摘要：【中文】本发明实施例涉及网络安全技术领域，具体涉及一种发现应用的方法、装置、设备和存储介质。本发明实施例公开了一种发现应用的方法，应用于管理平台，包括：接收运维管理人员输入的域名或地址；如果确定所述域名获得地址为模糊的域名或者地址；则确定所述模糊的域名或者地址中的第一部分和第二部分；所述第一部分为模糊部分；所述第二部分为精确部分；根据所述第二部分确定所述域名或者地址对应的单元名称；根据所述单元名称确定出所述单元授权使用的所有的应用；对于每一个应用，根据所述应用名称确定出所述应用的域名或者地址；显示为所述单元授权使用的所有的应用的域名或者地址。本申请的方法有助于运维人员发现应用，从而避免遗漏应用。 【EN】The embodiment of the invention relates to the technical field of network security, in particular to a method, a device, equipment and a storage medium for discovering applications. The embodiment of the invention discloses a method for discovering application, which is applied to a management platform and comprises the following steps: receiving a domain name or an address input by an operation and maintenance manager; if the domain name acquisition address is determined to be a fuzzy domain name or address; determining a first portion and a second portion of the ambiguous domain name or address; the first portion is a blurred portion; the second portion is a precision portion; determining a unit name corresponding to the domain name or address according to the second part; determining all applications authorized to be used by the unit according to the unit name; for each application, determining a domain name or an address of the application according to the application name; the domain names or addresses of all applications authorized for use by the unit are displayed. The method is helpful for operation and maintenance personnel to find the application, so that the application omission is avoided.

摘要：【中文】本发明实施例公开了一种基于企业浏览器实现的网络安全验证方法和装置，其中，所述方法包括：预先根据所述访问权限范围信息的差异分别生成相应的策略ID，并构建包含所述策略ID和访问权限范围对应关系的访问权限列表；获取用户基于企业浏览器发送的HTTP请求数据包，并提取出目标策略ID；利用所述目标策略ID遍历所述访问权限列表进行匹配验证，若匹配验证通过，则根据所述目标策略ID确定用户的访问权限范围，并基于所述访问权限范围向所述企业浏览器返回相应的响应内容。采用本发明所述的方法，能够通过验证HTTP请求数据包中策略ID的方式，确定用户的访问权限，减小了业务系统的暴露面，提高了基于企业浏览器访问业务系统数据的安全性。 【EN】The embodiment of the invention discloses a network security verification method and a device based on an enterprise browser, wherein the method comprises the following steps: generating corresponding strategy IDs respectively according to the difference of the access authority range information in advance, and constructing an access authority list containing the corresponding relation between the strategy IDs and the access authority ranges; acquiring an HTTP request data packet sent by a user based on an enterprise browser, and extracting a target strategy ID; and traversing the access authority list by using the target strategy ID for matching verification, if the matching verification is passed, determining the access authority range of the user according to the target strategy ID, and returning corresponding response content to the enterprise browser based on the access authority range. By adopting the method, the access authority of the user can be determined by verifying the strategy ID in the HTTP request data packet, the exposed surface of the service system is reduced, and the security of accessing the service system data based on the enterprise browser is improved.

摘要：【中文】本发明实施例涉及网络技术领域，具体涉及一种私网IP转换方法和装置。一种私网IP转换方法，应用于网关，该方法包括：接收来自于当前的业务系统的网页数据；判断所述网页数据中的链接地址是否是业务系统的绝对链接地址；如果是，则将所述绝对链接地址替换为预先设定的地址；将包含有所述预先设定的地址的网页数据发送给客户端。通过本发明的方法，网页在发送给客户端以前，在网关处就将绝对链接地址替换为预定格式的地址，替换后，客户端的页面上呈现的是替换后的地址，客户端可知点击替换后的地址直接访问业务系统。提高了客户端访问业务系统的便利性。 【EN】The embodiment of the invention relates to the technical field of networks, in particular to a private network IP conversion method and a private network IP conversion device. A private network IP conversion method is applied to a gateway and comprises the following steps: receiving webpage data from a current business system; judging whether the link address in the webpage data is an absolute link address of a service system; if yes, replacing the absolute link address with a preset address; and sending the webpage data containing the preset address to a client. By the method, the absolute link address is replaced by the address with the preset format at the gateway before the webpage is sent to the client, the replaced address is presented on the webpage of the client after the replacement, and the client can know that the address after the replacement is clicked to directly access the service system. The convenience of the client side for accessing the service system is improved.

摘要：【中文】本发明实施例涉及网络安全技术领域，具体涉及一种预警方法、装置、设备和存储介质。本发明实施例公开了一种预警方法，应用于安全管理平台，包括：获取用户访问服务器的行为参数信息；判断所述行为参数信息是否异常；如果确定所述参数信息异常，则发出报警信息。上述方法，可以监控用户的行为参数信息；如果异常，则发出报警信息；从而提高了公司内网的安全性能。 【EN】The embodiment of the invention relates to the technical field of network security, in particular to an early warning method, an early warning device, early warning equipment and a storage medium. The embodiment of the invention discloses an early warning method which is applied to a safety management platform and comprises the following steps: acquiring behavior parameter information of a user accessing a server; judging whether the behavior parameter information is abnormal or not; and if the parameter information is determined to be abnormal, sending alarm information. The method can monitor the behavior parameter information of the user; if the abnormal condition exists, alarm information is sent out; thereby improving the safety performance of the intranet of the company.

摘要：【中文】本发明涉及网络安全技术领域，具体涉及一种管控平台授权文件校验方法、装置、设备和存储介质。一种管控平台授权文件校验方法，包括：获取管控平台的参数信息；获取授权文件中携带的参数；根据所述管控平台的参数信息和所述授权文件中携带的参数对所述授权文件进行校验。通过本发明的方法，根据所述管控平台的参数信息和所述授权文件中携带的参数对所述授权文件进行校验。因为校验的时候采用的管控平台的参数信息，如果用其他的管控平台的授权文件来对本管控平台校验，因为管控平台不同，参数信息不同；所以可以避免一个授权文件用在多个管控平台中的情况。避免了生产商的损失。 【EN】The invention relates to the technical field of network security, in particular to a method, a device, equipment and a storage medium for checking an authorized file of a management and control platform. A management and control platform authorization file verification method comprises the following steps: acquiring parameter information of a control platform; acquiring parameters carried in an authorization file; and verifying the authorization file according to the parameter information of the management and control platform and the parameters carried in the authorization file. By the method, the authorization file is verified according to the parameter information of the management and control platform and the parameters carried in the authorization file. Because the parameter information of the management and control platform is adopted during verification, if the management and control platform is verified by using the authorization files of other management and control platforms, the parameter information is different because the management and control platforms are different; it is possible to avoid a situation where one authorization file is used in a plurality of administration platforms. The loss of the manufacturer is avoided.

摘要：【中文】本发明实施例提供的一种用户异常操作处理方法及系统，该方法包括：实时统计用户端在预设单位时间内的操作次数；判断所述操作次数是否超过预设次数；如果所述操作次数超过预设次数，则对所述用户端进行预设操作，本发明实施例对用户的操作次数进行实时的统计和监控，如果用户被病毒入侵或者被黑客控制，在对服务器进行攻击等异常操作时，必然会发生操作次数的不正常变化，此时，实时监控用户是否在进行了不正常的操作，及时采取措施。 【EN】The embodiment of the invention provides a method and a system for processing user abnormal operation, wherein the method comprises the following steps: counting the operation times of a user side in a preset unit time in real time; judging whether the operation times exceed preset times or not; if the operation times exceed the preset times, the user side is subjected to preset operation, the operation times of the user are counted and monitored in real time, abnormal changes of the operation times can be caused inevitably when the user is invaded by viruses or is controlled by hackers and abnormal operations such as attack and the like are carried out on a server, and at the moment, whether the user carries out abnormal operations or not is monitored in real time, and measures are taken in time.

摘要：【中文】本发明实施例公开了一种网关负载均衡的方法、装置及设备，涉及网络技术领域，该方法包括：获取多个网关的负载信息；根据所述多个网关的负载信息确定目标网关；建立浏览器客户端与所述目标网关的对应关系；向浏览器提供所述对应关系，以便所述浏览器根据所述对应关系向所述目标网关发送目标应用程序的访问请求，进而访问所述目标应用程序；其中，所述多个应用程序包括所述目标应用程序。本发明可以提升网关解析速度，避免了单个网关工作繁重导致崩溃的问题。 【EN】The embodiment of the invention discloses a method, a device and equipment for balancing gateway load, which relate to the technical field of networks, and the method comprises the following steps: acquiring load information of a plurality of gateways; determining a target gateway according to the load information of the plurality of gateways; establishing a corresponding relation between a browser client and the target gateway; providing the corresponding relation to a browser so that the browser can send an access request of a target application program to the target gateway according to the corresponding relation and further access the target application program; wherein the plurality of applications includes the target application. The invention can improve the gateway analysis speed and avoid the problem of breakdown caused by heavy work of a single gateway.

摘要：【中文】本发明实施例公开了一种基于企业浏览器的预授权数据访问方法和装置，其中，所述方法包括：接收后台服务器下发的预设账密信息对应的访问权限列表；接收基于企业浏览器发送的业务系统访问请求，解析所述业务系统访问请求，获得所述目标账密信息；将所述目标账密信息与所述预设账密信息进行匹配，根据匹配结果确定允许用户基于所述目标账密信息访问所述业务系统的权限范围；判断所述业务系统访问请求对应的访问内容是否位于所述权限范围内，若是，则向所述企业浏览器返回与所述业务系统访问请求对应的响应信息。采用本发明所述的方法，能够基于业务系统访问请求快速确定可访问的内部业务系统数据，从而提高了运营管理效率，提升了用户的使用体验。 【EN】The embodiment of the invention discloses a pre-authorization data access method and a pre-authorization data access device based on an enterprise browser, wherein the method comprises the following steps: receiving an access authority list corresponding to preset account secret information issued by a background server; receiving a business system access request sent based on an enterprise browser, analyzing the business system access request, and obtaining the target account secret information; matching the target account secret information with the preset account secret information, and determining an authority range allowing a user to access the service system based on the target account secret information according to a matching result; and judging whether the access content corresponding to the service system access request is located in the authority range, if so, returning response information corresponding to the service system access request to the enterprise browser. By adopting the method, the accessible internal service system data can be quickly determined based on the service system access request, so that the operation management efficiency is improved, and the use experience of a user is improved.

摘要：【中文】本发明实施例公开了一种基于新型架构实现的流量数据分流方法和装置，其中，所述方法包括：通过管控平台和业务系统服务器前端设置的网关获取用户基于企业浏览器发送的请求数据；利用所述网关解析所述请求数据，确定所述请求数据中HOST字段内的域名信息；根据所述域名信息，确定所述请求数据访问的目标对象；所述目标对象包括所述管控平台和所述业务系统服务器中的其中一个；基于确定的所述目标对象，对所述请求数据进行分流处理。采用本发明所述的方法，能够通过企业浏览器、管控平台以及网关之间组成的新型架构识别请求数据中携带的域名信息，并预先确定访问的目标对象，从而实现流量数据分流，提高了基于企业浏览器访问效率。 【EN】The embodiment of the invention discloses a flow data distribution method and a flow data distribution device based on a novel architecture, wherein the method comprises the following steps: acquiring request data sent by a user based on an enterprise browser through a management and control platform and a gateway arranged at the front end of a service system server; analyzing the request data by using the gateway, and determining domain name information in the HOST field in the request data; determining a target object of the request data access according to the domain name information; the target object comprises one of the management and control platform and the business system server; and performing shunting processing on the request data based on the determined target object. By adopting the method, the domain name information carried in the request data can be identified through a novel architecture formed among the enterprise browser, the control platform and the gateway, and the accessed target object is predetermined, so that the flow data distribution is realized, and the access efficiency based on the enterprise browser is improved.

摘要：【中文】本发明涉及网络技术领域，具体涉及一种私网IP转换方法和装置。一种IP地址转换方法，应用于浏览器，所述方法包括：显示当前的业务系统的页面；在所述页面中确定要访问的业务系统的地址或者域名；接收点击所述业务系统的地址或者域名的动作；将所述业务系统的地址或者域名转换为预定格式的地址或者域名；将所述预定格式的地址或者域名解析到网关以使所述网关根据所述地址或者域名访问所述业务系统。解决了客户端的浏览器无法访问内部链接的问题。 【EN】The invention relates to the technical field of networks, in particular to a private network IP conversion method and a private network IP conversion device. An IP address translation method is applied to a browser, and the method comprises the following steps: displaying a page of a current business system; determining the address or domain name of a service system to be accessed in the page; receiving an action of clicking the address or the domain name of the service system; converting the address or the domain name of the service system into an address or a domain name in a preset format; and resolving the address or the domain name in the preset format to a gateway so that the gateway accesses the service system according to the address or the domain name. The problem that the browser of the client cannot access the internal link is solved.