Search

CN-122001665-A - Method for processing access request, related device and computer program product

CN122001665ACN 122001665 ACN122001665 ACN 122001665ACN-122001665-A

Abstract

The disclosure provides a method, a related device and a computer program product for processing an access request, which are applied to edge nodes of a content distribution network and relate to the technical fields of artificial intelligence such as the content distribution network, authority management, network flow control and the like. The method comprises the steps of responding to an access request sent by a target device, carrying out authentication based on a local authentication rule list, description information of the target device and demand information of the access request, generating a first authentication result and credibility of the first authentication result, responding to the credibility being smaller than a credibility threshold value, generating authentication reference information based on the description information and the demand information, sending the authentication reference information to an authentication node, controlling the authentication node to return a processing mode corresponding to the second authentication result after generating the second authentication result based on the authentication reference information, and responding to the received processing mode to process the access request in a processing mode.

Inventors

  • Liao Qinsi
  • NIE KEFENG

Assignees

  • 北京百度网讯科技有限公司

Dates

Publication Date
20260508
Application Date
20260309

Claims (14)

  1. 1. A method of processing access requests, applied to an edge node of a content distribution network, comprising: Responding to the received access request sent by the target equipment, carrying out authentication based on the authentication rule list configured to the local, the description information of the target equipment and the requirement information of the access request, and generating a first authentication result and the credibility of the first authentication result; generating authentication reference information based on the description information and the requirement information in response to the credibility being less than a credibility threshold; Sending the authentication reference information to an authentication node, and controlling the authentication node to return a processing mode corresponding to a second authentication result after generating the second authentication result based on the authentication reference information; and processing the access request in the processing mode in response to receiving the processing mode.
  2. 2. The method of claim 1, the method further comprising: And responding to the reliability being greater than or equal to the reliability threshold, and processing the access request in a processing mode corresponding to the first authentication result.
  3. 3. The method of claim 1 or 2, wherein the processing means comprises one of: Configuring a response to the access request at a standard communication rate; Responding to the access request with a limited communication rate configuration, wherein the limited communication rate corresponding to the limited communication rate configuration is lower than the standard communication rate corresponding to the standard communication rate configuration; rejecting the access request; providing an authorization node to the target device; Directing the access request to a first standby edge node, wherein the first standby edge node is capable of providing the target device with a communication rate that is simultaneously greater than the edge node; the access request is directed to a second backup edge node, wherein the second backup edge node is capable of providing the target device with a communication rate that is less than the edge node.
  4. 4. A method according to claim 3, the method further comprising: Providing a temporary adjustment request entry to the target device in response to the current processing means being employed for said responding to the access request at the limited communication rate configuration, or said rejecting responding to the access request, or said directing the access request to a second standby edge node; generating adjustment reference information based on the description information and the demand information in response to the temporary adjustment request entry being invoked; Sending the adjustment reference information to an authentication node, and controlling the authentication node to return to a temporary processing mode after determining the temporary processing mode based on the adjustment reference information, wherein the temporary processing mode comprises executing the response to the access request at the standard communication rate configuration or directing the access request to a first standby edge node in a target time period; And in response to receiving the temporary processing mode, updating the current processing mode into the temporary processing mode, and continuing to process the access request.
  5. 5. A method according to claim 3, the method further comprising: And rejecting the new access request sent by the target device in a second time period after the current time in response to the number of times of adopting the access request refused to respond to the access request in the first time period from the current time being greater than or equal to an adoption threshold.
  6. 6. The method of claim 1, wherein the generating, in response to receiving the access request sent by the target device, the first authentication result and the trustworthiness of the first authentication result based on the authentication rule list that has been configured to be local, the description information of the target device, and the requirement information of the access request includes: In response to receiving an access request sent by the target device, extracting an authentication rule list set from the authentication rule list configured to be local; Taking a preset authentication result corresponding to a target authentication rule list with the largest number of authentication rules hit by the description information of the target equipment and the requirement information of the access request as the first authentication result; and generating the credibility of the first authentication result based on the proportion of the hit authentication rule to all authentication rules in the target authentication rule list.
  7. 7. The method of claim 6, wherein the authentication rules included in the list of authentication rules include at least two of: The target device is a white list device; the access request corresponds to target type data; the access times of the target equipment in the history period is greater than or equal to an access times threshold; the switching times of the user account number of the target equipment in the history period is greater than or equal to a switching times threshold value; the accumulated traffic resource amount used by the target device is greater than or equal to the authorized resource amount of the target device; With an access token provided by the authorizing node.
  8. 8. The method of claim 6, wherein the extracting the set of authentication rules list from the authentication rules list that has been configured to be local in response to receiving the access request sent by the target device comprises: And in response to receiving an access request sent by the target equipment, extracting an authentication rule list set from the authentication rule list configured to be local based on communication resources which can be provided by the local.
  9. 9. The method of claim 1, the method further comprising: Controlling the authentication node to generate an updated authentication rule list based on the target authentication reference information and the second authentication result in response to the receiving times of the target authentication reference information being greater than or equal to a receiving times threshold; and controlling the authentication node to configure the updated authentication rule list to each edge node.
  10. 10. An apparatus for processing access requests, applied to an edge node of a content distribution network, comprising: The first device authentication unit is configured to respond to receiving an access request sent by the target device, authenticate based on the authentication rule list configured to the local, the description information of the target device and the requirement information of the access request, and generate a first authentication result and the credibility of the first authentication result; A reference information generating unit configured to generate authentication reference information based on the description information and the requirement information in response to the degree of reliability being smaller than a degree of reliability threshold; The second equipment authentication unit is configured to send the authentication reference information to an authentication node and control the authentication node to return a processing mode corresponding to a second authentication result after generating the second authentication result based on the authentication reference information; And a first request processing unit configured to process the access request in the processing manner in response to receiving the processing manner.
  11. 11. A content distribution network comprising an edge node and an authentication node; The edge node is used for responding to the received access request sent by the target equipment, authenticating based on the authentication rule list configured to the local, the description information of the target equipment and the requirement information of the access request, and generating a first authentication result and the credibility of the first authentication result; generating authentication reference information based on the description information and the requirement information in response to the credibility being less than a credibility threshold; the authentication reference information is sent to the authentication node, and the authentication node is controlled to return a processing mode corresponding to a second authentication result after generating the second authentication result based on the authentication reference information; The authentication node is used for returning the processing mode corresponding to the second authentication result to the edge node after generating the second authentication result based on the authentication reference information sent by the edge node.
  12. 12. An electronic device, comprising: At least one processor, and A memory communicatively coupled to the at least one processor, wherein, The memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of processing access requests of any one of claims 1-9.
  13. 13. A non-transitory computer readable storage medium storing computer instructions for causing the computer to perform the method of processing an access request of any one of claims 1-9.
  14. 14. A computer program product comprising a computer program which, when executed by a processor, implements the method of processing an access request according to any of claims 1-9.

Description

Method for processing access request, related device and computer program product Technical Field The present disclosure relates to the field of data processing technologies, and in particular, to the field of artificial intelligence technologies such as content distribution networks, rights management, and network flow control, and more particularly, to a method, an apparatus, an electronic device, a computer readable storage medium, and a computer program product for processing an access request, where the method, the apparatus, the electronic device, and the computer readable storage medium are applied to an edge node of a content distribution network. Background With the rapid growth of internet content, the requirement of users on network service quality is continuously improved, and the traditional content distribution mode faces the problems of high bandwidth pressure, high response time delay, poor user experience and the like. In such a context, a content delivery network (Content Delivery Network, CDN for short) has evolved. In the CDN, the content of the source station can be copied and distributed to the distributed edge nodes deployed at the edge of the network, so that users can utilize the similar edge nodes to realize the uploading and the acquisition of the data and the content. The method not only effectively reduces the transmission pressure of the core network, but also can obviously reduce network delay caused by cross-regional access, and can improve the response efficiency and user access experience of the whole system. Thus, it is interesting and urgent to manage more efficiently and with quality the interaction behavior of the user with the CDN through the edge nodes. Disclosure of Invention Embodiments of the present disclosure provide a method, apparatus, electronic device, computer-readable storage medium, and computer program product for processing an access request. In a first aspect, an embodiment of the disclosure proposes a method for processing an access request, which is applied to an edge node of a content distribution network, and includes authenticating based on an authentication rule list configured to be local, description information of the target device and requirement information of the access request in response to receiving the access request sent by the target device, generating a first authentication result and credibility of the first authentication result, generating authentication reference information based on the description information and the requirement information in response to the credibility being smaller than a credibility threshold, sending the authentication reference information to the authentication node, controlling the authentication node to return a processing mode corresponding to the second authentication result after generating the second authentication result based on the authentication reference information, and processing the access request in a processing mode in response to receiving the processing mode. In a second aspect, an embodiment of the disclosure proposes an apparatus for processing an access request, applied to an edge node of a content distribution network, including a first device authentication unit configured to perform authentication based on an authentication rule list configured to be local, description information of a target device, and requirement information of the access request in response to receiving the access request sent by the target device, generate a first authentication result and a reliability of the first authentication result, a reference information generation unit configured to generate authentication reference information based on the description information and the requirement information in response to the reliability being smaller than a reliability threshold, a second device authentication unit configured to send authentication reference information to the authentication node and control the authentication node to return a processing manner corresponding to the second authentication result after generating the second authentication result based on the authentication reference information, and a first request processing unit configured to process the access request in a processing manner in response to receiving the processing manner. The embodiment of the disclosure provides a content distribution network, which comprises an edge node and an authentication node, wherein the edge node is used for responding to an access request sent by a target device, authenticating based on a local authentication rule list, description information of the target device and requirement information of the access request, generating a first authentication result and credibility of the first authentication result, responding to the credibility being smaller than a credibility threshold value, generating authentication reference information based on the description information and the requirement information, send