[go: up one dir, main page]

CN105978844A - Network access control method, router and system based on router - Google Patents

Network access control method, router and system based on router Download PDF

Info

Publication number
CN105978844A
CN105978844A CN201510305623.4A CN201510305623A CN105978844A CN 105978844 A CN105978844 A CN 105978844A CN 201510305623 A CN201510305623 A CN 201510305623A CN 105978844 A CN105978844 A CN 105978844A
Authority
CN
China
Prior art keywords
network
data
monitoring
router
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510305623.4A
Other languages
Chinese (zh)
Inventor
张国良
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Leshi Zhixin Electronic Technology Tianjin Co Ltd
Original Assignee
Leshi Zhixin Electronic Technology Tianjin Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Leshi Zhixin Electronic Technology Tianjin Co Ltd filed Critical Leshi Zhixin Electronic Technology Tianjin Co Ltd
Priority to CN201510305623.4A priority Critical patent/CN105978844A/en
Publication of CN105978844A publication Critical patent/CN105978844A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

本发明实施例提供了一种基于路由器的网络访问控制方法、路由器和系统,在路由器一侧,所述的方法包括:接收服务器下发的监控内容,依据所述监控内容配置自身的网络监控信息;当检测到被监控设备时,按照所述网络监控信息对所述被监控设备的报文数据进行检测;当检测结果为不通过时,丢弃所述数据报文以禁止被监控设备访问所述数据报文对应网页;当检测结果为通过时,将所述数据报文发送到网络。从而路由器可以对被监控设备的网络访问进行控制,丢弃对不良网站等非法数据进行访问的数据报文,防止造成数据资源的浪费同时保护设备安全。

Embodiments of the present invention provide a router-based network access control method, router, and system. On the router side, the method includes: receiving monitoring content delivered by a server, and configuring its own network monitoring information according to the monitoring content ; When the monitored device is detected, the message data of the monitored device is detected according to the network monitoring information; when the detection result is not passed, the data message is discarded to prohibit the monitored device from accessing the The data packet corresponds to the webpage; when the detection result is passed, the data packet is sent to the network. In this way, the router can control the network access of the monitored device, discard data packets that access illegal data such as bad websites, prevent waste of data resources and protect device security.

Description

一种基于路由器的网络访问控制方法、路由器和系统A router-based network access control method, router and system

技术领域technical field

本发明涉及通信技术领域,特别是涉及一种基于路由器的网络访问控制方法,一种路由器,以及一种网络访问控制系统。The invention relates to the technical field of communication, in particular to a router-based network access control method, a router, and a network access control system.

背景技术Background technique

路由器(Router)用于连接多个逻辑上分开的网络,所谓逻辑网络是代表一个单独的网络或者一个子网。当数据从一个子网传输到另一个子网时,可通过路由器的路由功能来完成。因此,路由器具有判断网络地址和选择IP路径的功能,它能在多网络互联环境中,建立灵活的连接,可用完全不同的数据分组和介质访问方法连接各种子网,属于网络层的一种互联设备。因此用户设备可以通过路由器连接互联网。A router is used to connect multiple logically separated networks. The so-called logical network represents a separate network or a subnet. When data is transferred from one subnet to another, it can be done through the router's routing function. Therefore, the router has the function of judging the network address and selecting the IP path. It can establish a flexible connection in a multi-network interconnection environment, and can connect various subnets with completely different data packets and media access methods. It belongs to a network layer. connected devices. Therefore, the user equipment can connect to the Internet through the router.

但是,目前网络中提供用户所需各种资源的同时,也充斥着很多不良信息,如暴力,黄色网站等,而使用路由器连接网络时可能会访问到具有不良信息的网站,访问不良网站不但会造成数据资源的浪费,网站中还可能存在病毒等恶意内容影响用户设备的安全。However, while the current network provides various resources required by users, it is also filled with a lot of bad information, such as violence, pornographic websites, etc. When using a router to connect to the network, you may visit websites with bad information. It causes a waste of data resources, and malicious content such as viruses may also exist in the website to affect the security of user equipment.

发明内容Contents of the invention

本发明实施例所要解决的技术问题是提供一种基于路由器的网络访问控制方法,以对访问的网站进行控制。The technical problem to be solved by the embodiments of the present invention is to provide a router-based network access control method to control visited websites.

相应的,本发明实施例还提供了一种路由器和一种网络访问控制系统,用以保证上述方法的实现及应用。Correspondingly, the embodiment of the present invention also provides a router and a network access control system to ensure the implementation and application of the above method.

为了解决上述问题,本发明实施例公开了一种基于路由器的网络访问控制方法,其特征在于,在路由器一侧,包括:接收服务器下发的监控内容,依据所述监控内容配置自身的网络监控信息;当检测到被监控设备时,按照所述网络监控信息对所述被监控设备的报文数据进行检测;当检测结果为不通过时,丢弃所述数据报文以禁止被监控设备访问所述数据报文对应网页;当检测结果为通过时,将所述数据报文发送到网络。In order to solve the above problems, the embodiment of the present invention discloses a router-based network access control method, which is characterized in that, on the router side, it includes: receiving the monitoring content sent by the server, and configuring its own network monitoring according to the monitoring content information; when the monitored device is detected, the packet data of the monitored device is detected according to the network monitoring information; when the detection result is not passed, the data packet is discarded to prohibit the monitored device from accessing the The data message corresponds to the web page; when the detection result is passed, the data message is sent to the network.

本发明实施例还公开了一种路由器,包括:接收并配置模块,用于接收服务器下发的监控内容,依据所述监控内容配置自身的网络监控信息;报文检测模块,用于当检测到被监控设备时,按照所述网络监控信息对所述被监控设备的报文数据进行检测;访问控制模块,用于当检测结果为不通过时,丢弃所述数据报文以禁止被监控设备访问所述数据报文对应网页;当检测结果为通过时,将所述数据报文发送到网络。The embodiment of the present invention also discloses a router, including: a receiving and configuring module, used to receive the monitoring content issued by the server, and configure its own network monitoring information according to the monitoring content; a packet detection module, used to detect When the monitored device is used, the message data of the monitored device is detected according to the network monitoring information; the access control module is used to discard the data message to prohibit the monitored device from accessing when the detection result is not passed The data message corresponds to the webpage; when the detection result is passed, the data message is sent to the network.

与现有技术相比,本发明实施例的基于路由器的网络访问控制方法、路由器和系统包括以下优点:Compared with the prior art, the router-based network access control method, router and system of the embodiments of the present invention include the following advantages:

路由器基于服务器下发的监控内容配置网络监控信息,从而确定要监控的数据报文信息,在被监控设备发送数据报文给路由器后,路由器按照所述网络监控信息对所述被监控设备的报文数据进行检测,当检测结果为不通过时,确定数据报文具有非法内容,丢弃所述数据报文以禁止被监控设备访问所述数据报文对应网页,当检测结果为通过时确定数据报文为合法数据,将所述数据报文发送到网络,从而路由器可以对被监控设备的网络访问进行控制,丢弃对不良网站等非法数据进行访问的数据报文,防止造成数据资源的浪费同时保护设备安全。The router configures network monitoring information based on the monitoring content delivered by the server, thereby determining the data packet information to be monitored. After the monitored device sends a data packet to the router, the router sends a report to the monitored device according to the network monitoring information. When the test result is not passed, it is determined that the data message has illegal content, and the data message is discarded to prohibit the monitored device from accessing the corresponding web page of the data message. When the test result is passed, it is determined that the data message has illegal content. The text is legal data, and the data packets are sent to the network, so that the router can control the network access of the monitored device, discard the data packets that access illegal data such as bad websites, and prevent the waste of data resources while protecting Device security.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作一简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the following will briefly introduce the drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description These are some embodiments of the present invention. Those skilled in the art can also obtain other drawings based on these drawings without creative work.

图1是本发明的一种基于路由器的网络访问控制方法实施例的步骤流程图;Fig. 1 is a flow chart of the steps of a router-based network access control method embodiment of the present invention;

图2是本发明的另一种基于路由器的网络访问控制方法实施例中路由器配置的步骤流程图;Fig. 2 is a flow chart of the steps of router configuration in another router-based network access control method embodiment of the present invention;

图3是本发明的另一种基于路由器的网络访问控制方法实施例中访问控制的步骤流程图;Fig. 3 is a flow chart of the steps of access control in another router-based network access control method embodiment of the present invention;

图4是本发明实施例的一种访问控制系统的交互示意图;Fig. 4 is an interactive schematic diagram of an access control system according to an embodiment of the present invention;

图5是本发明一种路由器实施例的结构框图;Fig. 5 is a structural block diagram of a router embodiment of the present invention;

图6是本发明另一种路由器实施例的结构框图;Fig. 6 is a structural block diagram of another router embodiment of the present invention;

图7是本发明一种网络访问控制系统实施例的结构框图。Fig. 7 is a structural block diagram of an embodiment of a network access control system according to the present invention.

具体实施方式detailed description

为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to make the purpose, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the drawings in the embodiments of the present invention. Obviously, the described embodiments It is a part of embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

本发明实施例的核心构思之一在于,一种基于路由器的网络访问控制方法、路由器和系统,以对访问的网站进行控制。路由器基于服务器下发的监控内容配置网络监控信息,从而确定要监控的数据报文信息,在被监控设备发送数据报文给路由器后,路由器按照所述网络监控信息对所述被监控设备的报文数据进行检测,当检测结果为不通过时,确定数据报文具有非法内容,丢弃所述数据报文以禁止被监控设备访问所述数据报文对应网页,当检测结果为通过时确定数据报文为合法数据,将所述数据报文发送到网络,从而路由器可以对被监控设备的网络访问进行控制,丢弃对不良网站等非法数据进行访问的数据报文,防止造成数据资源的浪费同时保护设备安全。One of the core concepts of the embodiments of the present invention lies in a router-based network access control method, router and system to control visited websites. The router configures network monitoring information based on the monitoring content delivered by the server, thereby determining the data packet information to be monitored. After the monitored device sends a data packet to the router, the router sends a report to the monitored device according to the network monitoring information. When the test result is not passed, it is determined that the data message has illegal content, and the data message is discarded to prohibit the monitored device from accessing the corresponding web page of the data message. When the test result is passed, it is determined that the data message has illegal content. The text is legal data, and the data packets are sent to the network, so that the router can control the network access of the monitored device, discard the data packets that access illegal data such as bad websites, and prevent the waste of data resources while protecting Device security.

实施例一Embodiment one

参照图1,示出了本发明的一种基于路由器的网络访问控制方法实施例的步骤流程图,具体可以包括如下步骤:Referring to Fig. 1, it shows a flow chart of steps of a router-based network access control method embodiment of the present invention, which may specifically include the following steps:

步骤102,接收服务器下发的监控内容,依据所述监控内容配置自身的网络监控信息。Step 102, receiving the monitoring content delivered by the server, and configuring its own network monitoring information according to the monitoring content.

本实施例中,为了对用户通过路由器访问的网络地址进行监控,通过服务器配置路由器的网络访问控制规则,实现路由器对连接的设备的数据报文的控制。In this embodiment, in order to monitor the network address accessed by the user through the router, the server configures the network access control rules of the router to realize the router's control of the data packets of the connected devices.

服务器通过数据分析等方式确定监控内容,所述监控内容是服务器通过数据分析确定的对网络访问数据进行监控的信息内容。服务器将监控内容下发给路由器,路由器依据该监控内容配置相应的网络监控信息,该网络监控信息用于路由器对已连接设备的数据报文进行监控。The server determines the monitoring content through data analysis and other means, and the monitoring content is information content for monitoring network access data determined by the server through data analysis. The server sends the monitoring content to the router, and the router configures corresponding network monitoring information according to the monitoring content, and the network monitoring information is used for the router to monitor the data packets of the connected devices.

本发明实施例中,将用户使用的能够连接网络的各种设备均称为用户设备,即用户设备包括各种能够连接网络的计算设备,如计算机,又如平板电脑、手机等移动设备。其中,通过路由器连接网络的用户设备称为局域网设备,不通过路由器直接连接网络的设备称为外网设备,例如手机通过3G、4G等通信网络连接互联网时该手机为外网设备,而手机等移动设备开启WIFI(WIreless-Fidelity,无线保真)连接路由器进而连接网络时手机为局域网设备。In the embodiments of the present invention, various devices used by users that can connect to the network are called user equipment, that is, user equipment includes various computing devices that can connect to the network, such as computers, and mobile devices such as tablet computers and mobile phones. Among them, the user equipment connected to the network through a router is called a local area network device, and the device directly connected to the network without a router is called an external network device. When the mobile device turns on WIFI (WIreless-Fidelity, wireless fidelity) to connect to the router and then connect to the network, the mobile phone is a LAN device.

本实施例中,将路由器作为网络访问控制的监控设备,则从局域网设备中选取需要监控的设备作为被监控设备,即被监控设备是部分或全部的局域网设备。In this embodiment, the router is used as the monitoring device for network access control, and the device to be monitored is selected from the LAN devices as the monitored device, that is, the monitored device is part or all of the LAN devices.

步骤104,当检测到被监控设备时,按照所述网络监控信息对所述被监控设备的报文数据进行检测。Step 104, when the monitored device is detected, the packet data of the monitored device is detected according to the network monitoring information.

用户通过局域网设备连接路由器访问网络时,路由器对接入的局域网设备进行监控,在检测到当前发送数据报文的移动设备为被监控设备时,按照所述网络监控信息对所述被监控设备的报文数据进行检测,依据检测结果对报文数据进行相应的处理操作。其中合法的数据报文对应检测结果为通过,不合法的数据报文对应检测结果为不通过。When a user accesses the network through a LAN device connected to a router, the router monitors the connected LAN device, and when it detects that the mobile device currently sending data packets is the monitored device, it will monitor the status of the monitored device according to the network monitoring information. The message data is detected, and the corresponding processing operation is performed on the message data according to the detection result. The corresponding detection result of the legal data message is passed, and the corresponding detection result of the illegal data message is not passed.

步骤106,丢弃所述数据报文。Step 106, discarding the data packet.

当检测结果为不通过时,表征该数据报文是非法的,即其请求的禁止访问的网络数据,路由器丢弃该数据报文,以禁止被监控设备(即被监控的局域网设备)访问所述数据报文对应网页。When the test result is not passed, it indicates that the data message is illegal, that is, the network data that it requests is prohibited from accessing, and the router discards the data message to prohibit the monitored device (i.e. the monitored LAN device) from accessing the The data packet corresponds to a web page.

因而对于不良网站等非法数据,可以将其配置到网络监控信息中,从而在路由器端截断对非法数据的请求,不但可以节省数据资源,还能防止这些非法数据对应网站中病毒等恶意内容对局域网设备安全的影响。Therefore, for illegal data such as bad websites, it can be configured into the network monitoring information, so that the request for illegal data can be intercepted on the router side, which can not only save data resources, but also prevent these illegal data from being transmitted to the local area network by malicious content such as viruses in the website. Impact on device security.

步骤108,将所述数据报文发送到网络。Step 108, sending the data packet to the network.

当检测结果为通过时,表征该数据报文不存在非法内容,路由器将所述数据报文正常转发到网络中,例如正常发送数据报文来请求网页,从而所述被监控设备能够正常访问相应的网页页面。When the detection result is passed, it indicates that the data packet does not have illegal content, and the router normally forwards the data packet to the network, for example, normally sends the data packet to request a web page, so that the monitored device can normally access the corresponding web pages.

综上所述,路由器基于服务器下发的监控内容配置网络监控信息,从而确定要监控的数据报文信息,在被监控设备发送数据报文给路由器后,路由器按照所述网络监控信息对所述被监控设备的报文数据进行检测,当数据结果为不通过时,确定数据报文具有非法内容,丢弃所述数据报文以禁止被监控设备访问所述数据报文对应网页,当数据结果为通过时确定数据报文为合法数据,将所述数据报文发送到网络,从而路由器可以对被监控设备的网络访问进行控制,丢弃对不良网站等非法数据进行访问的数据报文,防止造成数据资源的浪费同时保护设备安全。To sum up, the router configures the network monitoring information based on the monitoring content sent by the server to determine the data packet information to be monitored. After the monitored device sends the data packet to the router, the router The message data of the monitored device is detected. When the data result is not passed, it is determined that the data message has illegal content, and the data message is discarded to prohibit the monitored device from accessing the corresponding web page of the data message. When the data result is When it passes through, it is determined that the data packet is legal data, and the data packet is sent to the network, so that the router can control the network access of the monitored device, discard the data packet that accesses illegal data such as bad websites, and prevent the data from being damaged. Waste of resources while protecting equipment security.

实施例二Embodiment two

在上述实施例的基础上,本实施例详细论述基于路由器的网络浏览控制方法。On the basis of the above embodiments, this embodiment discusses in detail the router-based network browsing control method.

路由器在对局域网设备进行访问控制时,需要预先在路由器中配置监控的内容,而后路由器对接入的局域网设备进行监控。When the router performs access control on LAN devices, it needs to configure the monitoring content in the router in advance, and then the router monitors the connected LAN devices.

1、路由器的配置1. Router configuration

参照图2,示出了本发明的另一种基于路由器的网络访问控制方法实施例中路由器配置的步骤流程图,具体可以包括如下步骤:Referring to FIG. 2 , it shows a flow chart of router configuration steps in another router-based network access control method embodiment of the present invention, which may specifically include the following steps:

步骤202,收集接入所述路由器的各局域网设备的设备信息生成局域网设备列表。Step 202, collecting device information of each LAN device connected to the router to generate a list of LAN devices.

局域网设备在接入路由器后可以通过路由器连接网络,路由器会对接入的局域网设备的设备信息进行收集,生成相应的局域网设备列表。即该局域网列表用于记录接入路由器的局域网设备的设备信息,如设备名称、型号、标识、设备的MAC(Media Access Control,介质访问控制)地址,接入时间等信息。After the LAN device is connected to the router, it can connect to the network through the router. The router will collect the device information of the connected LAN device and generate a corresponding LAN device list. That is, the LAN list is used to record device information of LAN devices connected to the router, such as device name, model, identification, MAC (Media Access Control, Media Access Control) address of the device, access time and other information.

步骤204,反馈所述局域网设备列表中的设备信息以供用户选择被监控设备。Step 204, feeding back device information in the LAN device list for the user to select a monitored device.

步骤206,依据用户的指示信息确定被监控设备,依据所述局域网设备列表获取所述被监控设备的设备信息添加到监控列表中。Step 206: Determine the monitored device according to the instruction information of the user, obtain the device information of the monitored device according to the local area network device list, and add it to the monitoring list.

用户若要对设备进行监控,例如家长要指定监控的儿童设备,用户可以通过设备与路由器交互设置被监控设备。其中,用户可以通过路由器的管理页面即web页面或移动设备的APP(Application,应用程序)设置路由器所构成局域网中的被监控设备。If the user wants to monitor the device, for example, the parent wants to specify the child's device to be monitored, the user can interact with the router to set the monitored device. Wherein, the user can set the monitored device in the local area network formed by the router through the management page of the router, that is, the web page or the APP (Application, application program) of the mobile device.

A、web页面的设置A. Web page settings

用户使用局域网设备连接路由器访问路由器的web页面,该web页面上会反馈路由器收集的局域网设备列表中的设备信息,通过设备信息标识出不同的局域网设备,例如设备名称、设备型号、设备MAC地址等信息中的至少一项。用户可以web页面上选择要监控的设备,例如家里儿童使用的儿童机,又如Ipad等,在选择完成后可以发送指示信息,该指示信息中携带有设备的设备标识,通过该设备标识确定用户选择的局域设备,将选择的局域网设备设置为被监控设备,将被监控设备的设备信息如设备名称、MAC地址等添加到监控列表中。The user uses a LAN device to connect to the router to access the web page of the router. The web page will feed back the device information in the LAN device list collected by the router, and identify different LAN devices through the device information, such as device name, device model, device MAC address, etc. at least one of the information. The user can select the device to be monitored on the web page, such as a children's machine used by children at home, such as an Ipad, etc. After the selection is completed, an instruction message can be sent. The instruction information carries the device ID of the device, and the user can be determined through the device ID. Select the LAN device, set the selected LAN device as the monitored device, and add the device information of the monitored device, such as device name, MAC address, etc., to the monitoring list.

B、移动设备APP页面的设置B. Setting of mobile device APP page

如手机等移动设备可以通过路由器或通信网络连接互联网,在APP中设置被监控设备,即一种方式是移动设备自身为局域网设备时通过APP页面进行被监控设备的设置,另一种方式是移动设备作为外网设备通过APP页面进行被监控设备的设置。该app是安装在手机上的,对路由器进行功能控制的app。Mobile devices such as mobile phones can connect to the Internet through a router or a communication network, and set the monitored device in the APP, that is, one way is to set the monitored device through the APP page when the mobile device itself is a LAN device. The device is used as an external network device to set the monitored device through the APP page. The app is installed on the mobile phone to control the functions of the router.

其中,移动设备作为局域网设备时,移动设备通过路由器连接互联网,在移动设备中启动APP后,进入路由器的监控设置相关页面后,该页面上会反馈路由器收集的局域网设备列表中的设备信息,此时可以理解的是该局域网设备列表中具有该移动设备的设备信息,页面中通过设备信息标识出不同的局域网设备,例如设备名称、设备型号、设备MAC地址等信息中的至少一项。用户可以web页面上选择要监控的设备,在选择完成后可以发送指示信息,该指示信息中携带有设备的设备标识,通过该设备标识确定用户选择的局域设备,将选择的局域网设备设置为被监控设备,将被监控设备的设备信息如设备名称、MAC地址等添加到监控列表中。Among them, when the mobile device is used as a LAN device, the mobile device connects to the Internet through a router. After starting the APP on the mobile device and entering the relevant page of the router’s monitoring settings, the page will feed back the device information in the LAN device list collected by the router. It can be understood that there is device information of the mobile device in the local area network device list, and different local area network devices are identified by the device information on the page, such as at least one item of information such as device name, device model, and device MAC address. The user can select the device to be monitored on the web page, and after the selection is completed, the instruction information can be sent. The instruction information carries the device identification of the device, and the local area device selected by the user is determined through the device identification, and the selected LAN device is set as Monitored device, add the device information of the monitored device, such as device name, MAC address, etc., to the monitoring list.

移动设备作为外网设备时,移动设备通过通信网络如2G、3G、4G等网络连接互联网,在移动设备中启动APP后,此时手机与路由器通过云端服务器进行通信,进入路由器的监控设置相关页面后,该页面上会反馈路由器收集的局域网设备列表中的设备信息,此时可以理解的是该局域网设备列表中可以不具有该移动设备的设备信息,当然若该设备曾经通过该路由器连接过互联网,则局域网设备列表中是会具有该移动设备的设备信息的。页面中通过设备信息标识出不同的局域网设备,例如设备名称、设备型号、设备MAC地址等信息中的至少一项。用户可以在app的设置页面上选择要监控的设备,在选择完成后可以发送指示信息,该指示信息中携带有设备的设备标识,通过该设备标识确定用户选择的局域设备,将选择的局域网设备设置为被监控设备,将被监控设备的设备信息如设备名称、MAC地址等添加到监控列表中。When the mobile device is used as an external network device, the mobile device connects to the Internet through a communication network such as 2G, 3G, 4G and other networks. After starting the APP in the mobile device, the mobile phone and the router communicate through the cloud server at this time, and enter the monitoring setting related page of the router. Finally, the page will feed back the device information in the LAN device list collected by the router. At this time, it is understandable that the device information of the mobile device may not be included in the LAN device list. Of course, if the device has ever connected to the Internet through the router , the device information of the mobile device will be included in the LAN device list. Different LAN devices are identified by device information on the page, such as at least one item of device name, device model, device MAC address and other information. The user can select the device to be monitored on the setting page of the app, and after the selection is completed, an instruction message can be sent, which contains the device ID of the device, and the local area device selected by the user can be determined through the device ID, and the selected LAN Set the device as the monitored device, and add the device information of the monitored device, such as device name and MAC address, to the monitoring list.

步骤208,接收服务器下发的监控内容。Step 208, receiving the monitoring content delivered by the server.

路由器初次对局域网设备进行访问控制时,可以接收服务器下发的监控内容,从而依据该监控内容配置路由器的网络监控信息。When the router performs access control on LAN devices for the first time, it can receive the monitoring content sent by the server, so as to configure the network monitoring information of the router according to the monitoring content.

本发明一个可选实施例中,接收服务器更新的监控内容;依据所述更新的监控内容更新所述网络监控信息。In an optional embodiment of the present invention, the monitoring content updated by the server is received; and the network monitoring information is updated according to the updated monitoring content.

本实施例中,服务器还可以从路由器中获取反馈的数据报文,以及收集网络中的网络数据等信息,通过对上述信息的分析以及设置的规则等更新监控内容。例如,通过互联网将数据报文后收集的网页信息等传输到平台的数据服务器后,通过云平台的大数据智能中心,可以对上述数据信息分析确定对应数据帧信息,从而形成更新的上网规则生成对应的监控内容,并将更新的监控内同发送给路由器,以更新路由器的网络监控信息。In this embodiment, the server can also obtain data packets fed back from the router, collect information such as network data in the network, and update monitoring content through analysis of the above information and set rules. For example, after the webpage information collected after the data message is transmitted to the data server of the platform through the Internet, the big data intelligence center of the cloud platform can analyze the above data information and determine the corresponding data frame information, thereby forming an updated Internet access rule generation corresponding monitoring content, and send the updated monitoring content to the router, so as to update the network monitoring information of the router.

步骤210,从所述监控内容中获取待监控网址数据。Step 210, acquiring the website data to be monitored from the monitored content.

步骤212,将所述待监控网址数据配置到所述路由器的防火墙列表中,将所述防火墙列表作为网络监控信息。Step 212, configure the website data to be monitored in the firewall list of the router, and use the firewall list as network monitoring information.

本发明实施例中,监控内容包括以下至少一项:待监控网址数据、时间数据和报文识别规则,通过上述监控内容可以配置相应的监控项目。In the embodiment of the present invention, the monitoring content includes at least one of the following: website data to be monitored, time data, and message identification rules, and corresponding monitoring items can be configured through the above monitoring content.

其中,待监控网址数据是禁止访问网站的网址数据,如为IP地址,又如为网站的根域名等,从所述监控内容中获取待监控网址数据,将待监控网址数据配置到所述路由器的防火墙列表Iptable中,将防火墙列表作为网络监控信息之一,后续对被监控设备进行监控。Wherein, the URL data to be monitored is the URL data of prohibited websites, such as an IP address, or the root domain name of a website, etc., the URL data to be monitored is obtained from the monitoring content, and the URL data to be monitored is configured to the router In the firewall list Iptable, the firewall list is used as one of the network monitoring information, and the monitored device is subsequently monitored.

例如,待监控网址数据中包括一IP地址为1.1.0.0,假设其对应网址为暴力非法网站,则会将IP地址1.1.0.0设置到路由器的Iptable表中。For example, the URL data to be monitored includes an IP address of 1.1.0.0, assuming that the corresponding URL is a violent and illegal website, the IP address 1.1.0.0 will be set in the Iptable table of the router.

步骤214,从所述监控内容中获取所述时间数据。Step 214, acquiring the time data from the monitoring content.

步骤216,依据所述时间数据配置网络监控信息的监控时间;Step 216, configure the monitoring time of network monitoring information according to the time data;

时间数据是对访问网络的时间进行监控的数据,如设置为周一到周六禁止访问网络,又如设置为每天18点到20点之外的时间禁止访问网络等。从所述监控内容中获取所述时间数据,依据所述时间数据配置网络监控信息的监控时间,该监控时间可以配置为禁止访问网络的时间,也可以配置为允许访问网络的时间,可以依据实际需求设备,本发明实施例对此不作限定。The time data is the data for monitoring the time of accessing the network. For example, it is set to prohibit access to the network from Monday to Saturday, or it is set to prohibit access to the network at times other than 18:00 to 20:00 every day. Obtain the time data from the monitoring content, and configure the monitoring time of the network monitoring information according to the time data. The monitoring time can be configured as a time when access to the network is prohibited, or as a time when access to the network is allowed, and can be based on actual conditions. The required equipment is not limited in this embodiment of the present invention.

步骤218,从所述监控内容中获取报文识别规则。Step 218, acquire message identification rules from the monitored content.

步骤220,将所述报文识别规则作为网络监控信息存储到所述路由器的本地缓存中。Step 220, storing the packet identification rule as network monitoring information in the local cache of the router.

报文识别规则是是路由器执行网络访问控制的时对报文进行识别的相关规则,从所述监控内容中获取报文识别规则,将所述报文识别规则作为网络监控信息,然后将报文识别规则存储到所述路由器的本地缓存中。The message identification rule is a relevant rule for identifying the message when the router executes network access control. The message identification rule is obtained from the monitoring content, and the message identification rule is used as the network monitoring information, and then the message The identification rules are stored in the local cache of the router.

从而通过路由器收集的局域网设备列表配置被监控设备,通过下发的监控内容配置网络监控信息,可以对网址、时间以及访问内容等分别进行配置,生成准确的网络监控信息,提供更加准确的访问控制。In this way, the monitored device can be configured through the LAN device list collected by the router, and the network monitoring information can be configured through the monitoring content delivered. The URL, time, and access content can be configured separately to generate accurate network monitoring information and provide more accurate access control. .

2、访问控制2. Access control

参照图3,示出了本发明的另一种基于路由器的网络访问控制方法实施例中访问控制的步骤流程图,具体可以包括如下步骤:Referring to FIG. 3 , it shows a flow chart of steps of access control in another router-based network access control method embodiment of the present invention, which may specifically include the following steps:

步骤302,接收数据报文。Step 302, receiving a data packet.

步骤304,依据所述数据报文确定发送报文的局域网设备。Step 304: Determine the LAN device sending the message according to the data message.

步骤306,检测所述局域网设备是否是监控列表中的被监控设备。Step 306, detecting whether the LAN device is a monitored device in the monitoring list.

用户使用局域网设备要通过路由器访问网络,需要先发送请求的数据报文给路由器,如数据报文为TCP/IP(Transmission Control Protocol/InternetProtocol,传输控制协议/因特网互联协议)报文,对该数据报文进行分析确定发送该报文的局域网设备的MAC地址,基于该MAC地址查找监控列表中,确定该MAC地址是否是监控列表中被监控设备的MAC地址。To access the network through a router using a LAN device, a user needs to send a requested data message to the router first. For example, if the data message is a TCP/IP (Transmission Control Protocol/Internet Protocol) message, the data The message is analyzed to determine the MAC address of the LAN device sending the message, and based on the MAC address, the monitoring list is searched to determine whether the MAC address is the MAC address of the monitored device in the monitoring list.

若是监控列表中被监控设备的MAC地址,则执行步骤308。若不是监控列表中被监控设备的MAC地址,执行步骤314。If it is the MAC address of the monitored device in the monitoring list, execute step 308 . If it is not the MAC address of the monitored device in the monitoring list, go to step 314 .

步骤308,获取当前的时间信息,检测所述时间信息是否位于监控时间内。Step 308, acquiring current time information, and detecting whether the time information is within the monitoring time.

针对被监控设备需要对访问进行控制,其一是对访问网络的时间进行控制。获取当前的时间信息即访问网络的时间,当监控时间配置为禁止访问网络的时间时,检测所述时间信息是否位于监控时间内。若位于监控时间内则执行步骤316;若非位于监控时间内执行步骤310。Access control is required for monitored devices, one of which is to control the time of accessing the network. Obtain the current time information, that is, the time of accessing the network. When the monitoring time is configured as the time when accessing the network is prohibited, it is detected whether the time information is within the monitoring time. If it is within the monitoring time, execute step 316; if it is not within the monitoring time, execute step 310.

当然,若监控时间配置为允许访问网络的时间时,则可以检测所述时间信息是否位于监控时间外。即在禁止访问网络的时间丢弃网络报文,不允许被监控设备访问网络。Of course, if the monitoring time is configured as the time allowed to access the network, it may be detected whether the time information is outside the monitoring time. That is, the network packets are discarded at the time when access to the network is prohibited, and the monitored device is not allowed to access the network.

例如,每天18点到20点之外的时间禁止访问网络,若当前的时间信息未21点,则丢弃网络报文禁止访问网络,若当前的时间信息为19点,则为允许访问网络的时间。For example, access to the network is prohibited from 18:00 to 20:00 every day. If the current time information is not 21:00, discard network packets and prohibit access to the network. If the current time information is 19:00, it is the time to allow access to the network. .

步骤310,检测所述被监控设备的报文数据中请求访问的网络地址是否在防火墙列表内。Step 310, detecting whether the network address requesting access in the packet data of the monitored device is in the firewall list.

除了对访问时间进行控制之外,还可以对网络的网络地址进行控制,即若当前的时间信息未允许访问网络的时间,则检测所述被监控设备的报文数据中请求访问的网络地址是否在防火墙列表内。In addition to controlling the access time, the network address of the network can also be controlled, that is, if the current time information does not allow the time to access the network, it is detected whether the network address requesting access in the message data of the monitored device is in the firewall list.

防火墙列表中配置有禁止访问的网址数据,因此确定报文数据中请求访问的网络地址是否在防火墙列表内,若在防火墙列表内,执行步骤316,若不在防火墙列表内执行步骤312。当然若不对数据报文进行识别,则在判断请求访问的网络地址不在防火墙列表内后可以直接执行步骤314。The firewall list is configured with access-prohibited URL data, so it is determined whether the network address requesting access in the message data is in the firewall list, if it is in the firewall list, go to step 316, if not in the firewall list, go to step 312. Of course, if the data packet is not identified, step 314 can be directly executed after judging that the network address requesting access is not in the firewall list.

例如,请求访问的网络地址为1.1.0.0,通过检测确定其在路由器的Iptable表中,则丢弃报文进行访问该网络地址。For example, the network address requested for access is 1.1.0.0, and it is determined through detection that it is in the Iptable table of the router, then the packet is discarded to access the network address.

步骤312,按照本地缓存中的报文识别规则确定是否能够识别所述数据报文。Step 312: Determine whether the data packet can be identified according to the packet identification rule in the local cache.

本发明实施例中网络访问控制还包括对数据报文的识别,即当在未允许访问网络的时间,且报文数据中请求访问的网络地址不在防火墙列表内时,仍然可以继续按照本地缓存中的报文识别规则对数据报文进行识别,确定能够识别该数据报文。In the embodiment of the present invention, network access control also includes the identification of data packets, that is, when access to the network is not allowed, and the network address requested for access in the packet data is not in the firewall list, the network address in the local cache can still continue to be accessed. The data packet is identified according to the packet identification rule, and it is determined that the data packet can be identified.

若能够识别数据报文,执行步骤314;若不能识别数据报文,执行步骤318。If the data packet can be identified, execute step 314; if the data packet cannot be identified, execute step 318.

步骤314,将所述数据报文发送到网络。Step 314, sending the data packet to the network.

当发送数据报文的局域网设备不是被监控设备,无需对数据报文进行检测,可以直接将数据报文发送到网络,即路由器连接的互联网等外部网络。When the LAN device sending the data message is not the monitored device, there is no need to detect the data message, and the data message can be directly sent to the network, that is, the external network such as the Internet connected by the router.

在当前的时间信息未允许访问网络的时间,报文数据中请求访问的网络地址不在防火墙列表内,可以直接将数据报文发送到网络,使得被监控设备能够访问该数据报文对应请求的网页。When the current time information does not allow access to the network, and the network address requested for access in the message data is not in the firewall list, the data message can be directly sent to the network, so that the monitored device can access the requested webpage corresponding to the data message .

或者,在当前的时间信息未允许访问网络的时间,报文数据中请求访问的网络地址不在防火墙列表内,且按照本地缓存中的报文识别规则能够识别数据报文时,表征请求的数据报文为合法数据,可以直接将数据报文发送到网络,使得被监控设备能够访问该数据报文对应请求的网页。Or, when the current time information does not allow access to the network, the network address requested in the packet data is not in the firewall list, and the data packet can be identified according to the packet identification rules in the local cache, the data packet representing the request The text is legal data, and the data packet can be directly sent to the network, so that the monitored device can access the webpage corresponding to the request of the data packet.

步骤316,丢弃所述数据报文。Step 316, discard the data packet.

在当前的时间信息为禁止访问网络的时间时,丢弃网络报文,禁止该被监控设备访问网络。When the current time information is the time when accessing the network is prohibited, the network message is discarded, and the monitored device is prohibited from accessing the network.

在当前的时间信息未允许访问网络的时间,但报文数据中请求访问的网络地址在防火墙列表内,表征报文数据请求访问的网络地址包含非法数据,丢弃网络报文,禁止该被监控设备访问网络。When the current time information does not allow access to the network, but the network address requested for access in the message data is in the firewall list, it indicates that the network address requested for access by the message data contains illegal data, the network message is discarded, and the monitored device is prohibited access the web.

步骤318,复制所述数据报文,将复制的数据报文上传给服务器。Step 318, copy the data message, and upload the copied data message to the server.

在当前的时间信息未允许访问网络的时间,报文数据中请求访问的网络地址不在防火墙列表内,但是按照本地缓存中的报文识别规则无法识别数据报文时,表征请求的数据报文为不识别的数据,复制所述数据报文,将复制的数据报文上传给服务器。后续服务器可以依据该数据包进行分析,确定该报文数据是否合法,从而基于合法与否的分析结果确定后续处理操作,例如分析确定数据报文为非法数据,则可以将其作为监控内容后续更新网络监控信息。When the current time information does not allow access to the network, the network address requested in the packet data is not in the firewall list, but the data packet cannot be identified according to the packet identification rules in the local cache, the data packet representing the request is For unrecognized data, copy the data message, and upload the copied data message to the server. The follow-up server can analyze the data packet to determine whether the message data is legal, so as to determine the follow-up processing operation based on the analysis result of legality or not. For example, if the analysis determines that the data message is illegal data, it can be used as the subsequent update of the monitoring content Network monitoring information.

从而路由器通过监控列表对接入的局域网设备进行监控,通过配置的网络监控信息对被监控设备的数据报文进行检测,通过时间、访问网址以及数据报文内容等各方面对数据报文进行全面的检测,更加准确的对被监控设备的访问进行控制。In this way, the router monitors the connected LAN devices through the monitoring list, detects the data packets of the monitored devices through the configured network monitoring information, and monitors the data packets through time, access URL, and data packet content. Comprehensive detection, more accurate control of the access of the monitored equipment.

可以理解的是,本发明实施例并不受所描述的动作顺序的限制,某些步骤可以采用其他顺序或者同时进行,例如不执行步骤312,又如在步骤308之前执行步骤312等,因此本领域技术人员知悉,说明书中所描述的实施例均属于优选实施例,所涉及的动作并不一定是本发明实施例所必须的。It can be understood that this embodiment of the present invention is not limited by the described sequence of actions, and certain steps may be performed in other orders or at the same time, for example, step 312 is not performed, or step 312 is performed before step 308, etc., so this Those skilled in the art know that the embodiments described in the specification belong to preferred embodiments, and the actions involved are not necessarily required by the embodiments of the present invention.

本发明实施例中,一种访问控制系统的交互示意图如图4所示。该访问控制系统包括用户设备、路由器、云平台服务器和外部网络。用户设备包括局域网设备和外网设备。In an embodiment of the present invention, an interactive diagram of an access control system is shown in FIG. 4 . The access control system includes user equipment, routers, cloud platform servers and external networks. User equipment includes LAN equipment and external network equipment.

用户设备接入路由器后确定其为局域网设备,此后发送TCP/IP报文到路由器,路由器中的数据流监控进程检测该TCP/IP报文的源MAC是否位于被监控设备列表中。当确定源MAC位于被监控设备列表中,将该数据报文转交给安全检测进程,否则,即确定源MAC非位于被监控设备列表中,表征数据报文对应局域网设备是非监控的设备,直接将数据报文转发到外部网络,如互联网。After the user equipment accesses the router, it is determined that it is a LAN device, and then sends a TCP/IP message to the router. The data flow monitoring process in the router detects whether the source MAC of the TCP/IP message is in the list of monitored devices. When it is determined that the source MAC is in the list of monitored devices, the data message is forwarded to the security detection process; otherwise, it is determined that the source MAC is not in the list of monitored devices, indicating that the corresponding LAN device of the data message is a non-monitored device, and directly The datagram is forwarded to an external network, such as the Internet.

安全检测进程根据配置的网络监控信息对数据报文进行分析,包括分析访问网络的时间信息(即上网时间),请求访问的网络地址(即目的IP)以及本地缓存的报文识别规则等。如果通过网络监控信息的分析,则路由器转发TCP/IP报文到互联网中;如果通过网络监控信息分析确定该TCP/IP报文为非法数据,则禁止被监控设备访问网络,安全检测进程直接丢弃该报文;如果通过网络监控信息分析确定无法识别TCP/IP报文的数据,则拷贝一份TCP/IP报文,通过互联网传输到云平台的数据服务器中。The security detection process analyzes the data packets according to the configured network monitoring information, including analyzing the time information of accessing the network (namely, the online time), the network address of the requested access (namely, the destination IP), and the packet identification rules cached locally. If the analysis of the network monitoring information is passed, the router forwards the TCP/IP packet to the Internet; if the TCP/IP packet is determined to be illegal data through the analysis of the network monitoring information, the monitored device is prohibited from accessing the network, and the security detection process is directly discarded This message; if it is determined that the data of the TCP/IP message cannot be identified through network monitoring information analysis, then copy a TCP/IP message and transmit it to the data server of the cloud platform through the Internet.

后续TCP/IP报文通过大数据智能中心,分析TCP/IP报文的数据帧,形成新的上网规则,即更新的监控内容,并下发更新的监控内容到路由器中,路由器的安全监测进程基于该监控内容更新网络监控信息。Subsequent TCP/IP messages pass through the big data intelligence center to analyze the data frames of the TCP/IP messages to form new Internet access rules, that is, updated monitoring content, and send the updated monitoring content to the router. The security monitoring process of the router The network monitoring information is updated based on the monitoring content.

本发明实施例中,通过网络流分析在路由器侧截获需要监控的数据报文的数据流,通过路由器内置的进程进行分析,并且可以转发到云平台的服务器中与安全数据库匹配,一旦发现有非法的数据流,路由器可以自动屏蔽该设备与非法网站的数据连接。In the embodiment of the present invention, the data flow of the data message to be monitored is intercepted on the router side through network flow analysis, analyzed through the built-in process of the router, and can be forwarded to the server of the cloud platform to match with the security database. data flow, the router can automatically block the data connection between the device and illegal websites.

本实施例中,通过服务器下发的监控内容自动配置路由器的网络监控信息,不需要用户了解复杂的网络安全协议,配置简单,用户只需指示要监控的局域网设备,其余的基于云平台的服务器与路由器配置即可自动实现设备的访问控制。In this embodiment, the network monitoring information of the router is automatically configured through the monitoring content issued by the server, and the user does not need to understand complex network security protocols. It can automatically realize the access control of the device by configuring with the router.

本实施例将大量的逻辑处理放在服务器侧,如对数据分析确定监控内容等,从而降低路由器的硬件成本,可以降低路由器的CPU配置。In this embodiment, a large amount of logic processing is placed on the server side, such as analyzing data to determine monitoring content, etc., thereby reducing the hardware cost of the router and reducing the CPU configuration of the router.

并且,通过在服务器侧不停的分析数据,并不断的更新服务器侧的安全数据库以及监控内容,使得路由器配置的网络监控信息也不断更新,从而准确的控制网络的访问,使得网络访问更加安全。Moreover, by continuously analyzing data on the server side, and constantly updating the security database and monitoring content on the server side, the network monitoring information configured by the router is also constantly updated, thereby accurately controlling network access and making network access more secure.

需要说明的是,对于方法实施例,为了简单描述,故将其都表述为一系列的动作组合,但是本领域技术人员应该知悉,本发明实施例并不受所描述的动作顺序的限制,因为依据本发明实施例,某些步骤可以采用其他顺序或者同时进行。其次,本领域技术人员也应该知悉,说明书中所描述的实施例均属于优选实施例,所涉及的动作并不一定是本发明实施例所必须的。It should be noted that, for the method embodiment, for the sake of simple description, it is expressed as a series of action combinations, but those skilled in the art should know that the embodiment of the present invention is not limited by the described action sequence, because According to the embodiment of the present invention, certain steps may be performed in other orders or simultaneously. Secondly, those skilled in the art should also know that the embodiments described in the specification belong to preferred embodiments, and the actions involved are not necessarily required by the embodiments of the present invention.

实施例三Embodiment Three

在上述实施例的基础上,本实施例还提供了一种路由器。On the basis of the foregoing embodiments, this embodiment also provides a router.

参照图5,示出了本发明一种路由器实施例的结构框图,具体可以包括如下模块:Referring to FIG. 5, it shows a structural block diagram of a router embodiment of the present invention, which may specifically include the following modules:

接收并配置模块502,用于接收服务器下发的监控内容,依据所述监控内容配置自身的网络监控信息。The receiving and configuring module 502 is configured to receive monitoring content issued by the server, and configure its own network monitoring information according to the monitoring content.

报文检测模块504,用于当检测到被监控设备时,按照所述网络监控信息对所述被监控设备的报文数据进行检测。The message detection module 504 is configured to detect the message data of the monitored device according to the network monitoring information when the monitored device is detected.

访问控制模块506,用于当当检测结果为不通过时,丢弃所述数据报文以禁止被监控设备访问所述数据报文对应网页;当检测结果为通过时,将所述数据报文发送到网络。The access control module 506 is used to discard the data message to prohibit the monitored device from accessing the web page corresponding to the data message when the detection result is not passed; when the detection result is passed, the data message is sent to The internet.

综上所述,路由器基于服务器下发的监控内容配置网络监控信息,从而确定要监控的数据报文信息,在被监控设备发送数据报文给路由器后,路由器按照所述网络监控信息对所述被监控设备的报文数据进行检测,当检测结果为不通过时,确定数据报文具有非法内容,丢弃所述数据报文以禁止被监控设备访问所述数据报文对应网页,当检测结果为通过时确定数据报文为合法数据,将所述数据报文发送到网络,从而路由器可以对被监控设备的网络访问进行控制,丢弃对不良网站等非法数据进行访问的数据报文,防止造成数据资源的浪费同时保护设备安全。To sum up, the router configures the network monitoring information based on the monitoring content sent by the server to determine the data packet information to be monitored. After the monitored device sends the data packet to the router, the router The message data of the monitored equipment is detected. When the detection result is not passed, it is determined that the data message has illegal content, and the data message is discarded to prohibit the monitored device from accessing the corresponding web page of the data message. When the detection result is When it passes through, it is determined that the data packet is legal data, and the data packet is sent to the network, so that the router can control the network access of the monitored device, discard the data packet that accesses illegal data such as bad websites, and prevent the data from being damaged. Waste of resources while protecting equipment security.

参照图6,示出了本发明另一种路由器实施例的结构框图,具体可以包括如下模块:Referring to FIG. 6, it shows a structural block diagram of another router embodiment of the present invention, which may specifically include the following modules:

接收并配置模块602,用于接收依据服务器下发的监控内容,依据所述监控内容配置自身的网络监控信息。The receiving and configuring module 602 is configured to receive the monitoring content issued by the server, and configure its own network monitoring information according to the monitoring content.

报文检测模块604,用于当检测到被监控设备时,按照所述网络监控信息对所述被监控设备的报文数据进行检测。The message detection module 604 is configured to detect the message data of the monitored device according to the network monitoring information when the monitored device is detected.

访问控制模块606,用于当检测结果为不通过时,丢弃所述数据报文以禁止被监控设备访问所述数据报文对应网页;当检测结果为通过时,将所述数据报文发送到网络以使所述被监控设备正常访问所述数据报文对应网页;当检测结果为不识别时,将所述数据报文上传给服务器进行分析。The access control module 606 is used to discard the data message to prohibit the monitored device from accessing the webpage corresponding to the data message when the detection result is not passed; when the detection result is passed, the data message is sent to The network enables the monitored device to normally access the webpage corresponding to the data message; when the detection result is not recognized, the data message is uploaded to the server for analysis.

本发明一个可选实施例中,所述监控内容包括以下至少一项:待监控网址数据、时间数据和识别规则。In an optional embodiment of the present invention, the monitoring content includes at least one of the following: website data to be monitored, time data and identification rules.

所述接收并配置模块602,包括:The receiving and configuring module 602 includes:

网址配置子模块60202,用于从所述监控内容中获取待监控网址数据;将所述待监控网址数据配置到所述路由器的防火墙列表中,将所述防火墙列表作为网络监控信息。The website configuration sub-module 60202 is used to acquire website data to be monitored from the monitored content; configure the website data to be monitored into the firewall list of the router, and use the firewall list as network monitoring information.

时间配置子模块60204,用于从所述监控内容中获取所述时间数据,依据所述时间数据配置网络监控信息的监控时间。The time configuration sub-module 60204 is configured to obtain the time data from the monitoring content, and configure the monitoring time of the network monitoring information according to the time data.

识别规则配置子模块60206,用于从所述监控内容中获取报文识别规则,将所述报文识别规则作为网络监控信息存储到所述路由器的本地缓存中。The identification rule configuration sub-module 60206 is configured to acquire packet identification rules from the monitoring content, and store the packet identification rules as network monitoring information in the router's local cache.

所述报文检测模块604,包括:The message detection module 604 includes:

网址检测子模块60402,用于检测所述被监控设备的报文数据中请求访问的网络地址是否在防火墙列表内;当所述请求访问的网络地址在防火墙列表中,确认所述数据报文与所述网络监控信息匹配,记录检测结果为不通过;当所述请求访问的网络地址不在防火墙列表中,确认所述数据报文与所述网络监控信息不匹配,记录检测结果为通过。The URL detection sub-module 60402 is used to detect whether the network address requesting access in the message data of the monitored device is in the firewall list; when the network address requesting access is in the firewall list, confirm that the data message and The network monitoring information matches, and the detection result is recorded as failed; when the network address requested for access is not in the firewall list, it is confirmed that the data packet does not match the network monitoring information, and the detection result is recorded as passed.

时间检测子模块60404,用于获取当前的时间信息,检测所述时间信息是否位于监控时间内;当所述时间信息位于监控时间内,记录检测结果为不通过;当所述时间信息不位于监控时间内,执行检测请求访问的网络地址是否在防火墙列表内的步骤。The time detection sub-module 60404 is used to obtain the current time information, and detect whether the time information is within the monitoring time; when the time information is within the monitoring time, record the detection result as fail; when the time information is not within the monitoring time Within the time, execute the step of detecting whether the network address requesting access is in the firewall list.

识别规则检测子模块60406,用于按照本地缓存中的报文识别规则对所述数据报文进行识别,当无法识别所述数据报文时,记录检测结果为不识别,执行将所述数据报文发送到网络的步骤以上传给服务器进行分析;当能够识别所述数据报文时,执行将所述数据报文发送到网络的步骤以使所述被监控设备访问所述数据报文对应的网页。The identification rule detection sub-module 60406 is used to identify the data message according to the message identification rule in the local cache. When the data message cannot be identified, record the detection result as not identified, and perform The step of sending the data message to the network is uploaded to the server for analysis; when the data message can be identified, the step of sending the data message to the network is executed to enable the monitored device to access the corresponding Web page.

本发明另一个可选实施例中,所述接收并配置模块602,还用于获取服务器更新的监控内容;依据所述更新的监控内容更新所述网络监控信息。In another optional embodiment of the present invention, the receiving and configuring module 602 is further configured to acquire the updated monitoring content of the server; and update the network monitoring information according to the updated monitoring content.

被监控设备配置模块608,用于收集接入所述路由器的各局域网设备的设备信息生成局域网设备列表;反馈所述局域网设备列表中的设备信息以供用户选择被监控设备;依据用户的指示信息从所述局域网设备列表中选择局域网设备作为被监控设备,获取所述被监控设备的设备信息添加到监控列表中。The monitored device configuration module 608 is used to collect the device information of each LAN device connected to the router to generate a LAN device list; feed back the device information in the LAN device list for the user to select the monitored device; according to the user's instruction information Selecting a local area network device as a monitored device from the local area network device list, acquiring device information of the monitored device and adding it to the monitoring list.

设备检测模块610,接收局域网设备发送的数据报文,依据所述数据报文获取局域网设备的地址信息;依据所述地址信息检测所述局域网设备是否为监控列表中配置的被监控设备;当所述局域网设备为非被监控设备时,将所述数据报文发送到网络。The device detection module 610 receives the data message sent by the LAN device, obtains the address information of the LAN device according to the data message; detects whether the LAN device is a monitored device configured in the monitoring list according to the address information; when the When the local area network device is not a monitored device, send the data packet to the network.

实施例四Embodiment four

在上述实施例的基础上,本实施例还提供了一种网络访问控制系统。On the basis of the above embodiments, this embodiment also provides a network access control system.

参照图7,示出了本发明一种网络访问控制系统实施例的结构框图。Referring to FIG. 7 , it shows a structural block diagram of an embodiment of a network access control system according to the present invention.

该网络访问控制系统包括:用户设备702、服务器704和如上述实施例三所述路由器706。The network access control system includes: a user equipment 702, a server 704, and a router 706 as described in the third embodiment above.

本发明实施例中,通过网络流分析在路由器侧截获需要监控的数据报文的数据流,通过路由器内置的进程进行分析,并且可以转发到云平台的服务器中与安全数据库匹配,一旦发现有非法的数据流,路由器可以自动屏蔽该设备与非法网站的数据连接。In the embodiment of the present invention, the data flow of the data message to be monitored is intercepted on the router side through network flow analysis, analyzed through the built-in process of the router, and can be forwarded to the server of the cloud platform to match with the security database. data flow, the router can automatically block the data connection between the device and illegal websites.

本实施例中,通过服务器下发的监控内容自动配置路由器的网络监控信息,不需要用户了解复杂的网络安全协议,配置简单,用户只需指示要监控的用户设备,其余的基于云平台的服务器与路由器配置即可自动实现设备的访问控制。In this embodiment, the network monitoring information of the router is automatically configured through the monitoring content issued by the server, and the user does not need to understand complex network security protocols. It can automatically realize the access control of the device by configuring with the router.

本实施例将大量的逻辑处理放在服务器侧,如对数据分析确定监控内容等,从而降低路由器的硬件成本,可以降低路由器的CPU配置。In this embodiment, a large amount of logic processing is placed on the server side, such as analyzing data to determine monitoring content, etc., thereby reducing the hardware cost of the router and reducing the CPU configuration of the router.

并且,通过在服务器侧不停的分析数据,并不断的更新服务器侧的安全数据库以及监控内容,使得路由器配置的网络监控信息也不断更新,从而准确的控制网络的访问,使得网络访问更加安全。Moreover, by continuously analyzing data on the server side, and constantly updating the security database and monitoring content on the server side, the network monitoring information configured by the router is also constantly updated, thereby accurately controlling network access and making network access more secure.

对于装置实施例而言,由于其与方法实施例基本相似,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。As for the device embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and for related parts, please refer to the part of the description of the method embodiment.

本说明书中的各个实施例均采用递进的方式描述,每个实施例重点说明的都是与其他实施例的不同之处,各个实施例之间相同相似的部分互相参见即可。Each embodiment in this specification is described in a progressive manner, each embodiment focuses on the difference from other embodiments, and the same and similar parts of each embodiment can be referred to each other.

本领域内的技术人员应明白,本发明实施例的实施例可提供为方法、装置、或计算机程序产品。因此,本发明实施例可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明实施例可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that the embodiments of the present invention may be provided as methods, devices, or computer program products. Accordingly, embodiments of the invention may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, embodiments of the invention may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.

本发明实施例是参照根据本发明实施例的方法、终端设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理终端设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理终端设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。Embodiments of the present invention are described with reference to flowcharts and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the present invention. It should be understood that each procedure and/or block in the flowchart and/or block diagram, and a combination of procedures and/or blocks in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions may be provided to a general purpose computer, special purpose computer, embedded processor or processor of other programmable data processing terminal equipment to produce a machine such that instructions executed by the computer or processor of other programmable data processing terminal equipment Produce means for realizing the functions specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理终端设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing terminal to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising instruction means, the The instruction means implements the functions specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

这些计算机程序指令也可装载到计算机或其他可编程数据处理终端设备上,使得在计算机或其他可编程终端设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程终端设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded into a computer or other programmable data processing terminal equipment, so that a series of operational steps are performed on the computer or other programmable terminal equipment to produce computer-implemented processing, thereby The instructions executed above provide steps for implementing the functions specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

尽管已描述了本发明实施例的优选实施例,但本领域内的技术人员一旦得知了基本创造性概念,则可对这些实施例做出另外的变更和修改。所以,所附权利要求意欲解释为包括优选实施例以及落入本发明实施例范围的所有变更和修改。Having described preferred embodiments of embodiments of the present invention, additional changes and modifications to these embodiments can be made by those skilled in the art once the basic inventive concept is appreciated. Therefore, the appended claims are intended to be construed to cover the preferred embodiment and all changes and modifications which fall within the scope of the embodiments of the present invention.

最后,还需要说明的是,在本文中,诸如第一和第二等之类的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者终端设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者终端设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、物品或者终端设备中还存在另外的相同要素。Finally, it should also be noted that in this text, relational terms such as first and second etc. are only used to distinguish one entity or operation from another, and do not necessarily require or imply that these entities or operations, any such actual relationship or order exists. Furthermore, the term "comprises", "comprises" or any other variation thereof is intended to cover a non-exclusive inclusion such that a process, method, article, or terminal equipment comprising a set of elements includes not only those elements, but also includes elements not expressly listed. other elements identified, or also include elements inherent in such a process, method, article, or end-equipment. Without further limitations, an element defined by the phrase "comprising a ..." does not exclude the presence of additional identical elements in the process, method, article or terminal device comprising said element.

以上对本发明所提供的一种基于路由器的网络访问控制方法,一种路由器,以及一种网络访问控制系统,进行了详细介绍,本文中应用了具体个例对本发明的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本发明的方法及其核心思想;同时,对于本领域的一般技术人员,依据本发明的思想,在具体实施方式及应用范围上均会有改变之处,综上所述,本说明书内容不应理解为对本发明的限制。A router-based network access control method, a router, and a network access control system provided by the present invention have been described above in detail. In this paper, specific examples are used to illustrate the principle and implementation of the present invention. , the description of the above embodiments is only used to help understand the method of the present invention and its core idea; at the same time, for those of ordinary skill in the art, according to the idea of the present invention, there will be changes in the specific implementation and application scope In summary, the contents of this specification should not be construed as limiting the present invention.

Claims (17)

1. a method for network access control based on router, it is characterised in that in router side, Including:
Receive the monitoring content that server issues, according to the network monitoring letter of described monitoring content configuration self Breath;
When monitored device being detected, according to the described network monitoring information report to described monitored device Literary composition data detect;
When testing result is obstructed out-of-date, abandon described data message described to forbid that monitored device accesses Data message correspondence webpage;
When testing result be by time, described data message is sent to network.
Method the most according to claim 1, it is characterised in that described monitoring content includes waiting to supervise Control website data, the described network monitoring information according to described monitoring content configuration self, including:
Website data to be monitored is obtained from described monitoring content;
Described website data to be monitored is configured in the fire wall list of described router, by described fire prevention Wall list is as network monitoring information.
Method the most according to claim 2, it is characterised in that described network monitoring information is to institute The message data stating monitored device detects, including:
Whether detect the network address asking to access in the message data of described monitored device at fire wall In list;
When the network address that described request accesses is in fire wall list, confirm that described data message is with described Network monitoring information mates, and record testing result is not for pass through;
When the network address that described request accesses is not in fire wall list, confirm described data message and institute Stating network monitoring information not mate, record testing result is for passing through.
Method the most according to claim 3, it is characterised in that described monitoring content also includes: Time data;
The described network monitoring information according to described monitoring content configuration self, also includes: from described monitoring Content obtains described time data, configures the monitoring of described network monitoring information according to described time data Time;
The message data of the described monitored device of described detection is asked the network address accessed whether anti- Before in wall with flues list, also include:
Obtain current temporal information, detect whether described temporal information is positioned at monitoring period;
When described temporal information is positioned at monitoring period, and record testing result is not for pass through;
When described temporal information is not positioned at monitoring period, and whether the network address that execution detection request accesses Step in fire wall list.
Method the most according to claim 3, it is characterised in that described monitoring content also includes: Message recognition rule,
The described network monitoring information according to described monitoring content configuration self, including: in described monitoring Appearance obtains message recognition rule, described message recognition rule is stored as described network monitoring information In the local cache of described router;
The network address that the request that detects accesses is not after fire wall list, and described method also includes:
According to the message recognition rule in local cache, described data message is identified;
When data message described in None-identified, record testing result is nonrecognition, performs described data Message is sent to the step of network and is analyzed to be uploaded to server;
When being capable of identify that described data message, perform the step that described data message is sent to network with Described monitored device is made to access the webpage that described data message is corresponding.
6. according to the method described in any one of claim 1 to 5, it is characterised in that also include:
Receive the monitoring content of server update;
Described network monitoring information is updated according to the monitoring content of described renewal.
Method the most according to claim 1, it is characterised in that also include:
The facility information collecting each lan device accessing described router generates lan device list;
The facility information fed back in described lan device list selects monitored device for user;
From described lan device list, select monitored device according to the instruction information of user, obtain institute The facility information stating monitored device adds in watch-list.
Method the most according to claim 7, it is characterised in that also include:
Receive the data message that lan device sends, obtain lan device according to described data message Address information;
Whether detect described lan device according to described address information is being supervised of configuration in watch-list Control equipment;
When described lan device is non-monitored device, described data message is sent to network.
9. a router, it is characterised in that including:
Receive and configure module, for receiving the monitoring content that server issues, according to described monitoring content Configure the network monitoring information of self;
Packet check module, for when detecting monitored device, according to described network monitoring information pair The message data of described monitored device detects;
Access control module, for being obstructed out-of-date when testing result, abandons described data message to forbid Monitored device accesses described data message correspondence webpage;When testing result be by time, by described data Message is sent to network.
Router the most according to claim 9, it is characterised in that described monitoring content includes treating Monitoring website data, described reception also configures module, including:
Network address configuration submodule, for obtaining website data to be monitored from described monitoring content;By described Website data to be monitored is configured in the fire wall list of described router, using described fire wall list as Network monitoring information.
11. routers according to claim 10, it is characterised in that described network monitoring information To described packet check module, including:
Network address detection sub-module, asks the net accessed in the message data detecting described monitored device Whether network address is in fire wall list;When the network address that described request accesses is in fire wall list, Confirming that described data message mates with described network monitoring information, record testing result is not for pass through;Work as institute The network address that request of stating accesses, not in fire wall list, confirms that described data message is supervised with described network Control information is not mated, and record testing result is for passing through.
12. routers according to claim 11, it is characterised in that described monitoring content also wraps Include: time data;
Described reception also configures module, also includes: time configuration submodule, for from described monitoring content The described time data of middle acquisition, when configuring the monitoring of described network monitoring information according to described time data Between;
Described packet check module, also includes: time detecting submodule, for obtaining current time letter Breath, detects whether described temporal information is positioned at monitoring period;When described temporal information is positioned at monitoring period In, record testing result is not for pass through;When described temporal information is not positioned at monitoring period, call network address Detection sub-module performs the network address whether step in fire wall list that detection request accesses.
13. routers according to claim 11, it is characterised in that described monitoring content also wraps Include: message recognition rule,
Described reception also configures module, including: recognition rule configuration submodule, in described monitoring Appearance obtains message recognition rule, described message recognition rule is stored as described network monitoring information In the local cache of described router;
Described packet check module, also includes: recognition rule detection sub-module, for according to local cache In message recognition rule described data message is identified, when data message described in None-identified, Record testing result is nonrecognition, performs the step that described data message is sent to network to be uploaded to clothes Business device is analyzed;When being capable of identify that described data message, perform described data message is sent to net The step of network is so that described monitored device accesses the webpage that described data message is corresponding.
14. according to the router described in any one of claim 9 to 13, it is characterised in that
Described reception also configures module, is additionally operable to receive the monitoring content of server update;According to described more New monitoring content updates described network monitoring information.
15. routers according to claim 9, it is characterised in that also include:
Monitored device configuration module, for collecting the equipment of each lan device accessing described router Information generates lan device list;Feed back the facility information in described lan device list for user Select monitored device;From described lan device list, LAN is selected according to the instruction information of user Equipment adds in watch-list as monitored device, the facility information obtaining described monitored device.
16. routers according to claim 15, it is characterised in that also include:
Equipment Inspection module, receives the data message that lan device sends, obtains according to described data message Take the address information of lan device;Detect whether described lan device is prison according to described address information The monitored device of configuration in control list;When described lan device is non-monitored device, by described Data message is sent to network.
17. 1 kinds of network access control systems, it is characterised in that including: subscriber equipment, server and Router described in the claims 9-13,15 any one.
CN201510305623.4A 2015-06-04 2015-06-04 Network access control method, router and system based on router Pending CN105978844A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510305623.4A CN105978844A (en) 2015-06-04 2015-06-04 Network access control method, router and system based on router

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510305623.4A CN105978844A (en) 2015-06-04 2015-06-04 Network access control method, router and system based on router

Publications (1)

Publication Number Publication Date
CN105978844A true CN105978844A (en) 2016-09-28

Family

ID=56988124

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510305623.4A Pending CN105978844A (en) 2015-06-04 2015-06-04 Network access control method, router and system based on router

Country Status (1)

Country Link
CN (1) CN105978844A (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108270751A (en) * 2016-12-30 2018-07-10 阿里巴巴集团控股有限公司 Application management method, device and data sending processing method and apparatus
CN109768935A (en) * 2019-03-14 2019-05-17 海南梯易易智能科技有限公司 Wireless router and its method for safe operation with intelligent recognition and filtering function
CN109933001A (en) * 2019-04-11 2019-06-25 韩拥军 Firewall, method and system for programmable logic controller (PLC)
CN110620799A (en) * 2018-06-20 2019-12-27 深圳市从晶科技有限公司 Data processing method and system
CN111131163A (en) * 2019-11-26 2020-05-08 视联动力信息技术股份有限公司 Data processing method and device based on video network
CN113010122A (en) * 2021-03-12 2021-06-22 珠海奔图电子有限公司 Image forming apparatus monitoring apparatus, method, system, and storage medium
CN113472602A (en) * 2021-05-25 2021-10-01 南京智数科技有限公司 Monitoring system and monitoring method of LORA gateway
CN113946773A (en) * 2021-10-21 2022-01-18 绿盟科技集团股份有限公司 File access control method and device, electronic equipment and storage medium
CN114980097A (en) * 2022-04-11 2022-08-30 荣耀终端有限公司 Camera information management method and camera information management device
CN116567629A (en) * 2023-07-07 2023-08-08 深圳市江元科技(集团)有限公司 Method, system and medium for realizing intelligent management and control of android device surfing Internet

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1581804A (en) * 2004-05-21 2005-02-16 许仁祥 Home network content filtering system base on broadband intelligent network-screening hardware
CN101056306A (en) * 2006-04-11 2007-10-17 中兴通讯股份有限公司 Network device and its access control method
CN101951380A (en) * 2010-09-28 2011-01-19 杭州华三通信技术有限公司 Access control method and device used therein in dual-stack lite network
US8090856B1 (en) * 2000-01-31 2012-01-03 Telecommunication Systems, Inc. Intelligent messaging network server interconnection
CN102316034A (en) * 2011-09-06 2012-01-11 中兴通讯股份有限公司 Method for preventing manual Internet protocol (IP) address specification in local area network and device
EP2480019A1 (en) * 2011-01-18 2012-07-25 Iniwan GmbH Provision of a pre-defined content over an open wireless network
CN103532917A (en) * 2012-07-06 2014-01-22 天讯天网(福建)网络科技有限公司 Website-filtering method based on mobile Internet and cloud computing
CN104202360A (en) * 2014-08-13 2014-12-10 小米科技有限责任公司 Webpage access method, device and router
CN104254070A (en) * 2013-06-25 2014-12-31 中兴通讯股份有限公司 WiFi access method, intelligent terminal and router equipment
CN104580252A (en) * 2015-01-29 2015-04-29 小米科技有限责任公司 Network access control method and device

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8090856B1 (en) * 2000-01-31 2012-01-03 Telecommunication Systems, Inc. Intelligent messaging network server interconnection
CN1581804A (en) * 2004-05-21 2005-02-16 许仁祥 Home network content filtering system base on broadband intelligent network-screening hardware
CN101056306A (en) * 2006-04-11 2007-10-17 中兴通讯股份有限公司 Network device and its access control method
CN101951380A (en) * 2010-09-28 2011-01-19 杭州华三通信技术有限公司 Access control method and device used therein in dual-stack lite network
EP2480019A1 (en) * 2011-01-18 2012-07-25 Iniwan GmbH Provision of a pre-defined content over an open wireless network
CN102316034A (en) * 2011-09-06 2012-01-11 中兴通讯股份有限公司 Method for preventing manual Internet protocol (IP) address specification in local area network and device
CN103532917A (en) * 2012-07-06 2014-01-22 天讯天网(福建)网络科技有限公司 Website-filtering method based on mobile Internet and cloud computing
CN104254070A (en) * 2013-06-25 2014-12-31 中兴通讯股份有限公司 WiFi access method, intelligent terminal and router equipment
CN104202360A (en) * 2014-08-13 2014-12-10 小米科技有限责任公司 Webpage access method, device and router
CN104580252A (en) * 2015-01-29 2015-04-29 小米科技有限责任公司 Network access control method and device

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108270751A (en) * 2016-12-30 2018-07-10 阿里巴巴集团控股有限公司 Application management method, device and data sending processing method and apparatus
CN110620799A (en) * 2018-06-20 2019-12-27 深圳市从晶科技有限公司 Data processing method and system
CN109768935A (en) * 2019-03-14 2019-05-17 海南梯易易智能科技有限公司 Wireless router and its method for safe operation with intelligent recognition and filtering function
CN109768935B (en) * 2019-03-14 2023-10-10 海南梯易易智能科技有限公司 Wireless router with intelligent recognition and filtering functions and safe operation method thereof
CN109933001A (en) * 2019-04-11 2019-06-25 韩拥军 Firewall, method and system for programmable logic controller (PLC)
CN111131163A (en) * 2019-11-26 2020-05-08 视联动力信息技术股份有限公司 Data processing method and device based on video network
CN113010122A (en) * 2021-03-12 2021-06-22 珠海奔图电子有限公司 Image forming apparatus monitoring apparatus, method, system, and storage medium
CN113472602A (en) * 2021-05-25 2021-10-01 南京智数科技有限公司 Monitoring system and monitoring method of LORA gateway
CN113946773A (en) * 2021-10-21 2022-01-18 绿盟科技集团股份有限公司 File access control method and device, electronic equipment and storage medium
CN114980097A (en) * 2022-04-11 2022-08-30 荣耀终端有限公司 Camera information management method and camera information management device
CN116567629A (en) * 2023-07-07 2023-08-08 深圳市江元科技(集团)有限公司 Method, system and medium for realizing intelligent management and control of android device surfing Internet
CN116567629B (en) * 2023-07-07 2023-09-19 深圳市江元科技(集团)有限公司 Method, system and medium for realizing intelligent management and control of android device surfing Internet

Similar Documents

Publication Publication Date Title
CN105978844A (en) Network access control method, router and system based on router
US11632392B1 (en) Distributed malware detection system and submission workflow thereof
US10257199B2 (en) Online privacy management system with enhanced automatic information detection
US11330016B2 (en) Generating collection rules based on security rules
KR102390765B1 (en) Distributed traffic management system and techniques
JP6006788B2 (en) Using DNS communication to filter domain names
WO2018121331A1 (en) Attack request determination method, apparatus and server
US20080184357A1 (en) Firewall based on domain names
US20170032147A1 (en) Obscuring user web usage patterns
EP2830280A1 (en) Web caching with security as a service
WO2017107780A1 (en) Method, device and system for recognizing illegitimate proxy for charging fraud
JP2020140723A (en) Network attack defense system and method
US10469499B2 (en) Website filtering using bifurcated domain name system
CN106899549B (en) Network security detection method and device
CA2982107A1 (en) Systems and methods for generating network threat intelligence
CN115189897A (en) Access processing method, device, electronic device and storage medium for zero trust network
CN113810381B (en) Crawler detection method, web application cloud firewall device and storage medium
CN114466054B (en) Data processing method, device, equipment and computer readable storage medium
US11023607B1 (en) Detecting behavioral anomalies in user-data access logs
EP2973192B1 (en) Online privacy management
US10574680B2 (en) Malware detection in distributed computer systems
US11979374B2 (en) Local network device connection control
US11394687B2 (en) Fully qualified domain name (FQDN) determination
CN102754488A (en) User access control method, apparatus and system
US11627050B2 (en) Distinguishing network connection requests

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20160928