[go: up one dir, main page]

CN1464425A - A method of simplified access of internet service provider's portal websites - Google Patents

A method of simplified access of internet service provider's portal websites Download PDF

Info

Publication number
CN1464425A
CN1464425A CN 02123503 CN02123503A CN1464425A CN 1464425 A CN1464425 A CN 1464425A CN 02123503 CN02123503 CN 02123503 CN 02123503 A CN02123503 A CN 02123503A CN 1464425 A CN1464425 A CN 1464425A
Authority
CN
China
Prior art keywords
portal
message
server
address
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN 02123503
Other languages
Chinese (zh)
Other versions
CN1230766C (en
Inventor
涂伯颜
史文江
张劲峰
杨宏杰
赵文鹏
王锋波
罗成
肖维
董靖宇
谢小娟
温元德
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN 02123503 priority Critical patent/CN1230766C/en
Publication of CN1464425A publication Critical patent/CN1464425A/en
Application granted granted Critical
Publication of CN1230766C publication Critical patent/CN1230766C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

本发明涉及一种简易访问网络运营商门户网站的方法,利用目的地址转换+源地址转换+重定向技术,将用户首次登录时对任意网站的访问,都强制到门户网站服务器(Portal_Server)上,并在通过认证后不再强制,保证用户正常上网。包括:接入服务器对用户未通过认证前的上行HTTP报文进行目的地址强制转换,将其目的网站地址替换成门户网站服务器的地址,强制到门户网站服务器上;门户网站服务器建立传输控制协议连接,同时向用户发送包含重定向信息的回应报文;接入服务器对下行HTTP报文进行源地址强制转换,将门户网站服务器的地址替换成用户原本希望访问的目的网站地址;用户接收含有重定向信息的回应报文,自动以门户网站服务器的IP地址直接访问。

Figure 02123503

The invention relates to a method for simply accessing a portal website of a network operator, using destination address translation + source address translation + redirection technology to force a user's visit to any website when logging in for the first time to a portal server (Portal_Server), And after passing the authentication, it is no longer mandatory to ensure that users can surf the Internet normally. Including: the access server performs forced conversion of the destination address of the upstream HTTP message before the user fails to pass the authentication, replaces the destination website address with the address of the portal website server, and forces it to the portal website server; the portal website server establishes a transmission control protocol connection , and at the same time send a response message containing redirection information to the user; the access server performs source address conversion on the downlink HTTP message, and replaces the address of the portal website server with the address of the destination website that the user originally wanted to visit; the user receives a response message containing redirection information The response message of the information is automatically accessed directly with the IP address of the portal server.

Figure 02123503

Description

一种简易访问网络运营商门户网站的方法A Simple Method of Accessing Network Operator's Portal

技术领域technical field

本发明涉及一种互联网业务技术,更确切地说是涉及一种与强制(Portal)业务有关的技术。The present invention relates to an Internet service technology, more specifically to a technology related to mandatory (Portal) services.

背景技术Background technique

Portal业务是NSP/ISP(网络服务提供商/英特网服务提供商)提供给用户的一种新型的宽带接入业务,用户在上网时,可以通过标准的WWW浏览器(Internet Explorer或Netscape Navigator)访问其门户网站(Portal_Server,通过Web Server来实现)进行。各运营商有自己的Portal_Server。Portal service is a new type of broadband access service provided by NSP/ISP (Network Service Provider/Internet Service Provider) to users. When users surf the Internet, they can use standard WWW browsers (Internet Explorer or Netscape Navigator ) to visit its portal website (Portal_Server, realized by Web Server). Each operator has its own Portal_Server.

由于目前任何一个用户要访问任一个网站都需直接输入该网站的域名或者I P地址方可进行,用户访问Portal业务的网站时也需按以下步骤进行:先打开浏览器,输入Portal_Server的IP地址或域名,访问到该Portal业务的门户网站;然后再在该门户网站的主页上输入用户名和密码进行认证;经过认证获得相应的上网权限。此外,可在此主页上动态选择适合用户自己的业务,或查询用户关心的一些信息,实现用户对自己的管理等。也即,用户每次要访问Portal_Server网站,都必须在浏览器上输入完整的域名或者IP地址才能进行。Since any user needs to directly enter the domain name or IP address of the website to access any website, the user also needs to follow the steps below to access the website of the Portal business: first open the browser and enter the IP address of the Portal_Server or domain name to access the portal website of the Portal business; then enter the user name and password on the homepage of the portal website for authentication; and obtain the corresponding Internet access authority after authentication. In addition, on this homepage, you can dynamically select the business that suits you, or query some information that you care about, so that you can manage yourself. That is, every time the user wants to visit the Portal_Server website, he must input the complete domain name or IP address on the browser to proceed.

