CN107241451B - Interference method, apparatus and system are distorted based on content distributing network - Google Patents
Interference method, apparatus and system are distorted based on content distributing network Download PDFInfo
- Publication number
- CN107241451B CN107241451B CN201710661039.1A CN201710661039A CN107241451B CN 107241451 B CN107241451 B CN 107241451B CN 201710661039 A CN201710661039 A CN 201710661039A CN 107241451 B CN107241451 B CN 107241451B
- Authority
- CN
- China
- Prior art keywords
- cdn
- response message
- static file
- tampered
- fringe node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/568—Storing data temporarily at an intermediate stage, e.g. caching
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
- H04L67/568—Storing data temporarily at an intermediate stage, e.g. caching
- H04L67/5682—Policies or rules for updating, deleting or replacing the stored data
Abstract
The invention discloses a kind of to distort interference method, apparatus and system based on content distributing network, wherein this method comprises: CDN fringe node receives the request message of user terminal, request message requests are request static files;It determines the source station of Hui Yuan and initiates back source request;It receives response message and issues user terminal;Judge whether the static file in response message is tampered;If be not tampered with, caching static file;If be tampered, not caching static file, when being connected to the message for requesting the static file again, re-initiate back source request, if what source station returned is to cache the static file of the normal response without distorting between normal response and source station and CDN fringe node, tamper recovery is realized.CDN fringe node can find that in time file is tampered by judgement in the present invention, and not cache the file being tampered, and user requests this document that can carry out tamper recovery, shorten the time of tamper recovery next time.
Description
Technical field
It is the present invention relates to data are anti-tamper and tamper recovery technical field, in particular to a kind of based on content distributing network
Distort interference method, apparatus and system.
Background technique
Content interpolation-preventing technology based on content distributing network (Content Delivery Network, referred to as CDN)
Basic thought be, user request in CDN network head response without Cache-Control:no-cache or no-store or
The file of private or max-age=0, that is, the static file for being buffered in CDN fringe node (are to this kind of short title below
Static file) when, if static file responds the unexpected content of user by malice insertion code snippet or file fragment at this time,
Such as advertisement pop-up.
Steps are as follows for current content interpolation-preventing recovery scheme:
(1) when user requests the static file newly issued of source station or has expired static file, CDN fringe node needs
Carry out back source request;
(2) which specific source station is selected back by the source station monitoring module of CDN fringe node, CDN fringe node is to the source
It stands and initiates back source request;
(3) source station normal response;
(4) response is returned to user by CDN fringe node, and caches corresponding file, regardless of whether this document is maliciously usurped
Change.
(5) if this document is maliciously tampered, before this document is expired, if there is user requests this document, then
This document of caching is directly sent to user by CDN fringe node, that is, what user received is still the file being tampered.Such as
Fruit CDN fringe node determines that this document is expired, has user to request this document, then CDN fringe node initiates go back to source request, and source station
Malice does not occur between CDN fringe node to distort, at this time tamper recovery, user response is normal, that is, user can receive
To the file not being maliciously tampered.
The anti-tamper recovery scheme of above content is suffered from the drawback that regardless of the static file of request is usurped with the presence or absence of malice
Change, CDN fringe node caches the static file.If there is maliciously distorting, then only Hui Yuan is asked again after caching expired
It asks, when source station provides normal response, maliciously distorts and just restore, while expired time cannot be reset, entire recovery process, no
It is able to achieve rapid recovery, is determining to cache not out of date this period, what the request of all pairs of this documents returned is all that malice is usurped
File after changing extends the time of failure, exacerbates the influence of failure.Such as common webpage or store are accessed, discovery is wide
It accuses pop-up to always exist, influences user experience;If the file cache time of this null response is 1 day, after at least waiting 1 day
It caches expired and has user that this document is requested to be possible to restore normal.
Summary of the invention
It needs pending file is expired to be likely to realize to solve tamper recovery in the prior art, influences asking for user experience
Topic, the embodiment of the invention provides a kind of to distort interference method, apparatus and system based on content distributing network.
According to an aspect of an embodiment of the present invention, provide it is a kind of interference method is distorted based on content distributing network,
Include:
Content distributing network CDN fringe node receives the request message of user terminal, wherein the request message requests
It is static file;
The CDN fringe node determines the source station of Hui Yuan, and initiates back source request;
The CDN fringe node receives the response message of the source station, and the response message is sent to the user
Terminal;
Whether the static file in response message described in the CDN flange node judges is tampered;
If be not tampered with, the static file is cached;
If be tampered, the static file is not cached, when receiving the message for requesting the static file again,
The CDN fringe node re-initiates back source request, if that source station return is normal response and the source station and the CDN
Without generation is distorted between fringe node, the CDN fringe node caches the static file of the normal response, and realization is distorted extensive
It is multiple.
Further, whether the static file in response message described in the CDN flange node judges is tampered, comprising:
The CDN fringe node obtains at least two the First Eigenvalues from corresponding at least two response message respectively;
Whether at least two the First Eigenvalues described in the CDN flange node judges are consistent;
If consistent, it is determined that the static file is not tampered with;
If it is inconsistent, determining that the static file is tampered.
Further, further includes: when whether at least two the First Eigenvalues described in the CDN flange node judges are consistent,
First judge whether it is to receive the request message for requesting the static file for the first time.
Further, whether the static file in response message described in the CDN flange node judges is tampered, comprising:
The CDN fringe node extracts the Second Eigenvalue carried in the response message, wherein the Second Eigenvalue
Static file described in unique identification;
The CDN fringe node utilizes the calculation method negotiated with the source station, is calculated according to the response message
Third feature value;
Whether Second Eigenvalue described in the CDN flange node judges and the third feature value are consistent;
If consistent, it is determined that the static file is not tampered with;
If it is inconsistent, determining that the static file is tampered.
Further, whether the static file in response message described in the CDN flange node judges is tampered, comprising:
The calculation method of the negotiation is to utilize the calculation method negotiated in advance with the CDN system by the source station.
Further, if there are multiple CDN nodes, the edge CDN sections between the source station and the user terminal
The response message is sent to the user terminal and includes: by point
The CDN fringe node using the default proprietary protocol between the multiple CDN node to the response message into
Row processing;
The CDN fringe node transmits treated the response message by the multiple CDN node;
When the CDN fringe node of subscriber terminal side receives treated the response message, the default private is utilized
Having agreement, treated that response message is restored to described, and the response message of reduction is sent to the user terminal.
Other side according to an embodiment of the present invention, provide it is a kind of based on content distributing network distorting intervention dress
It sets, is applied to content distributing network CDN fringe node, described device includes:
Receiving unit, for receiving the request message of user terminal, and the response message of the reception source station;
Source unit is returned, for determining the source station of Hui Yuan, and initiates back source request;
First transmission unit, for the response message to be sent to the user terminal;
Whether judging unit, the static file for judging in the response message are tampered;
Cache unit, in the case where being not tampered with, caching the static file;
Processing unit, for not caching the static file in the case where being tampered, when being received described in request again
When the message of static file, re-initiate it is described return source request, if the source station return be normal response and the source station with
Without generation is distorted between the CDN fringe node, the static file of the normal response is cached, realizes tamper recovery.
Further, it is applied to content distributing network CDN fringe node, described device includes:
The receiving unit includes the first receiving unit and the second receiving unit, wherein first receiving unit is used for
Receive the request message of user terminal;Second receiving unit is used to receive the response message of the source station.
Further, the judging unit includes:
First judgment module, for judging whether it is to receive the request message for requesting the static file for the first time;
Module is obtained, for obtaining at least two the First Eigenvalues from the response message;
Second judgment module, for judging whether at least two the First Eigenvalue is consistent;
First determining module, for determining that the static file is not tampered under unanimous circumstances;And inconsistent
In the case where, determine that the static file is tampered.
Further, the judging unit is for judging whether it is to receive that the request of the static file is requested to disappear for the first time
Breath;At least two the First Eigenvalues are obtained from the response message and judge at least two the First Eigenvalue whether one
It causes;And it for determining that the static file is not tampered with, and in the case of inconsistencies under unanimous circumstances, determines
The static file is tampered.
Further, the judging unit includes:
Extraction module, for extracting the Second Eigenvalue carried in the response message, wherein the Second Eigenvalue is only
The one mark static file;
Computing module is calculated the according to the response message for using the calculation method negotiated with the source station
Three characteristic values, the calculation method are to utilize the calculation method negotiated in advance with CDN system by the source station;
Third judgment module, for judging whether the Second Eigenvalue and the third feature value are consistent;
Second determining module, for determining that the static file is not tampered under unanimous circumstances;And inconsistent
In the case where, determine that the static file is tampered.
Further, the judging unit is for extracting the Second Eigenvalue carried in the response message, wherein described
Static file described in Second Eigenvalue unique identification;For utilizing the calculation method negotiated with the source station, according to the response
Third feature value is calculated in message, and the calculation method is to utilize the calculating side negotiated in advance with CDN system by the source station
Method;For judging whether the Second Eigenvalue and the third feature value are consistent;And for determining under unanimous circumstances
The static file is not tampered with, and in the case of inconsistencies, determines that the static file is tampered.
Further, first transmission unit includes:
Processing module, for, there are in the case where multiple CDN nodes, being utilized between the source station and the user terminal
Default proprietary protocol between the multiple CDN node handles the response message, and treated, and response message cannot
It is identified by other equipment;
Transmission module, for transmitting treated the response message by the multiple CDN node;
Recovery module, when receiving treated the response message for the CDN fringe node as subscriber terminal side,
Using the default proprietary protocol, treated that response message is restored to described, and the response message of reduction is sent to institute
State user terminal.
Another aspect according to an embodiment of the present invention, provide it is a kind of based on content distributing network distorting intervention system
System, comprising: user terminal, content distributing network CDN fringe node and source station, wherein
The user terminal, for sending request message, wherein the request message requests is static file;
The CDN fringe node includes described distorting tampering devic based on content distributing network;
The source station includes:
Third receiving unit is requested for receiving the source of going back to that the CDN fringe node is sent;
Second transmission unit, for sending response message to the CDN fringe node.
Further, the source station further include:
Computing unit, for unique identification to be calculated using the calculation method negotiated in advance with the CDN fringe node
The characteristic value of the static file, and the characteristic value is placed in the response message.
Whether the technical solution of the embodiment of the present invention is maliciously tampered by CDN flange node judges file, is such as meant no harm
It distorts, then normal cache file, if any maliciously distorting, does not then cache this document and needed when subsequent user continues to access this file
The source of returning re-requests, and when source station responds, normal and nothing distorts generation between source station and CDN fringe node, at this time tamper recovery.CDN
Fringe node can find that in time file is maliciously tampered by judgement, and not cache the file being maliciously tampered;Without equal slow
Being stored to the phase just carries out the recovery distorted of malice, as long as user requests this document that can carry out the recovery that malice is distorted next time, shortens
Time of tamper recovery, abnormal data is restored in time, guarantees user experience.In addition, by preset proprietary protocol more
The data that transmission cannot be identified by other equipment between a CDN node guarantee that the content transmitted between CDN node will not be by malice
It distorts, while can effectively be directed to Network status time update congestion policies, improve transmission speed and stability, guarantee user
Experience.
Detailed description of the invention
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment
Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for
For those of ordinary skill in the art, without creative efforts, it can also be obtained according to these attached drawings other
Attached drawing.
Fig. 1 is the flow chart provided in an embodiment of the present invention that distort interference method based on content distributing network;
Fig. 2 is the structural block diagram provided in an embodiment of the present invention that distort tampering devic based on content distributing network;
Fig. 3 is the structural block diagram provided in an embodiment of the present invention that distort interfering system based on content distributing network;
Fig. 4 is the schematic diagram provided in an embodiment of the present invention that distort interfering system based on content distributing network.
Specific embodiment
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with attached drawing to embodiment party of the present invention
Formula is described in further detail.
Interference method is distorted based on content distributing network the embodiment of the invention provides a kind of, as shown in Figure 1, this method
Include the following steps S101 to step S106.It should be noted that in the embodiment of the present invention distorting intervention include distort prevention with
And tamper recovery, in other words, the embodiment of the present invention can not only prevent static file and be tampered, and can will be tampered
Static file is restored.
Step S101, CDN fringe node receives the request message of user terminal, and wherein the request message requests is static
File;Static file in the present embodiment can be the static file that source station is newly issued or caching has expired static file;
Step S102, CDN fringe node determines the source station of Hui Yuan, and initiates back source request;Specifically, can be by the side CDN
Which source station the source station monitoring module of edge node determines go back to;
Step S103, CDN fringe node receives the response message of source station, and response message is sent to user terminal;
Whether the static file in step S104, CDN flange node judges response message is tampered;
Step S105, if be not tampered with, caching static file;
Step S106, if be tampered, not caching static file, when receiving the message for requesting the static file again
When, CDN fringe node re-initiates back source request, if source station return is between normal response and source station and CDN fringe node
Without generation is distorted, CDN fringe node caches the static file of the normal response, realizes tamper recovery.
The method of above-described embodiment, the static file or caching that user requests source station newly to be issued have expired static file
When, the increase of CDN fringe node judges the step of whether file is maliciously tampered, and such as means no harm and distorts, then normal cache file, such as
There is malice to distort, then do not cache this document, when subsequent user continues to access this file, source is needed back to re-request, when source station is rung
It answers normally and nothing distorts generation between source station and CDN fringe node, at this time tamper recovery.CDN fringe node can by judgement
Discovery file is maliciously tampered in time, and does not cache the file being maliciously tampered;It expires without equal cachings and just carries out maliciously distorting
Recovery shorten the time of tamper recovery, in time as long as user requests this document that can carry out the recovery distorted of malice next time
Abnormal data is restored, guarantees user experience.
The embodiment of the invention provides the method whether following two CDN flange node judges static file is tampered, under
Face is illustrated respectively.
(1) repeatedly determine the characteristic value obtained from response message, the specific steps are as follows: whether is CDN flange node judges
It is to receive the request message for requesting the static file for the first time;If it is not, then CDN fringe node is respectively from corresponding at least two
At least two the First Eigenvalues are obtained in a response message;CDN flange node judges this at least two the First Eigenvalues whether one
It causes;If consistent, it is determined that static file is not tampered with;If it is inconsistent, determining that static file is tampered.
This method is based on probability statistics, that is, it is accidental and not expectable to distort phenomenon.If CDN fringe node receives for the first time
The request message of the static file is requested, then according to this method, does not cache the static file of acquisition, and subsequent user is waited to request
The static file obtains the static file to go back to source again, to judge whether this characteristic value two or more times is consistent.
Specifically, above-mentioned the First Eigenvalue can be MD5 value (the Message Digest Algorithm of static file
MD5, i.e. Message Digest Algorithm 5) or other changed values of meeting after static file is tampered, so as to
In time by the variation of this feature value, determine that static file is tampered.
Judge whether static file is tampered using this method, shortens the recovery time of file exception, such as when caching
Between be 1 day file, do not need it is 1 day equal after just carry out the recovery that malice is distorted, as long as user request next time this document i.e. into
The recovery that row malice is distorted, greatly reduces the time of data recovery.
(2) a kind of calculation method is negotiated in CDN fringe node and source station, and CDN fringe node and source station utilize the calculating side
Method calculates characteristic value, and whether the value that CDN fringe node compares the value of itself calculating and source station calculates is consistent, to confirm file only
One property.Specific step is as follows: CDN fringe node extracts the Second Eigenvalue carried in response message, wherein Second Eigenvalue is only
One mark static file is calculated by source station using the calculation method negotiated in advance with CDN fringe node;CDN fringe node
Using the calculation method, third feature value is calculated in message according to response;CDN flange node judges Second Eigenvalue and third
Whether characteristic value is consistent;If consistent, it is determined that static file is not tampered with;If it is inconsistent, determining that static file is usurped
Change.
Specifically, the Second Eigenvalue that source station calculates can carry in head response.For example, Second Eigenvalue and third are special
Value indicative can be what basis was calculated from the len information and file MD5 value of the acquisition of the http head of response message.
This method based on the calculation method negotiated in advance, if the value that value and source station that CDN fringe node calculates calculate
It is inconsistent, then judge that static file is tampered, does not cache the static file, when subsequent user continues to request access to this file,
Repeat above-mentioned go back to source and judge whether the process being tampered, is worth until two unanimously, just caches this document.Use we
Method judges whether static file is tampered, and can uniquely confirm, guarantees that CDN fringe node will not cache the file being maliciously tampered,
Substantially reduce the tamper recovery time.
In actual network environment, there may be multiple CDN nodes, user's demand files between source station and user terminal
During returning source acquisition file to CDN fringe node, the transmission by this multiple CDN node, link between CDN node are needed
Uncontrollable, there is also the possibility to tamper with a document.
Under the circumstances, the preferred embodiment of the present invention provide the file that prevents from transmitting between CDN node will not be by
The implementation method distorted, specifically, it includes: that CDN fringe node utilizes that response message is sent to user terminal by CDN fringe node
Default proprietary protocol between multiple CDN nodes handles response message, and treated, and response message cannot be set by other
Standby identification;By treated, response message is transmitted CDN fringe node by multiple CDN nodes;As the CDN of subscriber terminal side
When fringe node receives that treated response message, using default proprietary protocol, to treated, response message is restored,
And the response message of reduction is sent to user terminal.
This preferred embodiment is carried out data transmission between multiple CDN nodes by preset proprietary protocol, can intuitively be managed
For solution to have built tunnel between multiple CDN nodes, content is externally shown as messy code in tunnel, i.e., cannot be identified by other equipment.
It is possible thereby to guarantee that the content transmitted between CDN node will not be maliciously tampered, at the same can effectively for Network status and
Shi Xiugai congestion policies improve transmission speed and stability, guarantee user experience.In addition, in conjunction with it is above-mentioned judge file whether by
The method (1) distorted or (2) can guarantee that content will not be maliciously tampered by link entirely.
Tampering devic is distorted based on content distributing network the embodiment of the invention also provides a kind of, is applied to the edge CDN
Node, can be used to implement it is above-mentioned distort interference method, specific implementation details can refer to above method embodiment.As shown in Fig. 2,
The device includes: the first receiving unit 21, returns source unit 22, the second receiving unit 23, the first transmission unit 24, judging unit
25, cache unit 26 and processing unit 27.
First receiving unit 21, for receiving the request message of user terminal, wherein the request message requests is source station
The static file or caching newly issued have expired static file;
Source unit 22 is returned, the first receiving unit 21 is connected to, for determining the source station of Hui Yuan, and initiates back source request;
Second receiving unit 23, is connected to back source unit 22, for receiving the response message of source station;
First transmission unit 24 is connected to the second receiving unit 23, for response message to be sent to user terminal;
Judging unit 25 is connected to the second receiving unit 23, for judging whether the static file in response message is usurped
Change;
Cache unit 26 is connected to judging unit 25, in the case where being not tampered with, caching static file;
Processing unit 27 is connected to judging unit 25, in the case where being tampered, not caching static file, when again
It is secondary receive request the static file message when, re-initiate back source request, if source station return be normal response and source station
Without generation is distorted between CDN fringe node, the static file of the normal response is cached, realizes tamper recovery.
It should be noted that the first receiving unit 21 and the second receiving unit 23 in the embodiment of the present invention can also merge
As a receiving unit, the request message of user terminal is received by the receiving unit after the merging, and receives source station
Response message;Receiving unit after also can be regarded as the merging at this time includes the first receiving unit 21 and the second receiving unit
23.Therefore, if the first receiving unit 21 and the second receiving unit 23 are merged into a receiving unit, it can be according to actual needs
It is set, this is not limited by the present invention.
The device of above-described embodiment, CDN fringe node can find that in time file is maliciously tampered by judgement, and not delay
Deposit the file being maliciously tampered;It expires without equal cachings and just carries out the recovery that malice is distorted, as long as user requests this document next time
The recovery that malice is distorted can be carried out, the time of tamper recovery is shortened, in time restores abnormal data, guarantees user experience.
In one embodiment, judging unit 25 includes: first judgment module, for judging whether it is to receive to ask for the first time
Seek the request message of static file;Module is obtained, first judgment module is connected to, for not being for the first time in received situation,
At least two the First Eigenvalues are obtained from corresponding at least two response message respectively;Second judgment module is connected to acquisition
Module, for judging whether at least two the First Eigenvalues are consistent;First determining module is connected to the second judgment module, is used for
Under unanimous circumstances, determine that static file is not tampered with;And in the case of inconsistencies, determine that static file is tampered.
Judging unit 25 in the present embodiment is suitable for the above-mentioned method (2) for judging static file and whether being tampered.
Judge that the judging unit 25 method (3) that whether static file is tampered includes: extraction module suitable for above-mentioned,
For extracting the Second Eigenvalue carried in response message, wherein Second Eigenvalue unique identification static file is utilized by source station
The calculation method negotiated in advance with CDN fringe node is calculated;Computing module disappears according to response for utilizing calculation method
Third feature value is calculated in breath;Third judgment module, is connected to computing module and extraction module, for judging Second Eigenvalue
It is whether consistent with third feature value;Second determining module is connected to third judgment module, for determining under unanimous circumstances
Static file is not tampered with;And in the case of inconsistencies, determine that static file is tampered.
It should be noted that the judging unit 25 in the embodiment of the present invention can not also include first judgment module, second
Judgment module and the first determining module, and directly judge whether it is to receive request static file for the first time by judging unit 25
Request message;At least two the First Eigenvalues are obtained from response message and judge whether at least two the First Eigenvalues are consistent;
And for determining that static file is not tampered with, and in the case of inconsistencies, determine static file under unanimous circumstances
It is tampered.
Moreover, it is judged that unit 25 can not also include that extraction module, computing module, third judgment module and second are true
Cover half block, and the Second Eigenvalue carried in the response message is directly extracted by judging unit 25, wherein Second Eigenvalue
Static file described in unique identification;Using the calculation method negotiated with source station, third feature value is calculated in message according to response,
The calculation method is to utilize the calculation method negotiated in advance with CDN system by source station;Judge Second Eigenvalue and third feature value
It is whether consistent;And for determining that static file is not tampered with, and in the case of inconsistencies, really under unanimous circumstances
The fixed static file is tampered.
Therefore, judging unit 25 whether include first judgment module, the second judgment module, the first determining module, modulus block,
Computing module, third judgment module and the second determining module, can be set, the present invention does not make this according to actual needs
It limits.
Preferably, the first transmission unit 24 includes: processing module, for there are multiple between source station and user terminal
In the case where CDN node, response message is handled using the default proprietary protocol between multiple CDN nodes, treated
Response message cannot be identified by other equipment;Transmission module is connected to processing module, for by treated, response message to pass through
Multiple CDN nodes are transmitted;Recovery module receives that treated for the CDN fringe node as subscriber terminal side and rings
When answering message, using default proprietary protocol, to treated, response message is restored, and the response message of reduction is sent to
User terminal.It can guarantee that the content transmitted between CDN node will not be maliciously tampered in this way.
Interfering system is distorted based on content distributing network the embodiment of the invention also provides a kind of, as shown in figure 3, this is
System includes: user terminal 10, CDN fringe node 20 and source station 30.
User terminal 10, for sending request message, wherein the request message requests is that the static state that source station is newly issued is literary
Part or caching have expired static file;
CDN fringe node 20 is connected to user terminal 10, including described in above-described embodiment based on content distributing network
Distort tampering devic;
Source station 30 is connected to CDN fringe node 20, comprising: third receiving unit 31, for receiving CDN fringe node 20
What is sent returns source request;Second transmission unit 32, is connected to third receiving unit 31, rings for sending to CDN fringe node 20
Answer message.
The system of above-described embodiment, CDN fringe node can find that in time file is maliciously tampered by judgement, and not delay
Deposit the file being maliciously tampered;It expires without equal cachings and just carries out the recovery that malice is distorted, as long as user requests this document next time
The recovery that malice is distorted can be carried out, the time of tamper recovery is shortened, in time restores abnormal data, guarantees user experience.
Preferably, source station 30 can also include: computing unit, be connected to third receiving unit 31, for using in advance with
The characteristic value of unique identification static file is calculated in the calculation method that CDN fringe node is negotiated, and this feature value is placed in sound
It answers in message.
The solution of the present invention is described in detail below with reference to Fig. 4.
As shown in figure 4, there are multiple CDN nodes between user terminal 10 and source station 30, user requests static file, user
Terminal 10 transmit a request to CDN fringe node 20A, CDN fringe node 20A by presetting proprietary protocol to CDN fringe node 20B
Forward the request;CDN fringe node 20B goes back to source station 30 and obtains static file, judges static text using the above method (1) or (2)
Whether part is tampered, and to decide whether to cache this document, and response is sent to CDN fringe node by default proprietary protocol
20A。
If it is judged that static file is tampered, then CDN fringe node 20B does not cache the static file, CDN fringe node
20A handles the response received, obtains the static file that user terminal 10 can identify, which is returned to
User terminal 10, while the static file is not cached, subsequent user accesses this document, still carries out back source request.
If it is judged that static file is not tampered with, then CDN fringe node 20B caches the static file.CDN fringe node
20A handles the response received, obtains the static file that user terminal 10 can identify, which is returned to
User terminal 10, while by response buffer, subsequent user continues to access, then caching is directly responded to user.
The apparatus embodiments described above are merely exemplary, wherein described, unit can as illustrated by the separation member
It is physically separated with being or may not be, component shown as a unit may or may not be physics list
Member, it can it is in one place, or may be distributed over multiple network units.It can be selected according to the actual needs
In some or all of the modules achieve the purpose of the solution of this embodiment.Those of ordinary skill in the art are not paying creativeness
Labour in the case where, it can understand and implement.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment can
It realizes by means of software and necessary general hardware platform, naturally it is also possible to pass through hardware.Based on this understanding, on
Stating technical solution, substantially the part that contributes to existing technology can be embodied in the form of software products in other words, should
Computer software product may be stored in a computer readable storage medium, such as ROM/RAM, magnetic disk, CD, including several fingers
It enables and using so that a computer equipment (can be personal computer, server or the network equipment etc.) executes each implementation
Method described in certain parts of example or embodiment.
The foregoing is merely presently preferred embodiments of the present invention, is not intended to limit the invention, it is all in spirit of the invention and
Within principle, any modification, equivalent replacement, improvement and so on be should all be included in the protection scope of the present invention.
Claims (15)
1. a kind of distort interference method based on content distributing network characterized by comprising
Content distributing network CDN fringe node receives the request message of user terminal, wherein the request message requests is quiet
State file;
The CDN fringe node determines the source station of Hui Yuan, and initiates back source request;
The CDN fringe node receives the response message of the source station, and the response message is sent to the user terminal;
Whether the static file in response message described in the CDN flange node judges is tampered;
If be not tampered with, the static file is cached;
If be tampered, the static file is not cached, it is described when receiving the message for requesting the static file again
CDN fringe node re-initiates back source request, if source station return is normal response and the source station and the edge CDN
Without generation is distorted between node, the CDN fringe node caches the static file of the normal response, realizes tamper recovery.
2. distorting interference method based on content distributing network as described in claim 1, which is characterized in that the edge CDN
Node judges whether the static file in the response message is tampered, comprising:
The CDN fringe node obtains at least two the First Eigenvalues from corresponding at least two response message respectively;
Whether at least two the First Eigenvalues described in the CDN flange node judges are consistent;
If consistent, it is determined that the static file is not tampered with;
If it is inconsistent, determining that the static file is tampered.
3. distorting interference method based on content distributing network as claimed in claim 2, which is characterized in that further include:
When whether at least two the First Eigenvalues described in the CDN flange node judges are consistent, first judge whether it is to receive for the first time
To the request message for requesting the static file.
4. distorting interference method based on content distributing network as described in claim 1, which is characterized in that the edge CDN
Node judges whether the static file in the response message is tampered, comprising:
The CDN fringe node extracts the Second Eigenvalue carried in the response message, wherein the Second Eigenvalue is unique
Identify the static file;
The CDN fringe node utilizes the calculation method negotiated with the source station, and third is calculated according to the response message
Characteristic value;
Whether Second Eigenvalue described in the CDN flange node judges and the third feature value are consistent;
If consistent, it is determined that the static file is not tampered with;
If it is inconsistent, determining that the static file is tampered.
5. distorting interference method based on content distributing network as claimed in claim 4, which is characterized in that the edge CDN
Node judges whether the static file in the response message is tampered, comprising:
The calculation method of the negotiation is to utilize the calculation method negotiated in advance with CDN system by the source station.
6. distorting interference method based on content distributing network as described in any one of claims 1 to 5, which is characterized in that
If there are multiple CDN nodes between the source station and the user terminal, the CDN fringe node sends out the response message
Giving the user terminal includes:
The CDN fringe node using the default proprietary protocol between the multiple CDN node to the response message at
Reason;
The CDN fringe node transmits treated the response message by the multiple CDN node;
When the CDN fringe node of subscriber terminal side receives treated the response message, privately owned association is preset using described
Treated that response message is restored to described for view, and the response message of reduction is sent to the user terminal.
7. a kind of distort tampering devic based on content distributing network, it is applied to content distributing network CDN fringe node, feature
It is, described device includes:
Receiving unit, for receiving the request message of user terminal, and the response message of reception source station;
Source unit is returned, for determining the source station of Hui Yuan, and initiates back source request;
First transmission unit, for the response message to be sent to the user terminal;
Whether judging unit, the static file for judging in the response message are tampered;
Cache unit, in the case where being not tampered with, caching the static file;
Processing unit requests the static state when receiving again for not caching the static file in the case where being tampered
When the message of file, re-initiate it is described return source request, if the source station return be normal response and the source station with it is described
Without generation is distorted between CDN fringe node, the static file of the normal response is cached, realizes tamper recovery.
8. distorting tampering devic based on content distributing network as claimed in claim 7, it is applied to the side content distributing network CDN
Edge node, which is characterized in that described device includes:
The receiving unit includes the first receiving unit and the second receiving unit, wherein first receiving unit is for receiving
The request message of user terminal;Second receiving unit is used to receive the response message of the source station.
9. distorting tampering devic based on content distributing network as claimed in claim 7, which is characterized in that the judging unit
Include:
First judgment module, for judging whether it is to receive the request message for requesting the static file for the first time;
Module is obtained, for obtaining at least two the First Eigenvalues from the response message;
Second judgment module, for judging whether at least two the First Eigenvalue is consistent;
First determining module, for determining that the static file is not tampered under unanimous circumstances;And in inconsistent feelings
Under condition, determine that the static file is tampered.
10. distorting tampering devic based on content distributing network as claimed in claim 7, which is characterized in that the judgement is single
Member is for judging whether it is to receive the request message for requesting the static file for the first time;It is obtained at least from the response message
Two the First Eigenvalues simultaneously judge whether at least two the First Eigenvalue is consistent;And be used under unanimous circumstances, really
The fixed static file is not tampered with, and in the case of inconsistencies, determines that the static file is tampered.
11. distorting tampering devic based on content distributing network as claimed in claim 7, which is characterized in that the judgement is single
Member includes:
Extraction module, for extracting the Second Eigenvalue carried in the response message, wherein the Second Eigenvalue is uniquely marked
Know the static file;
Computing module, for third spy to be calculated according to the response message using the calculation method negotiated with the source station
Value indicative, the calculation method are to utilize the calculation method negotiated in advance with CDN system by the source station;
Third judgment module, for judging whether the Second Eigenvalue and the third feature value are consistent;
Second determining module, for determining that the static file is not tampered under unanimous circumstances;And in inconsistent feelings
Under condition, determine that the static file is tampered.
12. distorting tampering devic based on content distributing network as claimed in claim 7, which is characterized in that the judgement is single
Member is for extracting the Second Eigenvalue carried in the response message, wherein static state described in the Second Eigenvalue unique identification
File;It is described for third feature value to be calculated according to the response message using the calculation method negotiated with the source station
Calculation method is to utilize the calculation method negotiated in advance with CDN system by the source station;For judge the Second Eigenvalue with
Whether the third feature value is consistent;And for determining that the static file is not tampered under unanimous circumstances, and
In the case where inconsistent, determine that the static file is tampered.
13. distorting tampering devic based on content distributing network as described in any one of claim 7 to 12, feature exists
In first transmission unit includes:
Processing module, between the source station and the user terminal there are in the case where multiple CDN nodes, using described
Default proprietary protocol between multiple CDN nodes handles the response message, and treated, and response message cannot be by it
He identifies equipment;
Transmission module, for transmitting treated the response message by the multiple CDN node;
Recovery module utilizes when receiving treated the response message for the CDN fringe node as subscriber terminal side
Treated that response message is restored to described for the default proprietary protocol, and the response message of reduction is sent to the use
Family terminal.
14. a kind of distort interfering system based on content distributing network characterized by comprising user terminal, content delivery network
Network CDN fringe node and source station, wherein
The user terminal, for sending request message, wherein the request message requests is static file;
The CDN fringe node includes distorting intervention based on content distributing network described in any one of claim 7 to 11
Device;
The source station includes:
Third receiving unit is requested for receiving the source of going back to that the CDN fringe node is sent;
Second transmission unit, for sending response message to the CDN fringe node.
15. distorting interfering system based on content distributing network as claimed in claim 14, which is characterized in that the source station is also
Include:
Computing unit, for being calculated described in unique identification using the calculation method negotiated in advance with the CDN fringe node
The characteristic value of static file, and the characteristic value is placed in the response message.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710661039.1A CN107241451B (en) | 2017-08-04 | 2017-08-04 | Interference method, apparatus and system are distorted based on content distributing network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710661039.1A CN107241451B (en) | 2017-08-04 | 2017-08-04 | Interference method, apparatus and system are distorted based on content distributing network |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107241451A CN107241451A (en) | 2017-10-10 |
CN107241451B true CN107241451B (en) | 2019-07-16 |
Family
ID=59988661
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710661039.1A Active CN107241451B (en) | 2017-08-04 | 2017-08-04 | Interference method, apparatus and system are distorted based on content distributing network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107241451B (en) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110650166B (en) * | 2018-06-27 | 2022-06-28 | 中国电信股份有限公司 | Content distribution method and system |
CN112866310B (en) * | 2019-11-12 | 2022-03-04 | 北京金山云网络技术有限公司 | CDN back-to-source verification method and verification server, and CDN cluster |
CN112839070B (en) * | 2019-11-22 | 2023-08-22 | 北京金山云网络技术有限公司 | Data processing method and device and node equipment in CDN (content delivery network) |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102932358A (en) * | 2012-11-07 | 2013-02-13 | 网宿科技股份有限公司 | Third-party document-rewriting and rapid distribution method and device based on content distribution network |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9165154B2 (en) * | 2009-02-16 | 2015-10-20 | Microsoft Technology Licensing, Llc | Trusted cloud computing and services framework |
CN103368963A (en) * | 2013-07-15 | 2013-10-23 | 网宿科技股份有限公司 | HTTP message tamper-proofing method in content distribution network |
CN103986735B (en) * | 2014-06-05 | 2017-04-19 | 北京赛维安讯科技发展有限公司 | CDN (content distribution network) antitheft system and antitheft method |
CN105049486B (en) * | 2015-06-16 | 2019-03-26 | 腾讯科技(北京)有限公司 | Method for edition management, the apparatus and system of static file |
-
2017
- 2017-08-04 CN CN201710661039.1A patent/CN107241451B/en active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102932358A (en) * | 2012-11-07 | 2013-02-13 | 网宿科技股份有限公司 | Third-party document-rewriting and rapid distribution method and device based on content distribution network |
Also Published As
Publication number | Publication date |
---|---|
CN107241451A (en) | 2017-10-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102739411B (en) | The service of proof is provided | |
US20060010442A1 (en) | System and method for managing security meta-data in a reverse proxy | |
CN107241451B (en) | Interference method, apparatus and system are distorted based on content distributing network | |
US11416564B1 (en) | Web scraper history management across multiple data centers | |
CN106209948A (en) | A kind of data push method and device | |
CN105812255B (en) | Method and device for selecting return source line | |
CN112087644A (en) | Pull stream request processing method, device, system, electronic equipment and storage medium | |
CN107360122B (en) | Method and device for preventing malicious request | |
CN105959358A (en) | CDN server and method of CDN server of caching data | |
CN107580021A (en) | A kind of method and apparatus of file transmission | |
US20150006622A1 (en) | Web contents transmission method and apparatus | |
CN105009520A (en) | Method for delivering content in communication network and apparatus therefor | |
WO2022127319A1 (en) | Data refreshing method and apparatus, and electronic device and computer-readable storage medium | |
CN106411978B (en) | Resource caching method and device | |
US20190222582A1 (en) | Decentralized method of tracking user login status | |
EP4227828A1 (en) | Web scraping through use of proxies, and applications thereof | |
US20050246383A1 (en) | Web object access authorization protocol based on an HTTP validation model | |
US20230018983A1 (en) | Traffic counting for proxy web scraping | |
CN107249017B (en) | A kind of method and server obtaining HLS content by CDN network | |
US10326819B2 (en) | Method and apparatus for detecting access path | |
CN106790176B (en) | Method and system for accessing network | |
CN110417850B (en) | Software configuration acquisition method, system, server and medium | |
CN111490997A (en) | Task processing method, agent system, service system and electronic equipment | |
CN115967564B (en) | Data content protection method and storage medium | |
WO2023280593A1 (en) | Web scraping through use of proxies, and applications thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |