Described systems and methods enable protecting client devices (e.g., personal computers and IoT devices) implementing encrypted DNS protocols against harmful or inappropriate Internet content. A DNS proxy intercepts an attempt to establish an encrypted communication session between a client device and a DNS server. Without decrypting any communications, some embodiments of the DNS proxy determine an identifier of the respective session and an identifier of the client device, and send a query tracer connecting the session identifier with the client identifier to a security server. In some embodiments, the security server obtains the domain name included in an encrypted DNS query from the DNS server and instructs the DNS server to allow or block access of the client device to the respective Internet domain according to a device- and/or user-specific access policy.

Embodiments of the present disclosure disclose a method, apparatus, device, and storage medium for processing a network request. The method comprises: activating a domain name server proxy based on local socket service in a preset application; in accordance with a determination that the preset application invokes a preset connect function, acquiring the preset connect function and replacing a destination file path in the preset connect function with a target file path corresponding to the domain name server proxy to establish a connection between the preset application and the domain name server proxy, wherein the target file path is pre-written in the preset application; receiving via the domain name server proxy a network request from the preset application, and parsing a domain name of the network request, and determining a first processing way of the network request based on a result of the parsing of the domain name. With the above technical solution, the domain name server proxy is implemented inside the application, and all network requests are taken over from the parsing of the domain name, which facilitates comprehensive detection and control of network traffic and avoidance of omissions.

Embodiments of the present disclosure disclose a method, apparatus, device, and storage medium for processing a network request. The method comprises: activating a domain name server proxy based on local socket service in a preset application; in accordance with a determination that the preset application invokes a preset connect function, acquiring the preset connect function and replacing a destination file path in the preset connect function with a target file path corresponding to the domain name server proxy to establish a connection between the preset application and the domain name server proxy, wherein the target file path is pre-written in the preset application; receiving via the domain name server proxy a network request from the preset application, and parsing a domain name of the network request, and determining a first processing way of the network request based on a result of the parsing of the domain name. With the above technical solution, the domain name server proxy is implemented inside the application, and all network requests are taken over from the parsing of the domain name, which facilitates comprehensive detection and control of network traffic and avoidance of omissions.

A proxy server receives from a client device a request for a network resource that is hosted at an origin server for a domain. The request is received at the proxy server as a result of a DNS request for the domain resolving to the proxy server. The origin server is one of multiple origin servers that belong to different domains that resolve to the proxy server and are owned by different entities. The proxy server retrieves the requested network resource. The proxy server determines that the requested resource is an HTML page. The proxy server scans the HTML page to locate one or more modification tokens that each indicates content that is subject to being modified. For at least one of the located modification tokens, the proxy server automatically modifies at least a portion of the content of the HTML page that corresponds to that modification token. The proxy server then transmits the modified HTML page to the client device.

There is disclosed in one example a computing apparatus, including: a hardware platform including a processor and a memory; a network interface; an operating system including a native internet protocol (IP) stack; and a security agent, including instructions encoded within the memory to instruct the processor to: establish a split virtual private network (VPN) tunnel with a remote VPN service; receive outgoing network traffic; direct a first portion of the outgoing traffic to the VPN tunnel, including determining that the first portion includes an outgoing domain name service (DNS) request; and direct a second portion of the outgoing traffic to the native IP stack.

A method for overcoming intermittent, temporary, or other fetching failures by using multiple attempts for retrieving a content from a web server to a client device is disclosed. The URL fetching may use direct or non-direct fetching schemes, or a combination thereof. The non-direct fetching method may use intermediate devices, such as proxy server, Data-Center proxy server, tunnel devices, or any combination thereof. Upon sensing a failure of a fetching action, the action is repeated using the same or different parameters or attributes, such as by using different intermediate devices, selected based on different parameters or attributes, such as different countries. The repetitions are limited to a pre-defined maximum number or attempts. The fetching attempts may be performed by the client device, by an intermediate device in a non-direct fetching scheme, or a combination thereof. Various fetching schemes may be used sequentially until the content is retrieved.

This application discloses an application discovery method and apparatus, and a system. A session management function network element receives first information from a first network element, and determines second information based on at least the first information and location information of a terminal device. The session management function network element sends the second information to the first network element. The second information is for obtaining a first IP address corresponding to a first domain name.

The present disclosure provides example computer-implemented method, medium, and system for managing IP addresses for DPDK enabled network interfaces for cloud native pods. One example method includes creating a pod of one or more containers, where the pod connects to multiple networks through multiple network interfaces. A poll mode driver (PMD) is attached to a first network interface of the multiple network interfaces, where the PMD enables one or more data plane development kit (DPDK) applications inside the pod to manage the first network interface. A first container network interface (CNI) is created to handle the DPDK enabled first network interface. A first Internet protocol (IP) address is allocated to the first network interface using the first CNI. The first IP address is passed to the one or more DPDK applications using the first CNI.

The present disclosure provides example computer-implemented method, medium, and system for managing IP addresses for DPDK enabled network interfaces for cloud native pods. One example method includes creating a pod of one or more containers, where the pod connects to multiple networks through multiple network interfaces. A poll mode driver (PMD) is attached to a first network interface of the multiple network interfaces, where the PMD enables one or more data plane development kit (DPDK) applications inside the pod to manage the first network interface. A first container network interface (CNI) is created to handle the DPDK enabled first network interface. A first Internet protocol (IP) address is allocated to the first network interface using the first CNI. The first IP address is passed to the one or more DPDK applications using the first CNI.

A method for processing a request for anonymisation of a source IP address of an IP packet is described, the IP packet being transmitted by a transmitting device to a recipient device via a communications network, the transmitting device being connected to the network via a network terminal apparatus. The method is carried out by an anonymisation device positioned for cutting the flow between the network terminal apparatus and the recipient device, and comprises receiving the packet; establishing whether the source IP address has to be anonymised or not; if a result of the verification is negative, routing the packet to the recipient device; if the result of the verification is positive and if the anonymisation device has an address translation function: replacing the source IP address with an IP address of the anonymisation device; and. If the result of the verification is positive and if the anonymisation device does not have an address translation function, a step of routing the IP packet is routed to the recipient device via an apparatus of the network which has an address translation function.