根据以上陈述,Portal_Server作为Portal业务的重要组成部分,是Portal业务的用户上网时必须访问的网站,是用户上网时的门户。如果采用上述传统的访问网站的方法,即每次都需输入域名和IP地址,就必须要求运营商向每个用户提供其网站的域名或IP地址,同时用户也必须记住该网站的域名或IP地址,显然给运营商和用户都带来不便,从而不利于Portal业务的推广。According to the above statement, Portal_Server, as an important part of the Portal business, is the website that the users of the Portal business must visit when surfing the Internet, and is the portal when the users surf the Internet. If the above-mentioned traditional method of accessing a website is adopted, that is, a domain name and an IP address need to be input every time, the operator must be required to provide each user with the domain name or IP address of its website, and the user must also remember the domain name or IP address of the website simultaneously. The IP address obviously brings inconvenience to operators and users, which is not conducive to the promotion of Portal services.

由于Portal_Server门户网站是Portal业务的用户上网时必经的入口网站,对它提供一个十分简易方便的访问方法显得尤其重要。Since the Portal_Server portal site is the portal site that must be passed by the users of the Portal business when surfing the Internet, it is particularly important to provide a very simple and convenient access method for it.

为了方便运营商对Portal业务的开展和方便用户的使用,必须针对上述问题设计一种新的访问Portal业务网站的方法,使Portal业务的用户可以不必关心这个Portal_Server的域名或IP,用户正常地按自己的习惯上网,随意地在浏览器上输入用户自己熟悉的域名或IP地址,或者甚至是随意地敲入几个数字,就能被自动地引导到这个门户网站上,方便用户登录此网站。In order to facilitate the development of Portal services by operators and the use of users, it is necessary to design a new method of accessing Portal service websites for the above problems, so that users of Portal services do not need to care about the domain name or IP of this Portal_Server, and users normally press According to one's own habit of surfing the Internet, one can randomly input the familiar domain name or IP address of the user on the browser, or even type in a few numbers at will, and it will be automatically directed to this portal website, which is convenient for the user to log in to this website.

发明内容Contents of the invention

本发明的目的是设计一种简易访问网络运营商门户网站的方法,使用户在首次登录时,访问任何网站都被强制到Portal_Server网站,在它上面完成认证和业务选择,同时在用户通过认证后,保证用户再访问任何网站时将不会再被强制,也就是用户可正常上网。The purpose of the present invention is to design a method for simply accessing the portal website of a network operator, so that when the user logs in for the first time, any website visited is forced to the Portal_Server website, and authentication and service selection are completed on it. , to ensure that the user will not be forced to visit any website again, that is, the user can surf the Internet normally.

本发明要解决的问题正是如何将用户首次登录时要进行的任何访问强制到Portal_Server网站,以及在用户通过认证后不再进行强制,保证用户正常上网。The problem to be solved by the present invention is exactly how to force any visits to be carried out when the user logs in for the first time to the Portal_Server website, and no longer force after the user passes the authentication, so as to ensure the normal access of the user.

实现本发明目的的技术方案是这样的:一种简易访问网络运营商门户网站的方法,其特征在于包括以下处理步骤:The technical scheme that realizes the object of the present invention is such: a kind of method for simply visiting network operator's portal website is characterized in that comprising the following processing steps:

A.接入服务器对门户业务用户设备未通过认证前的第一个上行HTTP报文进行强制性的目的地址转换,将门户业务用户设备要访问的目的网站地址替换成门户网站服务器的地址,将该HTTP报文强制到门户网站服务器上;A. The access server performs mandatory destination address translation on the first upstream HTTP packet before the portal service user equipment fails authentication, and replaces the destination website address to be accessed by the portal service user equipment with the address of the portal website server. The HTTP message is forced to the portal server;

B.收到该HTTP报文的门户网站服务器建立传输控制协议连接,同时向门户业务用户设备发送包含重定向信息的回应报文;B. The portal website server that receives the HTTP message establishes a transmission control protocol connection, and simultaneously sends a response message that includes redirection information to the portal service user equipment;

C.接入服务器对于来自门户网站服务器的下行HTTP报文进行强制性的源地址转换,将门户网站服务器的地址替换成门户业务用户设备原本希望访问的目的网站地址;C. The access server performs mandatory source address translation on the downlink HTTP message from the portal server, and replaces the address of the portal server with the address of the destination website that the portal business user equipment originally wanted to visit;

D.门户业务用户设备接收由接入服务器返回的含有重定向信息的回应报文,自动以门户网站服务器的IP地址直接访问门户网站服务器。D. The portal service user equipment receives the response message containing the redirection information returned by the access server, and automatically directly accesses the portal server with the IP address of the portal server.

所述步骤A中的上行HTTP报文,可以是门户业务用户向浏览器输入的任何正确的域名、IP地址或任何数字后形成的IP报文。The uplink HTTP message in step A may be an IP message formed after any correct domain name, IP address or any number input by the portal service user to the browser.

所述的步骤A前进一步包括以下处理步骤:Before described step A, further comprise the following processing steps:

A1.由接入服务器分析上行报文连接信息,对于判断为非门户业务用户设备的IP报文,作直接转发处理;A1. The access server analyzes the connection information of the uplink message, and directly forwards the IP message determined to be a non-portal service user equipment;

A2.接入服务器通过将来自门户业务用户设备上行报文的目的IP地址与接入服务器上已配置好的门户网站服务器的IP地址比较,判断其IP报文是否是直接访问门户网站服务器的报文;A2. The access server judges whether the IP packet directly accesses the portal server by comparing the destination IP address of the uplink message from the portal service user equipment with the IP address of the portal server configured on the access server. arts;

A3.接入服务器还根据其IP报文的目的端口号判断是否是进行域名解析的报文;A3. The access server also judges whether it is a message for domain name resolution according to the destination port number of the IP message;

A4.对于是直接访问门户网站服务器的报文或是进行域名解析的报文,作直接转发处理;A4. Directly forward the message for directly accessing the portal server or the message for domain name resolution;

A5.对于不是直接访问门户网站服务器的报文或不是进行域名解析的报文,进一步判断是否是门户业务用户设备未通过认证前的第一个上行HTTP报文,对于不是HTTP报文的IP报文,在报文上设置丢弃标志。A5. For a message that does not directly access the portal server or a message that does not perform domain name resolution, further determine whether it is the first upstream HTTP message before the portal service user device fails authentication. For IP messages that are not HTTP messages Set the discard flag on the message.

所述的步骤C前进一步包括以下处理步骤:Before described step C, further comprise the following processing steps:

C1.由接入服务器分析下行报文连接信息,对于判断为非门户业务用户设备的IP报文,作直接转发处理;C1. The access server analyzes the connection information of the downlink message, and performs direct forwarding processing for the IP message judged to be a non-portal service user equipment;

C2.接入服务器对于是门户业务用户的IP报文,根据其目的端口号判断该IP报文是否是来自门户网站服务器的、未通过认证的门户业务用户的HTTP报文;C2. access server, for the IP message of the portal service user, judges whether the IP message is an HTTP message from the portal server and the portal service user who has not passed the authentication according to its destination port number;

C3.对于不是来自门户网站服务器的HTTP报文,接入服务器还根据其IP报文的目的端口号判断是否是来自门户网站服务器的IP报文或是进行域名解析的回应报文;C3. For the HTTP message not from the portal server, the access server also judges whether it is an IP message from the portal server or a response message for domain name resolution according to the destination port number of the IP message;

C4.接入服务器对是来自于门户网站服务器的IP报文或是进行域名解析的回应报文,作直接转发处理;C4. The access server directly forwards the IP message from the portal server or the response message for domain name resolution;

C5.接入服务器对于不是来自门户网站服务器的IP报文或不是进行域名解析的回应报文,在IP报文上设置丢弃标志。C5. The access server sets a discard flag on the IP message that does not come from the portal server or the response message that does not perform domain name resolution.

本发明提出的强制Portal的技术方法,使得用户可以按自己的习惯上网,在未通过认证前输入任何只要是正确的域名、IP地址,或者甚至是任何的数字,都可以被强制到Portal_Server上,实现对Portal_Server的访问,这样用户就可以不必去关心这个Portal_Server的域名或IP地址,用户将自动被引导到这个门户网站上。The technical method of forcing Portal proposed by the present invention enables users to surf the Internet according to their own habits, and before passing the authentication, input any correct domain name, IP address, or even any number, which can be forced to the Portal_Server. Realize the visit to Portal_Server, so that the user does not need to care about the domain name or IP address of the Portal_Server, the user will be automatically directed to the portal.

Portal_Server门户网站作为Portal业务用户上网前必经的网站,实现这个自动的访问是相当重要的。Portal_Server Portal website is the website that Portal business users must go through before going online. It is very important to realize this automatic access.

本发明的方法包含了实现强制Portal的目的地址转换(DNAT)、源地址转换(SNAT)和重定向(Redirect)的全部三个方面,以及这三个方面的结合所实现的Portal强制技术方案。即通过DNAT+SNAT+Redirect实现的强制Portal技术方案。The method of the present invention includes all three aspects of realizing mandatory Portal destination address translation (DNAT), source address translation (SNAT) and redirection (Redirect), and the Portal mandatory technical solution realized by the combination of these three aspects. That is, the mandatory Portal technical solution realized through DNAT+SNAT+Redirect.

本发明针对原有的访问网站的方法一只能通过直接输入域名或IP地址实现的缺点,实现了输入任何正确的域名、IP地址或者任何数字都可以自动被强制到Portal_Server网站的方法,来实现对任何Portal业务门户网站的访问,从而最好地解决了Portal这个新型宽带业务所需要的用户必须先行访问Portal主页进行认证的要求,用户只要是未通过认证,那么他想上网的话都会自动的被强制到Portal_Server这个门户网站上,在这上面去完成认证后,就能上网。The present invention aims at the shortcoming that the original method for accessing a website can only be realized by directly inputting a domain name or an IP address, and realizes the method that any correct domain name, IP address or any number can be automatically forced to the Portal_Server website for input. Access to any Portal business portal website, which best solves the requirement that users of Portal, a new type of broadband service, must first visit the Portal homepage for authentication. Forced to the portal website Portal_Server, after completing the authentication on it, you can surf the Internet.

附图说明Description of drawings

图1是本发明利用“DNAT+SNAT+Redirect”技术实现强制Portal的过程示意图;Fig. 1 is the process schematic diagram that the present invention utilizes "DNAT+SNAT+Redirect" technology to realize mandatory Portal;

图2是接入服务器对用户报文上行过程的处理流程框图;Fig. 2 is a block diagram of the processing flow of the access server to the user message uplink process;

图3是接入服务器对Portal_Server报文下行过程的处理流程框图。Fig. 3 is a block diagram of the processing flow of the access server for the downlink process of the Portal_Server message.

具体实施方式Detailed ways

为了将Portal业务用户未通过认证前访问任何网站的首HTTP报文强制到Portal_Server上,本发明在接入服务器端正常的IP包处理流程中引入目的地址转换(DNAT)和源地址转换(SNAT)相结合的技术,和在Portal_Server端引入重定向(Redirect)的技术来实现。也就是DNAT+SNAT+Redirect的技术方案。In order to force the first HTTP message of Portal service user to visit any website before authentication to Portal_Server, the present invention introduces destination address translation (DNAT) and source address translation (SNAT) in the normal IP packet processing flow of access server end Combined technology, and the introduction of redirection (Redirect) technology on the Portal_Server side to achieve. That is, the technical solution of DNAT+SNAT+Redirect.

参见图1,图中流程示出本发明方法的主体设计思想,包括:Referring to Fig. 1, flow process among the figure shows the main design idea of the inventive method, comprises:

步骤1,用户(PC)向浏览器地址栏输入任何正确的域名、IP地址或任何的数字,若用户输入的是域名或IP地址,则接入服务器(BAS)会获得该域名或IP地址的域名解析服务器(DNS)报文,若用户输入的是任何的数字,浏览器对于未能建立起连接的IP地址输入,会自动将其当作字符,再加上WWW前缀和com等后缀,然后发出含有DNS解析报文的IP报文;Step 1. The user (PC) enters any correct domain name, IP address or any number into the address bar of the browser. If the user enters a domain name or IP address, the access server (BAS) will obtain the domain name or IP address. Domain name resolution server (DNS) message, if the user enters any number, the browser will automatically treat it as a character when inputting an IP address that fails to establish a connection, plus a prefix of WWW and a suffix such as com, and then Send an IP message containing a DNS resolution message;

步骤2,在接入服务器(BAS)上,对于Portal业务用户(PC)未通过认证前的第一个HTTP报文进行强制的目的地址转换(DNAT),存储目的网站地址和将用户要访问的目的网站的地址替换成Portal_Server(P.S)的地址,从而将该HTTP报文强制到Portal_Server上;Step 2, on the access server (BAS), carry out mandatory destination address translation (DNAT) for the first HTTP message before the Portal business user (PC) fails to authenticate, store the destination website address and the URL that the user will visit The address of the destination website is replaced with the address of Portal_Server (P.S), thereby forcing the HTTP message to Portal_Server;

步骤3,当Portal_Server(P.S)收到这样的第一个HTTP报文后,建立传输控制协议(TCP)连接,同时向用户端发送包含重定向(Redirect)信息的回应报文,以便让用户端可以直接用Portal_Server的IP地址连接到Portal_Server上;Step 3, after Portal_Server (P.S) receives such first HTTP message, set up Transmission Control Protocol (TCP) to connect, send the response message that comprises redirection (Redirect) information to user end simultaneously, so that user end You can directly use the IP address of Portal_Server to connect to Portal_Server;

步骤4,当接入服务器(BAS)接收到来自Portal_Server(P.S)的IP包(含有重定向信息),且其目的地址为未通过验证的用户时,进行强制的源地址转换(SNAT),将Portal_Server的地址(此时报文中的源地址)替换成用户原本希望访问的网站地址,使客户端可以正常建立起TCP(传输控制协议)连接;Step 4, when the access server (BAS) receives the IP packet (containing redirection information) from Portal_Server (P.S), and its destination address is when the user who has not passed the verification, carry out mandatory source address translation (SNAT), will The address of Portal_Server (the source address in the message at this time) is replaced with the website address that the user originally wishes to visit, so that the client can normally establish a TCP (Transmission Control Protocol) connection;

步骤5,最后,客户端(PC)接收接入服务器(BAS)返回的由Portal_Server带回的含有Redirect的报文后,就可以自动的以Portal_Server的IP地址直接访问Portal_Server,这之后对于IP包的处理就将是正常的流程。Step 5, at last, after the client (PC) receives the message containing Redirect brought back by Portal_Server that the access server (BAS) returns, it can automatically directly access Portal_Server with the IP address of Portal_Server, after this for the IP packet Processing will then be normal flow.

这样也就完成了强制Portal。This completes the mandatory Portal.

基于上面的主体设计思想,本发明的具体实现可分为三部分:接入服务器对用户上行报文的处理过程;接入服务器对Portal_Server下行报文的处理过程;和Portal_Server端的处理过程。下面结合流程框图对这三部分的实现作具体的说明。Based on the main body design idea above, the specific implementation of the present invention can be divided into three parts: the processing process of the access server to the user's uplink message; the processing process of the access server to the Portal_Server downlink message; and the processing process of the Portal_Server end. The realization of these three parts will be described in detail below in conjunction with the flow chart.

参见图2,是接入服务器对用户上行报文的处理过程,是一个强制Portal的上行处理过程,主要是进行目的地址转换(DNAT),对Portal业务用户的未通过认证前的第一个HTTP报文进行强制性的目的地址转换,即将用户要访问的目的网站的地址替换成门户网站Portal_Server的地址。Referring to Figure 2, it is the processing process of the access server to the user's uplink message, which is a mandatory Portal uplink processing process, mainly performing destination address translation (DNAT), and the first HTTP request before the Portal business user fails authentication. The message performs mandatory destination address translation, that is, the address of the destination website that the user wants to visit is replaced with the address of the portal website Portal_Server.

步骤201,接入服务器接收来自用户端的IP报文;Step 201, the access server receives the IP packet from the client;

步骤202,接入服务器在对该IP报文进行正常包处理的过程中,根据分析报文连接信息判断其是否是Portal业务用户,若是则继续执行步骤203;Step 202, the access server judges whether it is a Portal service user according to the analysis message connection information during the normal packet processing process of the IP message, and if so, continues to perform step 203;

步骤203,通过比较该用户的目的IP地址与接入服务器设备上已配置好的一个或几个Portal_Server的IP地址,判断该用户报文是否是直接访问Portal_Server的报文(一致即为直接访问),和根据目的端口号判断是否是进行域名解析的DNS(域名解析服务器)报文,若既不是直接访问Portal_Server的报文也不是DNS报文,则转步骤204处理;Step 203, by comparing the user's destination IP address and the IP address of one or several Portal_Servers configured on the access server device, it is judged whether the user's message is a message for directly accessing the Portal_Server (consistency is direct access) , and judge whether to carry out the DNS (domain name resolution server) message of domain name resolution according to destination port number, if neither directly accessing the message of Portal_Server nor the DNS message, then turn step 204 to process;

步骤204,根据仅分配给HTTP报文使用的标准端口号,可进一步判断出是否是Portal业务用户未通过认证前的首个HTTP报文,若是则继续执行步骤205,若不是则转步骤206,在该IP报文上打上丢弃标志,入发送队列模块作丢弃处理;Step 204, according to the standard port number that is only assigned to the HTTP message, it can be further judged whether it is the Portal service user's first HTTP message before authentication, if so, continue to perform step 205, if not then turn to step 206, Put a discard mark on the IP message, and enter the sending queue module for discard processing;

步骤205,作强制Portal,保存IP报文中的目的IP地址,并将该目的IP地址替换成Portal_Server的地址,然后更新IP报文的校验和(CRC),就可进入步骤207的正常流程进行处理了;Step 205, make mandatory Portal, save the purpose IP address in the IP message, and replace the address of Portal_Server with this purpose IP address, then update the checksum (CRC) of the IP message, and just can enter the normal process of step 207 processed;

步骤207、208,上述处理过程中,对于不是Portal业务的用户报文、或者是Portal业务的用户报文但却是直接访问Portal_Server的报文或是进行域名解析的DNS报文,则可直接通过接入服务器转发,不必作强制Portal,进入步骤207的正常流程处理,然后在步骤208中入发送队列模块。Step 207,208, in the above-mentioned process, for the user message that is not Portal business, or the user message of Portal business but is the message that directly visits Portal_Server or carries out the DNS message of domain name resolution, then can directly pass Access server forwarding, needn't make mandatory Portal, enter the normal flow process processing of step 207, then enter sending queue module in step 208.

在上述接入服务器的IP报文转发流程中,先判断输入的IP报文是否为Portal业务的用户报文(步骤202)。如果是属于Portal业务的用户,则转发流程要依次按以下原则处理后再按正常转发流程处理,否则按正常转发流程处理。In the IP message forwarding process of the above access server, it is first judged whether the input IP message is a user message of the Portal service (step 202). If it is a user belonging to Portal business, the forwarding process should be processed according to the following principles in turn and then the normal forwarding process, otherwise, it should be processed according to the normal forwarding process.

这些原则包括:对于直接访问Portal_Server的IP报文,或者是进行域名解析的DNS报文,则直接通过,不必作强制的目的地址转换(DNAT),这一点保证了凡直接访问Portal_Server的用户报文可以直接通过接入服务器,对于用户端被重定向到Portal_Server后的访问就不必再作强制了,对于域名解析的DNS报文也可以直接通过接入服务器,保证了用户在输入域名后可以通过域名解析得到相应的IP地址;对于不是直接访问Portal_Server的HTTP报文则进行捕获,然后保存原来的目的IP地址,并将其目的地址替换成Portal_Server的地址,并重新计算校验和,然后按正常转发流程处理,保存的原目的IP地址会在接入服务器对用户的下行报文处理过程中使用;对于既不是直接访问Portal_Server的报文、又不是DNS的报文、也不是HTTP的其他报文,作丢弃处理。These principles include: for the IP message directly accessing the Portal_Server, or the DNS message for domain name resolution, it will pass directly without mandatory destination address translation (DNAT), which ensures that all user messages directly accessing the Portal_Server It can directly pass through the access server, and there is no need to enforce the access after the client is redirected to Portal_Server. DNS packets for domain name resolution can also pass directly through the access server, ensuring that the user can pass the domain name after entering the domain name. Analyze to obtain the corresponding IP address; capture the HTTP message that does not directly access Portal_Server, then save the original destination IP address, replace the destination address with the Portal_Server address, recalculate the checksum, and then forward it normally Process processing, the saved original destination IP address will be used in the process of the access server processing the user's downlink packets; for packets that neither directly access Portal_Server, nor DNS packets, nor HTTP packets, for discarding.

参见图3,图3是接入服务器对用户报文的下行处理流程框图(作SNAT),是强制的Portal下行处理流程。通过进行强制的源地址转换(SNAT),将Portal_Server的地址(此时报文中的源地址)替换成用户原本希望访问的网站地址,供用户建立起正常的TCP连接。Referring to FIG. 3, FIG. 3 is a block diagram of the downlink processing flow of the access server to user packets (as SNAT), which is a mandatory Portal downlink processing flow. By performing mandatory source address translation (SNAT), the address of Portal_Server (the source address in the message at this time) is replaced with the address of the website that the user originally wants to visit, so that the user can establish a normal TCP connection.

步骤301,接入服务器接收来自Portal_Server的IP报文;Step 301, the access server receives the IP message from Portal_Server;

步骤302,接入服务器在对该IP报文进行正常包处理的过程中,根据分析报文连接信息判断其是否是Portal业务用户,若是则继续执行步骤303;Step 302, the access server judges whether it is a Portal service user according to the analysis message connection information during the normal packet processing process of the IP message, and if so, continues to perform step 303;

步骤303,根据仅分配给HTTP报文使用的标准端口号,判断该IP报文是否是来自于Portal_Server且目的地址是未通过认证用户的HTTP报文,若是则执行步骤304,若不是则执行步骤305;Step 303, according to the standard port number that is only assigned to the HTTP message, judge whether the IP message is from Portal_Server and the destination address is an HTTP message that has not passed the authentication user, if so, perform step 304, if not, then perform step 305;

步骤304,作强制Portal,将IP报文中的源地址(Portal_Server的地址)替换成用户原来要访问的目的网站地址(根据图2步骤205的存储结果),然后更新IP报文的校验和(CRC),就可进入步骤307的正常转发流程进行处理了;Step 304, make mandatory Portal, replace the source address (the address of Portal_Server) in the IP message with the destination website address (according to the storage result of Fig. 2 step 205) that the user will visit originally, then update the checksum of the IP message (CRC), just can enter the normal forwarding process of step 307 to process;

步骤305,进一步根据IP报文的目的端口号,判断出是否是来自于Portal_Server的IP报文或是域名解析DNS的回应报文,若是则执行步骤307,按正常转发流程处理,若不是则执行步骤306;Step 305, further according to the destination port number of the IP message, judge whether it is the IP message from Portal_Server or the response message of domain name resolution DNS, if so, perform step 307, process according to the normal forwarding process, if not, then perform Step 306;

步骤306,在该IP报文上打上丢弃标志,入发送队列模块作丢弃处理;Step 306, put a discard mark on the IP message, and enter the sending queue module for discard processing;

步骤307、308,上述处理过程中,对于不是来自于Portal_Server的HTTP报文、或者是来自于Portal_Server的用户报文或是域名解析的DNS回应报文,则可直接通过不必作强制Portal,进入步骤307的正常流程处理,然后在步骤308中入发送队列模块。Steps 307, 308, in the above-mentioned processing process, for not coming from the HTTP message of Portal_Server, or the DNS response message of the user message or domain name resolution from Portal_Server, then can directly enter the step by not having to make a mandatory Portal 307 of the normal flow process, and then enter the sending queue module in step 308.

在上述接入服务器的IP报文转发流程中,先判断输入的下行IP报文是否为Portal业务的用户,如果是属于Portal业务的用户,则转发流程要依次按以下三条原则处理后再按正常转发流程处理,否则直接按正常转发流程处理。In the IP message forwarding process of the above access server, first judge whether the input downlink IP message is a Portal service user, if it belongs to the Portal service user, the forwarding process must be processed according to the following three principles in turn and then normal The forwarding process is processed, otherwise, it is directly processed according to the normal forwarding process.

这些原则包括:捕获来自Portal_Server的HTTP报文,将源IP地址(即此时的Portal_Server地址)替换成图2的上行处理中保存在接入服务器中的用户原要访问的目的地址,并重新计算校验和;对于来自Portal_Server的报文,或者是DNS的回应报文则直接通过不作强制Portal。These principles include: capture the HTTP message from Portal_Server, replace the source IP address (that is, the Portal_Server address at this time) with the destination address that the user originally wanted to visit stored in the access server in the uplink processing of Figure 2, and recalculate Checksum; for the message from Portal_Server, or the response message of DNS, it will pass directly without forcing the Portal.

其他报文则丢弃。Other packets are discarded.

在Portal_Server端,Portal_Server对接收到的一个TCP连接的第一个HTTP请求报文作出响应,用于通知相应的用户端重新向自己发起TCP连接请求,即进行重定向(Redirect),使用户端接下去对Portal_Server的访问成为直接访问(等同于用户在浏览器中输入Portal_Server的IP地址,对Portal_Server的直接访问),如图2中所示,对Portal_Server的直接访问报文是不需要强制的,也就是不再需要做DNAT+SNAT+Redirect。At the Portal_Server side, Portal_Server responds to the first HTTP request message of a TCP connection received, which is used to notify the corresponding client to re-initiate a TCP connection request to itself, that is, to redirect (Redirect), so that the user terminal connects The access to Portal_Server becomes direct access (equivalent to the IP address of the user input Portal_Server in the browser, direct access to Portal_Server), as shown in Figure 2, the direct access message to Portal_Server does not need to be mandatory, and It is no longer necessary to do DNAT+SNAT+Redirect.

本发明的方法可在边缘业务路由器(ESR)以及宽带IP接入设备上使用,可完全达到强制Portal的要求。The method of the invention can be used on the edge service router (ESR) and the broadband IP access equipment, and can completely meet the requirement of mandatory Portal.

Claims (7)

1. the method for an easy to access portal web site of network service provider is characterized in that comprising following treatment step:
A. access server does not carry out enforceable destination address conversion by first the up HTTP message before authenticating to the door service user device, the purpose station address that the Portal Service subscriber equipment will be visited replaces to the address of portal site server, and this HTTP message is forced on the portal site server;
B. the portal site server of receiving this HTTP message is set up transmission control protocol and is connected, and sends the back message using that comprises redirection information to the Portal Service subscriber equipment simultaneously;
C. access server carries out the conversion of enforceable source address for the descending HTTP message from portal site server, the address of portal site server is replaced to the Portal Service subscriber equipment wish the purpose station address of visiting originally;
D. the Portal Service subscriber equipment receives the back message using that contains redirection information that is returned by access server, directly visits portal site server with the IP address of portal site server automatically.
2. the method for a kind of easy to access portal web site of network service provider according to claim 1, it is characterized in that: the up HTTP message in the described steps A can be the IP message that the Portal Service user forms to any correct domain name, IP address or any numeral back of browser input.
3. the method for a kind of easy to access portal web site of network service provider according to claim 1 is characterized in that described steps A takes a step forward and comprises following treatment step:
A1. analyze the uplink message link information by access server,, do directly to transmit to handle for the IP message that is judged as non-door service user device;
A2. access server will be by will from the IP address of the portal site server that has configured on the purpose IP address of Portal Service subscriber equipment uplink message and the access server relatively judging whether its IP message is the message of directly visiting portal site server;
A3. access server also judges whether it is the message that carries out domain name mapping according to the destination slogan of its IP message;
So, do directly to transmit to handle A4. to message of directly visiting portal site server or the message that carries out domain name mapping;
A5. for not being directly to visit the message of portal site server or not being the message that carries out domain name mapping, further judge whether it is that the Portal Service subscriber equipment is not by first the up HTTP message before the authentication, for the IP message that is not the HTTP message, on message, be provided with and abandon sign.
4. the method for a kind of easy to access portal web site of network service provider according to claim 1, it is characterized in that: in the described steps A, when access server carries out the conversion of mandatory destination address, also store the purpose station address that this Portal Service subscriber equipment will be visited simultaneously; Among the described step C, when access server carries out the conversion of mandatory source address, be this purpose station address, the address of portal site server is replaced to this purpose station address according to storage.
5. the method for a kind of easy to access portal web site of network service provider according to claim 1 is characterized in that: in the described steps A, after access server carries out mandatory destination address conversion, also upgrade the IP message verification and.
6. the method for a kind of easy to access portal web site of network service provider according to claim 1 is characterized in that described step C takes a step forward and comprises following treatment step:
C1. analyze the downlink message link information by access server,, do directly to transmit to handle for the IP message that is judged as non-door service user device;
So C2. access server is to Portal Service user's IP message, judge that according to its destination slogan this IP message is whether from portal site server, the HTTP message of the Portal Service user by authentication;
C3. for not being HTTP message from portal site server, access server also judges whether it is from the IP message of portal site server or the back message using that carries out domain name mapping according to the destination slogan of its IP message;
C4. access server is done directly to transmit to handle to being to come from the IP message of portal site server or the back message using that carries out domain name mapping;
C5. access server is provided with on the IP message and abandons sign for not being from the IP message of portal site server or not being the back message using that carries out domain name mapping.
7. the method for a kind of easy to access portal web site of network service provider according to claim 1 is characterized in that: among the described step C, after access server carries out mandatory source address conversion, also upgrade the IP message verification and.
CN 02123503 2002-06-28 2002-06-28 A method of simplified access of internet service provider's portal websites Expired - Fee Related CN1230766C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 02123503 CN1230766C (en) 2002-06-28 2002-06-28 A method of simplified access of internet service provider's portal websites

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 02123503 CN1230766C (en) 2002-06-28 2002-06-28 A method of simplified access of internet service provider's portal websites

Publications (2)

Publication Number Publication Date
CN1464425A true CN1464425A (en) 2003-12-31
CN1230766C CN1230766C (en) 2005-12-07

Family

ID=29743552

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 02123503 Expired - Fee Related CN1230766C (en) 2002-06-28 2002-06-28 A method of simplified access of internet service provider's portal websites

Country Status (1)

Country Link
CN (1) CN1230766C (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1322708C (en) * 2004-09-22 2007-06-20 华为技术有限公司 Method of implementing user's equipment reorientation in mobile pocket data business
CN101873329A (en) * 2010-06-29 2010-10-27 迈普通信技术股份有限公司 Portal compulsory authentication method and access equipment
CN102739646A (en) * 2012-04-24 2012-10-17 上海斐讯数据通信技术有限公司 Mandatory access method for websites
WO2012126433A3 (en) * 2012-05-25 2013-04-18 华为终端有限公司 Access control method and system, and access terminal
CN103795741A (en) * 2012-10-29 2014-05-14 中兴通讯股份有限公司 Server and server side user self-service portal home page realizing method
CN104541491A (en) * 2014-06-30 2015-04-22 华为技术有限公司 Method, device and terminal for pushing web pages
CN106789884A (en) * 2016-11-16 2017-05-31 上海斐讯数据通信技术有限公司 A kind of portal authentication method and system
CN111654535A (en) * 2020-05-26 2020-09-11 迈普通信技术股份有限公司 A method and access device for accessing Portal server

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1322708C (en) * 2004-09-22 2007-06-20 华为技术有限公司 Method of implementing user's equipment reorientation in mobile pocket data business
CN101873329A (en) * 2010-06-29 2010-10-27 迈普通信技术股份有限公司 Portal compulsory authentication method and access equipment
CN102739646A (en) * 2012-04-24 2012-10-17 上海斐讯数据通信技术有限公司 Mandatory access method for websites
WO2012126433A3 (en) * 2012-05-25 2013-04-18 华为终端有限公司 Access control method and system, and access terminal
US8892640B2 (en) 2012-05-25 2014-11-18 Huawei Device Co., Ltd. Access control method and system and access terminal
CN103795741B (en) * 2012-10-29 2017-02-08 中兴通讯股份有限公司 Server and server side user self-service portal home page realizing method
CN103795741A (en) * 2012-10-29 2014-05-14 中兴通讯股份有限公司 Server and server side user self-service portal home page realizing method
CN104541491A (en) * 2014-06-30 2015-04-22 华为技术有限公司 Method, device and terminal for pushing web pages
WO2016000162A1 (en) * 2014-06-30 2016-01-07 华为技术有限公司 Webpage pushing method, device and terminal
CN104541491B (en) * 2014-06-30 2017-10-17 华为技术有限公司 Method for pushing, device and the terminal of Webpage
US9973587B2 (en) 2014-06-30 2018-05-15 Huawei Technologies Co., Ltd. Web page pushing method and apparatus, and terminal
CN106789884A (en) * 2016-11-16 2017-05-31 上海斐讯数据通信技术有限公司 A kind of portal authentication method and system
CN111654535A (en) * 2020-05-26 2020-09-11 迈普通信技术股份有限公司 A method and access device for accessing Portal server

Also Published As

Publication number Publication date
CN1230766C (en) 2005-12-07

Similar Documents

Publication Publication Date Title
CN1145111C (en) Method for Pushing Customized Pages to Network Users
US10361993B2 (en) Cross-protocol communication in domain name systems
CN103281409B (en) Based on mobile Internet domain name analytic method and the dns server of Transmission Control Protocol
CN1317191A (en) Method and apparatus for transparently processing DNS traffic
CN101060493A (en) A method of private network user access the server in a private network through domain name
CN108353095A (en) Domain name resolution method, client, edge node and domain name resolution system
CN104270379A (en) HTTPS proxy forwarding method and device based on transmission control protocol
CN1449618A (en) System communication between computer systems
US7173933B1 (en) System and method for providing source awareness in a network environment
CN1230766C (en) A method of simplified access of internet service provider's portal websites
CN102710559B (en) Method for realizing digital literature resource gateway by reverse proxy technology
CN100346601C (en) Access server with function of collecting communication statistics information
WO2013120315A1 (en) Method for processing domain name information, wireless router, and client
CN1416241A (en) Authentication method for supporting network switching in based on different devices at same time
CN1309213C (en) Network access anthentication method for improving network management performance
CN101039234A (en) Method for realizing distributed DHCP relay
CN101510196A (en) Web page push method, system and apparatus thereof
CN1567882A (en) A method for accessing server group
CN1638358A (en) Method and system for unified session control of multiple management servers on network appliances
CN1149505C (en) A Simple Method of Accessing Network Operator's Portal
CN1798147A (en) Method for matching uniform resource locator
CN1416056A (en) Method of easy to access portal web site of network service provider
CN1487684A (en) Call Control Method in Mobile Communication System
CN1761188A (en) Simple point logging in method and simple point logging out method
CN1204719C (en) Method for realizing domain name system address convertion applied gateway based on inner server

Legal Events

Date Code Title Description
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20051207

Termination date: 20150628

EXPY Termination of patent right or utility model