,本发明实施例还提供了一种代理服务器侧实施的请求代理方法,由于所述代理服务器侧实施的请求代理方法解决问题的原理与上述请求代理方法相似,因此上述代理服务器侧实施的请求代理方法的实施可以参见上述请求代理方法的实施,重复之处不再赘述。Based on the same inventive concept, an embodiment of the present invention also provides a request proxy method implemented on a proxy server side. Since the principle of solving the problem by the request proxy method implemented on the proxy server side is similar to that of the above-mentioned request proxy method, the implementation of the request proxy method implemented on the above-mentioned proxy server side can refer to the implementation of the above-mentioned request proxy method, and the repeated parts will not be repeated.

如图4所示,其为本发明实施例提供的一种请求代理方法的实施流程示意图,所述请求代理方法,应用于代理服务器,可以包括以下步骤:As shown in FIG. 4 , it is a schematic diagram of an implementation flow of a request proxy method provided by an embodiment of the present invention. The request proxy method, applied to a proxy server, may include the following steps:

S41、代理服务器接收浏览器发送的隧道建立请求,其中,所述隧道建立请求用于指示所述代理服务器与源站服务器建立连接。S41. The proxy server receives a tunnel establishment request sent by the browser, wherein the tunnel establishment request is used to instruct the proxy server to establish a connection with the source server.

S42、代理服务器验证所述隧道建立请求的合法性。S42: The proxy server verifies the legitimacy of the tunnel establishment request.

较佳地,所述验证所述隧道建立请求的合法性,具体包括:Preferably, the verifying the legitimacy of the tunnel establishment request specifically includes:

检测所述隧道建立请求中是否携带有效的认证凭证,若携带,则确定所述隧道建立请求合法;若未携带,则确定所述隧道建立请求不合法。It is detected whether the tunnel establishment request carries a valid authentication credential. If so, it is determined that the tunnel establishment request is legal; if not, it is determined that the tunnel establishment request is illegal.

较佳地,检测所述隧道建立请求中是否携带有效的认证凭证,具体包括:Preferably, detecting whether the tunnel establishment request carries a valid authentication credential specifically includes:

若所述隧道建立请求中携带有认证凭证,且所述认证凭证为所述代理服务器向所述浏览器提供的、还未过期的认证凭证,则确定所述隧道建立请求中携带了有效的认证凭证。If the tunnel establishment request carries an authentication credential, and the authentication credential is an authentication credential provided by the proxy server to the browser and has not expired, it is determined that the tunnel establishment request carries a valid authentication credential.

较佳地,检测所述隧道建立请求中是否有携带有效的认证凭证,具体包括:Preferably, detecting whether the tunnel establishment request carries a valid authentication credential specifically includes:

基于所述隧道建立请求中携带的认证凭证确定所述隧道建立请求是否满足权限要求,若满足,则确定所述隧道建立请求合法;若不满足,则反馈无权限访问的提示信息给所述浏览器。Based on the authentication credentials carried in the tunnel establishment request, it is determined whether the tunnel establishment request meets the authority requirements. If so, it is determined that the tunnel establishment request is legal; if not, a prompt message indicating that there is no authority to access is fed back to the browser.

S43、若所述隧道建立请求不合法,代理服务器则向所述浏览器发送认证需求消息,以指示所述浏览器在所述隧道建立请求中携带有效的认证凭证。S43: If the tunnel establishment request is illegal, the proxy server sends an authentication requirement message to the browser to instruct the browser to carry a valid authentication credential in the tunnel establishment request.

其中,所述认证凭证由所述浏览器上的代理插件向所述浏览器提供。The authentication credential is provided to the browser by a proxy plug-in on the browser.

S44、若所述隧道建立请求合法,代理服务器则与所述源站服务器建立连接。S44: If the tunnel establishment request is legal, the proxy server establishes a connection with the source server.

可选地,所述方法还包括:Optionally, the method further comprises:

代理服务器接收所述浏览器发送的登录请求,所述登录请求中携带有用户认证信息;The proxy server receives the login request sent by the browser, wherein the login request carries user authentication information;

基于所述用户认证信息生成对应的认证凭证,并保存所述认证凭证与所述用户认证信息对应的访问权限的映射关系;Generate a corresponding authentication credential based on the user authentication information, and save a mapping relationship between the authentication credential and the access rights corresponding to the user authentication information;

对所述登录请求进行响应,并在响应信息中携带所述认证凭证。Respond to the login request and carry the authentication credential in the response information.

本发明实施例提供了一种客户端设备,所述客户端设备上运行有浏览器,所述浏览器中加载有代理插件,其中,所述代理插件用于实现如图3所示的请求代理方法。An embodiment of the present invention provides a client device, on which a browser is running, and a proxy plug-in is loaded in the browser, wherein the proxy plug-in is used to implement the request proxy method shown in FIG. 3 .

本发明实施例提供了一种代理服务设备,所述代理服务设备包括存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机程序,所述处理器执行所述程序时实现如图4所示的请求代理方法。An embodiment of the present invention provides a proxy service device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor. When the processor executes the program, the request proxy method shown in FIG. 4 is implemented.

本申请实施例还提供了一种计算机可读存储介质,存储为执行上述处理器所需执行的计算机可执行指令,其包含用于执行上述处理器所需执行的程序。An embodiment of the present application also provides a computer-readable storage medium that stores computer-executable instructions required to execute the above-mentioned processor, which includes a program required to execute the above-mentioned processor.

在一些可能的实施方式中,本发明提供的请求代理方法的各个方面还可以实现为一种程序产品的形式,其包括程序代码,当所述程序产品在电子设备上运行时,所述程序代码用于使所述电子设备执行本说明书上述描述的根据本发明各种示例性实施方式的请求代理方法中的步骤。In some possible implementations, various aspects of the request proxy method provided by the present invention may also be implemented in the form of a program product, which includes a program code. When the program product is run on an electronic device, the program code is used to enable the electronic device to execute the steps of the request proxy method according to various exemplary implementations of the present invention described above in this specification.

本领域内的技术人员应明白,本发明的实施例可提供为方法、装置、或计算机程序产品。因此,本发明可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。It will be appreciated by those skilled in the art that embodiments of the present invention may be provided as methods, devices, or computer program products. Therefore, the present invention may take the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, the present invention may take the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program code.

本发明是参照根据本发明实施例的方法、设备(装置)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is described with reference to the flowchart and/or block diagram of the method, device (apparatus), and computer program product according to the embodiment of the present invention. It should be understood that each process and/or box in the flowchart and/or block diagram, as well as the combination of the processes and/or boxes in the flowchart and/or block diagram, can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, a special-purpose computer, an embedded processor or other programmable data processing device to produce a machine, so that the instructions executed by the processor of the computer or other programmable data processing device produce a device for implementing the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.

这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing device to work in a specific manner, so that the instructions stored in the computer-readable memory produce a manufactured product including an instruction device that implements the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.

这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions may also be loaded onto a computer or other programmable data processing device so that a series of operational steps are executed on the computer or other programmable device to produce a computer-implemented process, whereby the instructions executed on the computer or other programmable device provide steps for implementing the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.

尽管已描述了本发明的优选实施例,但本领域内的技术人员一旦得知了基本创造性概念,则可对这些实施例做出另外的变更和修改。所以,所附权利要求意欲解释为包括优选实施例以及落入本发明范围的所有变更和修改。Although the preferred embodiments of the present invention have been described, those skilled in the art may make additional changes and modifications to these embodiments once they have learned the basic creative concept. Therefore, the appended claims are intended to be interpreted as including the preferred embodiments and all changes and modifications that fall within the scope of the present invention.

显然,本领域的技术人员可以对本发明进行各种改动和变型而不脱离本发明的精神和范围。这样,倘若本发明的这些修改和变型属于本发明权利要求及其等同技术的范围之内,则本发明也意图包含这些改动和变型在内。Obviously, those skilled in the art can make various changes and modifications to the present invention without departing from the spirit and scope of the present invention. Thus, if these modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include these modifications and variations.

