CN114124935A - Method, system, equipment and storage medium for realizing FTP service - Google Patents
Method, system, equipment and storage medium for realizing FTP service Download PDFInfo
- Publication number
- CN114124935A CN114124935A CN202111370132.XA CN202111370132A CN114124935A CN 114124935 A CN114124935 A CN 114124935A CN 202111370132 A CN202111370132 A CN 202111370132A CN 114124935 A CN114124935 A CN 114124935A
- Authority
- CN
- China
- Prior art keywords
- ftp
- connection
- client
- server
- proxy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 60
- 238000004891 communication Methods 0.000 claims abstract description 30
- 238000004590 computer program Methods 0.000 claims description 16
- 230000005540 biological transmission Effects 0.000 claims description 8
- 230000000903 blocking effect Effects 0.000 claims description 6
- 230000001010 compromised effect Effects 0.000 claims description 3
- 238000011022 operating instruction Methods 0.000 claims 1
- 230000007547 defect Effects 0.000 abstract description 3
- 230000008569 process Effects 0.000 description 12
- 238000010586 diagram Methods 0.000 description 10
- 238000012550 audit Methods 0.000 description 9
- 238000012546 transfer Methods 0.000 description 8
- 238000012545 processing Methods 0.000 description 6
- 230000006870 function Effects 0.000 description 4
- 230000004044 response Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 238000012423 maintenance Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/141—Setup of application sessions
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The embodiment of the application provides a method, a system, equipment and a storage medium for realizing FTP service, which relate to the technical field of Internet, wherein the method comprises the following steps: establishing network protocol connection with the client based on the network protocol connection request of the client; receiving an IP address of an FTP server sent by a client, setting the IP address as a proxy target address, and establishing connection with the FTP server based on the target address; returning a connection result to the client; after the connection is successful, FTP connection is established with the client; receiving authentication information sent by a client through the FTP connection, and logging in the FTP server according to the authentication information; and proxy FTP communication between the client and the FTP server, and auditing the proxy FTP communication. The method realizes the more secure FTP service. Moreover, the proxy server can set the IP according to the user requirement, the defect of fixed IP address in the prior art is overcome, and the user can proxy flexibly.
Description
Technical Field
The embodiment of the application relates to the technical field of internet, in particular to a method, a system, equipment and a storage medium for realizing FTP service.
Background
The FTP Protocol (File Transfer Protocol) is one of the protocols in the TCP/IP suite. The protocol is the basis of Internet file transmission, and consists of a series of specification documents, and aims to improve the sharing of files, provide indirect use of remote computers and enable a storage medium to transmit data reliably and efficiently for users.
The goal of FTP is to improve the sharing of files, provide indirect use of remote computers, and allow the storage medium to transfer data transparently and reliably efficiently to the user. FTP services have this relatively wide application in enterprise IT environments.
The traditional way for accessing the FTP service has many insecurity factors, such as lack of a unified management mechanism, potential risks, no tracking and auditing in the access process, incapability of realizing responsibility confirmation and meeting requirements of internal control and external audit, and the like, so that a safer way for accessing the FTP service is urgently needed.
Disclosure of Invention
The embodiment of the application provides a method, a system, equipment and a storage medium for realizing FTP service, and aims to solve at least one technical problem.
A first aspect of an embodiment of the present application provides a method for implementing an FTP service, where the method is applied to a proxy server, and the method includes:
establishing a network protocol connection with a client based on a network protocol connection request sent by the client, wherein the network protocol is any one of the following: HTTP, HTTPs, RTP;
receiving the IP address of the FTP server sent by the client through the network protocol connection, setting the IP address as a proxy target address, and establishing connection with the FTP server based on the IP address;
returning a connection result with the FTP server to the client;
under the condition that the connection result is the result representing successful connection, receiving an FTP connection request sent by the client, and establishing FTP connection with the client based on the FTP connection request;
receiving authentication information sent by the client through the FTP connection, and logging in the FTP server according to the authentication information;
and proxy the FTP communication between the client and the FTP server, and auditing the proxy FTP communication.
Optionally, the method further comprises:
identifying a connection mode of the FTP connection with the client, wherein the connection mode is as follows: an active mode, a passive mode;
and changing the connection with the FTP server according to the connection mode.
Optionally, the auditing FTP communication of the agent includes:
judging whether the operation instruction sent by the client side meets a preset safety strategy or not;
when a security policy is met, forwarding the operation instruction to the FTP;
and when the security policy is not met, deleting the operation instruction.
Optionally, the auditing FTP communication of the agent includes:
judging whether the uploaded file of the client is divulged;
when the file is not leaked, forwarding the file to the FTP;
and when the file is leaked, blocking the transmission of the file.
A second aspect of the embodiments of the present application provides a system for implementing an FTP service, where the system includes:
a network protocol connection establishing module, configured to establish a network protocol connection with a client based on a network protocol connection request sent by the client, where the network protocol is any one of the following: HTTP, HTTPs, RTP;
the setting module is used for receiving the IP address of the FTP server sent by the client through the network protocol connection, setting the IP address as a proxy target address and establishing connection with the FTP server based on the IP address;
the connection result returning module is used for returning the connection result with the FTP server to the client;
the FTP connection establishing module is used for receiving an FTP connection request sent by the client under the condition that the connection result is a result representing successful connection, and establishing FTP connection with the client based on the FTP connection request;
the login module is used for receiving authentication information sent by the client through the FTP connection and logging in the FTP server according to the authentication information;
and the auditing module is used for proxying the FTP communication between the client and the FTP server and auditing the proxy FTP communication.
Optionally, the system further comprises:
the identification module is used for identifying a connection mode of FTP connection between the client and the client, wherein the connection mode is as follows: an active mode, a passive mode;
and the connection mode changing module is used for changing the connection with the FTP server according to the connection mode.
Optionally, the audit module is further configured to determine whether an operation instruction sent by the client meets a preset security policy;
when a security policy is met, forwarding the operation instruction to the FTP;
and when the security policy is not met, deleting the operation instruction.
Optionally, the audit module is further configured to determine whether the uploaded file of the client is compromised;
when the file is not leaked, forwarding the file to the FTP;
and when the file is leaked, blocking the transmission of the file.
A third aspect of embodiments of the present application provides a readable storage medium, on which a computer program is stored, which, when executed by a processor, implements a method as described in the first aspect of the present application.
A fourth aspect of the embodiments of the present application provides an electronic device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor executes the computer program to implement the method according to the first aspect of the present application.
By adopting the implementation method of the FTP service, the client and the FTP server implement the FTP service through the proxy server, the proxy server can audit the communication between the client and the FTP server, find risk factors in time and prevent the risk factors, and the more safe FTP service is implemented. In addition, in the method, the proxy server can set the IP address according to the user requirement, the defect of fixed IP address in the prior art is overcome, and the user can flexibly proxy.
In addition, the method simulates the process that the user really logs in the FTP server, realizes highly transparent proxy and improves the use experience of the user.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the description of the embodiments of the present application will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive exercise.
Fig. 1 is an application scenario of an implementation method of an FTP service according to an embodiment of the present application;
fig. 2 is a flowchart of an implementation method of the FTP service according to an embodiment of the present application;
fig. 3 is a schematic diagram of an implementation system of the FTP service according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some, but not all, embodiments of the present application. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, fig. 1 illustrates an application scenario of an implementation method of an FTP service according to an embodiment of the present application. Referring to fig. 1, in a scenario 100, a client 101 communicates with an FTP server 103 through a Proxy server 102, which acts as a Proxy (Proxy) between the client and the FTP server, which acts as an intermediary between the computer and the FTP server. When the client communicates with the proxy server, a communication request of the client is sent to the proxy server, then the proxy forwards an instruction to a response acquired from the network server, and the acquired data is forwarded to the client.
