JP5801218B2 - URL filtering system - Google Patents

Description

  The present invention relates to a system and a system control method for providing a user with safe network use by blocking threats by URL filtering.

  Some information and programs that are undesirable for users exist mainly on networks typified by the Internet. For example, it is a maliciously crafted page where a computer virus is placed on the user's terminal or phishing is performed to misidentify the user and input personal information such as a password or credit card number. It is recommended not to connect to these pages carelessly for verification purposes. In addition, minor users are required not to connect to adult-oriented content, and the user wants to restrict users from connecting to entertainment-related sites such as games from commercial terminals. Sometimes you think. For these various reasons, URL filtering for blocking access to a regulated URL (Uniform Resource Locator) is generally performed.

  As a filtering method, a database which is a list of URLs to be regulated is held inside a browser or a terminal having an HTTP-Proxy function, and the database and the connection destination URL are compared before executing an HTTP inquiry. There is a method for determining whether connection is possible. However, if an attempt is made to hold the database inside the terminal, resources required for the terminal increase due to the enlargement of the database accompanying an increase in sites to be regulated in recent years.

  On the other hand, home routers are widely used due to the widespread use of always-on lines, and there are also embodiments in which filtering is performed as a proxy server having an HTTP-proxy function for relaying connections. However, many of such home routers have relatively small processing capacity and memory capacity, and it is difficult to maintain and search a database that is a list of URLs to be regulated by itself.

  In addition, since the list of URLs whose connection should be restricted changes every time a site is created or disappears, the URL database to be regulated for recording the list must be updated as needed. Therefore, it is preferable from the standpoint of responsiveness to the occurrence of a threat that the URL database to be regulated is held by a security server provided on the Internet and inquired of whether or not connection is possible from the terminal, rather than being held in the terminal or filtering device . In this way, resources required by the terminal and the filtering device can be greatly suppressed.

  However, most of the HTML documents and XML documents currently used on the Internet include a large number of image files, moving images, animation files, etc., and are not subject to restrictions necessary to display a single page. Since such an inquiry is generated for each HTTP connection to the individual file, the communication overhead generated here tends to increase, and the response of the Internet access appears to the user correspondingly. In addition, since the URL database to be regulated receives inquiries from a large number of terminals, the server performance required for the security platform that operates the database server is required to be extremely high.

  On the other hand, Patent Document 1 proposes a method for reducing the load. First, a filtering device which is also a proxy server analyzes an HTML structure in the filtering device for an HTML file downloaded by relaying a connection request of a terminal. As a result, it is checked collectively whether the embedded URL that is the address of the content embedded in the HTML file in the form of a link, an image designation, an inline frame, or the like corresponds to the URL in the restriction target URL database. If applicable, the URLs are collectively converted into a URL that designates a safe image file indicating a link to a restriction target. Thereby, it is not necessary to individually inquire about each embedded URL when displaying the HTML file, and communication overhead can be suppressed.

JP 2011-221616 A

  However, in the system described in Patent Document 1, the structure analysis of HTML must be performed by the proxy server, and the proxy server must have the same HTML analysis function as the browser. Moreover, the HTML analysis must be performed promptly so as not to give the user a time lag each time the user's terminal accesses the document. For this reason, it is difficult to use a proxy server having a high processing capacity required for the proxy server and having a relatively low price and low specification such as a home Internet router as a filtering device.

  Therefore, an object of the present invention is to realize a URL filtering system that suppresses processing performance and resource consumption required for a terminal and a filtering device, and also suppresses communication overhead when browsing the Internet.

The present invention is a filtering system comprising a URL filtering unit built in or attached to a user terminal, and an embedded URL server and a regulated DB server that communicate with the URL filtering unit. The request processing received from the URL filtering unit at normal time and the periodic batch processing, which is preparation for performing the processing at high speed, are performed separately. The contents are as follows.
Normally, a request including a connection destination URL, which is a destination of a connection request issued by the user's content display terminal, is received from the URL filtering unit, and the connection destination URL is stored in the inquiry frequency database together with the inquiry count. Execute the frequency update function to record. On the other hand, for a part of URL groups recorded in the inquiry frequency database having a high recent inquiry frequency, a series of documents corresponding to the URL groups are downloaded and analyzed, and an embedded URL embedded in the document A batch process execution function for performing a periodic batch process for recording the URL together with the connection destination URL in the embedded URL database is executed. In the normal request processing after the batch processing is performed once or more, for the request from the URL filtering unit including the connection URL recorded in the embedded URL database by the batch processing, The embedded URL response function for calling the corresponding embedded URL from the embedded URL database and returning the corresponding URL and the embedded URL to the URL filtering unit is executed together with the frequency update function. The URL filtering unit stores the restriction URL list, which is a list of restriction page addresses, for the connection destination URL returned from the embedded URL server and the corresponding embedded URL, in the restriction target DB server. On the other hand, inquiries are made as to whether or not connection is possible, and the connection request to the file corresponding to the connection destination URL and the embedded URL is blocked according to the response availability result.

  That is, for URL documents accessed from many URL filtering units, the embedded URL server performs periodic batch processing separately from the request count, analyzes the embedded URLs of the documents in advance, and lists them Is recorded in the embedded URL database. After that, if there is a request for the same URL from the filtering unit, the embedded URL list embedded in the document of the connection destination URL is called from the embedded URL database without analysis, and the response is promptly returned to the URL filtering unit. be able to.

A more specific configuration can be implemented in the following form.
First, the URL filtering unit includes a URL connection availability cache, a relay proxy server unit, and a URL evaluation unit.
The URL connection enable / disable cache has a temporary storage function for temporarily storing connection enable / disable of the embedded URL embedded in the connection destination URL with a time limit at which connection requests to the series of URLs can be completed. Have.
The relay proxy server unit receives the connection request, transmits a request inquiry to the URL evaluation unit, and receives the connection availability result and blocks the connection request according to the result. And has a blocking function.
The URL evaluation unit receives the inquiry and transmits the request to the embedded URL server, and when receiving a reply without the embedded URL from the embedded URL server, only the connection destination URL is received. A single availability inquiry function that inquires the restriction target DB server whether or not the connection is possible, and a collective availability inquiry that inquires the restriction target DB server whether or not the connection is possible when the embedded URL is received from the embedded URL server A first cache function that writes to the URL connection availability cache the connection possibility of the embedded URL, which is a response to the collective availability inquiry function, and the result of the connection proxy to the connection destination URL. A normal reply function for replying to the server part and a URL connection enable / disable cache for the connection destination URL in response to an inquiry from the connection request. If applicable to prerecorded the embedded URL searching for Interview the propriety without transmitting the request and a fast response capability to respond to the relay proxy server unit.

  That is, the URL filtering unit collectively inquires of the restriction target DB server whether or not the embedded URL can be connected, and the access to the embedded URL specifying the content such as a series of images embedded in the document of the connection destination URL ends. By recording the information on whether or not the connection is possible in the URL connection availability cache, it is not necessary to make an inquiry to the restriction target DB server each time connection to each embedded URL is made.

  The URL filtering unit may be an independent device connected to the outside of the terminal via a LAN, or may be software that the terminal has as a browser function or a personal firewall function. This is because in the present invention, the URL filtering unit does not need to perform heavy processing such as HTML analysis, so that even if the function is incorporated into the terminal as software, a large burden is not required.

In addition, as a specific configuration of the embedded URL server corresponding to such a request, an embedded URL database management unit that processes a normal request, a database update unit that executes the periodic batch processing, The content analysis unit that performs analysis during the batch processing, the embedded URL database, and the inquiry frequency database.
The database updating unit records a frequency reading function for reading the URL group from the inquiry frequency database and sending the URL group to the content analysis unit, and records the embedded URL corresponding to the URL group together with the URL group in the embedded URL database. It has an embedded URL recording function.
The content analysis unit has a pre-analysis function that downloads and analyzes a document corresponding to each of the URLs constituting the URL group from the content server indicated by the connection destination URL, and obtains an embedded URL embedded in the document. Shall have.
The embedded URL database management unit receives the request from the URL filtering unit, records the connection destination URL in the inquiry frequency database together with the number of inquiries, and the connection destination URL included in the request. The embedded URL database is searched, and if applicable, the embedded URL search function for calling the embedded URL corresponding to the connection destination URL; and the embedded URL and the embedded URL if there is a match in the search, the URL It is assumed that the embedded URL response function for responding to the evaluation unit is included.

  In other words, the frequency update function counts the number of requests for each URL in the inquiry frequency database, and only the URLs with a particularly large number of times are read out by the frequency reading function, By executing the pre-analysis function for analyzing documents as batch processing, an efficient response can be realized while suppressing the load on the server. This batch processing may be performed during a time period when there are relatively few requests such as unclear.

  As another form of the present invention, a suitable system can be obtained even if the above form is changed as follows. Before processing the request at the normal time, the embedded URL database management unit reads the list of embedded URLs from the embedded URL database, and then returns the list to the URL evaluation unit of the URL filtering unit. Then, the restriction target DB servers are directly inquired of whether connection is possible, and the result is returned to the filtering unit together with the result of the connection possibility returned. In this mode, the load applied to the URL filtering unit is smaller than that in the above mode, and requests from the home router or the like as the URL filtering unit can be reduced. Further, in this embodiment, when the embedded URL server and the regulated DB server are close to each other on the network, the load on the entire network can be further reduced.

  According to the present invention, even a proxy server having a relatively low specification such as a home router can perform efficient filtering with minimum function expansion. In addition, the embedded URL server that is responsible for document analysis does not need to analyze every connection request, but only analyzes it with a high frequency of requests, so a quick response while reducing the load on the server. Is possible. This can reduce the amount of communication in the entire network.

The block diagram concerning 1st embodiment of this invention Flow chart of the first half showing normal request processing in the first embodiment Second half flow chart showing normal request processing in the first embodiment The flowchart which shows the batch processing of the embedded URL server concerning this invention (A) A table showing an example of a URL connection availability cache, (b) a table showing an example of an inquiry frequency database, (c) a table showing an example of an embedded URL database, and (d) an example of a restriction target URL database. table The block diagram concerning 2nd embodiment of this invention Flow chart of the first half showing normal request processing in the second embodiment Second half flow chart showing normal request processing in the second embodiment The block diagram concerning 3rd embodiment of this invention

  Hereinafter, specific embodiments of the present invention will be described. 1st Embodiment of the filtering system concerning this invention consists of a structure as shown in FIG. That is, the content display terminal 10 used by the user, the URL filtering device 20 provided therewith, the restriction target DB server 30 having information on the restriction target address, and the embedded URL server 40 for processing the request A content server 50 having the content itself. In addition, “unit” described below is a processing circuit, processing mechanism, or processing device executed by hardware or software, and “function” is a program executed by “unit” or a database.

  The content display terminal 10 is not particularly limited as long as it has a wired LAN or wireless network connection function and a browser processing unit 11 that exhibits an Internet browser function. Specific examples include a personal computer, a smartphone, a feature phone, a network-compatible game machine, and a network-compatible recorder. It connects to an external network via the URL filtering device 20 described above.

  The URL filtering device 20 is a proxy server that relays a connection request when the content display terminal 10 accesses the content server 50, and the connection request is for an address to be regulated. Is a device having a function as a URL filtering unit for blocking it. Specifically, a home router and a router for a relatively small network can be mentioned, and the content display terminal 10 is provided in the same network. Although the present invention can be implemented even with a high-performance router for a large-scale network, the merit of implementing the present invention is increased particularly with a router having a relatively low processing capability. The content display terminal 10 communicates with each other by a wired LAN or a wireless LAN.

  The restriction target DB server 30 is a server that holds, as the restriction target URL database 32, a restriction URL list in which addresses serving as restriction target pages that should block connection requests from the respective content display terminals 10 are recorded. It can communicate with a large number of URL filtering devices 20, and a plurality of terminals share a single regulated DB server 30. Specifically, the operation mode is not particularly limited, such as a public server operated by a security vendor, a server provided to a user by a provider, or a server shared within a company. However, if the environment is in the same network as the embedded URL server 40 and can communicate with each other at high speed, the operation in the second embodiment to be described later is facilitated. The URL subject to restriction may be switched for each of the content display terminal 10 and the URL filtering device 20 that have been requested.

  The embedded URL server 40 has a query frequency database 42 that counts the request frequency from the URL filtering device 20. In addition, URLs with high request frequency are analyzed and stored in an embedded URL such as an image embedded by analyzing a document downloaded from the content server 50 of the URL by batch processing separately from request processing. It has an embedded URL database 43. That is, it has a function of performing normal request processing and periodic batch processing.

  The content server 50 is a server that is mainly on an external network such as the Internet and can accept HTTP access and download a file such as an HTML document. Although only one is shown in the figure, in reality, a large number of servers are connected via a network, and each server and document is designated by a URL. A file downloaded by a part of the addresses corresponds to the restriction target, and the address is registered in the restriction URL list.

  The filtering method executed by the above filtering system will be described with reference to the flowcharts of FIGS. 2 and 3 are flowcharts showing processing when a normal request is made from the browser processing unit 11 of the user content display terminal 10, and FIG. 4 is periodically executed by the embedded URL server 40. It is a flow which shows batch processing.

  First, the flow of FIG. 2 will be described (S100). In the content display terminal 10 operated by the user, the browser processing unit 11 performs a browser operation for requesting content by designating a predetermined connection destination URL (S101), and transmits a connection request (S102). This connection request is not sent directly to the content server 50 indicated by the connection destination URL, but is sent to the relay proxy server unit 21 of the URL filtering device 20 which is a proxy server (S102). When the relay proxy server unit 21 receives this connection request, the relay proxy server unit 21 does not directly relay the request to the content server 50, but sends a request inquiry function 60 that sends a request to the URL evaluation unit 22 of the URL filtering device 20 to inquire whether or not connection is possible. Execute (S103). The relay proxy server unit 21 and the URL evaluation unit 22 may be implemented as hardware in the URL filtering device 20 or may be implemented as software. When each is a separate semiconductor circuit, execution of the request inquiry function 60 is a transmission instruction between semiconductors. When implemented by software, the connection request URL is delivered to the software operating as the URL evaluation unit 22 in a storage memory (not shown) of the URL filtering device 20.

  Upon receiving the above inquiry, the URL evaluation unit 22 first searches for whether or not the connection destination URL of the connection request is recorded in the URL connection availability cache 23 as to whether or not connection to the connection destination URL is recorded. The function 68 is executed (S104). An example of a record in the URL connection availability cache 23 is shown in FIG. It consists of a URL and a record that records whether or not the connection to the URL is restricted. This recording is performed by processing (S138) described later. If there is a record, the URL filtering device 20 determines the countermeasure without sending another request or the like. That is, if there is a record that the connection to the connection destination URL is “permitted” (S105 → S106), the relay proxy server unit 21 requests a download of the document designated from the connection destination URL as a proxy server. The relay function 61 is executed (S153), and the downloaded document is relayed and transmitted to the content display terminal 10 (S154). On the other hand, if there is a record that the connection to the connection destination URL is “No” (S105 → S107), the blocking function 62 for blocking the connection request is executed. In order to block it, it is possible to simply discard the transmission request, but here we specify the connection restriction file, which is a document or image file that can be visually identified that the connection to the connection destination URL is restricted. Instead of the document etc., it is transmitted to the content display terminal 10 (S152). The high-speed response function 68 is executed for an embedded URL such as an image file that is read subsequently to a part of a document with a high request frequency described later.

  On the other hand, if the result of the execution of the high-speed response function 68 (S104) and whether or not connection to the connection destination URL is recorded in the URL connection enable / disable cache 23, the URL evaluation unit 22 includes the embedded URL server 40. The request function 63 for transmitting a request including the connection destination URL to the embedded URL database management unit 41 is executed (S111).

  The embedded URL database management unit 41 of the embedded URL server 40 that receives the above request is hardware or software that processes a request received at the normal time of the embedded URL server 40. The embedded URL database management unit 41 first executes a frequency update function 81 that records the connection destination URL included in the received request in the inquiry frequency database 42 (S112). An example of the inquiry frequency database 42 is shown in FIG. It consists of the above-mentioned connection destination URL, a divided period, and the number of requests for each period. At this time, if there is already a record of the connection destination URL, the number of requests is incremented by 1 in the record corresponding to the currently executing time. That is, the inquiry frequency database 42 counts the number of times the connection destination URL is requested together with the connection destination URL. Note that the URL for performing frequency update here is for analyzing the embedded URL after that, and is meaningless except for an address for downloading an HTML file, an XML file, or the like. Accordingly, it is preferable to exclude images, moving images, and audio files whose extensions at the end of the address are jpg, png, gif, swf, mpg, mp4, etc. from recording in the inquiry frequency database 42.

  Before and after that, the embedded URL database management unit 41 searches the embedded URL database 43, which is another database provided in the embedded URL server 40, by using the connection destination URL as a key. The function 82 is executed (S113). An example of this embedded URL database is shown in FIG. The connection destination URL and a plurality of embedded URLs such as image files embedded in the document indicated by the URL are recorded in association with each other. The recording in the embedded URL database 43 is performed by a batch process described later (S216). If there is a record of the connection destination URL and the embedded URL embedded in the document specified by the connection destination URL in the embedded URL database 43 (S114 → S115), the connection destination URL, the embedded URL, The embedded URL reply function 83 for replying to the URL evaluation unit 22 of the URL filtering device 20 is executed. That is, in response to the request, an embedded URL such as an image included in the document of the connection destination URL can be promptly returned without performing document analysis on the spot. Upon receiving this response, the URL evaluation unit 22 sends the URL set of the connection destination URL and the embedded URL to the restriction target DB server 30 and collectively inquires whether connection to all of them is possible. 65 is executed (S116).

  The above-described restriction target DB server 30 searches the restriction target URL database 32 that records a list of restriction URLs of addresses that restrict or prohibit connection as a restriction target page, and the restricted URL database 32 for the inquired URL. A connection determination unit 31 that executes a determination unit 71 for determining whether or not connection to a URL is possible; An example of the restriction target URL database 32 is shown in FIG. It is desirable that URLs to be regulated are recorded and can be searched by domain name or file name. This content may be automatically updated by the server according to a report from the user, or may be registered by the server operator.

  The execution procedure of the function 71 for determining whether or not to allow the restriction target DB server 30 is as follows (S131 to S137). For each URL included in the above URL set, the URL database 32 to be regulated is searched (S132), and if the URL exists, the URL is registered as a connection “No” in the connection availability list (S133 → S134). ). If it does not exist, the connection is registered in the connection availability list as “available” (S133 → S135). This is performed for all URLs sent in a batch (S136 → S131). The connectability list is a table that is temporarily expanded on the memory of the server during the batch processing of the URL set, and records whether or not each URL is available. It is good to delete after replying. When it is possible to confirm whether or not the above-described connection availability list is available for all the URLs that have been inquired collectively, the connection availability determination unit 31 executes the availability determination response function 72 and returns the results together.

  The URL evaluation unit 22 that has received the connection availability list executes the first cache function 66 that writes the contents in the URL connection availability cache 23 (S138). The contents of the URL connection enable / disable cache are set so that a temporary storage function 69 that is automatically deleted when a time of several seconds to several minutes elapses is executed. This is because, following a connection request to one connection destination URL, a connection request is made for the embedded URL such as an embedded image file, moving image file, HTML file of an inline frame, and the like. This is because, if the high-speed response function 68 is held for the request only during the execution (S104, S105), the network inquiry and the communication amount can be reduced sufficiently. In addition, since the response speed decreases when the cache is enlarged, it is desirable to keep the size to a minimum. If the same URL is written again while it is held, the holding time may be extended.

  Subsequently, the URL evaluation unit 22 executes a normal response function 67 for returning to the relay proxy server unit 21 whether or not the connection destination URL can be connected. At this time, whether or not the embedded URL can be connected is not returned. Receiving this, if the connection to the connection destination URL is “No” (S151 → S152), the relay proxy server unit 21 executes the blocking function 62 that blocks the connection request. The contents of the blocking function 62 are as described above. On the other hand, if the connection to the connection destination URL is “permitted”, the relay function 61 for relaying the connection request to the content server 50 and requesting the download of the document is executed (S153, S154).

  On the other hand, even if the embedded URL database 43 is searched (S113) and the connection destination URL is not recorded (S114), the embedded URL database management unit 41 sends only the null or the connection destination URL to the URL evaluation unit 22. The zero reply function 84 is returned (S118). Upon receiving this response, the URL evaluator 22 executes the single availability inquiry function 64 that inquires the restriction target DB server about the availability of connection only for the connection destination URL (S119). The connection possibility determination unit 31 of the restriction target DB server 30 executes the restriction determination function 71 for searching the restriction target URL database 32 for the connection destination URL inquired in the above case (S141), and the result is the URL. The availability determination response function 72 for responding to the evaluation unit 22 is executed (S142), and the first cache function 66 for writing the connection availability for the connection destination URL in the URL connection availability cache 23 is executed (S138). Here, by storing the connection destination URL in the cache, it is possible to promptly respond even when the browser processing unit 11 performs operations such as “return” and “re-read” immediately after connection. In addition, even if the so-called “F5 attack” is repeated, the situation that a useless count is sent to the inquiry frequency database 42 can be prevented. The URL evaluation unit 22 performs either the relay function 61 (S153, S154) or the blocking function 62 (S152) according to the response result (S151).

  The above is the processing procedure performed by the filtering system in response to a request from the terminal in the normal state in the first embodiment. Then, the embedded URL server 40 performs the next batch processing periodically based on the data in the inquiry frequency database 42 by the frequency update function 81 executed in the above procedure, thereby smoothly performing the above processing procedure. Prepare a working environment. Since this batch processing requires a large amount of processing capacity of the server to analyze a large amount of HTML files, it is better to set the above normal requests to be automatically performed in a time zone with few requests, for example, every day. It is preferable to carry out at dawn. The procedure of the batch process execution function 86 set to be executed periodically will be described with reference to FIG.

  First (S211), the database update unit 45 that supervises this batch processing searches the inquiry frequency database 42, and executes a frequency reading function 87 that extracts the URL group having the most recent request frequency. For example, the URL group corresponding to tens of thousands of the highest frequency count is extracted. This count number is preferably reset every time batch processing is performed, or is preferably re-counted as a new time after batch processing, as shown in FIG. 5 (b), and at the most recent time or a limited number of times as possible. It is preferable to extract a URL group with many inquiries. This is because the efficiency is poor when processing URLs with a small number of inquiries in the past even if the number of counts is large. However, since the number of requests may fluctuate with the period of each day of the week or with a longer period, a log of a certain period in the past is kept, and the URL is optimized to the next expected frequency. A group may be read out.

  The extracted URL group is sent to the content analysis unit 44, and the pre-analysis function 85 is executed to analyze all the embedded URLs embedded in the document indicated by those URLs and rerecord them in the embedded URL database 43 (S213-S S217). The embedded URL is, for example, a URL of a tag that is simultaneously displayed when a document is read, such as an HTML img tag, an Embed tag, or an iframe tag. In many cases, it is desirable to exclude the link destination by the a tag because it is not counted correctly in the inquiry frequency database. This is because the connection request to the link destination does not know which one is specified, and there are cases where the number becomes too large when prefetching is performed. An archive that can be downloaded from the connection destination URL may also be included. Specifically, the following procedure is performed for all URLs constituting the URL group.

  First, the content analysis unit 44 requests and receives a document download from the content server 50 indicated by the URL as an address (S214). The contents of the received HTML file or XML file are analyzed, and an embedded URL to be read when the document is displayed by the browser is extracted (S215). Here, not only the addresses directly described in the HTML file and the XML file, but also CSS (Cascading Style Sheets) files and JS (Java Script) files that are read when the file is displayed on the browser It is desirable to set to analyze even the embedded URL.

  Next, the embedded URL recording function 88 for registering the connection destination URL and the embedded URL extracted therefrom in the embedded URL database 43 is executed (S216). The above download, analysis extraction, and registration are performed for all the extracted URL groups (S217 → S213). By this batch processing, a list of embedded URLs for some connection destination URLs with a high inquiry frequency is prepared. An embedded URL reply function 83, a collective availability inquiry function 65, a high-speed response to the above normal request. The reply function 68 can be executed, and high-speed filtering processing is possible.

  If the content of the connection destination URL is changed after the analysis by the batch processing and the embedded URL of the embedded content is changed, the newly added embedded URL Filtering by the fast response function 68 is not possible. However, since whether or not the embedded URL falls under the restriction target is checked against the data in the restriction target URL database 32 (S104 → S111 to S114 → S118), the safety is deteriorated due to the time lag with the analysis. Absent.

  Next, a second embodiment of the present invention will be described. The configuration diagram is shown in FIG. 6, and the processing flow of the request at the normal time is shown in FIGS. The batch processing is the same as in the first embodiment. In addition, since the basic flow of the normal request has many parts that are the same as those in the first embodiment, the description will focus on the changes from the first embodiment.

  Specifically, the access route to the regulated DB server 30 is changed. In the first embodiment, a response is made with the URL evaluation unit 22, but in the second embodiment, a response is made with the embedded URL database management unit 41 of the embedded URL server 40. That is, in the flow, the portion that has been received by the URL evaluation unit 22 once in S115 and S116, S118 and S119 and then inquired to the connection possibility determination unit 31 is embedded URL database management as in S121 and S122. The unit 41 is changed so as to inquire directly to the connection possibility determination unit 31. As a result, the connection destination URL, embedded URL, and null result as well as the determination result of whether or not connection is possible are collectively returned to the URL evaluation unit 22 (S137b, S142a), so the processing performed by the URL evaluation unit 22 And the load on the URL evaluation unit 22 of the URL filtering device 20 is reduced. Furthermore, since a series of processes can be performed together only on the server side, a faster response is possible if only the communication line between the embedded URL server 40 and the regulated DB server 30 is high speed.

  The functions of the embedded URL database management unit 41 necessary for carrying out the above flow are as follows. The embedded URL search function 82 to the embedded URL database 43 is executed for the connection destination URL (S113, S114). If found, the embedded URL is read and the URL set of the connection destination URL and the embedded URL is obtained. The direct sending batch availability inquiry function 92 for making an inquiry to the connection availability judgment unit 31 is executed (S121). When the availability of connection for these URL sets is received from the connection availability determination unit 31 (S137a), a collective response function 94 that collectively returns them to the URL evaluation unit 22 is executed (S137b). If it is not found by executing the embedded URL search function 82, the direct sending single availability inquiry function 91 for inquiring the connection availability judgment unit 31 only for the connection destination URL is executed (S122). When the connection possibility for the connection destination URL is received from the connection possibility determination unit 31 (S141a), the single reply function 93 that returns the connection possibility to the URL evaluation unit 22 is executed (S142a). The second cache function 95 for writing the availability of the connection to the URL connection availability cache 23 is executed (S138).

  On the other hand, in the restriction target DB server 30, the reply destination of the permission determination reply function 72 is changed to the embedded URL database management unit 41. Further, the URL evaluation unit 22 does not execute the single availability inquiry function 64 and the collective availability inquiry function 65 that were provided in the first embodiment. Further, when the embedded URL and the connection possibility to the embedded URL are received from the embedded URL database management unit 41, the second cache function 95 for writing a temporary record in the URL connection availability cache 23 is executed (S138). .

  Furthermore, a third embodiment of the present invention will be described. The configuration diagram is shown in FIG. In this embodiment, the function of the URL filtering device 20 provided in the content display terminal 10 in the second embodiment is built in the content display terminal 10a as the URL filtering unit 20a. Specifically, the URL filtering unit 20a is software included in a communication unit that the browser has separately from the HTML rendering function, or software installed in the content display terminal 10a as a personal firewall separately from the browser.

  The flow of the third embodiment is obtained by replacing the URL filtering device 20 with the URL filtering unit 20a in the flow shown in FIGS. 7 and 8 and FIG. However, the exchange of data between the browser processing unit 11 and the URL filtering unit 20a is a data exchange within the same terminal without going through a LAN or the like.

  Note that the present invention can also be implemented in a form in which the function of the URL filtering device 20 shown in FIG. 1 in the first embodiment is incorporated in the content display terminal 10a as the URL filtering unit 20a. However, instead of making a query after the URL evaluation unit 22 receives once as in the first embodiment (FIG. 1), it is embedded without going through the URL evaluation unit 22 as in the third embodiment (FIG. 5). Since the processing load applied to the URL filtering unit 20a is smaller when the embedded URL server 40 makes an inquiry to the restriction target DB server 30, the specifications necessary for incorporating into the content display terminal 10a can be made smaller.

10, 10a Content display terminal 11 Browser processing unit 20 URL filtering device 20a URL filtering unit 21 Relay proxy server unit 22 URL evaluation unit 23 URL connection enable / disable cache 30 Restriction target DB server 31 Connection enable / disable determination unit 32 Restriction target URL database 40 embedded Embedded URL server 41 Embedded URL database management unit 42 Query frequency database 43 Embedded URL database 44 Content analysis unit 45 Database update unit 50 Content server 60 Request inquiry function 61 Relay function 62 Blocking function 63 Request function 64 Independent inquiry Function 65 Collective availability inquiry function 66 First cache function 67 Normal response function 68 High-speed response function 69 Temporary storage function 71 Availability determination function 72 Availability determination response function 81 Frequency update function 82 Embedded URL search function 83 Embedded URL reply function 84 Zero reply function 85 Pre-analysis function 86 Batch processing execution function 87 Frequency reading function 88 Embedded URL recording function 91 Direct sending single availability inquiry function 92 Direct sending batch availability inquiry function 93 Single reply function 94 Batch reply Function 95 Second cache function

Claims (6)

When a connection request is transmitted from the browser processing unit of the content display terminal used by the user to the content server, the address of the connection request destination corresponds to a restriction URL list recorded in advance as a restriction target page. In the case, a URL filtering system having a function of blocking by a URL filtering unit provided or built in the content display terminal,
The URL filtering unit and the embedded URL server and the regulated DB server that communicate with the URL filtering unit,
The embedded URL server separately performs a request process that is normally received and a regular batch process.
In normal times, it has a frequency update function for receiving the request including the connection destination URL that is the designation destination of the connection request from the URL filtering unit, and recording the connection destination URL in the inquiry frequency database together with the number of requests. ,
On the other hand, for a part of the URL group with the highest request frequency among the connection destination URLs recorded in the inquiry frequency database, a document corresponding to the connection destination URL is downloaded and analyzed, and embedded in the document. A batch processing execution function for performing periodic batch processing for recording the embedded URL together with the connection destination URL in the embedded URL database;
At the normal time after the batch processing, the request from the URL filtering unit including the connection destination URL in which the embedded URL is recorded in the embedded URL database by the batch processing is not associated with the corresponding embedded processing. A URL is called from the embedded URL database, and the URL and the embedded URL are returned to the URL filtering unit, and an embedded URL response function is executed, together with the frequency update function,
The URL filtering unit collectively connects the connection destination URL returned from the embedded URL server and the embedded URL corresponding to the URL to the restriction target DB server that records the restriction URL list. A URL filtering system that inquires about availability and blocks a connection destination URL and a subsequent connection request to the embedded URL according to a response availability result. The URL filtering unit includes a URL connection availability cache, a relay proxy server unit, and a URL evaluation unit.
The URL connection enable / disable cache temporarily stores connection enable / disable of the embedded URL embedded in the connection destination URL with a time limit (at least a connection request to the series of URLs can be completed). Has function,
The relay proxy server unit receives the connection request, transmits a request inquiry to the URL evaluation unit, and receives the connection availability result and blocks the connection request according to the result. With a blocking function,
The URL evaluation unit receives the inquiry and transmits the request to the embedded URL server, and when receiving a reply without the embedded URL from the embedded URL server, only the connection destination URL is received. A single availability inquiry function that inquires the restriction target DB server whether or not the connection is possible, and a collective availability inquiry that inquires the restriction target DB server whether or not the connection is possible when the embedded URL is received from the embedded URL server A first cache function that writes to the URL connection availability cache the connection possibility of the embedded URL, which is a response to the collective availability inquiry function, and the result of the connection proxy to the connection destination URL. A normal reply function for replying to the server part and a URL connection enable / disable cache for the connection destination URL in response to an inquiry from the connection request. If applicable to prerecorded the embedded URL searching for Interview the propriety without transmitting the request and a fast response capability to respond to the relay proxy server unit,
The URL filtering system according to claim 1. The embedded URL server includes an embedded URL database management unit that processes a normal request, a database update unit that performs the periodic batch processing, a content analysis unit that performs analysis during the batch processing, The embedded URL database and the inquiry frequency database;
The database updating unit records a frequency reading function for reading the URL group from the inquiry frequency database and sending the URL group to the content analysis unit, and records the embedded URL corresponding to the URL group together with the URL group in the embedded URL database. Embedded URL recording function
The content analysis unit has a pre-analysis function that downloads and analyzes a document corresponding to each of the URLs constituting the URL group from the content server indicated by the connection destination URL, and obtains an embedded URL embedded in the document. Have
The embedded URL database management unit receives the request from the URL filtering unit, records the connection destination URL in the inquiry frequency database together with the number of inquiries, and the connection destination URL included in the request. Search the embedded URL database and, if applicable, an embedded URL search function for calling up the embedded URL corresponding to the connection destination URL, and the connection URL and the embedded URL if there is a match in the search. The embedded URL reply function for replying to the evaluation unit;
The URL filtering system according to claim 2 . When a connection request is transmitted from the browser processing unit of the content display terminal used by the user to the content server, the address of the connection request destination corresponds to a restriction URL list recorded in advance as a restriction target page. In the case, a URL filtering system having a function of blocking by a URL filtering unit provided or built in the content display terminal,
The URL filtering unit, an embedded URL server that communicates with the URL filtering unit, and a regulated DB server that communicates with the embedded URL server.
The embedded URL server separately performs a request process that is normally received and a regular batch process.
Usually, it has a frequency update function for receiving a request including a connection destination URL, which is a designation destination of the connection request, from the URL filtering unit and recording the connection destination URL in the inquiry frequency database together with the number of requests.
On the other hand, for a part of the URL group recorded in the inquiry frequency database with a high recent request frequency, the document corresponding to the connection destination URL is downloaded and analyzed, and the embedded URL embedded in the document is A batch processing execution function for performing periodic batch processing to be recorded in the embedded URL database together with the connection destination URL;
At the normal time after the batch processing, the request from the URL filtering unit including the connection destination URL in which the embedded URL is recorded in the embedded URL database by the batch processing is not associated with the corresponding embedded processing. A URL is called from the embedded URL database, and the connection target URL and the corresponding embedded URL are inquired to the restriction target DB server that records the restriction URL list collectively as to whether or not connection is possible. , Having a batch response function for returning the result to the URL filtering unit, and executing it together with the frequency update function,
The URL filtering system, wherein the URL filtering unit blocks a connection request to the connection destination URL and the subsequent embedded URL according to the response result. The embedded URL server includes an embedded URL database management unit that processes a normal request, a database update unit that performs the periodic batch processing, a content analysis unit that performs analysis during the batch processing, The embedded URL database and the inquiry frequency database;
The URL filtering unit includes a URL connection availability cache, a relay proxy server unit, and a URL evaluation unit.
The URL connection enable / disable cache has a temporary storage function for temporarily storing the connection enable / disable of the embedded URL embedded in the connection destination URL with a time limit,
The relay proxy server unit receives the connection request, transmits a request inquiry to the URL evaluation unit, and receives the connection availability result and blocks the connection request according to the result. With a blocking function,
When the URL evaluation unit receives a response including the request function for receiving the inquiry and transmitting the request to the embedded URL server, and the embedded URL and whether the connection is possible or not from the embedded URL server. The second cache function for writing the availability of connection of the embedded URL to the URL connection availability cache, and the result of availability of connection to the connection destination URL received from the embedded URL database management unit to the relay proxy server unit A normal reply function for replying, and inquiring from the connection request, the URL connection possibility cache is searched for the connection destination URL, and if it corresponds to the embedded URL recorded in advance, whether or not the request is sent is transmitted. A high-speed response function for replying to the relay proxy server unit ;
The database updating unit records a frequency reading function for reading the URL group from the inquiry frequency database and sending the URL group to the content analysis unit, and records the embedded URL corresponding to the URL group together with the URL group in the embedded URL database. Embedded URL recording function
The content analysis unit has a pre-analysis function that downloads and analyzes a document corresponding to each of the URLs constituting the URL group from the content server indicated by the connection destination URL, and obtains an embedded URL embedded in the document. Have
The embedded URL database management unit receives the request from the URL filtering unit, records the connection destination URL in the inquiry frequency database together with the number of inquiries, and the connection destination URL included in the request. The embedded URL database is searched, and if applicable, an embedded URL search function for calling the embedded URL corresponding to the connection destination URL, and the embedded URL and the embedded URL if there is a match in the search. A direct sending batch availability inquiry function that transmits to the connection availability judgment unit of the target DB server and receives the availability of those connections, and a batch response function that collectively answers the availability to the URL evaluation unit of the filtering unit Run the
The URL filtering system according to claim 4. When a connection request is transmitted from the browser processing unit of the content display terminal used by the user to the content server, the address of the connection request destination corresponds to a restriction URL list recorded in advance as a restriction target page. In this case, a URL filtering method for blocking by a URL filtering unit provided or built in the content display terminal,
Using an embedded URL server and a regulated DB server connected to the URL filtering unit via a network,
Normally, the embedded URL server receives a request including a connection destination URL as a connection request designation destination from the URL filtering unit, and the embedded URL server stores the connection destination URL together with the number of requests. Execute a frequency update function that records in advance in the inquiry frequency database of the URL server,
On the other hand, a document corresponding to the connection destination URL is downloaded to the embedded URL server and analyzed with respect to a part of the URL group with the most recent request frequency recorded in the inquiry frequency database, and is embedded in the document. A batch processing execution function for performing periodic batch processing for recording the embedded URL together with the connection destination URL in the embedded URL database;
At the normal time after the batch processing, the request from the URL filtering unit including the connection destination URL in which the embedded URL is recorded in the embedded URL database by the batch processing is sent to the embedded URL server. The embedded URL response function for calling the corresponding embedded URL from the embedded URL database and returning the corresponding URL and the embedded URL to the URL filtering unit is executed together with the frequency update function,
In the URL filtering unit, the connection destination URL returned from the embedded URL server and the embedded URL corresponding thereto are collectively connected to the restriction target DB server in which the restriction URL list is recorded. A URL filtering method for inquiring whether or not connection is possible, and blocking a connection destination URL and a subsequent connection request to the embedded URL according to the response availability result.

Images