Cloud protection method and device based on tunnel mode

Abstract

The embodiment of the invention discloses a cloud protection method and device based on a tunnel mode. The method comprises the steps of analyzing a first access request sent by a client, thereby acquiring a first source address and a first destination address; modifying the source address of the first access request into an IP address of a cloud protection node and modifying the destination address of the first access request to the IP address of a tunnel receiver, thereby acquiring a second access request; adding an expansion field to the second access request and adding the first source address and the first destination address to the expansion field, thereby acquiring a third access request; and sending the third access request to the tunnel receiver, thereby enabling the tunnel receives to forward the third access request to a true server. The expansion field is added to the access request and the first source address and the first destination address, namely the address of the client and the address of the true server, are stored to the expansion field, so the true address of the client can be acquired, an access mode is simple, the configuration of a great deal of port mapping is avoided, and the operation and maintenance cost is greatly reduced.

Description

technical field [0001] The embodiments of the present invention relate to the technical field of network security, and in particular to a tunnel mode-based cloud protection method and device. Background technique [0002] Anti-DDoS Pro cloud protection service needs to resolve the domain name to Anti-DDoS Pro IP (for web services, the domain name resolution points to Anti-Defense IP, and for non-web services, the business IP is replaced with Anti-Defense IP), and at the same time, forwarding rules are set on Anti-DDoS Pro IP. All public network traffic will first pass through the high-defense cleaning cloud node, and the access traffic will be forwarded to the source station IP through the high-defense IP through port protocol forwarding. Return to the IP of the source site, so as to ensure the protection service of stable access to the IP of the source site. [0003] In the existing technology of Alibaba Cloud Anti-Defense, if the host outside the cloud wants to use the An...

AI Technical Summary

Problems solved by technology

[0003] In the existing technology of Alibaba Cloud Anti-Defense, if the host outside the cloud wants to use the Anti-Advanced service and obtain the real address of the client, the user must first support Redhat Linux or Centos 6.x, then download and install the kernel, and load the TOA module , this method of access is complicated, and the Windows server outside the cloud cannot use the high-defense Alibaba Cloud high-defense service

In addition, the access of Alibaba Cloud Anti-Defense Pro still needs to configure port mapping. If the user service uses a large number of ports, a large number of port mappings need to be configured, which increases the operation and maintenance cost.

[0004] In the process of implementing the embodiment of the present invention, the inventor found that if the existing method needs to know the real address of the client when using the high-defense service, the access method is complicated, and a large number of port mappings need to be configured, which increases the operation and maintenance cost

Images