[go: up one dir, main page]

CN100412788C - A Simple Method of Accessing Network Operator's Portal - Google Patents

A Simple Method of Accessing Network Operator's Portal Download PDF

Info

Publication number
CN100412788C
CN100412788C CNB021235023A CN02123502A CN100412788C CN 100412788 C CN100412788 C CN 100412788C CN B021235023 A CNB021235023 A CN B021235023A CN 02123502 A CN02123502 A CN 02123502A CN 100412788 C CN100412788 C CN 100412788C
Authority
CN
China
Prior art keywords
portal
message
server
website
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Lifetime
Application number
CNB021235023A
Other languages
Chinese (zh)
Other versions
CN1416056A (en
Inventor
涂伯颜
史文江
张劲峰
杨宏杰
赵文鹏
王锋波
罗成
肖维
董靖宇
谢小娟
温元德
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Dunjun Technology Co ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Family has litigation
First worldwide family litigation filed litigation Critical https://patents.darts-ip.com/?family=4745146&utm_source=google_patent&utm_medium=platform_link&utm_campaign=public_patent_search&patent=CN100412788(C) "Global patent litigation dataset” by Darts-ip is licensed under a Creative Commons Attribution 4.0 International License.
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CNB021235023A priority Critical patent/CN100412788C/en
Publication of CN1416056A publication Critical patent/CN1416056A/en
Application granted granted Critical
Publication of CN100412788C publication Critical patent/CN100412788C/en
Anticipated expiration legal-status Critical
Expired - Lifetime legal-status Critical Current

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

本发明涉及一种简易访问网络运营商门户网站的方法,是一种强制(Portal)业务技术。对现有“目的地址转换+源地址转换+重定向”(DNAT+SNAT+Redirect)技术方案进行提练,可简化强制实现过程和减轻对接入服务器底层硬件的要求。接入服务器将门户业务用户设备未通过认证前的第一个上行HTTP报文,直接提交给“虚拟Web服务器”;由该“虚拟Web服务器”虚拟成用户要访问的网站与门户业务用户设备建立TCP连接,向门户业务用户设备发重定向到真正门户网站的报文;收到重定向报文后的门户业务用户设备的浏览器自动发起对真正门户网站的访问。接入服务器对非Portal用户设备的IP报文、用户直接访问门户网站的报文和进行域名解析的DNS报文则作直接转发处理。

Figure 02123502

The invention relates to a method for simply accessing a portal website of a network operator, which is a mandatory (Portal) service technology. Refining the existing "destination address translation + source address translation + redirection" (DNAT+SNAT+Redirect) technical solution can simplify the mandatory implementation process and reduce the requirements on the underlying hardware of the access server. The access server directly submits the first upstream HTTP message before the portal service user equipment fails authentication to the "virtual web server"; the "virtual web server" virtualizes the website that the user wants to visit and establishes the TCP connection, sending a message redirecting to the real portal website to the portal service user equipment; after receiving the redirect message, the browser of the portal service user equipment automatically initiates a visit to the real portal website. The access server directly forwards the IP packets of non-Portal user equipment, the packets of users directly accessing the portal website, and the DNS packets for domain name resolution.

Figure 02123502

Description

一种简易访问网络运营商门户网站的方法 A Simple Method of Accessing Network Operator's Portal

技术领域 technical field

本发明涉及一种互联网技术,更确切地说是涉及一种与强制(Portal)业务有关的技术。The present invention relates to an Internet technology, more specifically to a technology related to mandatory (Portal) services.

背景技术 Background technique

Portal业务是NSP/ISP(网络服务提供商/英特网服务提供商)提供给用户的一种新型的宽带接入业务,用户在上网时,可以通过标准的WWW浏览器(Internet Explorer或Netscape Navigator)访问其门户网站(Portal_Server,通过Web Server来实现)进行。各运营商有自己的Portal_Server。Portal service is a new type of broadband access service provided by NSP/ISP (Network Service Provider/Internet Service Provider) to users. When users surf the Internet, they can use standard WWW browsers (Internet Explorer or Netscape Navigator ) to visit its portal website (Portal_Server, realized by Web Server). Each operator has its own Portal_Server.

由于目前任何一个用户要访问任一个网站都需直接输入该网站的域名或者IP地址方可进行,用户访问Portal业务的网站时也需按以下步骤进行:先打开浏览器,输入Portal_Server的IP地址或域名,访问到该Portal业务的门户网站;然后再在该门户网站的主页上输入用户名和密码进行认证;经过认证获得相应的上网权限。此外,可在此主页上动态选择适合用户自己的业务,或查询用户关心的一些信息,实现用户对自己的管理等。也即,用户每次要访问Portal_Server网站,都必须在浏览器上输入完整的域名或者IP地址才能进行。Since any user needs to directly enter the domain name or IP address of the website to access any website, the user also needs to follow the steps below to access the website of the Portal business: first open the browser, enter the IP address of the Portal_Server or Domain name, access to the portal website of the Portal business; then enter the user name and password on the homepage of the portal website for authentication; after authentication, obtain the corresponding Internet access authority. In addition, on this homepage, you can dynamically select the business that suits you, or query some information that you care about, so that you can manage yourself. That is, every time the user wants to visit the Portal_Server website, he must input the complete domain name or IP address on the browser to proceed.

根据以上陈述,Portal_Server作为Portal业务的重要组成部分,是Portal业务的用户上网时必须访问的网站,是用户上网时的门户。如果采用上述传统的访问网站的方法,即每次都需输入域名和IP地址,就必须要求运营商向每个用户提供其网站的域名或IP地址,同时用户也必须记住该网站的域名或IP地址,显然给运营商和用户都带来不便,从而不利于Portal业务的推广。According to the above statement, Portal_Server, as an important part of the Portal business, is the website that the users of the Portal business must visit when surfing the Internet, and is the portal when the users surf the Internet. If the above-mentioned traditional method of accessing a website is adopted, that is, a domain name and an IP address need to be input every time, the operator must be required to provide each user with the domain name or IP address of its website, and the user must also remember the domain name or IP address of the website simultaneously. The IP address obviously brings inconvenience to operators and users, which is not conducive to the promotion of Portal services.

由于Portal_Server门户网站是Portal业务的用户上网时必经的入口网站,对它提供一个十分简易方便的访问方法显得尤其重要。Since the Portal_Server portal site is the portal site that must be passed by the users of the Portal business when surfing the Internet, it is particularly important to provide a very simple and convenient access method for it.

为了方便运营商对Portal业务的开展和方便用户的使用,必须针对上述问题设计一种新的访问Portal业务网站的方法,使Portal业务的用户不必关心这个Portal_Server的域名或IP,用户正常地按自己的习惯上网,随意地在浏览器地址栏上输入用户自己熟悉的域名或IP,或者甚至是随便地敲入几个数字,就能被自动地引导到这个门户网站上,方便用户登录此网站。In order to facilitate the development of Portal services by operators and the use of users, it is necessary to design a new method of accessing the Portal service website for the above problems, so that users of Portal services do not need to care about the domain name or IP of this Portal_Server, and users normally press their own If you are used to surfing the Internet, you can randomly enter the domain name or IP that you are familiar with in the browser address bar, or even type in a few numbers casually, and you will be automatically directed to this portal website, which is convenient for users to log in to this website.

为了方便用户登录此网站,需要一种技术使用户在首次登录时,访问任何网站都被强制到Portal_Server网站,在这上面完成认证和业务选择;同时在用户通过认证后,保证用户再访问任何网站时将不会再被强制,也就是用户可正常上网。本发明要解决的问题正是如何将用户首次登录时要进行的任何访问都强制到Portal_Server网站,以及在用户通过认证后不再进行强制,保证用户正常上网。In order to facilitate the user to log in to this website, a technology is needed so that when the user logs in for the first time, any website he visits will be forced to the Portal_Server website, where the authentication and business selection are completed; at the same time, after the user passes the authentication, it is guaranteed that the user will visit any website again It will no longer be forced, that is, users can surf the Internet normally. The problem to be solved by the present invention is exactly how to force any visits to be carried out by the user to the Portal_Server website when logging in for the first time, and no longer force after the user passes the authentication, so as to ensure the normal access of the user.

输入任何正确的域名、IP地址或者甚至是任何的数字,都能访问到门户网站,这种方法显然最为简易。强制Portal技术正是这样的一种技术。Enter any correct domain name, IP address or even any number to access the portal, which is obviously the easiest method. Mandatory Portal technology is just such a technology.

有一种强制Portal技术,简称为目的地址转换+源地址转换+重定向技术(DNAT+SNAT+Redirect),包括:在接入服务器端正常的IP包处理流程中引入目的地址转换(DNAT)和源地址转换(SNAT)相结合的技术,和在门户网站(Portal_Server)端引入重定向(Redirect)的技术。其具体的实现步骤是:There is a mandatory Portal technology, referred to as destination address translation + source address translation + redirection technology (DNAT+SNAT+Redirect), including: the introduction of destination address translation (DNAT) and source The technology of combining address translation (SNAT) and the technology of introducing redirection (Redirect) at the portal (Portal_Server) side. Its specific implementation steps are:

在接入服务器上,对于Portal业务用户未通过认证前的第一个HTTP报文进行强制的目的地址转换(DNAT),将用户要访问的目的网站的地址替换成Portal_Server的地址,从而将该HTTP报文强制到Portal_Server上;On the access server, mandatory destination address translation (DNAT) is performed on the first HTTP message of the Portal business user before the authentication, and the address of the destination website to be accessed by the user is replaced with the address of Portal_Server, thereby the HTTP The message is forced to Portal_Server;

当Portal_Server收到这样的第一个HTTP报文后,建立TCP连接,同时向用户端发送包含重定向(Redirect)信息的回应报文,让用户端可以直接用Portal_Server的IP地址连接到Portal_Server上;After Portal_Server receives such first HTTP message, establishes TCP connection, sends the response message that comprises redirection (Redirect) information to client simultaneously, allows client to directly be connected on the Portal_Server with the IP address of Portal_Server;

当接入服务器接收到来自Portal_Server的IP包,且其目的地址为未通过验证的用户的时,进行强制的源地址转换(SNAT),将Portal_Server的地址替换成用户原来要访问的网站地址,使客户端可以正常建立起TCP连接;When the access server receives the IP packet from Portal_Server, and its destination address is the user who has not passed the authentication, it will perform mandatory source address translation (SNAT), and replace the address of Portal_Server with the address of the website that the user originally wanted to visit, so that The client can establish a TCP connection normally;

最后,用户端接收由Portal_Server带回的含有Redirect信息的报文后,就可以自动的以Portal_Server的IP地址直接访问Portal_Server。这之后接入服务器对于IP包的处理就将是正常的转发流程处理过程。这样也就完成了强制Portal。Finally, after receiving the message containing the Redirect information brought back by the Portal_Server, the client can automatically access the Portal_Server directly with the IP address of the Portal_Server. After that, the processing of the IP packet by the access server will be a normal forwarding process. This completes the mandatory Portal.

上述方案是基于三个较为独立的部分具体实现的:接入服务器对上行报文的处理过程(DNAT)、接入服务器对下行报文的处理过程(SNAT)和门户网站(Portal_Server)的重定向处理(Redirect)过程。The above scheme is implemented based on three relatively independent parts: the processing process of the access server to the upstream message (DNAT), the processing process of the access server to the downstream message (SNAT) and the redirection of the portal website (Portal_Server) Process (Redirect) process.

上述的“DNAT+SNAT+Redirect”方案,虽然可以很好地实现强制Portal的功能,但是在其实现中,接入服务器端的上行处理(DNAT)和下行处理(SNAT)都必须借助于接入服务器的底层硬件,无疑增加了底层硬件的额外负担,相应降低了接入服务器的网络处理能力。这一点对处理能力要求很高的宽带设备来说,显然是很不利的。Although the above-mentioned "DNAT+SNAT+Redirect" scheme can well realize the function of mandatory Portal, in its implementation, both the uplink processing (DNAT) and downlink processing (SNAT) of the access server must rely on the access server The low-level hardware undoubtedly increases the additional burden of the low-level hardware and correspondingly reduces the network processing capacity of the access server. This is obviously very unfavorable for broadband devices that require high processing capabilities.

发明内容 Contents of the invention

本发明的目的是设计一种简易访问网络运营商门户网站的方法,对现有“DNAT+SNAT+Redirect”技术方案进行提练,以尽量简化强制Portal过程中对于接入服务器底层硬件的要求,同时简化其实现技术。The purpose of the present invention is to design a method for simply accessing the network operator's portal website, refining the existing "DNAT+SNAT+Redirect" technical solution, so as to simplify the requirements for accessing the underlying hardware of the server in the forced Portal process as much as possible, Simultaneously simplify its implementation technology.

为了实现上述目的,本发明提供了一种简易访问网络运营商门户网站的方法,其特征在于包括以下处理步骤:In order to achieve the above object, the present invention provides a kind of method for simply visiting network operator's portal website, it is characterized in that comprising the following processing steps:

A.接入服务器底层硬件对门户业务用户设备未通过认证前的第一个上行HTTP报文,直接提交给“虚拟Web服务器”,该“虚拟Web服务器”功能由接入服务器高层软件的“虚拟Web服务器”模块实现;A. The underlying hardware of the access server directly submits the first uplink HTTP packet before the authentication of the portal business user equipment to the "virtual Web server". Implementation of the "Web server" module;

B.由该“虚拟Web服务器”虚拟成用户要访问的网站与门户业务用户设备建立TCP连接,“虚拟Web服务器”向接入服务器底层硬件返回含有重定向向信息的报文,再由接入服务器底层硬件按正常的转发流程向门户业务用户设备发一个重定向到真正门户网站(Portal_Server)的报文;B. The "virtual web server" virtualizes the website that the user wants to visit and establishes a TCP connection with the portal service user equipment, and the "virtual web server" returns a message containing redirection information to the underlying hardware of the access server, and then the access The underlying hardware of the server sends a message redirecting to the real portal website (Portal_Server) to the portal business user equipment according to the normal forwarding process;

C.收到重定向报文后的门户业务用户设备的浏览器自动发起对真正门户网站(Portal_Server)的访问。C. After receiving the redirect message, the browser of the portal service user equipment automatically initiates a visit to the real portal website (Portal_Server).

所述的步骤A,由门户业务用户在浏览器上输入任何正确的域名、IP地址或任何的数字,形成上行IP报文;所述的步骤B,由“虚拟Web服务器”虚拟成该IP报文的IP地址的网站。In the step A, the portal service user inputs any correct domain name, IP address or any number on the browser to form an uplink IP message; in the step B, the IP message is virtualized by the "virtual Web server". Text the IP address of the website.

所述的步骤A前进一步包括以下处理步骤:Before described step A, further comprise the following processing steps:

A1.接入服务器分析上行IP报文连接信息,对于判断为非门户业务用户设备的IP报文,作直接转发处理;A1. The access server analyzes the connection information of the uplink IP message, and performs direct forwarding processing for the IP message judged to be a non-portal service user equipment;

A2.接入服务器对于是门户业务用户设备的IP报文进一步确定是否是直接访问门户网站(Portal_Server)的报文,和进一步确定是否是进行域名解析的DNS报文;A2. The access server further determines whether the IP message of the portal business user equipment is a message for directly accessing the portal website (Portal_Server), and further determines whether it is a DNS message for domain name resolution;

A3.接入服务器对于是直接访问门户网站(Portal_Server)的报文或是进行域名解析的DNS报文,作直接转发处理;A3. The access server performs direct forwarding processing on the message for directly accessing the portal website (Portal_Server) or the DNS message for domain name resolution;

A4.接入服务器对于不是直接访问Portal_Server的报文或不是进行域名解析的DNS报文,进一步确定是否是门户业务用户设备未通过认证前的第一个上行HTTP报文;A4. The access server further determines whether it is the first upstream HTTP message before the portal business user equipment fails to pass the authentication for the message that does not directly access the Portal_Server or the DNS message that does not perform domain name resolution;

A5.对于不是门户业务用户设备未通过认证前的第一个上行HTTP报文设置丢弃标志。A5. Set the discard flag for the first uplink HTTP packet before the user equipment of the portal service fails to pass the authentication.

本发明超越了DNAT和SNAT技术,仅提取出了“Redirect”的设计思想,设计出了由接入服务器的高层软件来完成强制Portal的“Redirect”技术方案。The present invention surpasses the DNAT and SNAT technologies, only extracts the design idea of "Redirect", and designs the "Redirect" technical solution of forcing the Portal to be completed by the high-level software connected to the server.

本发明实现的输入任何正确的域名、IP地址和任何的数字都可以自动被强制到Portal_Server网站的技术方案,同利用“DNAT+SNAT+Redirect”的技术方案相比,除了有大大减少接入服务器设备底层硬件的负担、提高设备处理报文能力的优点外,还有以下的一些优点:The technical scheme that the input of any correct domain name, IP address and any number realized by the present invention can be automatically forced to the Portal_Server website, compared with the technical scheme utilizing "DNAT+SNAT+Redirect", except greatly reducing the number of access servers In addition to the burden of the underlying hardware of the device and the advantages of improving the ability of the device to process packets, there are some advantages as follows:

1.因去掉了DNAT和SNAT的过程,故简化了强制Portal的处理过程;1. Since the process of DNAT and SNAT is removed, the process of forcing Portal is simplified;

2.本发明相对于“DNAT+SNAT+Redirect”技术方案,不但省去了DNAT和SNAT的过程,同时由于“虚拟Web Server”是在接入服务器的软件上实现的,对它的访问要比访问实际网站快,故提高了强制Portal的速度;2. The present invention not only saves the process of DNAT and SNAT with respect to "DNAT+SNAT+Redirect" technical scheme, simultaneously because "virtual Web Server" is realized on the software of access server, its visit is compared to Access to the actual website is fast, so the speed of the mandatory Portal is increased;

3.本发明对Portal_Server,没有了对用户上来的第一个报文要进行重定向的特殊要求,Portal_Server的建设同一般的网站完全相同,不需要增加什么特殊的处理,这就大大提高了强制Portal这一功能的兼容性,跟任何PortalServe都可以对接。而这一点对于通信设备是相当重要的。3. the present invention does not have the special requirement that redirection is carried out to the first message that the user comes up to Portal_Server, and the construction of Portal_Server is exactly the same as general website, does not need to increase any special processing, and this has just improved mandatory Compatibility of this Portal function can be connected with any PortalServe. And this is very important for communication equipment.

附图说明 Description of drawings

图1是本发明利用“Redirect”技术实现强制Portal的过程示意图;Fig. 1 is the process schematic diagram that the present invention utilizes " Redirect " technology to realize mandatory Portal;

图2是接入服务器对IP上行转发流程的处理过程框图。Fig. 2 is a block diagram of the processing procedure of the access server for the IP uplink forwarding process.

具体实施方式 Detailed ways

研究“DNAT+SNAT+Redirect”的强制Portal方案,其主要的设计思想就是把用户对于除Portal_Server外的任何网站的访问都强制到Portal_Server上,然后由Portal_Server向客户端发出一个重定向(Redirect)报文,让客户端直接连接到Portal_Server上。可以说它的最终目的就是这个重定向。而DNAT和SNAT只是为了让这个报文到达Portal_Server才产生的。基于这个情况,本发明仅提取这个重定向的思想,设计了一种可以不需要作DNAT和SNAT的强制Portal技术方案。Study the mandatory Portal scheme of "DNAT+SNAT+Redirect", the main design idea is to force the user's access to any website except Portal_Server to Portal_Server, and then Portal_Server sends a redirection (Redirect) report to the client. Text, let the client directly connect to the Portal_Server. It can be said that its ultimate purpose is this redirection. DNAT and SNAT are only generated to allow this message to reach Portal_Server. Based on this situation, the present invention only extracts the idea of redirection, and designs a mandatory Portal technical solution that does not require DNAT and SNAT.

其设计思想是这样的:既然在强制Portal的过程中Portal_Server只简单的起到向用户发一个重定向报文的作用,那么就完全可以在接入服务器端实现一个简易的“虚拟Web Server”,它的功能就是接收用户需做强制Portal的报文,虚拟成用户要访问的网站与之建立TCP连接,然后由该“虚拟Web Server”向用户端发一个重定向到Portal_Server的报文,以便让用户直接访问Portal_Server。这时由于这个虚拟的“Web Server”是在接入服务器端通过软件实现的,当接入服务器的底层硬件接收到一个报文时,只需简单地判断一下该报文是否是需要做强制Portal的报文,如果是,就直接将这个报文提交给这个“虚拟Web Server”就可以了,而这个“虚拟Web Server”向用户端返回的报文就相当于用户要访问的Portal_Server网站返回的报文,所以就不必再作源地址转换(SNAT)了,完全可按正常的IP转发流程处理。最后用户端收到重定向报文后,浏览器就会自动发起对真正的Portal_Server的访问,实现强制Portal。Its design idea is as follows: since Portal_Server simply plays the role of sending a redirection message to the user in the process of forcing the Portal, it is completely possible to implement a simple "virtual Web Server" on the access server side, Its function is to receive the message that the user needs to make a mandatory Portal, virtualize it into a website that the user wants to visit and establish a TCP connection with it, and then send a message redirected to Portal_Server by the "virtual Web Server" to the user end, so that Users access Portal_Server directly. At this time, since the virtual "Web Server" is realized through software on the access server side, when the underlying hardware of the access server receives a message, it only needs to simply judge whether the message needs to be a mandatory Portal If so, just submit the message to the "virtual Web Server" directly, and the message returned by the "virtual Web Server" to the client is equivalent to the one returned by the Portal_Server website that the user wants to visit. packet, so there is no need to perform source address translation (SNAT), and it can be processed according to the normal IP forwarding process. Finally, after the client receives the redirect message, the browser will automatically initiate a visit to the real Portal_Server to implement the forced Portal.

由于本发明的主要技术是利用“虚拟Web Server”向客户端发重定向报文,从而实现强制Portal,从而形成一种利用‘Redirect’实现的强制Portal技术。Because main technology of the present invention is to utilize " virtual Web Server " to send redirection message to client, thereby realizes mandatory Portal, thereby forms a kind of mandatory Portal technology utilizing ' Redirect ' to realize.

参见图1,图中流程示出本发明的主体设计思想,包括:通过接入服务器上的“虚拟Web Server”和IP上行转发流程相配合,实现强制Portal技术。Referring to Fig. 1, the process flow in the figure shows the main design idea of the present invention, including: the forced Portal technology is realized by cooperating with the "virtual Web Server" on the access server and the IP uplink forwarding process.

步骤1,用户(PC)输入任何正确的域名、IP地址或任何数字(如新浪Sina网站的域名或IP地址),用户(PC)向浏览器地址栏输入任何正确的域名、IP地址或任何的数字,若用户输入的是域名或IP地址,则接入服务器(BAS)会获得该域名或IP地址的域名解析服务器(DNS)报文,若用户输入的是任何的数字,浏览器对于未能建立起连接的IP地址输入,会自动将其当作字符,再加上WWW前缀和com等后缀,然后发出含有DNS解析报文的IP报文;Step 1, the user (PC) enters any correct domain name, IP address or any number (such as the domain name or IP address of the Sina Sina website), and the user (PC) inputs any correct domain name, IP address or any number to the browser address bar. If the user enters a domain name or IP address, the access server (BAS) will obtain the domain name resolution server (DNS) message of the domain name or IP address. If the user enters any number, the browser will respond to the failure Enter the IP address to establish a connection, it will be automatically regarded as a character, plus a WWW prefix and a suffix such as com, and then send an IP message containing a DNS resolution message;

步骤2,当接入服务器的底层硬件接收到一个报文,经判断是需要做强制Portal的报文时,直接将这个报文提交给接入服务器端的“虚拟Web Server”(如虚拟Sina);Step 2, when the underlying hardware of the access server receives a message, when it is judged that it is necessary to make a mandatory Portal message, this message is directly submitted to the "virtual Web Server" (such as virtual Sina) of the access server;

步骤3,“虚拟Web Server”(如虚拟Sina)对接收到的报文进行分析,得到目的IP地址,并将该目的IP地址作为这个“虚拟Web Server”(如虚拟Sina)的地址,此时的这个“虚拟Web Server”(如虚拟Sina)就虚拟了用户要访问的网站了,由“虚拟Web Server”(如虚拟Sina)向接入服务器底层硬件返回含有重定向信息的报文;Step 3, "virtual Web Server" (such as virtual Sina) analyzes the received message, obtains the destination IP address, and uses the destination IP address as the address of this "virtual Web Server" (such as virtual Sina), at this time This "virtual Web Server" (such as virtual Sina) has just virtualized the website that the user will visit, and the "virtual Web Server" (such as virtual Sina) returns a message containing redirection information to the underlying hardware of the access server;

步骤4,接入服务器(BAS)向用户(PC)端响应一个重定向报文,该重定向报文须告诉用户要和真正的Portal_Server建立连接并访问该Portal_Server,这个重定向报文就相当于是用户要访问的Portal_Server网站返回的报文,IP转发流程按正常的转发流程处理;Step 4, the access server (BAS) responds a redirection message to the user (PC), the redirection message must tell the user to establish a connection with the real Portal_Server and visit the Portal_Server, and this redirection message is equivalent to For the message returned by the Portal_Server website that the user wants to visit, the IP forwarding process is processed according to the normal forwarding process;

步骤5,最后,用户(PC)端接收由接入服务器(BAS)返回的由“虚拟WebServer”(如虚拟Sina)带回的含有重定向信息的报文后,就可以自动地以Portal_Server的IP地址直接访问Portal_Server(P.S),这之后对于IP包的处理就将是正常的转发流程了。Step 5, at last, after the user (PC) receives the message containing the redirection information brought back by the "virtual WebServer" (such as virtual Sina) returned by the access server (BAS), it can automatically use the IP address of Portal_Server The address directly accesses the Portal_Server (P.S), after which the processing of the IP packet will be a normal forwarding process.

这样也就完成了强制Portal。This completes the mandatory Portal.

参见图2,图中示出接入服务器对IP报文上行转发流程的处理过程。主要包括接入服务器对用户端上行报文的处理过程,和“虚拟Web Server”对接收到的报文进行下行转发的处理过程。Referring to FIG. 2 , the figure shows the process of the access server forwarding the IP packet uplink. It mainly includes the processing process of the access server to the client's uplink message, and the processing process of the "virtual Web Server" forwarding the received message downlink.

步骤201,接入服务器接收来自用户端的上行IP报文;Step 201, the access server receives an uplink IP packet from the client;

步骤202,接入服务器在对该上行IP报文进行正常包处理的过程中,根据分析报文连接信息判断其是否是Portal业务用户,若是则继续执行步骤203;Step 202, the access server judges whether it is a Portal service user according to the analysis message connection information during the normal packet processing process of the uplink IP message, and if so, continues to perform step 203;

步骤203,通过比较该用户的目的IP地址与接入服务器设备上已配置好的一个或几个Portal_Server的IP地址,判断该用户报文是否是直接访问Portal_Server的报文(一致即为直接访问),和根据目的端口号判断是不是进行域名解析的DNS(域名解析服务器)报文,若都不是则继续执行步骤204;Step 203, by comparing the user's destination IP address and the IP address of one or several Portal_Servers configured on the access server device, it is judged whether the user's message is a message for directly accessing the Portal_Server (consistency is direct access) , and judge whether to carry out the DNS (domain name resolution server) message of domain name resolution according to destination port number, if not then continue to execute step 204;

步骤204,根据仅分配给HTTP报文使用的标准端口号,可进一步判断出是否是Portal业务用户未通过认证前的首个HTTP报文,若是则继续执行步骤206;Step 204, according to the standard port number that is only assigned to the HTTP message, it can be further judged whether it is the Portal service user's first HTTP message before authentication, if so, continue to perform step 206;

步骤205,对于经步骤202判断为是Portal业务用户的报文、但经步骤203判断为不是直接访问Portal_Server的报文或不是进行域名解析的DNS报文,又经步骤204判断为不是HTTP报文的其他报文,则在该IP报文中设置丢弃标志,并入发送队列模块,由发送队列模块对其作丢弃处理;Step 205, for being judged to be the message of Portal business user through step 202, but being judged through step 203 as not directly visiting the message of Portal_Server or not carrying out the DNS message of domain name resolution, being judged as being not HTTP message through step 204 again other messages, the discard flag is set in the IP message, merged into the sending queue module, and it is discarded by the sending queue module;

步骤206,将经步骤204处理后确定为Portal业务用户未通过认证前的首个HTTP报文提交给用户目的IP地址的“虚拟Web Server”模块处理;Step 206, after being processed in step 204, it is determined that the first HTTP message before the Portal service user fails to pass the authentication is submitted to the "virtual Web Server" module processing of the user's purpose IP address;

步骤207,对于经步骤202判断为不是Portal业务用户的报文、或经步骤203判断为是直接访问Portal_Server的报文或是进行域名解析的DNS报文,则按正常的转发流程对IP报文进行转发处理;Step 207, for being judged as being not the message of Portal service user through step 202 or being judged through step 203 as being the message of directly visiting Portal_Server or carrying out the DNS message of domain name resolution, then by normal forwarding process to IP message carry out forwarding processing;

步骤208,将进行正常转发处理的IP报文放入发送队列中。Step 208, putting the IP packets for normal forwarding processing into the sending queue.

综上所述,IP上行转发流程先判断输入的IP报文是否为Portal业务的用户报文,如果是属于Portal业务的用户报文,则转发流程要依次按以下三条原则处理,否则按正常转发流程处理,这三条处理原则是:To sum up, the IP upstream forwarding process first judges whether the input IP packet is a user packet of the Portal service. If it is a user packet of the Portal service, the forwarding process must be processed according to the following three principles in turn, otherwise it is forwarded normally Process processing, the three processing principles are:

一.对于直接访问Portal_Server的IP报文,或者是进行域名解析的DNS报文,让其直接通过,保证了直接访问Portal_Server的用户IP报文可以直接通过,这样对于客户端被重定向到Portal_Server后的访问就不必再作强制了,对于域名解析的DNS报文也可以直接通过,则保证了用户在输入网站域名后可以通过域名解析得到其相应的IP地址;1. For the IP message directly accessing Portal_Server, or the DNS message for domain name resolution, let it pass directly to ensure that the user IP message directly accessing Portal_Server can pass directly, so that after the client is redirected to Portal_Server There is no need to enforce the access, and the DNS message for domain name resolution can also be passed directly, which ensures that the user can obtain the corresponding IP address through domain name resolution after entering the domain name of the website;

二.对于是访问Portal_Server的HTTP报文,则提交给“虚拟Web Server”模块处理;2. for being to visit the HTTP message of Portal_Server, then submit to " virtual Web Server " module processing;

三.丢弃其他报文。3. Discard other packets.

经图2步骤206处理后的IP报文送入“虚拟Web Server”。The IP message processed by step 206 in Fig. 2 is sent into "Virtual Web Server".

“虚拟Web Server”对接收到的IP报文按下面流程处理:"Virtual Web Server" processes the received IP packets according to the following process:

对于接收到的IP报文进行分析,得到目的IP地址,将该目的IP地址作为这个“虚拟Web Server”的地址,即此时的这个“虚拟Web Server”就虚拟为用户要访问的网站了;Analyze the received IP message to obtain the destination IP address, and use the destination IP address as the address of this "virtual Web Server", that is, this "virtual Web Server" at this time is virtualized as the website that the user wants to visit;

 “虚拟Web Server”给用户端响应一个重定向报文,在此重定向报文中,须告诉用户端要和真正的Portal_Server建立连接并访问该真正的Portal_Server,这个重定向报文就相当于是由用户要访问的网站发出的,接入服务器的IP转发流程按正常流程对其进行处理;"Virtual Web Server" responds to the client with a redirection message. In this redirection message, the user must be told to establish a connection with the real Portal_Server and visit the real Portal_Server. This redirection message is equivalent to The IP forwarding process of the access server will process it according to the normal process when it is sent by the website that the user wants to visit;

接入服务器将重定向报文传递给IP转发流程进行下行转发处理;The access server passes the redirect message to the IP forwarding process for downlink forwarding processing;

用户端的浏览器根据接收到的重定向报文,自动发起对真正的Portal_Server的访问,完成强制Portal。The browser at the client end automatically initiates access to the real Portal_Server according to the received redirection message to complete the forced Portal.

本发明的方法,是一种利用“Redirect”实现的强制Portal方案。为实现强制Portal技术,建立起“虚拟Web Server”,以实现重定向,并利用“虚拟WebServer”回应用户重定向(Redirect)报文。The method of the present invention is a mandatory Portal solution realized by "Redirect". For realizing mandatory Portal technology, set up " virtual Web Server ", to realize redirection, and utilize " virtual Web Server " to reply user redirection (Redirect) message.

本发明经在宽带接入服务器中验证,证明可完全达到强制Portal的要求,且效果良好。The invention is verified in the broadband access server, which proves that it can fully meet the requirement of mandatory Portal, and has good effect.

Claims (4)

1. 一种简易访问网络运营商门户网站的方法,其特征在于包括以下处理步骤:1. A method for simple and easy access to the network operator portal, characterized in that it comprises the following processing steps: A.接入服务器底层硬件对门户业务用户设备未通过认证前的第一个上行HTTP报文,直接提交给“虚拟Web服务器”,该“虚拟Web服务器”功能由接入服务器高层软件的“虚拟Web服务器”模块实现;A. The underlying hardware of the access server directly submits the first uplink HTTP packet before the authentication of the portal business user equipment to the "virtual Web server". Implementation of the "Web server" module; B.由该“虚拟Web服务器”虚拟成用户要访问的网站与门户业务用户设备建立TCP连接,“虚拟Web服务器”向接入服务器底层硬件返回含有重定向信息的报文,再由接入服务器底层硬件按正常的转发流程向门户业务用户设备发一个重定向到真正门户网站Portal_Server的报文;B. The "virtual web server" virtualizes the website that the user wants to visit and establishes a TCP connection with the portal service user equipment, and the "virtual web server" returns a message containing redirection information to the underlying hardware of the access server, and then the access server The underlying hardware sends a message redirected to the real portal website Portal_Server to the portal business user equipment according to the normal forwarding process; C.收到重定向报文后的门户业务用户设备的浏览器自动发起对真正门户网站Portal_Server的访问。C. After receiving the redirect message, the browser of the portal service user equipment automatically initiates a visit to the real portal website Portal_Server. 2. 根据权利要求1所述的一种简易访问网络运营商门户网站的方法,其特征在于:所述的步骤A,由门户业务用户在浏览器上输入任何正确的域名、IP地址或任何的数字,形成上行IP报文;所述的步骤B,由“虚拟Web服务器”虚拟成该IP报文的IP地址的网站。2. A method for simply accessing the portal website of a network operator according to claim 1, characterized in that: in the step A, the portal service user inputs any correct domain name, IP address or any number, forming an uplink IP message; in the step B, the "virtual Web server" is virtualized into a website with the IP address of the IP message. 3. 根据权利要求1所述的一种简易访问网络运营商门户网站的方法,其特征在于所述的步骤A前进一步包括以下处理步骤:3. The method for a kind of simple access network operator portal website according to claim 1, it is characterized in that described step A further comprises the following processing steps: A1.接入服务器分析上行IP报文连接信息,对于判断为非门户业务用户设备的IP报文,作直接转发处理;A1. The access server analyzes the connection information of the uplink IP message, and performs direct forwarding processing for the IP message judged to be a non-portal service user equipment; A2.接入服务器对于是门户业务用户设备的IP报文进一步确定是否是直接访问门户网站Portal_Server的报文,和进一步确定是否是进行域名解析的DNS报文;A2. The access server further determines whether the IP message of the portal service user equipment is a message directly accessing the portal website Portal_Server, and further determines whether it is a DNS message for domain name resolution; A3.接入服务器对于是直接访问门户网站Portal_Server的报文或是进行域名解析的DNS报文,作直接转发处理;A3. The access server performs direct forwarding processing for the message directly accessing the portal website Portal_Server or the DNS message for domain name resolution; A4.接入服务器对于不是直接访问Portal_Server的报文或不是进行域名解析的DNS报文,进一步确定是否是门户业务用户设备未通过认证前的第一个上行HTTP报文;A4. The access server further determines whether it is the first upstream HTTP message before the portal business user equipment fails to pass the authentication for the message that does not directly access the Portal_Server or the DNS message that does not perform domain name resolution; A5.对于不是门户业务用户设备未通过认证前的第一个上行HTTP报文设置丢弃标志。A5. Set the discard flag for the first uplink HTTP packet before the user equipment of the portal service fails to pass the authentication. 4. 根据权利要求3所述的一种简易访问网络运营商门户网站的方法,其特征在于:所述步骤A2,是根据门户业务用户设备的目的IP地址与接入服务器设备上已配置好的门户网站Portal_Server的IP地址比较结果,判断用户报文是否是直接访问门户网站Portal_Server的报文,和根据目的端口号判断是不是进行域名解析的DNS报文;所述步骤A4,是根据仅分配给HTTP报文使用的标准端口号,判断是否是门户业务用户未通过认证前的首个HTTP报文。4. The method for simply accessing the portal website of a network operator according to claim 3, characterized in that: said step A2 is based on the destination IP address of the portal service user equipment and the configured IP address on the access server equipment The IP address comparison result of portal website Portal_Server, judges whether user message is the message of direct access portal website Portal_Server, and judges whether to carry out the DNS message of domain name resolution according to purpose port number; Described step A4 is based on only being distributed to The standard port number used by the HTTP message, to determine whether it is the first HTTP message before the portal service user fails authentication.
CNB021235023A 2002-06-28 2002-06-28 A Simple Method of Accessing Network Operator's Portal Expired - Lifetime CN100412788C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB021235023A CN100412788C (en) 2002-06-28 2002-06-28 A Simple Method of Accessing Network Operator's Portal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB021235023A CN100412788C (en) 2002-06-28 2002-06-28 A Simple Method of Accessing Network Operator's Portal

Publications (2)

Publication Number Publication Date
CN1416056A CN1416056A (en) 2003-05-07
CN100412788C true CN100412788C (en) 2008-08-20

Family

ID=4745146

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB021235023A Expired - Lifetime CN100412788C (en) 2002-06-28 2002-06-28 A Simple Method of Accessing Network Operator's Portal

Country Status (1)

Country Link
CN (1) CN100412788C (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1890942B (en) * 2003-12-10 2010-04-14 国际商业机器公司 Method for redirecting client requests to web services
CN101510196A (en) * 2008-02-14 2009-08-19 华为技术有限公司 Web page push method, system and apparatus thereof
CN101873329A (en) * 2010-06-29 2010-10-27 迈普通信技术股份有限公司 Portal compulsory authentication method and access equipment
CN103269313B (en) * 2013-05-21 2015-10-28 烽火通信科技股份有限公司 The implementation method of embedded Linux home gateway forced gate

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5987523A (en) * 1997-06-04 1999-11-16 International Business Machines Corporation Applet redirection for controlled access to non-orginating hosts

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5987523A (en) * 1997-06-04 1999-11-16 International Business Machines Corporation Applet redirection for controlled access to non-orginating hosts

Also Published As

Publication number Publication date
CN1416056A (en) 2003-05-07

Similar Documents

Publication Publication Date Title
US7490162B1 (en) Method and system for forwarding messages received at a traffic manager
CN104270379B (en) HTTPS agency retransmission methods and device based on transmission control protocol
US8590032B2 (en) Rule-based routing to resources through a network
CN100571188C (en) A method for improving the processing efficiency of SSL gateway and SSL gateway
CN102333075B (en) VPN network client for mobile device having fast reconnect
CN103825881B (en) The reorientation method and device of WLAN user are realized based on wireless access controller AC
US8924505B2 (en) Method and device for configuring a user agent to operate as a web server
CN108616490A (en) A kind of method for network access control, apparatus and system
WO2006044820A2 (en) Rule-based routing to resources through a network
US7173933B1 (en) System and method for providing source awareness in a network environment
CN104917838A (en) Method and system for achieving route redirection
CN102710559B (en) Method for realizing digital literature resource gateway by reverse proxy technology
KR19980064882A (en) National language notation service system of Internet address
CN103269313B (en) The implementation method of embedded Linux home gateway forced gate
CN1538706A (en) A HTTP redirection method for WEB authentication
WO2013120315A1 (en) Method for processing domain name information, wireless router, and client
WO2009100675A1 (en) Web page pushing method, system and apparatus thereof
JP2003316742A (en) Anonymous communication method and apparatus having single sign-on function
JP2005501354A (en) Method and system for providing web services with multiple web domains via a single IP address
CN100412788C (en) A Simple Method of Accessing Network Operator's Portal
CN104994113B (en) A kind of ADSL wireless routers and the method and system for realizing forced gate under bridge mode using the router
US20050160160A1 (en) Method and system for unified session control of multiple management servers on network appliances
ES2401819T3 (en) Access to resources through a security module
CN107070947A (en) A kind of method and system of the access network based on access authentication
TW200805972A (en) Context based navigation

Legal Events

Date Code Title Description
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
ASS Succession or assignment of patent right

Owner name: SHENZHEN DUNJUN TECHNOLOGY CO., LTD.

Free format text: FORMER OWNER: HUAWEI TECHNOLOGY CO., LTD.

Effective date: 20150702

C41 Transfer of patent application or patent right or utility model
TR01 Transfer of patent right

Effective date of registration: 20150702

Address after: 518000 Nanshan District Nanshan digital cultural industry base, east block, Guangdong, Shenzhen 407

Patentee after: SHENZHEN DUNJUN TECHNOLOGY CO.,LTD.

Address before: 518057 Guangdong city of Shenzhen province science and Technology Park of HUAWEI Road Service Building

Patentee before: HUAWEI TECHNOLOGIES Co.,Ltd.

EE01 Entry into force of recordation of patent licensing contract
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20030507

Assignee: SHENZHEN NANYA NETWORK TECHNOLOGY CO.,LTD.

Assignor: SHENZHEN DUNJUN TECHNOLOGY CO.,LTD.

Contract record no.: 2017440020047

Denomination of invention: Method for simple access to network operator portal web site

Granted publication date: 20080820

License type: Common License

Record date: 20170703

CX01 Expiry of patent term
CX01 Expiry of patent term

Granted publication date: 20080820