The client 101 may be any electronic device, such as, but not limited to, a smart phone, a tablet computer, a laptop computer, a desktop computer, a smart speaker, a smart watch, and the like. The client 101 may also be various application software that can be installed in the above-described device, such as WeChat, QQ, and the like, for example.
Referring to fig. 2, fig. 2 is a flowchart of a method for implementing an FTP service, which is applied to a proxy server according to an embodiment of the present application. As shown in fig. 2, the method comprises the steps of:
step S210, establishing a network protocol connection with a client based on a network protocol connection request sent by the client, where the network protocol is any one of the following: HTTP, HTTPs, RTP.
In the present application, when a client wants to establish an FTP protocol connection with an FTP server to upload/download a file. It is not directly connected to the FTP server, but it needs to establish a connection with the proxy server first, where the connection is the first connection between the client and the proxy server, and in the connection, a network communication Protocol other than the FTP Protocol is used, such as HTTP Protocol (hypertext transfer Protocol), which is an application layer Protocol for distributed, collaborative and hypermedia information systems, and HTTP is the basic Protocol for data communication of the world wide web.
In this application, the first connection between the client and the server is to facilitate the client to send information related to the FTP connection (such as authentication information of a user name, a password, or an IP address of the FTP server) to the proxy server, and therefore, various protocols capable of quickly and conveniently transferring messages may be used, for example, application layer protocols capable of performing information interaction, such as HTTP, HTTPs, and the like, may also be used, only TCP protocols may be used without using application layer protocols, and since various protocols may be used for convenience of expression, the first connection between the client and the proxy server is referred to as a network protocol connection.
The first connection between the client and the proxy server is carried out by adopting a corresponding normal method according to the adopted protocol, for example, when the HTTP protocol is adopted, the ordinary HTTP protocol connection method is adopted: the client sends a request message to the server, wherein the request message comprises a request method, a URL (uniform resource locator), a protocol version, a request header and request data. Based on the HTTP protocol request sent by the client, the server responds with a status line, and the contents of the response include the version of the protocol, a success or error code, server information, a response header, and response data.
Step S220, receiving the IP address of the FTP server sent by the client through the network protocol connection, setting the IP address as a proxy target address, and establishing connection with the FTP server based on the IP address.
After the first connection is established between the client and the proxy server, the client sends the IP address of the FTP server to be accessed to the proxy server through the connection, wherein the IP address refers to (Internet protocol Address) Internet protocol address and is translated into the Internet protocol address. The IP address is a uniform address format provided by the IP protocol, and it allocates a logical address to each network and each host on the internet, so as to mask the difference of physical addresses.
In practical implementation, the client may add Connection to the request header in the request message: keep-alive, change TCP connection mode into long connection mode, make TCP connect and still keep the open state after sending, so the customer end can continue to send IP address through this connection, keep connecting and has saved the time that set up the new connection for every request, has also saved the bandwidth. Or, the IP address can be selected to be sent in the request message, and the proxy server can obtain the IP address to execute the request message.
After receiving the IP address sent by the client, the proxy server sets the IP address as a target address of the proxy required by the proxy server. Or, the proxy server sets the IP address as its destination IP.
And the proxy server initiates FTP connection to the FTP server according to the IP address.
And step S230, returning a connection result with the FTP server to the client.
After the proxy server tries to connect with the FTP server, the result (success/failure) of the connection attempt is returned to the client, and the client knows whether the IP address is wrong or not after receiving the returned connection result, and then replaces the IP address, and then the steps S110 to S120 are performed again.
Step S240, receiving an FTP connection request sent by the client when the connection result is a result indicating that the connection is successful, and establishing an FTP connection with the client based on the FTP connection request.
And after the proxy server returns a message that the FTP connection is successfully established to the client, the IP address sent by the client is correct, a second connection is established between the client and the proxy server to prepare for FTP service, and the connection uses an FTP protocol.
The second connection method can be realized by using a common FTP connection method, the client sends an FTP login request to the proxy server, and the proxy server responds to the FTP login request of the client to establish connection.
And step S250, receiving authentication information sent by the client through FTP connection, and logging in the FTP server according to the authentication information.
After the second connection is established between the client and the proxy server, the client sends the authentication information of the FTP service, such as a user name, a password and the like, to the proxy server through the connection.
And the proxy server logs in the FTP server according to the received authentication information from the client.
And if the proxy server fails to log in the FTP server, logging failure information to the client, and prompting that the user authentication information is input wrongly.
And step S260, proxy FTP communication between the client and the FTP server, and auditing the proxy FTP communication.
After the proxy server successfully logs in the FTP server, communication connection between the proxy server and the FTP server is established, and FTP communication connection also exists between the proxy server and the client. That is, a connection between the client and the FTP server is achieved through a proxy, which is implemented by the proxy server.
The proxy server can obtain the communication content between the client and the FTP server by acting between the client and the FTP server, and audit the communication content, and can find the risk at any time and stop the risk through the auditing process.
In the method for establishing the FTP service, the proxy server simulates a real access process (address input-prompting address error/further prompting input password-successful access), a user cannot perceive the existence of the proxy server, and the transparent proxy is realized.
According to the technical scheme, the client and the FTP server realize the FTP service through the proxy server, the proxy server can audit the communication between the client and the FTP server, risk factors are found in time and prevented, and the safer FTP service is realized. In addition, in the method, the proxy server can be set according to the user requirements, the defect of fixed IP addresses in the prior art is overcome, and the user can flexibly proxy.
In addition, the method simulates the process that the user really logs in the FTP server, realizes highly transparent proxy and improves the use experience of the user.
Optionally, the auditing FTP communication of the agent in step S260 includes:
judging whether the operation instruction sent by the client side meets a preset safety strategy or not;
when a security policy is met, forwarding the operation instruction to the FTP;
and when the security policy is not met, deleting the operation instruction.
When the client sends an operation instruction such as a file deletion instruction to the FTP server, the proxy server receives the operation instruction from the FTP server before the proxy server proxies the process with the proxy server.
And the proxy server judges whether the operation of the client side meets the safety strategy formulated by the proxy server or not and records the operation content. The security policy is preset and may be: a user may not be able to delete or a client may not be able to download files, etc.
And if the operation of the client side is in accordance with the security policy formulated by the proxy server, the proxy server sends the maintenance operation request of the client side to the FTP server for processing.
And if the operation of the client does not accord with the security policy established by the proxy server, the proxy server blocks the maintenance operation request of the client.
Further, auditing the FTP communication of the agent comprises:
judging whether the uploaded file of the client is divulged;
when the file is not leaked, forwarding the file to the FTP;
and when the file is leaked, blocking the transmission of the file.
In addition to the instructional operations between the client and the FTP server, an audit is also conducted of the file transfer process between the client and the proxy server.
And for the files uploaded/downloaded by the client, auditing is also carried out by the proxy server, and when the files uploaded/downloaded by the client pass through the proxy server, the proxy server scans the files and judges whether the files have the content of divulgence or violation of the security policy.
And if the file is not leaked or conforms to the security policy formulated by the proxy server, the proxy server forwards and sends the file for processing.
And if the file is leaked or does not accord with the security policy set by the proxy server, the proxy server blocks the transmission of the file.
Optionally, the method further includes:
identifying a connection mode of the FTP connection with the client, wherein the connection mode is as follows: an active mode, a passive mode;
and changing the connection with the FTP server according to the connection mode.
The FTP protocol uses by default two of the TCP ports, 20 and 21, where 20 is used to transfer data and 21 is used to transfer control information. However, whether to use 20 as a port for transferring data is related to the transfer mode used by FTP, and if the active mode is adopted, the data transfer port is 20; if passive mode is used, it is decided which port to use for the server side and the client side to negotiate.
In step S140, when the proxy server receives the FTP connection request sent by the client, the proxy server changes the FTP connection between the client and the FTP server according to the FTP connection mode desired by the client.
Specifically, the method comprises the following steps: in step S140, when the client desires to use the active mode, the client opens two ports, N and N +1, where N is a command port of the client and N +1 is a data port of the client.
The client uses port N to connect to the proxy's command port 21, establishes a control connection and tells the proxy to open data port N + 1.
After the control connection is successfully established, the proxy server actively connects to the N +1 port of the client using the data port 20 to establish the data connection. The proxy server is an active connection client and is thus called FTP active mode.
The FTP active mode, as simply understood, is where the data port 20 of the server is actively connected to the data port of the client to establish a data connection for transferring data, which may be intercepted by the client firewall. To solve this problem, another connected mode, the passive mode, has been derived. The passive mode is also referred to as passive mode.
In step S140, when the client desires to use the passive mode, the client opens both ports N and N +1, where N is used for transmitting commands and N +1 is used for transmitting data.
The command PORT N of the client is actively connected with the command PORT 21 of the proxy server, and sends a PASV command to inform the proxy server of using a passive mode, after the control connection is successfully established, the proxy server opens a data PORT P, and the P PORT is informed to the client through a PORT command.
The data port N +1 of the client is connected with the data port P of the proxy server to establish data connection.
In the process of establishing a connection, the proxy server is passively waiting for the client to connect, so this mode is called passive mode.
After the proxy server establishes FTP with the client, the proxy server identifies the FTP connection mode (active mode/passive mode) between the proxy server and the client.
And the proxy server judges the connection mode between the proxy server and the FTP server, if the mode is the same as the mode between the client, the connection mode is not changed, and if the mode is different from the mode between the client, the connection mode between the proxy server and the FTP server is modified to be the same as the connection mode between the proxy server and the client.
In practical implementation, in order to better implement a transparent proxy, a customized FTP file browser can be installed in the client, the user populates the customized FTP file browser with the FTP server IP and the user name, password, etc. to be accessed,
the FTP file browser establishes a network protocol (such as an http protocol) connection with the proxy server, and sends a target IP to the proxy server through the network protocol;
the proxy server sets the received IP as a destination IP and attempts to connect. The proxy server returns the connection attempt result to the client.
If the proxy server returns the connection attempt result to the client, if the result is failure, the FTP file browser prompts the user that the IP input is wrong.
And if the result is successful, the FTP file browser replaces the destination IP with the network proxy IP, sends an FTP connection request and performs normal FTP connection.
After the FTP connection is successfully connected, in subsequent communication, the FTP file browser sends the IP of the header of the request fields (messages) changed to the proxy server.
Based on the same inventive concept, an embodiment of the present application provides a system for implementing an FTP service. Referring to fig. 3, fig. 3 is a schematic diagram of an implementation system of the FTP service according to an embodiment of the present application. As shown in fig. 3, the system is applied to a proxy server, and includes:
a network protocol connection establishing module 310, configured to establish a network protocol connection with a client based on a network protocol connection request sent by the client, where the network protocol is any one of the following: HTTP, HTTPs, RTP;
a setting module 320, configured to receive, through the network protocol connection, an IP address of the FTP server sent by the client, set the IP address as a proxy target address, and establish a connection with the FTP server based on the IP address;
a connection result returning module 330, configured to return a connection result with the FTP server to the client;
the FTP connection establishing module 340 is configured to receive an FTP connection request sent by the client when the connection result is a result indicating that the connection is successful, and establish an FTP connection with the client based on the FTP connection request;
a login module 350, configured to receive authentication information sent by the client through the FTP connection, and log in the FTP server according to the authentication information;
and the auditing module 360 is used for proxying the FTP communication between the client and the FTP server and auditing the proxy FTP communication.
Optionally, the system further includes:
the identification module is used for identifying a connection mode of FTP connection between the client and the client, wherein the connection mode is as follows: an active mode, a passive mode;
and the connection mode changing module is used for changing the connection with the FTP server according to the connection mode.
Optionally, the audit module is further configured to determine whether an operation instruction sent by the client meets a preset security policy;
when a security policy is met, forwarding the operation instruction to the FTP;
and when the security policy is not met, deleting the operation instruction.
Optionally, the audit module is further configured to determine whether the uploaded file of the client is compromised;
when the file is not leaked, forwarding the file to the FTP;
and when the file is leaked, blocking the transmission of the file.
Based on the same inventive concept, another embodiment of the present application provides a readable storage medium, on which a computer program is stored, and the program, when executed by a processor, implements the implementation method of the FTP service as described in any of the above embodiments of the present application.
Based on the same inventive concept, another embodiment of the present application provides an electronic device, which includes a memory, a processor, and a computer program stored in the memory and running on the processor, and when the processor executes the computer program, the electronic device implements the FTP service implementing method according to any of the above embodiments of the present application.
For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
As will be appreciated by one of skill in the art, embodiments of the present application may be provided as a method, apparatus, or computer program product. Accordingly, embodiments of the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, embodiments of the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
Embodiments of the present application are described with reference to flowchart illustrations and/or block diagrams of methods, terminal devices (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing terminal to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing terminal, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing terminal to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing terminal to cause a series of operational steps to be performed on the computer or other programmable terminal to produce a computer implemented process such that the instructions which execute on the computer or other programmable terminal provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present application have been described, additional variations and modifications of these embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including the preferred embodiment and all such alterations and modifications as fall within the true scope of the embodiments of the application.
Finally, it should also be noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or terminal that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or terminal. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or terminal that comprises the element.
The method, the apparatus, the device and the storage medium for implementing the FTP service provided by the present application are introduced in detail, and a specific example is applied in the present application to explain the principle and the implementation of the present application, and the description of the above embodiment is only used to help understanding the method and the core idea of the present application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.
Claims (10)
1. A method for implementing FTP service is applied to a proxy server, and comprises the following steps:
establishing a network protocol connection with a client based on a network protocol connection request sent by the client, wherein the network protocol is any one of the following: HTTP, HTTPs, RTP;
receiving the IP address of the FTP server sent by the client through the network protocol connection, setting the IP address as a proxy target address, and establishing connection with the FTP server based on the IP address;
returning a connection result with the FTP server to the client;
under the condition that the connection result is the result representing successful connection, receiving an FTP connection request sent by the client, and establishing FTP connection with the client based on the FTP connection request;
receiving authentication information sent by the client through the FTP connection, and logging in the FTP server according to the authentication information;
and proxy the FTP communication between the client and the FTP server, and auditing the proxy FTP communication.
2. The method of claim 1, further comprising:
identifying a connection mode of the FTP connection with the client, wherein the connection mode is as follows: an active mode, a passive mode;
and changing the connection with the FTP server according to the connection mode.
3. The method of claim 1, wherein auditing FTP communications of the agent comprises:
judging whether the operation instruction sent by the client side meets a preset safety strategy or not;
when a security policy is met, forwarding the operation instruction to the FTP;
and when the security policy is not met, deleting the operation instruction.
4. The method of claim 1, wherein auditing FTP communications of the agent comprises:
judging whether the uploaded file of the client is divulged;
when the file is not leaked, forwarding the file to the FTP;
and when the file is leaked, blocking the transmission of the file.
5. A system for implementing FTP service, wherein the system is applied to a proxy server, the system comprising:
a network protocol connection establishing module, configured to establish a network protocol connection with a client based on a network protocol connection request sent by the client, where the network protocol is any one of the following: HTTP, HTTPs, RTP;
the setting module is used for receiving the IP address of the FTP server sent by the client through the network protocol connection, setting the IP address as a proxy target address and establishing connection with the FTP server based on the IP address;
the connection result returning module is used for returning the connection result with the FTP server to the client;
the FTP connection establishing module is used for receiving an FTP connection request sent by the client under the condition that the connection result is a result representing successful connection, and establishing FTP connection with the client based on the FTP connection request;
the login module is used for receiving authentication information sent by the client through the FTP connection and logging in the FTP server according to the authentication information;
and the auditing module is used for proxying the FTP communication between the client and the FTP server and auditing the proxy FTP communication.
6. The system of claim 5, further comprising:
the identification module is used for identifying a connection mode of FTP connection between the client and the client, wherein the connection mode is as follows: an active mode, a passive mode;
and the connection mode changing module is used for changing the connection with the FTP server according to the connection mode.
7. The system of claim 5, wherein the auditing module is further configured to determine whether an operating instruction sent by the client complies with a preset security policy;
when a security policy is met, forwarding the operation instruction to the FTP;
and when the security policy is not met, deleting the operation instruction.
8. The system of claim 5, wherein the auditing module is further configured to determine whether the uploaded file of the client is compromised;
when the file is not leaked, forwarding the file to the FTP;
and when the file is leaked, blocking the transmission of the file.
9. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1 to 4.
10. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method according to any of claims 1 to 4 when executing the computer program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111370132.XA CN114124935A (en) | 2021-11-18 | 2021-11-18 | Method, system, equipment and storage medium for realizing FTP service |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111370132.XA CN114124935A (en) | 2021-11-18 | 2021-11-18 | Method, system, equipment and storage medium for realizing FTP service |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114124935A true CN114124935A (en) | 2022-03-01 |
Family
ID=80396631
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111370132.XA Pending CN114124935A (en) | 2021-11-18 | 2021-11-18 | Method, system, equipment and storage medium for realizing FTP service |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114124935A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114697201A (en) * | 2022-04-01 | 2022-07-01 | 湖南快乐阳光互动娱乐传媒有限公司 | Data processing method and device based on application client side proxy request |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20010056550A1 (en) * | 2000-06-27 | 2001-12-27 | Lg Electronics Inc. | Protective device for internal resource protection in network and method for operating the same |
| US20050021667A1 (en) * | 2003-04-10 | 2005-01-27 | International Business Machines Corporation | Arrangement and method for impermanent connectivity |
| CN102333107A (en) * | 2011-03-18 | 2012-01-25 | 北京神州数码思特奇信息技术股份有限公司 | Realization method for file transfer protocol (FTP) operation control based on gateway agent method |
| CN104065731A (en) * | 2014-06-30 | 2014-09-24 | 江苏华大天益电力科技有限公司 | FTP file transfer system and transfer method |
| CN107079057A (en) * | 2016-12-14 | 2017-08-18 | 深圳前海达闼云端智能科技有限公司 | Data transmission method, device, system, electronic equipment and computer program product |
| CN107770138A (en) * | 2016-08-22 | 2018-03-06 | 阿里巴巴集团控股有限公司 | Specify the method and proxy server, client of IP address |
| CN108156135A (en) * | 2017-12-05 | 2018-06-12 | 北京控制与电子技术研究所 | A kind of classified network information-leakage risk monitoring method |
| CN108566372A (en) * | 2018-03-01 | 2018-09-21 | 云易天成(北京)安全科技开发有限公司 | Fileinfo leakage prevention method, medium and equipment based on hash algorithm |
| CN111245831A (en) * | 2020-01-10 | 2020-06-05 | 北京力控华康科技有限公司 | FTP data transmission method and device, and information interaction system of server and client |
| CN111726401A (en) * | 2020-06-09 | 2020-09-29 | 北京天空卫士网络安全技术有限公司 | File transmission method and device |
-
2021
- 2021-11-18 CN CN202111370132.XA patent/CN114124935A/en active Pending
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20010056550A1 (en) * | 2000-06-27 | 2001-12-27 | Lg Electronics Inc. | Protective device for internal resource protection in network and method for operating the same |
| US20050021667A1 (en) * | 2003-04-10 | 2005-01-27 | International Business Machines Corporation | Arrangement and method for impermanent connectivity |
| CN102333107A (en) * | 2011-03-18 | 2012-01-25 | 北京神州数码思特奇信息技术股份有限公司 | Realization method for file transfer protocol (FTP) operation control based on gateway agent method |
| CN104065731A (en) * | 2014-06-30 | 2014-09-24 | 江苏华大天益电力科技有限公司 | FTP file transfer system and transfer method |
| CN107770138A (en) * | 2016-08-22 | 2018-03-06 | 阿里巴巴集团控股有限公司 | Specify the method and proxy server, client of IP address |
| CN107079057A (en) * | 2016-12-14 | 2017-08-18 | 深圳前海达闼云端智能科技有限公司 | Data transmission method, device, system, electronic equipment and computer program product |
| CN108156135A (en) * | 2017-12-05 | 2018-06-12 | 北京控制与电子技术研究所 | A kind of classified network information-leakage risk monitoring method |
| CN108566372A (en) * | 2018-03-01 | 2018-09-21 | 云易天成(北京)安全科技开发有限公司 | Fileinfo leakage prevention method, medium and equipment based on hash algorithm |
| CN111245831A (en) * | 2020-01-10 | 2020-06-05 | 北京力控华康科技有限公司 | FTP data transmission method and device, and information interaction system of server and client |
| CN111726401A (en) * | 2020-06-09 | 2020-09-29 | 北京天空卫士网络安全技术有限公司 | File transmission method and device |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114697201A (en) * | 2022-04-01 | 2022-07-01 | 湖南快乐阳光互动娱乐传媒有限公司 | Data processing method and device based on application client side proxy request |
| CN114697201B (en) * | 2022-04-01 | 2024-02-20 | 湖南快乐阳光互动娱乐传媒有限公司 | Data processing method and device based on application client agent request |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9794304B2 (en) | Enterprise client-server system and methods of providing web application support through distributed emulation of websocket communications | |
| US9118657B1 (en) | Extending secure single sign on to legacy applications | |
| RU2498520C2 (en) | Method of providing peer-to-peer communication on web page | |
| CA3190449A1 (en) | Dynamic optimization of request parameters for proxy server | |
| US9154485B1 (en) | Authentication revalidation | |
| CN108243143B (en) | Web agent-based gatekeeper penetration method and system | |
| EP3863261B1 (en) | System and method for cloud-based data validation | |
| US20100121959A1 (en) | Low-level remote sharing of local devices in a remote access session across a computer network | |
| US9602469B2 (en) | Method and apparatus for optimizing hypertext transfer protocol (“HTTP”) uniform resource locator (“URL”) filtering service | |
| US10193848B2 (en) | System and related method for management of devices of a network system via social media interfaces | |
| US8195806B2 (en) | Managing remote host visibility in a proxy server environment | |
| CN109450766B (en) | Access processing method and device for work area level VPN | |
| US11632436B1 (en) | Regulation methods for proxy services | |
| EP3376740B1 (en) | Method and apparatus for acquiring ip address | |
| US11411954B1 (en) | Access control policy for proxy services | |
| CN114124935A (en) | Method, system, equipment and storage medium for realizing FTP service | |
| CN113873057A (en) | Data processing method and device | |
| CN112165449B (en) | Control method of real-time authority of web application, electronic device and storage medium | |
| CN111726401A (en) | File transmission method and device | |
| US10581979B2 (en) | Information transmission method and apparatus | |
| Caviglione et al. | A deep analysis on future web technologies and protocols over broadband GEO satellite networks | |
| US10880393B2 (en) | Method for caching a piece of content in a content distribution network | |
| EP2226988A1 (en) | Method for accessing to local resources of a client terminal in a client/server architecture | |
| CN114584558A (en) | Cloud edge cooperative distributed API gateway system and API calling method | |
| CN111988319B (en) | Access control method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |