CN103166966A - Method and device for distinguishing illegal access request to website - Google Patents
Method and device for distinguishing illegal access request to website Download PDFInfo
- Publication number
- CN103166966A CN103166966A CN2013100722198A CN201310072219A CN103166966A CN 103166966 A CN103166966 A CN 103166966A CN 2013100722198 A CN2013100722198 A CN 2013100722198A CN 201310072219 A CN201310072219 A CN 201310072219A CN 103166966 A CN103166966 A CN 103166966A
- Authority
- CN
- China
- Prior art keywords
- access request
- legal
- parameter
- request
- http
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention provides a method and a device for distinguishing an illegal access request to a website, and belongs to the technical field of network security. The method comprises the following steps of: acquiring a legal range of a http access request parameter of the website, and loading the legal range serving as a validity rule of the parameter; intercepting the http access request of a user browser to the website; and matching the intercepted http access request and the validity rule of the parameter, and judging whether the intercepted http access request is legal or not according to a matching result. By the method and the device, the legal range of the request parameter can be accurately and conveniently acquired; and the illegal request is accurately distinguished and intercepted conveniently according to the acquired legal range.
Description
Technical field
The present invention relates to network safety filed, relate in particular to a kind of identification to method and the device of the unauthorized access request of website.
Background technology
The safety problem of current web is day by day serious, the portal management person can adopt a lot of measures to prevent that server from being attacked and invading, the log recording of wherein in time checking webpage (Web) server is the most direct, the most frequently used, and is a kind of relatively effective method.By the monitoring to the Web server journal file, can seek suspicious movable sign, obtain hacker attacks gimmick and associative operation, and the leak place of system, thereby take precautions against.
But finding out the clues and traces of attacking Web server in journal file is not very simple and clear something, because in journal file, entry is various, this just needs the keeper that abundant knowledge and experience is arranged, and enough carefulnesses and patient are arranged.
Similarly, existing a kind of scheme of identifying illegal http request is, according to known attack strategy (for example cross-site attack, sql injection attacks), formulate Corresponding matching strategy (forbidden character in the judgement request and illegal keyword) and tackle illegal request.The approach that realizes this scheme is to utilize special hardware firewall to load respective rule to filter.
In prior art, no matter be to identify illegal request according to journal file, or tackling illegal request according to predetermined matching strategy, is all to be similar to the method that blacklist filters, there is following shortcoming in it: can only identify or tackle known specific attack type, underaction; Can not identify some and not be present in illegal request in blacklist; Cost is higher.
And existing scheme does not take full advantage of the abundant information that comprises in journal file.
Summary of the invention
In view of this, the purpose of this invention is to provide species to method and the device of the unauthorized access request of website, can obtain accurately, easily the legal range of required parameter, be conducive to according to the legal range that gets, illegal request is identified accurately and tackled.
For achieving the above object, the invention provides technical scheme as follows:
The method of a kind of identification to the unauthorized access request of website comprises:
Obtain the legal range of the http access request parameters of website, and the validity rule of described legal range as parameter loaded;
Intercept and capture user browser to the http access request of website;
The http access request that intercepts and the validity rule of parameter are mated, determine according to matching result whether the http access request that intercepts is legal.
Alternatively, the described legal range that obtains the http access request parameters of website specifically comprises:
Obtain the http access log file of website;
Filter out log recording corresponding to legal http request from described journal file, obtain legal log recording set;
According to described legal log recording set, extract the legal range of access request parameters.
Alternatively, the legal range of access request parameters is as is lower one or more:
The parameter name that allows; The type of parameter; The maximum length of parameter value; Allow the spcial character of appearance in parameter value.
Alternatively, described according to described legal log recording set, the legal range of extraction access request parameters specifically comprises:
Obtain corresponding requesting method and the request resource of each http request from described log recording set;
For each request resource, obtain corresponding parameter name-parameter value list;
According to described parameter name-parameter value list legal range getparms.
Alternatively, described the http access request that intercepts and the validity rule of parameter are mated, determine according to matching result whether the http access request that intercepts is legal, specifically comprises:
The http access request is resolved the resource that obtains asking, the method for request and required parameter;
Analysis result and described validity rule are mated, and the match is successful, determines that the http access request is legal, and it fails to match, determines that the http access request is illegal.
The device of a kind of identification to the unauthorized access request of website comprises:
Load-on module for the legal range of the http access request parameters of obtaining the website, and loads the validity rule of described legal range as parameter;
Intercept and capture module, be used for intercepting and capturing user browser to the http access request of website;
Matching module mates for the http access request that will intercept and the validity rule of parameter, determines according to matching result whether the http access request that intercepts is legal.
Alternatively, described load-on module specifically is used for:
Obtain the http access log file of website;
Filter out log recording corresponding to legal http request from described journal file, obtain legal log recording set;
According to described legal log recording set, extract the legal range of access request parameters.
Alternatively, the legal range of access request parameters is as is lower one or more:
The parameter name that allows; The type of parameter; The maximum length of parameter value; Allow the spcial character of appearance in parameter value.
Alternatively, described according to described legal log recording set, the legal range of extraction access request parameters specifically comprises:
Obtain corresponding requesting method and the request resource of each http request from described log recording set;
For each request resource, obtain corresponding parameter name-parameter value list;
According to described parameter name-parameter value list legal range getparms.
Alternatively, described matching module specifically is used for:
The http access request is resolved the resource that obtains asking, the method for request and required parameter;
Analysis result and described validity rule are mated, and the match is successful, determines that the http access request is legal, and it fails to match, determines that the http access request is illegal.。
According to technique scheme of the present invention, do not need manual analysis, can automatically obtain the legal range of http required parameter from the web log file, obtain m odel validity rule (being similar to white list filters), just can realize illegal request is identified accurately and tackled according to this m odel validity rule.
Description of drawings
Fig. 1 is the method flow diagram of analyzing web site access request parameters legal range according to an embodiment of the invention;
Fig. 2 is the method flow diagram of identifying according to an embodiment of the invention the unauthorized access request of website;
Fig. 3 is the structure drawing of device of analyzing web site access request parameters legal range according to an embodiment of the invention;
Fig. 4 is the structure drawing of device of identifying according to an embodiment of the invention the unauthorized access request of website.
Embodiment
For ease of better understanding the present invention, at first the access log file of website is simply introduced here.
IIS is the abbreviation of Internet Information Server, and the meaning is the internet information service.The WEB daily record of IIS is exactly the log of website under IIS, and the visitor sends a http request to the website at every turn, no matter whether this access is successful, journal file all can carry out record.
Daily record comprises following message: who has accessed website, and which content the visitor has checked and checked for the last time time of information etc.Therefore the relative recording of recording all access Web services due to IIS loyalty takes full advantage of daily record, just can carry out intrusion detection, traffic statistics analysis, solves the IIS server failure, and solves page fault.
The WEB journal file of IIS6.0 acquiescence deposit position be %systemroot% system32 LogFiles, acquiescence daily record every day.If journal file is not protected; can be easy to invaded person finds and the vestige in daily record is removed; therefore the catalogue of acquiescence is not used in suggestion; change the path of a log; the journal file access rights are set simultaneously, only allow keeper and SYSTEM (system) authority for controlling fully.
The name format of journal file is: the last two digits+month in ex+ time+date is ex020810.log as the WEB journal file on August 10th, 2002.The journal file of IIS is all text, can use any editing machine to open, and for example the notepad program, advise using the UltraEdit editing machine to edit.
Journal format is the ASCII fromat of fixing, and presses World Wide Web Consortium (World Wide Web Consortium, W3C) standard and carries out record.
Journal file beginning four lines is descriptive information, and is as follows:
#Software generates software
The #Version version
Date occurs in the #Date daily record
The #Fields field, the form of demonstration recorded information can be self-defined by IIS.
The main body of daily record is solicited message one by one, and the form of solicited message is by Field Definition, and each interfield separates with the space.
Field commonly used is explained as follows:
The date of request occurs in data;
The time of request occurs in time;
S-sitename satisfies the website example number of request;
S-ip generates the server ip address of journal entry;
The cs-method requesting method, i.e. the client operation (for example GET or POST method) attempting to carry out;
The resource of cs-uri-stem access, for example Index.htm;
The subsidiary parameter of cs-uri-query reference address is not if there is no parameter use hyphen "-" expression;
The port numbers that the s-port client is connected to;
Cs-username access services device by the user's name of authentication, anonymous represents with hyphen;
The client ip address of c-ip access services device;
Cs-version client protocol version;
The browser type that cs (User-Agent) client is used;
Cs (Referer) quotes website (website of user's last visit, this website provide and the linking of current website);
Sc-status responsive state code common are 200 and represents successfully, and 403 expressions do not have authority, and 404 expressions can not find this page, and 500 representation programs are wrong;
The sub-state code of sc-substatus;
Sc-win32-status Windows state code.
The below enumerates the form (each journal file has following 4 row) of explanation journal file:
#Software:Microsoft?Internet?Information?Services6.0
#Version:1.0
#Date:2008-03-31?08:00:03
#Fields:date?time?s-sitename?s-ip?cs-method?cs-uri-stem?cs-uri-query?s-port?cs-username?c-ip
cs(User-Agent)sc-status?sc-substatus?sc-win32-status
2008-03-31?08:02:34W3SVC72812902?192.168.1.133?GET/login.htm-80-192.168.1.127
Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.2;+(R1+1.5);+.NET+CLR+1.1.4322)20000
Above each row clearly write down respectively Terminal Server Client:
Access time 2008-03-31 08:02:34
The IP address 192.168.1.133 of institute's access services device
The operation GET/login.htm that carries out
Access port 80
Client ip address 192.168.1.127
Browser type Mozilla/4.0+
Http response conditional code 200
The present invention comes the legal range of analyzing web site access request parameters just according to the journal file of website, after obtaining the legal range of required parameter, this legal range is considered as the validity rule of parameter, according to the validity rule of parameter, just can identifies the unauthorized access request.
Describe the present invention below in conjunction with accompanying drawing.
Fig. 1 is the method flow diagram of analyzing web site access request parameters legal range according to an embodiment of the invention.With reference to Fig. 1, described method can comprise the steps:
Step 101 is obtained the http access log file of website;
Step 102 filters out log recording corresponding to legal http request from described journal file, obtain legal log recording set;
In journal file, the corresponding log recording of each http request, can be that 200 log recording is asked corresponding log recording as legal http with the responsive state code.
Step 103 is extracted the legal range of access request parameters according to described legal log recording set.
Further, after extracting the legal range of parameter, can also be with the legal range of parameter as the xml file output.The relative plain text format of xml form has the following advantages: be convenient to exchanges data; The clear relation that shows between data; Logic is stronger, is convenient to program and reads.
What wherein, the legal range of parameter can be in following is one or more:
The parameter name that allows; The type of parameter (for example, character type, numeric type etc.); The maximum length of parameter value; The spcial character that allow to occur in parameter value (in the present invention, numeral and letter are considered as ordinary symbol, in addition be considered as spcial character, for example, underscore, dollar mark () etc. all is considered as spcial character).
Due to each log recording in legal log recording set corresponding be legal http request, therefore, wherein each kind of parameter is legal parameters, can obtain the legal range of access request parameters according to these legal parameters, specifically can comprise the steps:
Step S1 obtains corresponding requesting method and the request resource of each http request from described log recording set;
Requesting method can be get, post etc.In the present invention, each request resource in described log recording set can be identified as legal request resource, wherein, the described request resource can identify with URL.
Step S2 for each request resource, obtains corresponding parameter name-parameter value list;
Due to corresponding many log recordings of each request resource possibility, therefore, parameter name corresponding to this request resource can be identified as legal parameters title (parameter name of permission).And, for certain parameter name under this request resource, the corresponding multiple parameter values of possibility, so, these parameter values are just added up, just can obtain described parameter name-parameter value list.
Step S3 is according to described parameter name-parameter value list legal range getparms.
Wherein, for the maximum length that parameter value allows, can choose the maximum length that the maximum length of the parameter value that exists in described parameter name-parameter value list allows as parameter value corresponding to relevant parameter title.
For the spcial character that parameter value allows, can the spcial character and the frequency that occur in parameter value be added up for all parameter names, frequency of occurrences height and the spcial character of default thresholding are thought the spcial character that can occur in corresponding parameter value.
Suppose to have filtered out following legal log recording set:
test.com/a.php?userid=10&product_name=good&price=123.4
test.com/a.php?userid=20&product_name=1234&price=100
test.com/a.php?userid=303&product_name=a-b&price=10
test.com/a.php?userid=40&product_name=a-c&price=1
test2.com/a.php?userid=10&product_name=_asd&price=123
The maximum length that allows for parameter value: the maximum length that the userid under a.php occurs is 3 (the 3rd), and the maximum length that product_name occurs is 4.Therefore the last rule that generates out is: under a.php, parameter value maximum length corresponding to userid parameter is that parameter value maximum length corresponding to 3, product_name parameter is 4.
For the spcial character that allows out in parameter value: according to above-mentioned daily record, can do following statistics, for the product_name parameter:
The spcial character number of times
-(horizontal line) 2
_ (underscore) 1
If arrange if there is the spcial character number of times more than or equal to 2 times, just think that this spcial character can occur, can think-(horizontal line) spcial character for allowing to occur.
Further, can also generate following rule: can occur in all product_name of website-(horizontal line), but not allow to occur _ (underscore).
In addition, maximum length for the parameter value permission, the embodiment of the present invention also provides a kind of method of supervised learning, be about to a part of log recording in legal log recording set as training set, remaining part is as test set, by the parameter of continuous adjustment anticipation function, and with the accuracy of test set checking function, thereby best anticipation function obtained.
Suppose to have now 10 for the record with parameter of specific url access, can with front 5 as training set, rear 5 as test set, learning function infers by front 5 records the maximum length that parameter value, then utilize rear 5 conduct tests, judge whether this maximum length is reasonable.
For the spcial character that allows in parameter value to occur, the embodiment of the present invention also provides a kind of method of deduction, namely set up feature database, store all spcial character and occurrence frequencies (adding up with file-name field) that field (parameter name) allows in study website, and think that the high special field of certain field occurrence frequency is the attribute that this field generally has in feature database, so, the spcial character of the spcial character that in feature database, certain field occurrence frequency is high for treating that the same file-name field of study website (allowing in this field under the prerequisite of spcial character) allows.
Further, the embodiment of the present invention also provides a kind of incremental learning method to obtain the legal range of access parameter.Incremental learning is namely: on the basis of the rule of existing this website, access log file by this website, extract the information such as wherein url, required parameter, obtain the spcial character that may occur in the parameter length of specifying url and parameter in conjunction with above-mentioned study thinking, these information recording /s are got off and deposit in database.
For a simple example:
For the www.test.com website, 2 rules have been arranged, for example the number of the parameter of www.test.com/a.php permission is 2, the maximum length that parameter value allows is 5, www.test.com has again new daily record now, can replenish and improve existing rule according to daily record in conjunction with existing rule, the number of improving out the parameter of a.php permission is 3, and the maximum length that parameter value allows is 10.
Said method can be realized with software, also can realize with hardware.When realizing with software, this program may operate under the python environment, and take mysql as support, for example, operates in the linux system.
According to the technique scheme of the embodiment of the present invention, do not need manual analysis, can automatically obtain the legal range of http required parameter from the web log file.
Further, after the legal range that has obtained the http required parameter, just can with this legal range as the m odel validity rule, just can realize illegal request is identified accurately and tackled according to this m odel validity rule.
Fig. 2 is the method flow diagram of identifying according to an embodiment of the invention the unauthorized access request of website.With reference to Fig. 2, described method can comprise the steps:
Step 201 is obtained the legal range of the http access request parameters of website, and described legal range is loaded (or storage) as the validity rule of parameter;
Step 202 is intercepted and captured user browser to the http access request of website;
Step 203 is mated the http access request that intercepts and the validity rule of parameter, determines according to matching result whether the http access request that intercepts is legal.
Can resolve the http access request, obtain the resource of request, method and the various parameter of request, then, analysis result and described validity rule are mated, and the match is successful, determines that the http access request is legal, otherwise, determine that the http access request is illegal.
In step 203, matching process specifically can comprise:
Whether the resource of judgement request is legal, in the legal range of the required parameter that conducts interviews is analyzed, can obtain legal the Resources list, and whether the resource of asking by judgement can determine in legal the Resources list that the resource of asking whether could;
Judge whether request type (get/post) is legal;
Whether the length of the type of identification parameter (numeral/character string), parameter value is legal.
According to said method, for the request of a website, identify according to the m odel validity rule of correspondence, if effectively request can be forwarded to true website, otherwise directly interception, record the relevant information of this request simultaneously, in order to improve afterwards corresponding rule.
Further, the relevant information of illegal request can also be recorded in journal file.
As a kind of implementation, the method for the above-mentioned identification illegal request of the embodiment of the present invention can be regular according to existing m odel validity, and tackle illegal request in conjunction with the ngnix program.Identify legal request according to valid parameter value, compare conventional method more intelligent, efficient.Simultaneously, utilize efficient nginx server to support filter request, can greatly reduce costs.
Below provide respectively the device of realizing above-mentioned acquisition methods and recognition methods.
Fig. 3 is the structure drawing of device of analyzing web site access request parameters legal range according to an embodiment of the invention.With reference to Fig. 3, described device can comprise acquisition module 31, screening module 32 and analysis module 33, wherein:
The specific works principle of described device can be shown in Figure 1 method, repeat no more here.
Fig. 4 is the structure drawing of device of identifying according to an embodiment of the invention the unauthorized access request of website.With reference to Fig. 4, described device can comprise: load-on module 41, intercepting and capturing module 42 and matching module 43, wherein:
Load-on module 41 is used for obtaining the legal range of the http access request parameters of website, and the validity rule of described legal range as parameter loaded;
Intercept and capture module 42 and be used for intercepting and capturing user browser to the http access request of website;
The specific works principle of described device can be shown in Figure 2 method, repeat no more here.
Need to prove, can carry out in such as the computer system that is provided with one group of computer executable instructions in the step shown in the flow chart of accompanying drawing, and, although there is shown logical order in flow process, but in some cases, can carry out step shown or that describe with the order that is different from herein.in addition, those skilled in the art should be understood that, above-mentioned each module of the present invention or each step can realize with general calculation element, they can concentrate on single calculation element, perhaps be distributed on the network that a plurality of calculation elements form, alternatively, they can be realized with the executable program code of calculation element, thereby, they can be stored in storage device and be carried out by calculation element, perhaps they are made into respectively each integrated circuit modules, perhaps a plurality of modules in them or step being made into the single integrated circuit module realizes.Like this, the present invention is not restricted to any specific hardware and software combination.
The above is only preferred embodiment of the present invention, and is in order to limit the present invention, within the spirit and principles in the present invention not all, any modification of making, is equal to replacement, improvement etc., within all should being included in the scope of protection of the invention.
Claims (10)
1. the identification method to the unauthorized access request of website, is characterized in that, comprising:
Obtain the legal range of the http access request parameters of website, and the validity rule of described legal range as parameter loaded;
Intercept and capture user browser to the http access request of website;
The http access request that intercepts and the validity rule of parameter are mated, determine according to matching result whether the http access request that intercepts is legal.
2. the method for claim 1, is characterized in that, the described legal range that obtains the http access request parameters of website specifically comprises:
Obtain the http access log file of website;
Filter out log recording corresponding to legal http request from described journal file, obtain legal log recording set;
According to described legal log recording set, extract the legal range of access request parameters.
3. method as claimed in claim 2, is characterized in that, the legal range of access request parameters is as is lower one or more:
The parameter name that allows; The type of parameter; The maximum length of parameter value; Allow the spcial character of appearance in parameter value.
4. method as claimed in claim 3, is characterized in that, and is described according to described legal log recording set, extracts the legal range of access request parameters, specifically comprises:
Obtain corresponding requesting method and the request resource of each http request from described log recording set;
For each request resource, obtain corresponding parameter name-parameter value list;
According to described parameter name-parameter value list legal range getparms.
5. method as described in any one in claim 1 to 4, is characterized in that, described the http access request that intercepts and the validity rule of parameter mated, and determines according to matching result whether the http access request that intercepts is legal, specifically comprises:
The http access request is resolved the resource that obtains asking, the method for request and required parameter;
Analysis result and described validity rule are mated, and the match is successful, determines that the http access request is legal, and it fails to match, determines that the http access request is illegal.
6. the identification device to the unauthorized access request of website, is characterized in that, comprising:
Load-on module for the legal range of the http access request parameters of obtaining the website, and loads the validity rule of described legal range as parameter;
Intercept and capture module, be used for intercepting and capturing user browser to the http access request of website;
Matching module mates for the http access request that will intercept and the validity rule of parameter, determines according to matching result whether the http access request that intercepts is legal.
7. device as claimed in claim 6, is characterized in that, described load-on module specifically is used for:
Obtain the http access log file of website;
Filter out log recording corresponding to legal http request from described journal file, obtain legal log recording set;
According to described legal log recording set, extract the legal range of access request parameters.
8. device as claimed in claim 7, is characterized in that, the legal range of access request parameters is as is lower one or more:
The parameter name that allows; The type of parameter; The maximum length of parameter value; Allow the spcial character of appearance in parameter value.
9. device as claimed in claim 8, is characterized in that, and is described according to described legal log recording set, extracts the legal range of access request parameters, specifically comprises:
Obtain corresponding requesting method and the request resource of each http request from described log recording set;
For each request resource, obtain corresponding parameter name-parameter value list;
According to described parameter name-parameter value list legal range getparms.
10. device as described in any one in claim 6 to 9, is characterized in that, described matching module specifically is used for:
The http access request is resolved the resource that obtains asking, the method for request and required parameter;
Analysis result and described validity rule are mated, and the match is successful, determines that the http access request is legal, and it fails to match, determines that the http access request is illegal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310072219.8A CN103166966B (en) | 2013-03-07 | 2013-03-07 | Identify the method to the unauthorized access request of website and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310072219.8A CN103166966B (en) | 2013-03-07 | 2013-03-07 | Identify the method to the unauthorized access request of website and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103166966A true CN103166966A (en) | 2013-06-19 |
| CN103166966B CN103166966B (en) | 2015-12-09 |
Family
ID=48589705
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310072219.8A Active CN103166966B (en) | 2013-03-07 | 2013-03-07 | Identify the method to the unauthorized access request of website and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103166966B (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104023033A (en) * | 2014-06-24 | 2014-09-03 | 浪潮电子信息产业股份有限公司 | Safety production method for cloud services |
| CN105306465A (en) * | 2015-10-30 | 2016-02-03 | 新浪网技术(中国)有限公司 | Website secure access realization method and apparatus |
| CN106326419A (en) * | 2016-08-24 | 2017-01-11 | 腾讯科技(深圳)有限公司 | Network automaton machine processing method and device |
| CN107395553A (en) * | 2016-05-17 | 2017-11-24 | 腾讯科技(深圳)有限公司 | A kind of detection method and device of network attack |
| CN107644166A (en) * | 2017-09-22 | 2018-01-30 | 成都知道创宇信息技术有限公司 | It is a kind of based on the WEB application safety protecting method learnt automatically |
| CN109379404A (en) * | 2018-09-14 | 2019-02-22 | 厦门天锐科技股份有限公司 | The method for effectively acting on behalf of forwarding data based on TDI driving and proxy server |
| CN109801092A (en) * | 2017-11-16 | 2019-05-24 | 腾讯科技(武汉)有限公司 | Resource security management method, device, computer equipment and storage medium |
| CN111107101A (en) * | 2019-12-30 | 2020-05-05 | 微梦创科网络科技(中国)有限公司 | Firewall system and method for multi-dimensional filtering request of nginx |
| CN112751900A (en) * | 2019-10-31 | 2021-05-04 | 北京京东尚科信息技术有限公司 | Network request processing method and device |
| CN114598687A (en) * | 2022-01-19 | 2022-06-07 | 深圳智游网安科技有限公司 | Method, system and terminal for capturing HTTPS data packet |
| CN115622776A (en) * | 2022-10-08 | 2023-01-17 | 浙江网商银行股份有限公司 | Data access method and device |
| CN116132502A (en) * | 2022-08-01 | 2023-05-16 | 马上消费金融股份有限公司 | Webpage access processing method and device and electronic equipment |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070136312A1 (en) * | 2005-12-12 | 2007-06-14 | Imperva, Inc | System and method for correlating between http requests and sql queries |
| CN101370008A (en) * | 2007-08-13 | 2009-02-18 | 杭州安恒信息技术有限公司 | System for real-time intrusion detection of SQL injection WEB attacks |
| CN102215222A (en) * | 2011-05-09 | 2011-10-12 | 北京艾普优计算机系统有限公司 | Website protection method and device |
| CN102664872A (en) * | 2012-03-05 | 2012-09-12 | 星云融创(北京)科技有限公司 | System used for detecting and preventing attack to server in computer network and method thereof |
-
2013
- 2013-03-07 CN CN201310072219.8A patent/CN103166966B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070136312A1 (en) * | 2005-12-12 | 2007-06-14 | Imperva, Inc | System and method for correlating between http requests and sql queries |
| CN101370008A (en) * | 2007-08-13 | 2009-02-18 | 杭州安恒信息技术有限公司 | System for real-time intrusion detection of SQL injection WEB attacks |
| CN102215222A (en) * | 2011-05-09 | 2011-10-12 | 北京艾普优计算机系统有限公司 | Website protection method and device |
| CN102664872A (en) * | 2012-03-05 | 2012-09-12 | 星云融创(北京)科技有限公司 | System used for detecting and preventing attack to server in computer network and method thereof |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104023033A (en) * | 2014-06-24 | 2014-09-03 | 浪潮电子信息产业股份有限公司 | Safety production method for cloud services |
| CN105306465B (en) * | 2015-10-30 | 2019-01-18 | 新浪网技术(中国)有限公司 | Web portal security accesses implementation method and device |
| CN105306465A (en) * | 2015-10-30 | 2016-02-03 | 新浪网技术(中国)有限公司 | Website secure access realization method and apparatus |
| CN107395553A (en) * | 2016-05-17 | 2017-11-24 | 腾讯科技(深圳)有限公司 | A kind of detection method and device of network attack |
| CN106326419B (en) * | 2016-08-24 | 2020-06-12 | 腾讯科技(深圳)有限公司 | Network automata processing method and device |
| CN106326419A (en) * | 2016-08-24 | 2017-01-11 | 腾讯科技(深圳)有限公司 | Network automaton machine processing method and device |
| CN107644166A (en) * | 2017-09-22 | 2018-01-30 | 成都知道创宇信息技术有限公司 | It is a kind of based on the WEB application safety protecting method learnt automatically |
| CN109801092A (en) * | 2017-11-16 | 2019-05-24 | 腾讯科技(武汉)有限公司 | Resource security management method, device, computer equipment and storage medium |
| CN109801092B (en) * | 2017-11-16 | 2023-09-08 | 腾讯科技(武汉)有限公司 | Resource security management method, device, computer equipment and storage medium |
| CN109379404A (en) * | 2018-09-14 | 2019-02-22 | 厦门天锐科技股份有限公司 | The method for effectively acting on behalf of forwarding data based on TDI driving and proxy server |
| CN109379404B (en) * | 2018-09-14 | 2022-04-01 | 厦门天锐科技股份有限公司 | Method for forwarding data based on TDI drive and effective proxy of proxy server |
| CN112751900A (en) * | 2019-10-31 | 2021-05-04 | 北京京东尚科信息技术有限公司 | Network request processing method and device |
| CN112751900B (en) * | 2019-10-31 | 2024-04-09 | 北京京东尚科信息技术有限公司 | Network request processing method and device |
| CN111107101A (en) * | 2019-12-30 | 2020-05-05 | 微梦创科网络科技(中国)有限公司 | Firewall system and method for multi-dimensional filtering request of nginx |
| CN114598687B (en) * | 2022-01-19 | 2024-02-23 | 深圳智游网安科技有限公司 | Grabbing method, system and terminal for HTTPS data packet |
| CN114598687A (en) * | 2022-01-19 | 2022-06-07 | 深圳智游网安科技有限公司 | Method, system and terminal for capturing HTTPS data packet |
| CN116132502A (en) * | 2022-08-01 | 2023-05-16 | 马上消费金融股份有限公司 | Webpage access processing method and device and electronic equipment |
| CN115622776A (en) * | 2022-10-08 | 2023-01-17 | 浙江网商银行股份有限公司 | Data access method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103166966B (en) | 2015-12-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103166966B (en) | Identify the method to the unauthorized access request of website and device | |
| CN103118035B (en) | Method and the device of analyzing web site access request parameters legal range | |
| CN110881044B (en) | Computer firewall dynamic defense security platform | |
| US6996845B1 (en) | Internet security analysis system and process | |
| CN104767757B (en) | Various dimensions safety monitoring method and system based on WEB service | |
| US10721245B2 (en) | Method and device for automatically verifying security event | |
| US10165005B2 (en) | System and method providing data-driven user authentication misuse detection | |
| CN109167754A (en) | A kind of network application layer security protection system | |
| CN106411578A (en) | Website monitoring system and method applicable to power industry | |
| US7917759B2 (en) | Identifying an application user as a source of database activity | |
| DE202013102441U1 (en) | System for checking digital certificates | |
| CN103888490A (en) | Automatic WEB client man-machine identification method | |
| KR101060612B1 (en) | Audit data based web attack event extraction system and method | |
| CN107612924A (en) | Attacker's localization method and device based on wireless network invasion | |
| CN106789352A (en) | A kind of exception flow of network detection method and device | |
| CN115134099B (en) | Network attack behavior analysis method and device based on full flow | |
| CN106713318B (en) | WEB site safety protection method and system | |
| CN107800686A (en) | A kind of fishing website recognition methods and device | |
| CN107733902A (en) | A kind of monitoring method and device of target data diffusion process | |
| CN111404937B (en) | Method and device for detecting server vulnerability | |
| CN104954345A (en) | Attack recognition method based on object analysis and device thereof | |
| CN103312692B (en) | Chained address safety detecting method and device | |
| RU2659482C1 (en) | Protection of web applications with intelligent network screen with automatic application modeling | |
| CN113742631B (en) | CDN-based website picture anti-theft chain method | |
| CN116015800A (en) | Scanner identification method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20151110 Address after: 100080, room 10, building 1, 3 Haidian Avenue, Beijing,, Haidian District Applicant after: Xingyun Rongchuang (Beijing) Technology Co.,Ltd. Address before: 100080 Beijing City, Haidian District Haidian Street No. 3 electronic market office building A block 10 layer Applicant before: Xingyun Rongchuang (Beijing) Information Technology Co.,Ltd. |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100080 room 1001-029, 10 / F, building 1, 3 Haidian Street, Haidian District, Beijing Patentee after: Kunlun core (Beijing) Technology Co.,Ltd. Address before: 100080 room 1001-029, 10 / F, building 1, 3 Haidian Street, Haidian District, Beijing Patentee before: Xingyun Rongchuang (Beijing) Technology Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220329 Address after: 401331 2-98, No. 37-100, Jingyang Road, Huxi street, Shapingba District, Chongqing Patentee after: Chongqing Yunliu Future Technology Co.,Ltd. Address before: 100080 room 1001-029, 10 / F, building 1, 3 Haidian Street, Haidian District, Beijing Patentee before: Kunlun core (Beijing) Technology Co.,Ltd. |