A service access control method and device based on a virtual router VSR
A service access and control method technology, which is applied in the field of service access control based on a virtual router VSR, can solve problems such as poor anti-attack capabilities, users cannot enjoy information services, and fragility, so as to suppress invalid access and attacks, save bandwidth and The effect of computing power
- Summary
- Abstract
- Description
- Claims
- Application Information
AI Technical Summary
Problems solved by technology
Method used
Image
Examples
Embodiment 1
[0055] In this embodiment, a local life service website is taken as an example, and the users that the local life service website wants to visit are people in a local city. The domain name of the service website is www.service.com, the IP network segment of the local Unicom is 10.10.1.1 / 255.255.0.0, and the IP network segment of the local mobile is 20.10.1.1 / 255.255.0.0; the virtual data center deployed in the public cloud The DNS in the VDC or virtual private cloud VPC maintains the following two tables: Web service access permission table (Table 3) and zone correspondence table (Table 4).
[0056] table 3
[0057] rule number Site Web Services action 1 Site A www.service.com permit 2 Site B www.service.com permit 3 Any Any Deny
[0058] Table 4
[0059] Site IP Mask Site A 10.10.1.1 255.255.0.0 Site B 20.10.1.1 255.255.0.0
[0060] Site C 30.10.1.1 255.255.0.0 Site D 40.10....
Embodiment 2
[0074] Method Embodiment 1 Take a local Unicom user trying to access a local life service website as an example to introduce the technical solution of the present invention. In this embodiment, a foreign Unicom user (IP address is 30.10.1.88) tries to access the local life service website www.service.com To further illustrate the technical solution of the present invention, the region correspondence table and the Web service access authority table in the first method embodiment are still used. image 3 The flowchart of the present embodiment includes the following steps:
[0075] Step 301: The DNS receives a domain name resolution request message sent by the client, and the domain name resolution request message carries the source IP address of the client and information about the domain name requested by the client.
[0076] In this step, the DNS receives the domain name resolution request message sent by the non-local Unicom user (IP address 30.10.1.88), and the domain name ...
Embodiment 3
[0086] Both method embodiment 1 and method embodiment 2 can query the area corresponding to the source IP address carried in the domain name resolution request message in Table 2, and this embodiment does not exist in the domain name resolution request message from Table 2 The embodiment of the present invention is described from the perspective of the area corresponding to the source IP address carried. For example, a user of Unicom (IP address 50.10.1.88) trying to access the local life service website www.service.com is still using the method in Embodiment 1. Region correspondence table and Web service access permission table. Figure 4 The flowchart of the present embodiment includes the following steps:
[0087] Step 401: The DNS receives a domain name resolution request message sent by the client, and the domain name resolution request message carries the source IP address of the client and information about the domain name requested by the client.
[0088] In this step, ...
PUM
Abstract
Description
Claims
Application Information
- R&D Engineer
- R&D Manager
- IP Professional
- Industry Leading Data Capabilities
- Powerful AI technology
- Patent DNA Extraction
Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.
© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com