Claims (10)

1.一种请求代理方法,其特征在于,应用于代理插件,所述方法包括:1. A request proxy method, characterized in that it is applied to a proxy plug-in, and the method comprises: 当浏览器完成所述代理插件的加载后,从所述浏览器缓存的Cookie信息列表中获取由代理服务器授权的认证凭证,并验证所述认证凭证的有效性,其中,所述认证凭证是由所述代理服务器在接收到所述浏览器发送的登录请求以完成用户身份认证后生成的,并将所述认证凭证携带在对所述登录请求的响应信息中返回至所述浏览器,由所述浏览器缓存至所述Cookie信息列表中的;When the browser completes loading of the proxy plug-in, the authentication credential authorized by the proxy server is obtained from the cookie information list cached by the browser, and the validity of the authentication credential is verified, wherein the authentication credential is generated by the proxy server after receiving the login request sent by the browser to complete the user identity authentication, and the authentication credential is carried in the response information to the login request and returned to the browser, and is cached by the browser in the cookie information list; 若确定所述认证凭证有效,则为所述浏览器开启代理服务,使得所述浏览器发出的访问请求被所述代理服务器接收;If it is determined that the authentication credential is valid, enabling a proxy service for the browser so that the access request sent by the browser is received by the proxy server; 若确定所述认证凭证无效,则通过所述浏览器向用户展示登录认证提示,并在登录认证完成后,从所述浏览器缓存的Cookie信息列表中获取由代理服务器授权的认证凭证;If it is determined that the authentication credential is invalid, a login authentication prompt is displayed to the user through the browser, and after the login authentication is completed, the authentication credential authorized by the proxy server is obtained from the cookie information list cached by the browser; 当所述浏览器需要向所述代理服务器提供所述认证凭证时,将获取到的有效的认证凭证提供给所述浏览器,以使所述代理服务器基于所述有效的认证凭证进行身份认证。When the browser needs to provide the authentication credential to the proxy server, the acquired valid authentication credential is provided to the browser, so that the proxy server performs identity authentication based on the valid authentication credential. 2.如权利要求1所述的方法,其特征在于,所述从所述浏览器缓存的Cookie信息列表中获取由代理服务器授权的认证凭证,具体包括:2. The method according to claim 1, wherein obtaining the authentication credentials authorized by the proxy server from the cookie information list cached by the browser specifically comprises: 从所述Cookie信息列表中查询满足预设条件的认证凭证。Query the authentication credentials that meet the preset conditions from the Cookie information list. 3.如权利要求1所述的方法,其特征在于,所述Cookie信息列表中保存有所述认证凭证的有效期,所述验证所述认证凭证的有效性,具体包括:3. The method according to claim 1, wherein the validity period of the authentication credential is stored in the Cookie information list, and the verifying the validity of the authentication credential specifically includes: 基于系统当前时间及所述认证凭证的有效期判断所述认证凭证是否已过期,若已过期,则确定所述认证凭证无效,否则有效。Based on the current system time and the validity period of the authentication credential, it is determined whether the authentication credential has expired. If it has expired, the authentication credential is determined to be invalid; otherwise, it is valid. 4.如权利要求1所述的方法,其特征在于,在为所述浏览器开启代理服务后,所述方法还包括:4. The method according to claim 1, characterized in that, after enabling the proxy service for the browser, the method further comprises: 周期性地从所述Cookie信息列表中获取所述认证凭证,并验证所述认证凭证的有效性;Periodically obtaining the authentication credential from the Cookie information list and verifying the validity of the authentication credential; 若确定所述认证凭证无效,则关闭所述代理服务,通过所述浏览器向用户展示登录认证提示,并在登录认证完成后,从所述浏览器缓存的Cookie信息列表中获取由代理服务器授权的认证凭证。If it is determined that the authentication credential is invalid, the proxy service is closed, a login authentication prompt is displayed to the user through the browser, and after the login authentication is completed, the authentication credential authorized by the proxy server is obtained from the cookie information list cached by the browser. 5.一种请求代理方法,其特征在于,应用于代理服务器,所述方法包括:5. A request proxy method, characterized in that it is applied to a proxy server, and the method comprises: 接收浏览器发送的隧道建立请求,其中,所述隧道建立请求用于指示所述代理服务器与源站服务器建立连接;Receiving a tunnel establishment request sent by the browser, wherein the tunnel establishment request is used to instruct the proxy server to establish a connection with the source server; 验证所述隧道建立请求的合法性,具体包括:检测所述隧道建立请求中是否携带有效的认证凭证,若携带,则确定所述隧道建立请求合法;若未携带,则确定所述隧道建立请求不合法;Verifying the legitimacy of the tunnel establishment request, specifically comprising: detecting whether the tunnel establishment request carries a valid authentication credential, if so, determining that the tunnel establishment request is legal; if not, determining that the tunnel establishment request is illegal; 若所述隧道建立请求不合法,则向所述浏览器发送认证需求消息,以指示所述浏览器在所述隧道建立请求中携带有效的认证凭证,其中,所述认证凭证由所述浏览器上的代理插件向所述浏览器提供,所述认证凭证是由所述代理服务器在完成用户身份认证后生成的;If the tunnel establishment request is illegal, sending an authentication requirement message to the browser to instruct the browser to carry a valid authentication credential in the tunnel establishment request, wherein the authentication credential is provided to the browser by a proxy plug-in on the browser, and the authentication credential is generated by the proxy server after completing user identity authentication; 若所述隧道建立请求合法,则与所述源站服务器建立连接。If the tunnel establishment request is legal, a connection is established with the source server. 6.如权利要求5所述的方法,其特征在于,检测所述隧道建立请求中是否携带有效的认证凭证,具体包括:6. The method according to claim 5, wherein detecting whether the tunnel establishment request carries a valid authentication credential specifically comprises: 若所述隧道建立请求中携带有认证凭证,且所述认证凭证为所述代理服务器向所述浏览器提供的、还未过期的认证凭证,则确定所述隧道建立请求中携带了有效的认证凭证。If the tunnel establishment request carries an authentication credential, and the authentication credential is an authentication credential provided by the proxy server to the browser and has not expired, it is determined that the tunnel establishment request carries a valid authentication credential. 7.如权利要求5或6所述的方法,其特征在于,检测所述隧道建立请求中是否有携带有效的认证凭证,具体包括:7. The method according to claim 5 or 6, characterized in that detecting whether the tunnel establishment request carries a valid authentication credential specifically comprises: 基于所述隧道建立请求中携带的认证凭证确定所述隧道建立请求是否满足权限要求,若满足,则确定所述隧道建立请求合法;若不满足,则反馈无权限访问的提示信息给所述浏览器。Based on the authentication credentials carried in the tunnel establishment request, it is determined whether the tunnel establishment request meets the authority requirements. If so, it is determined that the tunnel establishment request is legal; if not, a prompt message indicating that there is no authority to access is fed back to the browser. 8.如权利要求5所述的方法,其特征在于,所述方法还包括:8. The method according to claim 5, characterized in that the method further comprises: 接收所述浏览器发送的登录请求,所述登录请求中携带有用户认证信息;Receiving a login request sent by the browser, wherein the login request carries user authentication information; 基于所述用户认证信息生成对应的认证凭证,并保存所述认证凭证与所述用户认证信息对应的访问权限的映射关系;Generate a corresponding authentication credential based on the user authentication information, and save a mapping relationship between the authentication credential and the access rights corresponding to the user authentication information; 对所述登录请求进行响应,并在响应信息中携带所述认证凭证。Respond to the login request and carry the authentication credential in the response information. 9.一种客户端设备,其特征在于,所述客户端设备上运行有浏览器,所述浏览器中加载有代理插件,其中,所述代理插件用于实现如权利要求1~4中任一项所述的请求代理方法。9. A client device, characterized in that a browser is running on the client device, and a proxy plug-in is loaded in the browser, wherein the proxy plug-in is used to implement the request proxy method according to any one of claims 1 to 4. 10.一种代理服务设备,其特征在于,包括存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机程序,所述处理器执行所述程序时实现如权利要求5~8任一项所述的请求代理方法。10. A proxy service device, characterized in that it comprises a memory, a processor and a computer program stored in the memory and executable on the processor, wherein when the processor executes the program, the request proxy method according to any one of claims 5 to 8 is implemented.
CN202110572059.8A 2021-05-25 2021-05-25 A request proxy method, client device and proxy service device Active CN113190828B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202110572059.8A CN113190828B (en) 2021-05-25 2021-05-25 A request proxy method, client device and proxy service device
PCT/CN2021/121738 WO2022247090A1 (en) 2021-05-25 2021-09-29 Proxy requesting method, client device and proxy service device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110572059.8A CN113190828B (en) 2021-05-25 2021-05-25 A request proxy method, client device and proxy service device

Publications (2)

Publication Number Publication Date
CN113190828A CN113190828A (en) 2021-07-30
CN113190828B true CN113190828B (en) 2024-11-08

Family

ID=76984913

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110572059.8A Active CN113190828B (en) 2021-05-25 2021-05-25 A request proxy method, client device and proxy service device

Country Status (2)

Country Link
CN (1) CN113190828B (en)
WO (1) WO2022247090A1 (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113190828B (en) * 2021-05-25 2024-11-08 网宿科技股份有限公司 A request proxy method, client device and proxy service device
CN114338076B (en) * 2021-11-11 2023-04-07 清华大学 Distributed cross-device access control method and device suitable for smart home environment
CN114095263A (en) * 2021-11-24 2022-02-25 上海派拉软件股份有限公司 A communication method, device and system
CN114090936B (en) * 2021-11-25 2022-07-29 万商云集(成都)科技股份有限公司 Method and device for acquiring cookie data from any system, analyzing and storing cookie data
CN114301639B (en) * 2021-12-13 2024-02-27 杭州迪普科技股份有限公司 Connection establishment method and device
CN114363054B (en) * 2021-12-31 2023-12-01 杭州数梦工场科技有限公司 Interface request conversion method, interface conversion device, electronic equipment and storage medium
CN115941512B (en) * 2022-11-07 2025-05-09 北京天融信网络安全技术有限公司 Network device management method, network device and electronic device
CN119299182A (en) * 2024-10-12 2025-01-10 上海贝锐信息科技股份有限公司 A method and system for selecting a point-to-point path to access a target website

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106031118A (en) * 2013-11-11 2016-10-12 阿道罗姆股份有限公司 Cloud Service Security Intermediaries and Proxies

Family Cites Families (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8943571B2 (en) * 2011-10-04 2015-01-27 Qualcomm Incorporated Method and apparatus for protecting a single sign-on domain from credential leakage
US9571331B1 (en) * 2012-11-21 2017-02-14 Amazon Technologies, Inc. Techniques for accessing local networks via a virtualized gateway
CN103179134A (en) * 2013-04-19 2013-06-26 中国建设银行股份有限公司 Single sign on method and system based on Cookie and application server thereof
CN104320423B (en) * 2014-11-19 2018-12-28 重庆邮电大学 Single-sign-on lightweight implementation method based on Cookie
CN106302504A (en) * 2016-08-31 2017-01-04 浪潮电子信息产业股份有限公司 Xenserver security-based vnc implementation method
CN109889514A (en) * 2019-02-03 2019-06-14 郭丽 A kind of certification scan method and web application scanning system
CN112333141B (en) * 2020-09-06 2023-04-18 于奎 Method, device and system for providing Internet Web application service based on remote application
CN113190828B (en) * 2021-05-25 2024-11-08 网宿科技股份有限公司 A request proxy method, client device and proxy service device

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106031118A (en) * 2013-11-11 2016-10-12 阿道罗姆股份有限公司 Cloud Service Security Intermediaries and Proxies

Also Published As

Publication number Publication date
WO2022247090A1 (en) 2022-12-01
CN113190828A (en) 2021-07-30

Similar Documents

Publication Publication Date Title
CN113190828B (en) A request proxy method, client device and proxy service device
JP2020126602A5 (en)
US11336449B2 (en) Information processing apparatus, computer program product, and resource providing method
US20150188779A1 (en) Split-application infrastructure
JP5644770B2 (en) Access control system, server, and access control method
US20100077467A1 (en) Authentication service for seamless application operation
WO2016127914A1 (en) Redirection method, apparatus, and system
CN108632329B (en) A method and device for accessing a third-party plug-in
CN104580172A (en) Data communication method and device based on https (hypertext transfer protocol over secure socket layer)
US10470040B2 (en) Secure single sign-on to software applications
CN104065616A (en) Single sign-on method and system
CN111224952B (en) Network resource acquisition method, device and storage medium for directed traffic
EP3140952A1 (en) Facilitating single sign-on to software applications
CN103685139A (en) Authentication and authorization processing method and device
CN105162802B (en) Portal authentication method and certificate server
CN109474600B (en) Account binding method, system, device and equipment
CN104767614A (en) A method and device for information authentication
CN109729045B (en) Single sign-on method, system, server and storage medium
US10505902B2 (en) Securely identifying a device using a DNS-controlled proxy
CN105812380A (en) Verification method and device
CN102984117A (en) Authentication method and authentication server and authentication system of webpage assembly
WO2025077599A1 (en) Rich media file transmission method, apparatus and system, and electronic device, storage medium and computer program product
CN111049789A (en) Domain name access method and device
CN113391851B (en) A proxy control method, client device and proxy service device
CN105141586B (en) A kind of method and system verified to user

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant