CN116016562A

Movatterモバイル変換

Info

Publication number: CN116016562A
Application number: CN202211714823.1A
Authority: CN
Inventors: 李小坤
Original assignee: Wuhan Greenet Information Service Co Ltd
Current assignee: Wuhan Greenet Information Service Co Ltd
Priority date: 2022-12-29
Filing date: 2022-12-29
Publication date: 2023-04-25

Abstract

The application provides a keyword plugging method for a plurality of deep packet inspection nodes and related equipment, wherein the method is applied to target nodes in the plurality of deep packet inspection nodes and comprises the following steps: acquiring target url information of a target page accessed by a user side; acquiring a url list stored in a target node, wherein a plurality of url information are stored in the url list; if the target url information does not exist in the plurality of url information, carrying out recombination and reduction processing on the target page, and determining target mark information of the target url information; synchronizing the target url information and the target mark information to url list tables of other nodes except the target node so as to carry out keyword blocking on the other nodes. According to the method and the device for achieving the keyword blocking, the target url information and the target marking information determined by the target node are synchronized to the url list of other nodes, so that other nodes can directly block keywords based on the url list without repeatedly carrying out page reorganization and reduction, and resource expenditure of DPI equipment is saved.

Description

Translated fromChinese

针对多个深度报文检测节点的关键字封堵方法及相关设备Keyword blocking method and related equipment for multiple deep message inspection nodes

技术领域technical field

本申请涉及深度报文检测技术领域，具体涉及一种针对多个深度报文检测节点的关键字封堵方法及相关设备。The present application relates to the technical field of deep message detection, in particular to a keyword blocking method and related equipment for multiple deep message detection nodes.

背景技术Background technique

DPI(Deep Packet Inspection，深度报文检测)是一种基于数据包的深度检测技术，针对不同的网络应用层载荷(例如HTTP、DNS等)进行深度检测，通过对报文的有效载荷检测决定其合法性。DPI (Deep Packet Inspection) is a packet-based in-depth inspection technology that conducts in-depth inspections on different network application layer loads (such as HTTP, DNS, etc.), and determines its legality.

为了保证网络的信息安全，往往需要在IDC(Internet Data Center，互联网数据中心)机房中部署DPI设备，对HTTP协议中传输的网页中是否有敏感关键字进行检测并阻断，防止恶意信息的传播，这种情况下就需要DPI设备通过实时处理HTTP报文流量，重组还原出对应的传输页面，然后对传输页面进行非法关键字的匹配判定，判定成功后则进行封堵动作和日志上报。In order to ensure the information security of the network, it is often necessary to deploy DPI equipment in the IDC (Internet Data Center, Internet Data Center) computer room to detect and block whether there are sensitive keywords in the web pages transmitted in the HTTP protocol, so as to prevent the spread of malicious information In this case, the DPI device needs to process the HTTP message traffic in real time, reorganize and restore the corresponding transmission page, and then perform illegal keyword matching judgment on the transmission page, and then perform blocking action and log report after the judgment is successful.

然而，同一机房中部署的DPI设备可能有几十个乃至上百个，对于不同用户访问同一个url(uniform resource locator，统一资源定位符)页面的流量会被负载均衡到不同DPI设备上进行敏感关键字的检测和封堵，这样，多台DPI设备均需要对同一个url页面进行重组还原，极大地浪费了DPI设备的资源。However, there may be dozens or even hundreds of DPI devices deployed in the same computer room, and the traffic of different users accessing the same url (uniform resource locator, uniform resource locator) page will be load-balanced to different DPI devices for sensitive Keyword detection and blocking. In this way, multiple DPI devices need to reorganize and restore the same url page, which greatly wastes the resources of the DPI device.

发明内容Contents of the invention

本申请提供一种针对多个深度报文检测节点的关键字封堵方法及相关设备，旨在节省DPI设备的资源开销。The present application provides a keyword blocking method and related equipment for multiple deep packet inspection nodes, aiming at saving resource overhead of DPI equipment.

一方面，本申请提供一种针对多个深度报文检测节点的关键字封堵方法，所述方法应用于所述多个深度报文检测节点中的目标节点，包括：On the one hand, the present application provides a keyword blocking method for multiple deep message detection nodes, the method is applied to the target node among the multiple deep message detection nodes, including:

获取用户端访问的目标页面的目标url信息；Obtain the target URL information of the target page accessed by the client;

获取所述目标节点中存储的url名单表，所述url名单表中存储有多个url信息和各所述url信息的标记信息；Acquiring the url list table stored in the target node, the url list table stores a plurality of url information and tag information of each of the url information;

若所述目标url信息不存在于所述多个url信息中，对所述目标页面进行重组还原处理，得到所述目标页面中的页面内容；If the target url information does not exist in the plurality of url information, reorganize and restore the target page to obtain the page content in the target page;

基于所述页面内容中是否存在预设关键字，确定所述目标url信息的目标标记信息；determining the target tag information of the target url information based on whether there are preset keywords in the page content;

将所述目标url信息和所述目标标记信息，同步至所述多个深度报文检测节点中除所述目标节点之外的其他节点的url名单表中，以供所述其他节点基于所述其他节点的url名单表进行关键字封堵。synchronizing the target url information and the target tag information to the url lists of nodes other than the target node among the plurality of deep message detection nodes, for the other nodes to use based on the Keyword blocking is performed on the url lists of other nodes.

在一些实施例中，所述url名单表为url黑白名单表，所述url黑白名单表中各url信息的标记信息为白标记或者黑标记，所述目标标记信息为白标记或者黑标记。In some embodiments, the url list table is a url black and white list table, the mark information of each url information in the url black and white list table is a white mark or a black mark, and the target mark information is a white mark or a black mark.

在一些实施例中，所述获取所述目标节点中存储的url名单表之后，还包括：In some embodiments, after obtaining the url list stored in the target node, it further includes:

若所述目标url信息存在于所述多个url信息中，获取所述目标节点中存储的url黑白名单表中所述目标url信息的标记信息；If the target url information exists in the plurality of url information, obtain the tag information of the target url information in the url black and white list table stored in the target node;

若所述目标url信息的标记信息为黑标记，对所述目标页面进行封堵处理；If the mark information of the target url information is a black mark, block the target page;

若所述目标url信息的标记信息为白标记，不对所述目标页面进行封堵处理。If the mark information of the target url information is a white mark, the target page is not blocked.

在一些实施例中，所述对所述目标页面进行封堵处理，包括：In some embodiments, the blocking processing of the target page includes:

若所述多个深度报文检测节点并接于所述用户端访问所述目标页面的数据传输路径上，分别发送会话结束信息至所述用户端以及所述用户端访问所述目标页面时的服务器端，以结束所述用户端与所述服务器端之间的访问会话。If the plurality of deep message detection nodes are connected in parallel to the data transmission path for the client to access the target page, send session end information to the client and the time when the client accesses the target page respectively The server end, to end the access session between the user end and the server end.

若所述多个深度报文检测节点串接于所述用户端访问所述目标页面的数据传输路径中，不返回所述目标页面至所述用户端。If the plurality of deep packet detection nodes are serially connected in the data transmission path for the client to access the target page, the target page will not be returned to the client.

在一些实施例中，所述基于所述页面内容中是否存在预设关键字，确定所述目标url信息的目标标记信息，包括：In some embodiments, determining the target tag information of the target url information based on whether there are preset keywords in the page content includes:

若所述页面内容中存在所述预设关键字，确定所述目标url信息的目标标记信息为黑标记；If the preset keyword exists in the page content, it is determined that the target tag information of the target url information is a black mark;

若所述页面内容中不存在所述预设关键字，确定所述目标url信息的目标标记信息为白标记。If the preset keyword does not exist in the page content, it is determined that the target tag information of the target url information is a white tag.

在一些实施例中，所述目标页面中包括压缩的多个数据包，所述对所述目标页面进行重组还原处理，得到所述目标页面中的页面内容，包括：In some embodiments, the target page includes a plurality of compressed data packets, and performing reorganization and restoration processing on the target page to obtain the page content in the target page includes:

对所述目标页面中压缩的多个数据包进行拼接，得到所述目标页面的压缩文件；Splicing the multiple data packets compressed in the target page to obtain a compressed file of the target page;

对所述压缩文件进行解压缩处理，得到所述目标页面中的页面内容。The compressed file is decompressed to obtain the page content in the target page.

另一方面，本申请提供一种针对多个深度报文检测节点的关键字封堵装置，所述装置包括：On the other hand, the present application provides a keyword blocking device for multiple deep message detection nodes, the device comprising:

第一获取单元，用于获取用户端访问的目标页面的目标url信息；The first obtaining unit is used to obtain the target url information of the target page accessed by the client;

第二获取单元，用于获取所述目标节点中存储的url名单表，所述url名单表中存储有多个url信息和各所述url信息的标记信息；The second obtaining unit is used to obtain the url list stored in the target node, where a plurality of url information and tag information of each url information are stored in the url list;

重组还原单元，用于若所述目标url信息不存在于所述多个url信息中，对所述目标页面进行重组还原处理，得到所述目标页面中的页面内容；A reorganization and restoration unit, configured to reorganize and restore the target page if the target url information does not exist in the plurality of url information, to obtain the page content in the target page;

标记确定单元，用于基于所述页面内容中是否存在预设关键字，确定所述目标url信息的目标标记信息；A tag determining unit, configured to determine target tag information of the target url information based on whether there are preset keywords in the page content;

标记同步单元，用于将所述目标url信息和所述目标标记信息，同步至所述多个深度报文检测节点中除所述目标节点之外的其他节点的url名单表中，以供所述其他节点基于所述其他节点的url名单表进行关键字封堵。A tag synchronization unit, configured to synchronize the target url information and the target tag information to the url lists of nodes other than the target node among the plurality of deep message detection nodes, for all The other nodes perform keyword blocking based on the url lists of the other nodes.

另一方面，本申请还提供一种计算机设备，所述计算机设备包括：On the other hand, the present application also provides a kind of computer equipment, and described computer equipment comprises:

一个或多个处理器；one or more processors;

存储器；以及storage; and

一个或多个应用程序，其中所述一个或多个应用程序被存储于所述存储器中，并配置为由所述处理器执行以实现所述的针对多个深度报文检测节点的关键字封堵方法。One or more application programs, wherein the one or more application programs are stored in the memory and configured to be executed by the processor to implement the key encapsulation for multiple deep packet inspection nodes blocking method.

另一方面，本申请还提供一种计算机可读存储介质，其上存储有计算机程序，所述计算机程序被处理器进行加载，以执行所述的针对多个深度报文检测节点的关键字封堵方法中的步骤。On the other hand, the present application also provides a computer-readable storage medium, on which a computer program is stored, and the computer program is loaded by a processor to execute the keyword encapsulation for multiple deep packet inspection nodes. Steps in the blocking method.

本申请实施例提供的针对多个深度报文检测节点的关键字封堵方法及相关5设备，方法应用于多个深度报文检测节点中的目标节点，包括：获取用户端访The keyword blocking method and related equipment for multiple deep message detection nodes provided by the embodiment of the present application are applied to target nodes in multiple deep message detection nodes, including: obtaining user terminal access

问的目标页面的目标url信息；获取目标节点中存储的url名单表，url名单表中存储有多个url信息和各url信息的标记信息；若目标url信息不存在于多个url信息中，对目标页面进行重组还原处理，得到目标页面中的页面内容；基于The target url information of the target page to be asked; obtain the url list table stored in the target node, the url list table stores a plurality of url information and tag information of each url information; if the target url information does not exist in multiple url information, Reorganize and restore the target page to obtain the page content in the target page; based on

页面内容中是否存在预设关键字，确定目标url信息的目标标记信息；将目标0url信息和目标标记信息，同步至多个深度报文检测节点中除目标节点之外的其他节点的url名单表中，以供其他节点基于其他节点的url名单表进行关键字封堵。本申请实施例通过将目标节点确定出的目标url信息和目标标记信息，同步至其他节点的url名单表中，这样其他节点可直接基于url名单表进行关键字封堵，而无需重复进行页面的重组还原，节省了DPI设备的资源开销。Whether there are preset keywords in the page content, determine the target mark information of the target url information; synchronize the target 0 url information and target mark information to the url list tables of nodes other than the target node among multiple deep message detection nodes , for other nodes to block keywords based on the url lists of other nodes. In the embodiment of the present application, the target url information and target tag information determined by the target node are synchronized to the url list tables of other nodes, so that other nodes can directly block keywords based on the url list table without repeating the page Reorganization and restoration saves the resource overhead of DPI equipment.

5附图说明5 Description of drawings

为了更清楚地说明本申请实施例中的技术方案，下面将对实施例描述中所需要使用的附图作简单地介绍，显而易见地，下面描述中的附图仅仅是本申请的一些实施例，对于本领域技术人员来讲，在不付出创造性劳动的前提下，还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings that need to be used in the description of the embodiments will be briefly introduced below. Obviously, the drawings in the following description are only some embodiments of the present application. For those skilled in the art, other drawings can also be obtained based on these drawings without any creative effort.

0图1是本申请实施例提供的针对多个深度报文检测节点的关键字封堵系统的场景示意图；1 is a schematic diagram of a scene of a keyword blocking system for multiple deep message detection nodes provided by the embodiment of the present application;

图2是本申请实施例中提供的针对多个深度报文检测节点的关键字封堵方法的一个实施例流程示意图；Fig. 2 is a schematic flow chart of an embodiment of a keyword blocking method for multiple deep message detection nodes provided in the embodiment of the present application;

图3是本申请实施例中提供的针对多个深度报文检测节点的关键字封堵方5法的另一实施例流程示意图；Fig. 3 is a schematic flow chart of another embodiment of the keyword blocking method for multiple deep message detection nodes provided in the embodiment of the present application;

图4是本申请实施例中多个深度报文检测节点并接于用户端访问目标页面的数据传输路径上的一种示意图；Fig. 4 is a schematic diagram of a plurality of deep message detection nodes connected to the data transmission path of the client to access the target page in the embodiment of the present application;

图5是本申请实施例中提供的针对多个深度报文检测节点的关键字封堵装置的一个实施例结构示意图；Fig. 5 is a schematic structural diagram of an embodiment of a keyword blocking device for multiple deep message detection nodes provided in the embodiment of the present application;

图6是本申请实施例中提供的计算机设备的一个实施例结构示意图。Fig. 6 is a schematic structural diagram of an embodiment of a computer device provided in the embodiment of the present application.

具体实施方式Detailed ways

下面将结合本申请实施例中的附图，对本申请实施例中的技术方案进行清楚、完整地描述，显然，所描述的实施例仅仅是本申请一部分实施例，而不是全部的实施例。基于本申请中的实施例，本领域技术人员在没有作出创造性劳动前提下所获得的所有其他实施例，都属于本申请保护的范围。The following will clearly and completely describe the technical solutions in the embodiments of the application with reference to the drawings in the embodiments of the application. Apparently, the described embodiments are only some of the embodiments of the application, not all of them. Based on the embodiments in this application, all other embodiments obtained by those skilled in the art without making creative efforts belong to the scope of protection of this application.

在本申请的描述中，需要理解的是，术语“中心”、“纵向”、“横向”、“长度”、“宽度”、“厚度”、“上”、“下”、“前”、“后”、“左”、“右”、“竖直”、“水平”、“顶”、“底”、“内”、“外”等指示的方位或位置关系为基于附图所示的方位或位置关系，仅是为了便于描述本申请和简化描述，而不是指示或暗示所指的装置或元件必须具有特定的方位、以特定的方位构造和操作，因此不能理解为对本申请的限制。此外，术语“第一”、“第二”仅用于描述目的，而不能理解为指示或暗示相对重要性或者隐含指明所指示的技术特征的数量。由此，限定有“第一”、“第二”的特征可以明示或者隐含地包括一个或者更多个所述特征。在本申请的描述中，“多个”的含义是两个或两个以上，除非另有明确具体的限定。In the description of the present application, it should be understood that the terms "center", "longitudinal", "transverse", "length", "width", "thickness", "upper", "lower", "front", " The orientation or positional relationship indicated by "rear", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", etc. is based on the orientation shown in the drawings Or positional relationship is only for the convenience of describing the present application and simplifying the description, but does not indicate or imply that the device or element referred to must have a specific orientation, be constructed and operated in a specific orientation, and therefore should not be construed as a limitation of the present application. In addition, the terms "first" and "second" are used for descriptive purposes only, and cannot be interpreted as indicating or implying relative importance or implicitly specifying the quantity of indicated technical features. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of said features. In the description of the present application, "plurality" means two or more, unless otherwise specifically defined.

在本申请中，“示例性”一词用来表示“用作例子、例证或说明”。本申请中被描述为“示例性”的任何实施例不一定被解释为比其它实施例更优选或更具优势。为了使本领域任何技术人员能够实现和使用本申请，给出了以下描述。在以下描述中，为了解释的目的而列出了细节。应当明白的是，本领域普通技术人员可以认识到，在不使用这些特定细节的情况下也可以实现本申请。在其它实例中，不会对公知的结构和过程进行详细阐述，以避免不必要的细节使本申请的描述变得晦涩。因此，本申请并非旨在限于所示的实施例，而是与符合本申请所公开的原理和特征的最广范围相一致。In this application, the word "exemplary" is used to mean "serving as an example, illustration or illustration". Any embodiment described in this application as "exemplary" is not necessarily to be construed as preferred or advantageous over other embodiments. The following description is given to enable any person skilled in the art to make and use the application. In the following description, details are set forth for purposes of explanation. It should be understood that one of ordinary skill in the art would recognize that the present application may be practiced without these specific details. In other instances, well-known structures and processes are not described in detail to avoid obscuring the description of the present application with unnecessary detail. Thus, the present application is not intended to be limited to the embodiments shown, but is to be accorded the widest scope consistent with the principles and features disclosed in this application.

本申请实施例提供一种针对多个深度报文检测节点的关键字封堵方法及相关设备，以下分别进行详细说明。Embodiments of the present application provide a keyword blocking method and related equipment for multiple deep message inspection nodes, which will be described in detail below.

如图1所示，图1是本申请实施例提供的针对多个深度报文检测节点的关键字封堵系统的场景示意图，该针对多个深度报文检测节点的关键字封堵系统可以包括计算机设备100，计算机设备100中集成有针对多个深度报文检测节点的关键字封堵装置，如图1中的计算机设备100。As shown in Figure 1, Figure 1 is a schematic diagram of the scene of the keyword blocking system for multiple deep message detection nodes provided by the embodiment of the present application, the keyword blocking system for multiple deep message detection nodes may include Thecomputer equipment 100 is integrated with a keyword blocking device for multiple deep packet detection nodes, such as thecomputer equipment 100 in FIG. 1 .

本申请实施例中，该计算机设备100可以为终端或者服务器，当计算机设备100为服务器时，可以是独立的服务器，也可以是服务器组成的服务器网络或服务器集群，例如，本申请实施例中所描述的计算机设备100，其包括但不限于计算机、网络主机、单个网络服务器、多个网络服务器集或多个服务器以构建的云服务器。其中，云服务器由基于云计算(Cloud Computing)的大量计算机或网络服务器以构建。In the embodiment of the present application, thecomputer device 100 can be a terminal or a server. When thecomputer device 100 is a server, it can be an independent server, or a server network or server cluster composed of servers. For example, theThe computer device 100 described includes, but is not limited to, a computer, a network host, a single network server, a set of multiple network servers, or a cloud server constructed by multiple servers. Among them, the cloud server is constructed by a large number of computers or network servers based on cloud computing (Cloud Computing).

可以理解的是，本申请实施例中计算机设备100为终端时，所使用的终端可以是既包括接收和发射硬件的设备，即具有能够在双向通信链路上，执行双向通信的接收和发射硬件的设备。这种设备可以包括：蜂窝或其他通信设备，其具有单线路显示器或多线路显示器或没有多线路显示器的蜂窝或其他通信设备。具体的计算机设备100具体可以是台式终端或移动终端，计算机设备100具体还可以是手机、平板电脑、笔记本电脑等中的一种。It can be understood that when thecomputer device 100 is a terminal in the embodiment of the present application, the terminal used may be a device that includes both receiving and transmitting hardware, that is, it has receiving and transmitting hardware capable of performing bidirectional communication on a bidirectional communication link device of. Such devices may include cellular or other communication devices having a single line display or a multi-line display or a cellular or other communication device without a multi-line display. Specifically, thecomputer device 100 may be a desktop terminal or a mobile terminal, and thecomputer device 100 may also be specifically one of a mobile phone, a tablet computer, a notebook computer, and the like.

本领域技术人员可以理解，图1中示出的应用环境，仅仅是与本申请方案一种应用场景，并不以构建对本申请方案应用场景的限定，其他的应用环境还可以包括比图1中所示更多或更少的计算机设备，例如图1中仅示出1个计算机设备，可以理解的，该针对多个深度报文检测节点的关键字封堵系统还可以包括一个或多个其他计算机设备，具体此处不作限定。Those skilled in the art can understand that the application environment shown in Figure 1 is only an application scenario related to the solution of this application, and is not intended to limit the application scenario of the solution of this application. More or fewer computer devices are shown, for example, only one computer device is shown in Figure 1, it can be understood that the keyword blocking system for multiple deep message detection nodes may also include one or more other Computer equipment, specifically not limited here.

另外，如图1所示，该针对多个深度报文检测节点的关键字封堵系统还可以包括存储器200，用于存储数据，如存储url名单表。In addition, as shown in FIG. 1 , the keyword blocking system for multiple deep packet detection nodes may further include amemory 200 for storing data, such as storing a url list.

需要说明的是，图1所示的针对多个深度报文检测节点的关键字封堵系统的场景示意图仅仅是一个示例，本申请实施例描述的针对多个深度报文检测节点的关键字封堵系统以及场景是为了更加清楚的说明本申请实施例的技术方案，并不构成对于本申请实施例提供的技术方案的限定，本领域普通技术人员可知，随着针对多个深度报文检测节点的关键字封堵系统的演变和新业务场景的出现，本申请实施例提供的技术方案对于类似的技术问题，同样适用。It should be noted that the schematic diagram of the keyword blocking system for multiple deep message detection nodes shown in Figure 1 is only an example, and the keyword blocking system for multiple deep message detection nodes described in the embodiment of the present application The blocking system and the scene are for the purpose of more clearly explaining the technical solution of the embodiment of the present application, and do not constitute a limitation to the technical solution provided by the embodiment of the present application. Those of ordinary skill in the art know that as multiple deep message detection nodes With the evolution of the keyword blocking system and the emergence of new business scenarios, the technical solutions provided by the embodiments of the present application are also applicable to similar technical problems.

接下来，介绍本申请实施例提供的针对多个深度报文检测节点的关键字封堵方法。Next, the keyword blocking method for multiple deep packet inspection nodes provided by the embodiment of the present application is introduced.

本申实施例针对多个深度报文检测节点的关键字封堵方法的实施例中以针对多个深度报文检测节点的关键字封堵装置作为执行主体，为了简化与便于描述，后续方法实施例中将省略该执行主体，该针对多个深度报文检测节点的关键字封堵装置应用于计算机设备。In the embodiment of the present application, the keyword blocking method for multiple deep message detection nodes is used as the execution subject for the keyword blocking device for multiple deep message detection nodes. In the example, the execution subject will be omitted, and the keyword blocking device for multiple deep packet inspection nodes is applied to computer equipment.

针对多个深度报文检测节点的关键字封堵方法应用于多个深度报文检测(DeepPacket Inspection，DPI)节点中的目标节点，多个深度报文检测节点一般部署于同一IDC(Internet Data Center，互联网数据中心)机房中，当然，多个深度报文检测节点也可部署于不同的IDC机房。该IDC机房中设置有多个DPI设备，每一DPI设备为一个深度报文检测节点，目标节点为该IDC机房中的任一深度报文检测节点。深度报文检测节点用于对HTTP协议中传输的网页中是否有敏感关键字进行检测并阻断，防止恶意信息的传播，即关键字封堵。The keyword blocking method for multiple deep packet inspection nodes is applied to the target nodes in multiple deep packet inspection (DeepPacket Inspection, DPI) nodes, and multiple deep packet inspection nodes are generally deployed in the same IDC (Internet Data Center). , Internet Data Center) computer room, of course, multiple deep packet inspection nodes can also be deployed in different IDC computer rooms. Multiple DPI devices are set in the IDC computer room, each DPI device is a deep packet detection node, and the target node is any deep packet detection node in the IDC computer room. The deep packet inspection node is used to detect and block sensitive keywords in the web pages transmitted in the HTTP protocol, so as to prevent the spread of malicious information, that is, keyword blocking.

请参阅图2，图2为本申请实施例中提供的针对多个深度报文检测节点的关键字封堵方法的一个实施例流程示意图，该针对多个深度报文检测节点的关键字封堵方法应用于上述的目标节点，包括：Please refer to Fig. 2, Fig. 2 is a schematic flow chart of an embodiment of a keyword blocking method for multiple deep message detection nodes provided in the embodiment of the present application, the keyword blocking method for multiple deep message detection nodes The method is applied to the above target nodes, including:

201、获取用户端访问的目标页面的目标url信息；201. Obtain the target url information of the target page accessed by the client;

在本申请的实施例中，用户通过用户端访问互联网等网络中的目标页面，因此可基于用户端发起的针对目标页面的访问请求，来确定目标页面的目标url(uniformresource locator，统一资源定位符)信息，目标url信息即目标页面的url地址。不同页面的url地址不同，因此可基于此来区别不同的页面。In the embodiment of the present application, the user accesses the target page in the Internet and other networks through the client terminal, so the target url (uniform resource locator, uniform resource locator) of the target page can be determined based on the access request for the target page initiated by the client terminal ) information, the target url information is the url address of the target page. Different pages have different url addresses, so different pages can be distinguished based on this.

202、获取所述目标节点中存储的url名单表，所述url名单表中存储有多个url信息和各所述url信息的标记信息；202. Obtain the url list stored in the target node, where a plurality of url information and tag information of each url information are stored in the url list;

在本申请的实施例中，目标节点中存储有url名单表，url名单表记录了多个url信息和各url信息的标记信息。url名单表中的url信息为已进行预设关键字检测的页面的url地址，标记信息用于体现url信息的页面中是否包含有预设关键字，例如标记信息可以是白标记或者黑标记，白标记指url信息的页面中不包含预设关键字，黑标记指url信息的页面中包含有预设关键字。预设关键字一般为预设的敏感字符，预设关键字可基于实际需求事先设定。In the embodiment of the present application, a url list table is stored in the target node, and the url list table records a plurality of url information and tag information of each url information. The url information in the url list table is the url address of the page that has been detected by the preset keyword, and the tag information is used to reflect whether the page of the url information contains the preset keyword, for example, the tag information can be a white tag or a black tag, A white mark means that the page of url information does not contain a preset keyword, and a black mark means that a page of url information contains a preset keyword. The preset keywords are generally preset sensitive characters, and the preset keywords can be set in advance based on actual needs.

203、若所述目标url信息不存在于所述多个url信息中，对所述目标页面进行重组还原处理，得到所述目标页面中的页面内容；203. If the target url information does not exist in the plurality of url information, reorganize and restore the target page to obtain page content in the target page;

在本申请的实施例中，若目标url信息不存在于目标节点的url名单表中，表明目标页面未进行过预设关键字的检测，因此可对目标页面进行重组还原处理(即目标页面的第一次重组还原)，得到目标页面中的页面内容，页面内容即目标页面中的原始内容。In the embodiment of the present application, if the target url information does not exist in the url list table of the target node, it indicates that the target page has not been detected by preset keywords, so the target page can be reorganized and restored (that is, the target page The first reorganization and restoration) to obtain the page content in the target page, and the page content is the original content in the target page.

可以理解的是，在需要发送目标页面中的原始内容时，往往是将目标页面的数据进行切分、编码、压缩等处理，然后再发送，因此需要进行重组还原，得到目标页面中的原始内容。例如目标页面中包括压缩的多个数据包时，对目标页面进行重组还原处理，得到目标页面中的页面内容，可以包括：对目标页面中压缩的多个数据包进行拼接(例如TCP(Transmission Control Protocol，传输控制协议)重组)，得到目标页面的压缩文件，此时无法查看到目标页面中的页面内容；对压缩文件进行解压缩处理，得到目标页面中的页面内容。It is understandable that when it is necessary to send the original content of the target page, the data of the target page is often segmented, encoded, compressed, etc., and then sent, so reorganization and restoration are required to obtain the original content of the target page . For example, when the target page includes a plurality of compressed data packets, the target page is reorganized and restored to obtain the page content in the target page, which may include: splicing the compressed multiple data packets in the target page (such as TCP (Transmission Control) Protocol, Transmission Control Protocol (TCP) reorganization) to obtain the compressed file of the target page, the page content in the target page cannot be viewed at this time; the compressed file is decompressed to obtain the page content in the target page.

204、基于所述页面内容中是否存在预设关键字，确定所述目标url信息的目标标记信息；204. Determine target tag information of the target url information based on whether preset keywords exist in the page content;

在本申请的实施例中，目标节点中存储有预设关键字，基于目标页面中的页面内容与预设关键字之间的匹配，可确定出页面内容中是否存在预设关键字。页面内容中存在预设关键字时的目标标记信息，与页面内容中不存在预设关键字时的目标标记信息不同，例如页面内容中存在预设关键字时的目标标记信息为黑标记，页面内容中不存在预设关键字时的目标标记信息为白标记。In the embodiment of the present application, preset keywords are stored in the target node, and based on the match between the page content in the target page and the preset keyword, it can be determined whether there is a preset keyword in the page content. The target tag information when there are preset keywords in the page content is different from the target tag information when there are no preset keywords in the page content. For example, the target tag information when there are preset keywords in the page content is a black mark, and the page Target tagging information when there are no preset keywords in the content is white tagging.

205、将所述目标url信息和所述目标标记信息，同步至所述多个深度报文检测节点中除所述目标节点之外的其他节点的url名单表中，以供所述其他节点基于所述其他节点的url名单表进行关键字封堵。205. Synchronize the target url information and the target tag information to the url lists of nodes other than the target node among the plurality of deep packet detection nodes, so that the other nodes can use the The url lists of other nodes are blocked with keywords.

在本申请的实施例中，机房中的多个深度报文检测节点之间可进行数据通信(例如TCP连接、内网广播报文等通信方式)，以将目标url信息和目标标记信息同步至其他深度报文检测节点的url名单表中。当然，目标url信息和目标标记信息也会同步至目标节点的url名单表中，以避免目标节点重复进行页面的重组还原。In the embodiment of the present application, data communication (such as TCP connection, intranet broadcast message, etc.) can be performed between multiple deep message detection nodes in the computer room, so as to synchronize the target url information and target tag information to the In the url list table of other deep packet inspection nodes. Of course, the target url information and target tag information will also be synchronized to the url list table of the target node, so as to prevent the target node from repeatedly reorganizing and restoring the page.

需要说明的是，其他深度报文检测节点基于其他节点的url名单表进行关键字封堵的方法，与目标节点基于目标节点中url名单表进行关键字封堵的方法相同，具体可参照图2和图3所示实施例。It should be noted that the method of other deep packet inspection nodes to block keywords based on the url lists of other nodes is the same as the method of target nodes to block keywords based on the url lists in the target node, for details, please refer to Figure 2 And the embodiment shown in Fig. 3.

本申请实施例提供的针对多个深度报文检测节点的关键字封堵方法，通过将目标节点确定出的目标url信息和目标标记信息，同步至其他节点的url名单表中，这样其他节点可直接基于url名单表进行关键字封堵，而无需重复进行页面的重组还原，节省了DPI设备的资源开销(例如页面重组还原时所需的内存消耗和cpu占用)。并且，还解决了“每台设备对于同一个url的第一次出现都需要重组还原后才能判定是否包含非法关键字，封堵及时性不高”的问题。The keyword blocking method for multiple deep message detection nodes provided by the embodiment of the present application synchronizes the target url information and target tag information determined by the target node to the url list of other nodes, so that other nodes can Keyword blocking is performed directly based on the url list table without repeated page reorganization and restoration, which saves the resource overhead of the DPI device (such as memory consumption and CPU occupation required for page reorganization and restoration). In addition, it also solves the problem of "each device needs to reorganize and restore the first appearance of the same url to determine whether it contains illegal keywords, and the blocking timeliness is not high".

请参阅图3，图3为本申请实施例中提供的针对多个深度报文检测节点的关键字封堵方法的另一实施例流程示意图，获取目标节点中存储的url名单表之后，还包括：Please refer to FIG. 3. FIG. 3 is a schematic flow chart of another embodiment of the keyword blocking method for multiple deep message detection nodes provided in the embodiment of the present application. After obtaining the url list table stored in the target node, it also includes :

301、若所述目标url信息存在于所述多个url信息中，获取所述目标节点中存储的url黑白名单表中所述目标url信息的标记信息；301. If the target url information exists in the plurality of url information, acquire tag information of the target url information in the url blacklist and whitelist table stored in the target node;

在本申请的实施例中，若目标url信息存在于目标节点的url名单表中，表明目标页面进行过预设关键字的检测，因此可直接基于目标节点中存储的url黑白名单表中目标url信息的标记信息，来确定目标页面中是否包含有预设关键字。In the embodiment of this application, if the target url information exists in the url list table of the target node, it indicates that the target page has been detected by preset keywords, so it can be directly based on the target url in the url blacklist list stored in the target node Tag information of the information to determine whether the target page contains preset keywords.

302、若所述目标url信息的标记信息为黑标记，对所述目标页面进行封堵处理；302. If the mark information of the target url information is a black mark, block the target page;

在本申请的实施例中，若目标url信息的标记信息为黑标记，表明目标页面中包含有预设关键字，因此需要对目标页面进行封堵处理。In the embodiment of the present application, if the mark information of the target url information is a black mark, it indicates that the target page contains preset keywords, so the target page needs to be blocked.

在本申请的一些实施例中，在深度报文检测节点的部署方式不同时，对目标页面进行封堵处理也不同。深度报文检测节点的部署方式可以是并接部署、串接部署等。参照图4，用户端访问目标页面的数据传输路径上设置有分光器，分光器用于将用户端访问目标页面的流量镜像传输至深度报文检测节点所在的机房。机房内设置有分流器，分流器用于将用户端访问目标页面的镜像流量基于负载均衡(例如按二元组(源ip、目的ip)哈希的方式负载均衡)，分流至机房中的一个深度报文检测节点进行关键词检测和封堵。串接部署则是各深度报文检测节点均串接于用户端访问目标页面的数据传输路径中，用户端访问目标页面的流量必须先经过一个深度报文检测节点，再由该深度报文检测节点发送至服务器端。In some embodiments of the present application, when the deployment modes of the deep packet inspection nodes are different, the blocking processing of the target page is also different. The deployment mode of deep packet inspection nodes can be parallel deployment, serial deployment, etc. Referring to Fig. 4, an optical splitter is set on the data transmission path of the client's access to the target page, and the optical splitter is used to mirror and transmit the traffic of the client's access to the target page to the computer room where the deep packet inspection node is located. There is a shunt in the computer room, and the shunt is used to divert the mirror traffic of the client's access to the target page to a depth in the computer room based on load balancing (for example, load balancing in the form of binary (source ip, destination ip) hashing) The message detection node performs keyword detection and blocking. In series deployment, each deep packet detection node is connected in series in the data transmission path of the client’s access to the target page. The traffic of the client’s access to the target page must first pass through a deep packet detection node, and then the deep packet detection The node is sent to the server.

在本申请的一些实施例中，在深度报文检测节点的部署方式为并接部署时，多个深度报文检测节点并接于用户端访问目标页面的数据传输路径上。此时，对目标页面进行封堵处理，可以包括：分别发送会话结束信息至用户端以及用户端访问目标页面时的服务器端，以结束用户端与所述服务器端之间的访问会话(例如TCP会话)，这样，用户端就无法获取到目标页面的数据，实现了关键字封堵的目的。In some embodiments of the present application, when the deployment mode of the deep packet inspection node is parallel deployment, multiple deep packet inspection nodes are connected in parallel on the data transmission path of the client accessing the target page. At this point, blocking the target page may include: sending session end information to the client and the server when the client accesses the target page, respectively, to end the access session between the client and the server (such as TCP session), in this way, the client cannot obtain the data of the target page, and the purpose of keyword blocking is realized.

在本申请的一些实施例中，在深度报文检测节点的部署方式为串接部署时，多个深度报文检测节点分别串接于用户端访问目标页面的数据传输路径中。此时，对目标页面进行封堵处理，可以包括：不返回目标页面至用户端，而是返回预设的访问失败页面至用户端，这样，用户端就无法获取到目标页面的数据，实现了关键字封堵的目的。In some embodiments of the present application, when the deployment mode of the deep packet detection node is serial deployment, multiple deep packet detection nodes are respectively connected in series in the data transmission path of the client accessing the target page. At this time, blocking the target page may include: not returning the target page to the client, but returning a preset page that fails to access to the client, so that the client cannot obtain the data of the target page, realizing The purpose of keyword blocking.

303、若所述目标url信息的标记信息为白标记，不对所述目标页面进行封堵处理。303. If the mark information of the target url information is a white mark, do not block the target page.

在本申请的实施例中，若目标url信息的标记信息为白标记，表明目标页面中不包含预设关键字，因此不需要对目标页面进行封堵处理，而是对目标页面进行放行。In the embodiment of the present application, if the mark information of the target url information is a white mark, it indicates that the target page does not contain preset keywords, so it is not necessary to block the target page, but to allow the target page.

需要说明的是，上述各深度报文检测节点中均仅存储有一个url名单表，且该一个url名单表为一个url黑白名单表。url黑白名单表中各url信息的标记信息可以是白标记或者黑标记，这样，目标节点在确定是否需要对目标页面进行封堵处理时，仅需在目标节点的url黑白名单表中查询一次确定出来，而无需在url黑名单表和url白名单表中分别进行查询(例如若目标url信息不存在于url黑名单表中，需要再确定目标url信息是否存在于url白名单表，才可确定是否需要对目标页面进行封堵处理)，提高了目标url信息的匹配效率以及关键字封堵效率。It should be noted that each of the above-mentioned deep packet detection nodes stores only one url list table, and the one url list table is a url black and white list table. The mark information of each url information in the url black and white list table can be a white mark or a black mark. In this way, when the target node needs to block the target page, it only needs to query once in the url black and white list table of the target node. out, without having to query separately in the url blacklist table and url whitelist table (for example, if the target url information does not exist in the url blacklist table, it is necessary to determine whether the target url information exists in the url whitelist table before determining Whether it is necessary to block the target page), improve the matching efficiency of the target url information and the efficiency of keyword blocking.

本申请实施例所公开的方案，基于目标节点中存储的url黑白名单表中目标url信息的标记信息，确定是否对目标页面进行封堵处理，无需重复进行页面的重组还原，节省了DPI设备的资源开销。The scheme disclosed in the embodiment of the present application determines whether to block the target page based on the tag information of the target url information in the url black and white list table stored in the target node, and does not need to reorganize and restore the page repeatedly, saving the cost of the DPI device resource overhead.

为了更好实施本申请实施例中针对多个深度报文检测节点的关键字封堵方法，在针对多个深度报文检测节点的关键字封堵方法基础之上，本申请实施例中还提供一种针对多个深度报文检测节点的关键字封堵装置，如图5所示，针对多个深度报文检测节点的关键字封堵装置500包括：In order to better implement the keyword blocking method for multiple deep message detection nodes in the embodiment of the present application, on the basis of the keyword blocking method for multiple deep message detection nodes, the embodiment of the present application also provides A keyword blocking device for multiple deep message detection nodes, as shown in Figure 5, thekeyword blocking device 500 for multiple deep message detection nodes includes:

第一获取单元501，用于获取用户端访问的目标页面的目标url信息；The first acquiringunit 501 is configured to acquire the target URL information of the target page accessed by the client;

第二获取单元502，用于获取目标节点中存储的url名单表，url名单表中存储有多个url信息和各url信息的标记信息；The second obtainingunit 502 is used to obtain the url list table stored in the target node, and the url list table stores a plurality of url information and tag information of each url information;

重组还原单元503，用于若目标url信息不存在于多个url信息中，对目标页面进行重组还原处理，得到目标页面中的页面内容；A reorganization andrestoration unit 503, configured to reorganize and restore the target page if the target url information does not exist in multiple url information, to obtain the page content in the target page;

标记确定单元504，用于基于页面内容中是否存在预设关键字，确定目标url信息的目标标记信息；Atag determining unit 504, configured to determine target tag information of the target url information based on whether there are preset keywords in the page content;

标记同步单元505，用于将目标url信息和目标标记信息，同步至多个深度报文检测节点中除目标节点之外的其他节点的url名单表中，以供其他节点基于其他节点的url名单表进行关键字封堵。Thetag synchronization unit 505 is configured to synchronize the target url information and the target tag information to the url lists of nodes other than the target node among multiple deep message detection nodes, so that other nodes can use the url lists of other nodes Do keyword blocking.

本申请实施例提供的针对多个深度报文检测节点的关键字封堵装置，通过将目标节点确定出的目标url信息和目标标记信息，同步至其他节点的url名单表中，这样其他节点可直接基于url名单表进行关键字封堵，而无需重复进行页面的重组还原，节省了DPI设备的资源开销。The keyword blocking device for multiple deep message detection nodes provided by the embodiment of the present application synchronizes the target url information and target tag information determined by the target node to the url lists of other nodes, so that other nodes can Keyword blocking is performed directly based on the url list without repeated page reorganization and restoration, which saves the resource overhead of DPI equipment.

在本申请的一些实施例中，第二获取单元502还用于：In some embodiments of the present application, the second acquiringunit 502 is also used to:

若目标url信息存在于多个url信息中，获取目标节点中存储的url黑白名单表中目标url信息的标记信息；If the target url information exists in multiple url information, obtain the tag information of the target url information in the url black and white list table stored in the target node;

若目标url信息的标记信息为黑标记，对目标页面进行封堵处理；If the mark information of the target url information is a black mark, block the target page;

若目标url信息的标记信息为白标记，不对目标页面进行封堵处理。If the mark information of the target url information is a white mark, the target page will not be blocked.

若多个深度报文检测节点并接于用户端访问目标页面的数据传输路径上，分别发送会话结束信息至用户端以及用户端访问目标页面时的服务器端，以结束用户端与服务器端之间的访问会话。If multiple deep message detection nodes are connected to the data transmission path of the client's access to the target page, the session end information will be sent to the client and the server when the client accesses the target page, so as to end the communication between the client and the server. access sessions.

在本申请的一些实施例中，配置单元503还用于：In some embodiments of the present application, theconfiguration unit 503 is also used to:

若多个深度报文检测节点串接于用户端访问目标页面的数据传输路径中，不返回目标页面至用户端。If multiple deep packet inspection nodes are serially connected in the data transmission path for the client to access the target page, the target page will not be returned to the client.

在本申请的一些实施例中，标记确定单元504具体用于：In some embodiments of the present application, thelabel determining unit 504 is specifically configured to:

若页面内容中存在预设关键字，确定目标url信息的目标标记信息为黑标记；If there are preset keywords in the page content, determine the target tag information of the target url information as a black mark;

若页面内容中不存在预设关键字，确定目标url信息的目标标记信息为白标记。If there is no preset keyword in the page content, it is determined that the target tag information of the target url information is a white tag.

在本申请的一些实施例中，重组还原单元503具体用于：In some embodiments of the present application, therecombination reduction unit 503 is specifically used for:

对目标页面中压缩的多个数据包进行拼接，得到目标页面的压缩文件；Splicing multiple data packets compressed in the target page to obtain a compressed file of the target page;

对压缩文件进行解压缩处理，得到目标页面中的页面内容。The compressed file is decompressed to obtain the page content in the target page.

除了上述介绍用于针对多个深度报文检测节点的关键字封堵方法与装置之外，本申请实施例还提供一种计算机设备，其集成了本申请实施例所提供的任一种针对多个深度报文检测节点的关键字封堵装置，计算机设备包括：In addition to the above-mentioned keyword blocking method and device for multiple deep packet detection nodes, the embodiment of the present application also provides a computer device that integrates any of the multiple A keyword blocking device for a deep message detection node, the computer equipment includes:

一个或多个处理器；one or more processors;

存储器；以及storage; and

一个或多个应用程序，其中一个或多个应用程序被存储于存储器中，并配置为由处理器执行上述针对多个深度报文检测节点的关键字封堵方法中任一实施例中的任一步骤。One or more application programs, wherein the one or more application programs are stored in the memory, and configured to be executed by the processor in any embodiment of the keyword blocking method for multiple deep message detection nodes one step.

本申请实施例还提供一种计算机设备，其集成了本申请实施例所提供的任一种针对多个深度报文检测节点的关键字封堵装置。如图6所示，其示出了本申请实施例所涉及的计算机设备的结构示意图，具体来讲：The embodiment of the present application also provides a computer device, which integrates any keyword blocking device for multiple deep message inspection nodes provided in the embodiment of the present application. As shown in Figure 6, it shows a schematic structural diagram of the computer equipment involved in the embodiment of the present application, specifically:

该计算机设备可以包括一个或者一个以上处理核心的处理器601、一个或一个以上计算机可读存储介质的存储单元602、电源603和输入单元604等部件。本领域技术人员可以理解，图6中示出的计算机设备结构并不构成对计算机设备的限定，可以包括比图示更多或更少的部件，或者组合某些部件，或者不同的部件布置。其中：The computer device may include aprocessor 601 of one or more processing cores, astorage unit 602 of one or more computer-readable storage media, apower supply 603, aninput unit 604 and other components. Those skilled in the art can understand that the structure of the computer device shown in FIG. 6 is not limited to the computer device, and may include more or less components than shown in the figure, or combine some components, or arrange different components. in:

处理器601是该计算机设备的控制中心，利用各种接口和线路连接整个计算机设备的各个部分，通过运行或执行存储在存储单元602内的软件程序和/或模块，以及调用存储在存储单元602的数据，执行计算机设备的各种功能和处理数据，从而对计算机设备进行整体监控。可选的，处理器601可包括一个或多个处理核心；优选的，处理器601可集成应用处理器和调制解调处理器，其中，应用处理器主要处理操作系统、用户界面和应用程序等，调制解调处理器主要处理无线通信。可以理解的是，上述调制解调处理器也可以不集成到处理器601中。Theprocessor 601 is the control center of the computer equipment, and uses various interfaces and lines to connect various parts of the entire computer equipment, by running or executing software programs and/or modules stored in thestorage unit 602, and calling data, perform various functions of computer equipment and process data, so as to monitor the computer equipment as a whole. Optionally, theprocessor 601 may include one or more processing cores; preferably, theprocessor 601 may integrate an application processor and a modem processor, wherein the application processor mainly processes operating systems, user interfaces, and application programs, etc. , the modem processor mainly handles wireless communications. It can be understood that the foregoing modem processor may not be integrated into theprocessor 601 .

存储单元602可用于存储软件程序以及模块，处理器601通过运行存储在存储单元602的软件程序以及模块，从而执行各种功能应用以及数据处理。存储单元602可主要包括存储程序区和存储数据区，其中，存储程序区可存储操作系统、至少一个功能所需的应用程序(比如声音播放功能、图像播放功能等)等；存储数据区可存储根据计算机设备的使用所创建的数据等。此外，存储单元602可以包括高速随机存取存储器，还可以包括非易失性存储器，例如至少一个磁盘存储器件、闪存器件、或其他易失性固态存储器件。相应地，存储单元602还可以包括存储器控制器，以提供处理器601对存储单元602的访问。Thestorage unit 602 can be used to store software programs and modules, and theprocessor 601 executes various functional applications and data processing by running the software programs and modules stored in thestorage unit 602 . Thestorage unit 602 can mainly include a program storage area and a data storage area, wherein the program storage area can store an operating system, at least one application program required by a function (such as a sound playback function, an image playback function, etc.) and the like; the storage data area can store Data, etc. created based on the use of computer equipment. In addition, thestorage unit 602 may include a high-speed random access memory, and may also include a non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid-state storage devices. Correspondingly, thestorage unit 602 may further include a memory controller to provide theprocessor 601 with access to thestorage unit 602 .

计算机设备还包括给各个部件供电的电源603，优选的，电源603可以通过电源管理系统与处理器601逻辑相连，从而通过电源管理系统实现管理充电、放电、以及功耗管理等功能。电源603还可以包括一个或一个以上的直流或交流电源、再充电系统、电源故障检测电路、电源转换器或者逆变器、电源状态指示器等任意组件。The computer equipment also includes apower supply 603 for supplying power to various components. Preferably, thepower supply 603 can be logically connected to theprocessor 601 through the power management system, so that functions such as charging, discharging, and power consumption management can be realized through the power management system. Thepower supply 603 may also include one or more DC or AC power supplies, recharging systems, power failure detection circuits, power converters or inverters, power status indicators and other arbitrary components.

该计算机设备还可包括输入单元604，该输入单元604可用于接收输入的数字或字符信息，以及产生与用户设置以及功能控制有关的键盘、鼠标、操作杆、光学或者轨迹球信号输入。The computer device can also include aninput unit 604, which can be used to receive input numeric or character information, and generate keyboard, mouse, joystick, optical or trackball signal input related to user settings and function control.

尽管未示出，计算机设备还可以包括显示单元等，在此不再赘述。具体在本申请实施例中，计算机设备中的处理器601会按照如下的指令，将一个或一个以上的应用程序的进程对应的可执行文件加载到存储单元602中，并由处理器601来运行存储在存储单元602中的应用程序，从而实现各种功能，如下：Although not shown, the computer device may also include a display unit, etc., which will not be repeated here. Specifically, in this embodiment of the application, theprocessor 601 in the computer device will load the executable file corresponding to the process of one or more application programs into thestorage unit 602 according to the following instructions, and run it by theprocessor 601 The application program stored in thestorage unit 602 realizes various functions, as follows:

获取目标节点中存储的url名单表，url名单表中存储有多个url信息和各url信息的标记信息；Obtaining the url list table stored in the target node, the url list table stores a plurality of url information and tag information of each url information;

若目标url信息不存在于多个url信息中，对目标页面进行重组还原处理，得到目标页面中的页面内容；If the target url information does not exist in multiple url information, reorganize and restore the target page to obtain the page content in the target page;

基于页面内容中是否存在预设关键字，确定目标url信息的目标标记信息；Determine the target tag information of the target url information based on whether there are preset keywords in the page content;

将目标url信息和目标标记信息，同步至多个深度报文检测节点中除目标节点之外的其他节点的url名单表中，以供其他节点基于其他节点的url名单表进行关键字封堵。The target url information and target tag information are synchronized to the url list tables of other nodes except the target node among multiple deep message detection nodes, so that other nodes can block keywords based on the url list tables of other nodes.

为此，本申请实施例提供一种计算机可读存储介质，该计算机可读存储介质可以包括：只读存储器(ROM，Read Only Memory)、随机存取记忆体(RAM，Random AccessMemory)、磁盘或光盘等。该计算机可读存储介质中存储有多条指令，该指令能够被处理器进行加载，以执行本申请实施例所提供的任一种针对多个深度报文检测节点的关键字封堵方法中的步骤。例如，该指令可以执行如下步骤：To this end, an embodiment of the present application provides a computer-readable storage medium, which may include: a read-only memory (ROM, Read Only Memory), a random access memory (RAM, Random AccessMemory), a disk or CD etc. A plurality of instructions are stored in the computer-readable storage medium, and the instructions can be loaded by a processor to execute any of the keyword blocking methods for multiple deep message detection nodes provided in the embodiments of the present application. step. For example, the command can perform the following steps:

在上述实施例中，对各个实施例的描述都各有侧重，某个实施例中没有详述的部分，可以参见其他实施例的相关描述。In the foregoing embodiments, the descriptions of each embodiment have their own emphases, and for parts not described in detail in a certain embodiment, reference may be made to relevant descriptions of other embodiments.

以上对本申请实施例所提供的一种针对多个深度报文检测节点的关键字封堵方法及相关设备进行了详细介绍，本文中应用了具体个例对本申请的原理及实施方式进行了阐述，以上实施例的说明只是用于帮助理解本申请的方法及其核心思想；同时，对于本领域的技术人员，依据本申请的思想，在具体实施方式及应用范围上均会有改变之处，综上所述，本说明书内容不应理解为对本申请的限制。The above is a detailed introduction of a keyword blocking method and related equipment for multiple deep message detection nodes provided by the embodiment of the present application. In this paper, a specific example is used to illustrate the principle and implementation of the present application. The description of the above embodiments is only used to help understand the method of the present application and its core idea; meanwhile, for those skilled in the art, according to the idea of the present application, there will be changes in the specific implementation and application scope. As mentioned above, the contents of this specification should not be construed as limiting the application.