CN107241451B - Interference method, apparatus and system are distorted based on content distributing network - Google Patents

Interference method, apparatus and system are distorted based on content distributing network Download PDF

Info

Publication number
CN107241451B
CN107241451B CN201710661039.1A CN201710661039A CN107241451B CN 107241451 B CN107241451 B CN 107241451B CN 201710661039 A CN201710661039 A CN 201710661039A CN 107241451 B CN107241451 B CN 107241451B
Authority
CN
China
Prior art keywords
cdn
response message
static file
tampered
fringe node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710661039.1A
Other languages
Chinese (zh)
Other versions
CN107241451A (en
Inventor
王开辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wangsu Science and Technology Co Ltd
Original Assignee
Wangsu Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wangsu Science and Technology Co Ltd filed Critical Wangsu Science and Technology Co Ltd
Priority to CN201710661039.1A priority Critical patent/CN107241451B/en
Publication of CN107241451A publication Critical patent/CN107241451A/en
Application granted granted Critical
Publication of CN107241451B publication Critical patent/CN107241451B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/568Storing data temporarily at an intermediate stage, e.g. caching
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/568Storing data temporarily at an intermediate stage, e.g. caching
    • H04L67/5682Policies or rules for updating, deleting or replacing the stored data

Abstract

The invention discloses a kind of to distort interference method, apparatus and system based on content distributing network, wherein this method comprises: CDN fringe node receives the request message of user terminal, request message requests are request static files;It determines the source station of Hui Yuan and initiates back source request;It receives response message and issues user terminal;Judge whether the static file in response message is tampered;If be not tampered with, caching static file;If be tampered, not caching static file, when being connected to the message for requesting the static file again, re-initiate back source request, if what source station returned is to cache the static file of the normal response without distorting between normal response and source station and CDN fringe node, tamper recovery is realized.CDN fringe node can find that in time file is tampered by judgement in the present invention, and not cache the file being tampered, and user requests this document that can carry out tamper recovery, shorten the time of tamper recovery next time.

Description

Interference method, apparatus and system are distorted based on content distributing network
Technical field
It is the present invention relates to data are anti-tamper and tamper recovery technical field, in particular to a kind of based on content distributing network Distort interference method, apparatus and system.
Background technique
Content interpolation-preventing technology based on content distributing network (Content Delivery Network, referred to as CDN) Basic thought be, user request in CDN network head response without Cache-Control:no-cache or no-store or The file of private or max-age=0, that is, the static file for being buffered in CDN fringe node (are to this kind of short title below Static file) when, if static file responds the unexpected content of user by malice insertion code snippet or file fragment at this time, Such as advertisement pop-up.
Steps are as follows for current content interpolation-preventing recovery scheme:
(1) when user requests the static file newly issued of source station or has expired static file, CDN fringe node needs Carry out back source request;
(2) which specific source station is selected back by the source station monitoring module of CDN fringe node, CDN fringe node is to the source It stands and initiates back source request;
(3) source station normal response;
(4) response is returned to user by CDN fringe node, and caches corresponding file, regardless of whether this document is maliciously usurped Change.
(5) if this document is maliciously tampered, before this document is expired, if there is user requests this document, then This document of caching is directly sent to user by CDN fringe node, that is, what user received is still the file being tampered.Such as Fruit CDN fringe node determines that this document is expired, has user to request this document, then CDN fringe node initiates go back to source request, and source station Malice does not occur between CDN fringe node to distort, at this time tamper recovery, user response is normal, that is, user can receive To the file not being maliciously tampered.
The anti-tamper recovery scheme of above content is suffered from the drawback that regardless of the static file of request is usurped with the presence or absence of malice Change, CDN fringe node caches the static file.If there is maliciously distorting, then only Hui Yuan is asked again after caching expired It asks, when source station provides normal response, maliciously distorts and just restore, while expired time cannot be reset, entire recovery process, no It is able to achieve rapid recovery, is determining to cache not out of date this period, what the request of all pairs of this documents returned is all that malice is usurped File after changing extends the time of failure, exacerbates the influence of failure.Such as common webpage or store are accessed, discovery is wide It accuses pop-up to always exist, influences user experience;If the file cache time of this null response is 1 day, after at least waiting 1 day It caches expired and has user that this document is requested to be possible to restore normal.
Summary of the invention
It needs pending file is expired to be likely to realize to solve tamper recovery in the prior art, influences asking for user experience Topic, the embodiment of the invention provides a kind of to distort interference method, apparatus and system based on content distributing network.
According to an aspect of an embodiment of the present invention, provide it is a kind of interference method is distorted based on content distributing network, Include:
Content distributing network CDN fringe node receives the request message of user terminal, wherein the request message requests It is static file;
The CDN fringe node determines the source station of Hui Yuan, and initiates back source request;
The CDN fringe node receives the response message of the source station, and the response message is sent to the user Terminal;
Whether the static file in response message described in the CDN flange node judges is tampered;
If be not tampered with, the static file is cached;
If be tampered, the static file is not cached, when receiving the message for requesting the static file again, The CDN fringe node re-initiates back source request, if that source station return is normal response and the source station and the CDN Without generation is distorted between fringe node, the CDN fringe node caches the static file of the normal response, and realization is distorted extensive It is multiple.
Further, whether the static file in response message described in the CDN flange node judges is tampered, comprising:
The CDN fringe node obtains at least two the First Eigenvalues from corresponding at least two response message respectively;
Whether at least two the First Eigenvalues described in the CDN flange node judges are consistent;
If consistent, it is determined that the static file is not tampered with;
If it is inconsistent, determining that the static file is tampered.
Further, further includes: when whether at least two the First Eigenvalues described in the CDN flange node judges are consistent, First judge whether it is to receive the request message for requesting the static file for the first time.
Further, whether the static file in response message described in the CDN flange node judges is tampered, comprising:
The CDN fringe node extracts the Second Eigenvalue carried in the response message, wherein the Second Eigenvalue Static file described in unique identification;
The CDN fringe node utilizes the calculation method negotiated with the source station, is calculated according to the response message Third feature value;
Whether Second Eigenvalue described in the CDN flange node judges and the third feature value are consistent;
If consistent, it is determined that the static file is not tampered with;
If it is inconsistent, determining that the static file is tampered.
Further, whether the static file in response message described in the CDN flange node judges is tampered, comprising:
The calculation method of the negotiation is to utilize the calculation method negotiated in advance with the CDN system by the source station.
Further, if there are multiple CDN nodes, the edge CDN sections between the source station and the user terminal The response message is sent to the user terminal and includes: by point
The CDN fringe node using the default proprietary protocol between the multiple CDN node to the response message into Row processing;
The CDN fringe node transmits treated the response message by the multiple CDN node;
When the CDN fringe node of subscriber terminal side receives treated the response message, the default private is utilized Having agreement, treated that response message is restored to described, and the response message of reduction is sent to the user terminal.
Other side according to an embodiment of the present invention, provide it is a kind of based on content distributing network distorting intervention dress It sets, is applied to content distributing network CDN fringe node, described device includes:
Receiving unit, for receiving the request message of user terminal, and the response message of the reception source station;
Source unit is returned, for determining the source station of Hui Yuan, and initiates back source request;
First transmission unit, for the response message to be sent to the user terminal;
Whether judging unit, the static file for judging in the response message are tampered;
Cache unit, in the case where being not tampered with, caching the static file;
Processing unit, for not caching the static file in the case where being tampered, when being received described in request again When the message of static file, re-initiate it is described return source request, if the source station return be normal response and the source station with Without generation is distorted between the CDN fringe node, the static file of the normal response is cached, realizes tamper recovery.
Further, it is applied to content distributing network CDN fringe node, described device includes:
The receiving unit includes the first receiving unit and the second receiving unit, wherein first receiving unit is used for Receive the request message of user terminal;Second receiving unit is used to receive the response message of the source station.
Further, the judging unit includes:
First judgment module, for judging whether it is to receive the request message for requesting the static file for the first time;
Module is obtained, for obtaining at least two the First Eigenvalues from the response message;
Second judgment module, for judging whether at least two the First Eigenvalue is consistent;
First determining module, for determining that the static file is not tampered under unanimous circumstances;And inconsistent In the case where, determine that the static file is tampered.
Further, the judging unit is for judging whether it is to receive that the request of the static file is requested to disappear for the first time Breath;At least two the First Eigenvalues are obtained from the response message and judge at least two the First Eigenvalue whether one It causes;And it for determining that the static file is not tampered with, and in the case of inconsistencies under unanimous circumstances, determines The static file is tampered.
Further, the judging unit includes:
Extraction module, for extracting the Second Eigenvalue carried in the response message, wherein the Second Eigenvalue is only The one mark static file;
Computing module is calculated the according to the response message for using the calculation method negotiated with the source station Three characteristic values, the calculation method are to utilize the calculation method negotiated in advance with CDN system by the source station;
Third judgment module, for judging whether the Second Eigenvalue and the third feature value are consistent;
Second determining module, for determining that the static file is not tampered under unanimous circumstances;And inconsistent In the case where, determine that the static file is tampered.
Further, the judging unit is for extracting the Second Eigenvalue carried in the response message, wherein described Static file described in Second Eigenvalue unique identification;For utilizing the calculation method negotiated with the source station, according to the response Third feature value is calculated in message, and the calculation method is to utilize the calculating side negotiated in advance with CDN system by the source station Method;For judging whether the Second Eigenvalue and the third feature value are consistent;And for determining under unanimous circumstances The static file is not tampered with, and in the case of inconsistencies, determines that the static file is tampered.
Further, first transmission unit includes:
Processing module, for, there are in the case where multiple CDN nodes, being utilized between the source station and the user terminal Default proprietary protocol between the multiple CDN node handles the response message, and treated, and response message cannot It is identified by other equipment;
Transmission module, for transmitting treated the response message by the multiple CDN node;
Recovery module, when receiving treated the response message for the CDN fringe node as subscriber terminal side, Using the default proprietary protocol, treated that response message is restored to described, and the response message of reduction is sent to institute State user terminal.
Another aspect according to an embodiment of the present invention, provide it is a kind of based on content distributing network distorting intervention system System, comprising: user terminal, content distributing network CDN fringe node and source station, wherein
The user terminal, for sending request message, wherein the request message requests is static file;
The CDN fringe node includes described distorting tampering devic based on content distributing network;
The source station includes:
Third receiving unit is requested for receiving the source of going back to that the CDN fringe node is sent;
Second transmission unit, for sending response message to the CDN fringe node.
Further, the source station further include:
Computing unit, for unique identification to be calculated using the calculation method negotiated in advance with the CDN fringe node The characteristic value of the static file, and the characteristic value is placed in the response message.
Whether the technical solution of the embodiment of the present invention is maliciously tampered by CDN flange node judges file, is such as meant no harm It distorts, then normal cache file, if any maliciously distorting, does not then cache this document and needed when subsequent user continues to access this file The source of returning re-requests, and when source station responds, normal and nothing distorts generation between source station and CDN fringe node, at this time tamper recovery.CDN Fringe node can find that in time file is maliciously tampered by judgement, and not cache the file being maliciously tampered;Without equal slow Being stored to the phase just carries out the recovery distorted of malice, as long as user requests this document that can carry out the recovery that malice is distorted next time, shortens Time of tamper recovery, abnormal data is restored in time, guarantees user experience.In addition, by preset proprietary protocol more The data that transmission cannot be identified by other equipment between a CDN node guarantee that the content transmitted between CDN node will not be by malice It distorts, while can effectively be directed to Network status time update congestion policies, improve transmission speed and stability, guarantee user Experience.
Detailed description of the invention
To describe the technical solutions in the embodiments of the present invention more clearly, make required in being described below to embodiment Attached drawing is briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for For those of ordinary skill in the art, without creative efforts, it can also be obtained according to these attached drawings other Attached drawing.
Fig. 1 is the flow chart provided in an embodiment of the present invention that distort interference method based on content distributing network;
Fig. 2 is the structural block diagram provided in an embodiment of the present invention that distort tampering devic based on content distributing network;
Fig. 3 is the structural block diagram provided in an embodiment of the present invention that distort interfering system based on content distributing network;
Fig. 4 is the schematic diagram provided in an embodiment of the present invention that distort interfering system based on content distributing network.
Specific embodiment
To make the object, technical solutions and advantages of the present invention clearer, below in conjunction with attached drawing to embodiment party of the present invention Formula is described in further detail.
Interference method is distorted based on content distributing network the embodiment of the invention provides a kind of, as shown in Figure 1, this method Include the following steps S101 to step S106.It should be noted that in the embodiment of the present invention distorting intervention include distort prevention with And tamper recovery, in other words, the embodiment of the present invention can not only prevent static file and be tampered, and can will be tampered Static file is restored.
Step S101, CDN fringe node receives the request message of user terminal, and wherein the request message requests is static File;Static file in the present embodiment can be the static file that source station is newly issued or caching has expired static file;
Step S102, CDN fringe node determines the source station of Hui Yuan, and initiates back source request;Specifically, can be by the side CDN Which source station the source station monitoring module of edge node determines go back to;
Step S103, CDN fringe node receives the response message of source station, and response message is sent to user terminal;
Whether the static file in step S104, CDN flange node judges response message is tampered;
Step S105, if be not tampered with, caching static file;
Step S106, if be tampered, not caching static file, when receiving the message for requesting the static file again When, CDN fringe node re-initiates back source request, if source station return is between normal response and source station and CDN fringe node Without generation is distorted, CDN fringe node caches the static file of the normal response, realizes tamper recovery.
The method of above-described embodiment, the static file or caching that user requests source station newly to be issued have expired static file When, the increase of CDN fringe node judges the step of whether file is maliciously tampered, and such as means no harm and distorts, then normal cache file, such as There is malice to distort, then do not cache this document, when subsequent user continues to access this file, source is needed back to re-request, when source station is rung It answers normally and nothing distorts generation between source station and CDN fringe node, at this time tamper recovery.CDN fringe node can by judgement Discovery file is maliciously tampered in time, and does not cache the file being maliciously tampered;It expires without equal cachings and just carries out maliciously distorting Recovery shorten the time of tamper recovery, in time as long as user requests this document that can carry out the recovery distorted of malice next time Abnormal data is restored, guarantees user experience.
The embodiment of the invention provides the method whether following two CDN flange node judges static file is tampered, under Face is illustrated respectively.
(1) repeatedly determine the characteristic value obtained from response message, the specific steps are as follows: whether is CDN flange node judges It is to receive the request message for requesting the static file for the first time;If it is not, then CDN fringe node is respectively from corresponding at least two At least two the First Eigenvalues are obtained in a response message;CDN flange node judges this at least two the First Eigenvalues whether one It causes;If consistent, it is determined that static file is not tampered with;If it is inconsistent, determining that static file is tampered.
This method is based on probability statistics, that is, it is accidental and not expectable to distort phenomenon.If CDN fringe node receives for the first time The request message of the static file is requested, then according to this method, does not cache the static file of acquisition, and subsequent user is waited to request The static file obtains the static file to go back to source again, to judge whether this characteristic value two or more times is consistent.
Specifically, above-mentioned the First Eigenvalue can be MD5 value (the Message Digest Algorithm of static file MD5, i.e. Message Digest Algorithm 5) or other changed values of meeting after static file is tampered, so as to In time by the variation of this feature value, determine that static file is tampered.
Judge whether static file is tampered using this method, shortens the recovery time of file exception, such as when caching Between be 1 day file, do not need it is 1 day equal after just carry out the recovery that malice is distorted, as long as user request next time this document i.e. into The recovery that row malice is distorted, greatly reduces the time of data recovery.
(2) a kind of calculation method is negotiated in CDN fringe node and source station, and CDN fringe node and source station utilize the calculating side Method calculates characteristic value, and whether the value that CDN fringe node compares the value of itself calculating and source station calculates is consistent, to confirm file only One property.Specific step is as follows: CDN fringe node extracts the Second Eigenvalue carried in response message, wherein Second Eigenvalue is only One mark static file is calculated by source station using the calculation method negotiated in advance with CDN fringe node;CDN fringe node Using the calculation method, third feature value is calculated in message according to response;CDN flange node judges Second Eigenvalue and third Whether characteristic value is consistent;If consistent, it is determined that static file is not tampered with;If it is inconsistent, determining that static file is usurped Change.
Specifically, the Second Eigenvalue that source station calculates can carry in head response.For example, Second Eigenvalue and third are special Value indicative can be what basis was calculated from the len information and file MD5 value of the acquisition of the http head of response message.
This method based on the calculation method negotiated in advance, if the value that value and source station that CDN fringe node calculates calculate It is inconsistent, then judge that static file is tampered, does not cache the static file, when subsequent user continues to request access to this file, Repeat above-mentioned go back to source and judge whether the process being tampered, is worth until two unanimously, just caches this document.Use we Method judges whether static file is tampered, and can uniquely confirm, guarantees that CDN fringe node will not cache the file being maliciously tampered, Substantially reduce the tamper recovery time.
In actual network environment, there may be multiple CDN nodes, user's demand files between source station and user terminal During returning source acquisition file to CDN fringe node, the transmission by this multiple CDN node, link between CDN node are needed Uncontrollable, there is also the possibility to tamper with a document.
Under the circumstances, the preferred embodiment of the present invention provide the file that prevents from transmitting between CDN node will not be by The implementation method distorted, specifically, it includes: that CDN fringe node utilizes that response message is sent to user terminal by CDN fringe node Default proprietary protocol between multiple CDN nodes handles response message, and treated, and response message cannot be set by other Standby identification;By treated, response message is transmitted CDN fringe node by multiple CDN nodes;As the CDN of subscriber terminal side When fringe node receives that treated response message, using default proprietary protocol, to treated, response message is restored, And the response message of reduction is sent to user terminal.
This preferred embodiment is carried out data transmission between multiple CDN nodes by preset proprietary protocol, can intuitively be managed For solution to have built tunnel between multiple CDN nodes, content is externally shown as messy code in tunnel, i.e., cannot be identified by other equipment. It is possible thereby to guarantee that the content transmitted between CDN node will not be maliciously tampered, at the same can effectively for Network status and Shi Xiugai congestion policies improve transmission speed and stability, guarantee user experience.In addition, in conjunction with it is above-mentioned judge file whether by The method (1) distorted or (2) can guarantee that content will not be maliciously tampered by link entirely.
Tampering devic is distorted based on content distributing network the embodiment of the invention also provides a kind of, is applied to the edge CDN Node, can be used to implement it is above-mentioned distort interference method, specific implementation details can refer to above method embodiment.As shown in Fig. 2, The device includes: the first receiving unit 21, returns source unit 22, the second receiving unit 23, the first transmission unit 24, judging unit 25, cache unit 26 and processing unit 27.
First receiving unit 21, for receiving the request message of user terminal, wherein the request message requests is source station The static file or caching newly issued have expired static file;
Source unit 22 is returned, the first receiving unit 21 is connected to, for determining the source station of Hui Yuan, and initiates back source request;
Second receiving unit 23, is connected to back source unit 22, for receiving the response message of source station;
First transmission unit 24 is connected to the second receiving unit 23, for response message to be sent to user terminal;
Judging unit 25 is connected to the second receiving unit 23, for judging whether the static file in response message is usurped Change;
Cache unit 26 is connected to judging unit 25, in the case where being not tampered with, caching static file;
Processing unit 27 is connected to judging unit 25, in the case where being tampered, not caching static file, when again It is secondary receive request the static file message when, re-initiate back source request, if source station return be normal response and source station Without generation is distorted between CDN fringe node, the static file of the normal response is cached, realizes tamper recovery.
It should be noted that the first receiving unit 21 and the second receiving unit 23 in the embodiment of the present invention can also merge As a receiving unit, the request message of user terminal is received by the receiving unit after the merging, and receives source station Response message;Receiving unit after also can be regarded as the merging at this time includes the first receiving unit 21 and the second receiving unit 23.Therefore, if the first receiving unit 21 and the second receiving unit 23 are merged into a receiving unit, it can be according to actual needs It is set, this is not limited by the present invention.
The device of above-described embodiment, CDN fringe node can find that in time file is maliciously tampered by judgement, and not delay Deposit the file being maliciously tampered;It expires without equal cachings and just carries out the recovery that malice is distorted, as long as user requests this document next time The recovery that malice is distorted can be carried out, the time of tamper recovery is shortened, in time restores abnormal data, guarantees user experience.
In one embodiment, judging unit 25 includes: first judgment module, for judging whether it is to receive to ask for the first time Seek the request message of static file;Module is obtained, first judgment module is connected to, for not being for the first time in received situation, At least two the First Eigenvalues are obtained from corresponding at least two response message respectively;Second judgment module is connected to acquisition Module, for judging whether at least two the First Eigenvalues are consistent;First determining module is connected to the second judgment module, is used for Under unanimous circumstances, determine that static file is not tampered with;And in the case of inconsistencies, determine that static file is tampered. Judging unit 25 in the present embodiment is suitable for the above-mentioned method (2) for judging static file and whether being tampered.
Judge that the judging unit 25 method (3) that whether static file is tampered includes: extraction module suitable for above-mentioned, For extracting the Second Eigenvalue carried in response message, wherein Second Eigenvalue unique identification static file is utilized by source station The calculation method negotiated in advance with CDN fringe node is calculated;Computing module disappears according to response for utilizing calculation method Third feature value is calculated in breath;Third judgment module, is connected to computing module and extraction module, for judging Second Eigenvalue It is whether consistent with third feature value;Second determining module is connected to third judgment module, for determining under unanimous circumstances Static file is not tampered with;And in the case of inconsistencies, determine that static file is tampered.
It should be noted that the judging unit 25 in the embodiment of the present invention can not also include first judgment module, second Judgment module and the first determining module, and directly judge whether it is to receive request static file for the first time by judging unit 25 Request message;At least two the First Eigenvalues are obtained from response message and judge whether at least two the First Eigenvalues are consistent; And for determining that static file is not tampered with, and in the case of inconsistencies, determine static file under unanimous circumstances It is tampered.
Moreover, it is judged that unit 25 can not also include that extraction module, computing module, third judgment module and second are true Cover half block, and the Second Eigenvalue carried in the response message is directly extracted by judging unit 25, wherein Second Eigenvalue Static file described in unique identification;Using the calculation method negotiated with source station, third feature value is calculated in message according to response, The calculation method is to utilize the calculation method negotiated in advance with CDN system by source station;Judge Second Eigenvalue and third feature value It is whether consistent;And for determining that static file is not tampered with, and in the case of inconsistencies, really under unanimous circumstances The fixed static file is tampered.
Therefore, judging unit 25 whether include first judgment module, the second judgment module, the first determining module, modulus block, Computing module, third judgment module and the second determining module, can be set, the present invention does not make this according to actual needs It limits.
Preferably, the first transmission unit 24 includes: processing module, for there are multiple between source station and user terminal In the case where CDN node, response message is handled using the default proprietary protocol between multiple CDN nodes, treated Response message cannot be identified by other equipment;Transmission module is connected to processing module, for by treated, response message to pass through Multiple CDN nodes are transmitted;Recovery module receives that treated for the CDN fringe node as subscriber terminal side and rings When answering message, using default proprietary protocol, to treated, response message is restored, and the response message of reduction is sent to User terminal.It can guarantee that the content transmitted between CDN node will not be maliciously tampered in this way.
Interfering system is distorted based on content distributing network the embodiment of the invention also provides a kind of, as shown in figure 3, this is System includes: user terminal 10, CDN fringe node 20 and source station 30.
User terminal 10, for sending request message, wherein the request message requests is that the static state that source station is newly issued is literary Part or caching have expired static file;
CDN fringe node 20 is connected to user terminal 10, including described in above-described embodiment based on content distributing network Distort tampering devic;
Source station 30 is connected to CDN fringe node 20, comprising: third receiving unit 31, for receiving CDN fringe node 20 What is sent returns source request;Second transmission unit 32, is connected to third receiving unit 31, rings for sending to CDN fringe node 20 Answer message.
The system of above-described embodiment, CDN fringe node can find that in time file is maliciously tampered by judgement, and not delay Deposit the file being maliciously tampered;It expires without equal cachings and just carries out the recovery that malice is distorted, as long as user requests this document next time The recovery that malice is distorted can be carried out, the time of tamper recovery is shortened, in time restores abnormal data, guarantees user experience.
Preferably, source station 30 can also include: computing unit, be connected to third receiving unit 31, for using in advance with The characteristic value of unique identification static file is calculated in the calculation method that CDN fringe node is negotiated, and this feature value is placed in sound It answers in message.
The solution of the present invention is described in detail below with reference to Fig. 4.
As shown in figure 4, there are multiple CDN nodes between user terminal 10 and source station 30, user requests static file, user Terminal 10 transmit a request to CDN fringe node 20A, CDN fringe node 20A by presetting proprietary protocol to CDN fringe node 20B Forward the request;CDN fringe node 20B goes back to source station 30 and obtains static file, judges static text using the above method (1) or (2) Whether part is tampered, and to decide whether to cache this document, and response is sent to CDN fringe node by default proprietary protocol 20A。
If it is judged that static file is tampered, then CDN fringe node 20B does not cache the static file, CDN fringe node 20A handles the response received, obtains the static file that user terminal 10 can identify, which is returned to User terminal 10, while the static file is not cached, subsequent user accesses this document, still carries out back source request.
If it is judged that static file is not tampered with, then CDN fringe node 20B caches the static file.CDN fringe node 20A handles the response received, obtains the static file that user terminal 10 can identify, which is returned to User terminal 10, while by response buffer, subsequent user continues to access, then caching is directly responded to user.
The apparatus embodiments described above are merely exemplary, wherein described, unit can as illustrated by the separation member It is physically separated with being or may not be, component shown as a unit may or may not be physics list Member, it can it is in one place, or may be distributed over multiple network units.It can be selected according to the actual needs In some or all of the modules achieve the purpose of the solution of this embodiment.Those of ordinary skill in the art are not paying creativeness Labour in the case where, it can understand and implement.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment can It realizes by means of software and necessary general hardware platform, naturally it is also possible to pass through hardware.Based on this understanding, on Stating technical solution, substantially the part that contributes to existing technology can be embodied in the form of software products in other words, should Computer software product may be stored in a computer readable storage medium, such as ROM/RAM, magnetic disk, CD, including several fingers It enables and using so that a computer equipment (can be personal computer, server or the network equipment etc.) executes each implementation Method described in certain parts of example or embodiment.
The foregoing is merely presently preferred embodiments of the present invention, is not intended to limit the invention, it is all in spirit of the invention and Within principle, any modification, equivalent replacement, improvement and so on be should all be included in the protection scope of the present invention.

Claims (15)

1. a kind of distort interference method based on content distributing network characterized by comprising
Content distributing network CDN fringe node receives the request message of user terminal, wherein the request message requests is quiet State file;
The CDN fringe node determines the source station of Hui Yuan, and initiates back source request;
The CDN fringe node receives the response message of the source station, and the response message is sent to the user terminal;
Whether the static file in response message described in the CDN flange node judges is tampered;
If be not tampered with, the static file is cached;
If be tampered, the static file is not cached, it is described when receiving the message for requesting the static file again CDN fringe node re-initiates back source request, if source station return is normal response and the source station and the edge CDN Without generation is distorted between node, the CDN fringe node caches the static file of the normal response, realizes tamper recovery.
2. distorting interference method based on content distributing network as described in claim 1, which is characterized in that the edge CDN Node judges whether the static file in the response message is tampered, comprising:
The CDN fringe node obtains at least two the First Eigenvalues from corresponding at least two response message respectively;
Whether at least two the First Eigenvalues described in the CDN flange node judges are consistent;
If consistent, it is determined that the static file is not tampered with;
If it is inconsistent, determining that the static file is tampered.
3. distorting interference method based on content distributing network as claimed in claim 2, which is characterized in that further include:
When whether at least two the First Eigenvalues described in the CDN flange node judges are consistent, first judge whether it is to receive for the first time To the request message for requesting the static file.
4. distorting interference method based on content distributing network as described in claim 1, which is characterized in that the edge CDN Node judges whether the static file in the response message is tampered, comprising:
The CDN fringe node extracts the Second Eigenvalue carried in the response message, wherein the Second Eigenvalue is unique Identify the static file;
The CDN fringe node utilizes the calculation method negotiated with the source station, and third is calculated according to the response message Characteristic value;
Whether Second Eigenvalue described in the CDN flange node judges and the third feature value are consistent;
If consistent, it is determined that the static file is not tampered with;
If it is inconsistent, determining that the static file is tampered.
5. distorting interference method based on content distributing network as claimed in claim 4, which is characterized in that the edge CDN Node judges whether the static file in the response message is tampered, comprising:
The calculation method of the negotiation is to utilize the calculation method negotiated in advance with CDN system by the source station.
6. distorting interference method based on content distributing network as described in any one of claims 1 to 5, which is characterized in that If there are multiple CDN nodes between the source station and the user terminal, the CDN fringe node sends out the response message Giving the user terminal includes:
The CDN fringe node using the default proprietary protocol between the multiple CDN node to the response message at Reason;
The CDN fringe node transmits treated the response message by the multiple CDN node;
When the CDN fringe node of subscriber terminal side receives treated the response message, privately owned association is preset using described Treated that response message is restored to described for view, and the response message of reduction is sent to the user terminal.
7. a kind of distort tampering devic based on content distributing network, it is applied to content distributing network CDN fringe node, feature It is, described device includes:
Receiving unit, for receiving the request message of user terminal, and the response message of reception source station;
Source unit is returned, for determining the source station of Hui Yuan, and initiates back source request;
First transmission unit, for the response message to be sent to the user terminal;
Whether judging unit, the static file for judging in the response message are tampered;
Cache unit, in the case where being not tampered with, caching the static file;
Processing unit requests the static state when receiving again for not caching the static file in the case where being tampered When the message of file, re-initiate it is described return source request, if the source station return be normal response and the source station with it is described Without generation is distorted between CDN fringe node, the static file of the normal response is cached, realizes tamper recovery.
8. distorting tampering devic based on content distributing network as claimed in claim 7, it is applied to the side content distributing network CDN Edge node, which is characterized in that described device includes:
The receiving unit includes the first receiving unit and the second receiving unit, wherein first receiving unit is for receiving The request message of user terminal;Second receiving unit is used to receive the response message of the source station.
9. distorting tampering devic based on content distributing network as claimed in claim 7, which is characterized in that the judging unit Include:
First judgment module, for judging whether it is to receive the request message for requesting the static file for the first time;
Module is obtained, for obtaining at least two the First Eigenvalues from the response message;
Second judgment module, for judging whether at least two the First Eigenvalue is consistent;
First determining module, for determining that the static file is not tampered under unanimous circumstances;And in inconsistent feelings Under condition, determine that the static file is tampered.
10. distorting tampering devic based on content distributing network as claimed in claim 7, which is characterized in that the judgement is single Member is for judging whether it is to receive the request message for requesting the static file for the first time;It is obtained at least from the response message Two the First Eigenvalues simultaneously judge whether at least two the First Eigenvalue is consistent;And be used under unanimous circumstances, really The fixed static file is not tampered with, and in the case of inconsistencies, determines that the static file is tampered.
11. distorting tampering devic based on content distributing network as claimed in claim 7, which is characterized in that the judgement is single Member includes:
Extraction module, for extracting the Second Eigenvalue carried in the response message, wherein the Second Eigenvalue is uniquely marked Know the static file;
Computing module, for third spy to be calculated according to the response message using the calculation method negotiated with the source station Value indicative, the calculation method are to utilize the calculation method negotiated in advance with CDN system by the source station;
Third judgment module, for judging whether the Second Eigenvalue and the third feature value are consistent;
Second determining module, for determining that the static file is not tampered under unanimous circumstances;And in inconsistent feelings Under condition, determine that the static file is tampered.
12. distorting tampering devic based on content distributing network as claimed in claim 7, which is characterized in that the judgement is single Member is for extracting the Second Eigenvalue carried in the response message, wherein static state described in the Second Eigenvalue unique identification File;It is described for third feature value to be calculated according to the response message using the calculation method negotiated with the source station Calculation method is to utilize the calculation method negotiated in advance with CDN system by the source station;For judge the Second Eigenvalue with Whether the third feature value is consistent;And for determining that the static file is not tampered under unanimous circumstances, and In the case where inconsistent, determine that the static file is tampered.
13. distorting tampering devic based on content distributing network as described in any one of claim 7 to 12, feature exists In first transmission unit includes:
Processing module, between the source station and the user terminal there are in the case where multiple CDN nodes, using described Default proprietary protocol between multiple CDN nodes handles the response message, and treated, and response message cannot be by it He identifies equipment;
Transmission module, for transmitting treated the response message by the multiple CDN node;
Recovery module utilizes when receiving treated the response message for the CDN fringe node as subscriber terminal side Treated that response message is restored to described for the default proprietary protocol, and the response message of reduction is sent to the use Family terminal.
14. a kind of distort interfering system based on content distributing network characterized by comprising user terminal, content delivery network Network CDN fringe node and source station, wherein
The user terminal, for sending request message, wherein the request message requests is static file;
The CDN fringe node includes distorting intervention based on content distributing network described in any one of claim 7 to 11 Device;
The source station includes:
Third receiving unit is requested for receiving the source of going back to that the CDN fringe node is sent;
Second transmission unit, for sending response message to the CDN fringe node.
15. distorting interfering system based on content distributing network as claimed in claim 14, which is characterized in that the source station is also Include:
Computing unit, for being calculated described in unique identification using the calculation method negotiated in advance with the CDN fringe node The characteristic value of static file, and the characteristic value is placed in the response message.
CN201710661039.1A 2017-08-04 2017-08-04 Interference method, apparatus and system are distorted based on content distributing network Active CN107241451B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710661039.1A CN107241451B (en) 2017-08-04 2017-08-04 Interference method, apparatus and system are distorted based on content distributing network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710661039.1A CN107241451B (en) 2017-08-04 2017-08-04 Interference method, apparatus and system are distorted based on content distributing network

Publications (2)

Publication Number Publication Date
CN107241451A CN107241451A (en) 2017-10-10
CN107241451B true CN107241451B (en) 2019-07-16

Family

ID=59988661

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710661039.1A Active CN107241451B (en) 2017-08-04 2017-08-04 Interference method, apparatus and system are distorted based on content distributing network

Country Status (1)

Country Link
CN (1) CN107241451B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110650166B (en) * 2018-06-27 2022-06-28 中国电信股份有限公司 Content distribution method and system
CN112866310B (en) * 2019-11-12 2022-03-04 北京金山云网络技术有限公司 CDN back-to-source verification method and verification server, and CDN cluster
CN112839070B (en) * 2019-11-22 2023-08-22 北京金山云网络技术有限公司 Data processing method and device and node equipment in CDN (content delivery network)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102932358A (en) * 2012-11-07 2013-02-13 网宿科技股份有限公司 Third-party document-rewriting and rapid distribution method and device based on content distribution network

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9165154B2 (en) * 2009-02-16 2015-10-20 Microsoft Technology Licensing, Llc Trusted cloud computing and services framework
CN103368963A (en) * 2013-07-15 2013-10-23 网宿科技股份有限公司 HTTP message tamper-proofing method in content distribution network
CN103986735B (en) * 2014-06-05 2017-04-19 北京赛维安讯科技发展有限公司 CDN (content distribution network) antitheft system and antitheft method
CN105049486B (en) * 2015-06-16 2019-03-26 腾讯科技(北京)有限公司 Method for edition management, the apparatus and system of static file

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102932358A (en) * 2012-11-07 2013-02-13 网宿科技股份有限公司 Third-party document-rewriting and rapid distribution method and device based on content distribution network

Also Published As

Publication number Publication date
CN107241451A (en) 2017-10-10

Similar Documents

Publication Publication Date Title
CN102739411B (en) The service of proof is provided
US20060010442A1 (en) System and method for managing security meta-data in a reverse proxy
CN107241451B (en) Interference method, apparatus and system are distorted based on content distributing network
US11416564B1 (en) Web scraper history management across multiple data centers
CN106209948A (en) A kind of data push method and device
CN105812255B (en) Method and device for selecting return source line
CN112087644A (en) Pull stream request processing method, device, system, electronic equipment and storage medium
CN107360122B (en) Method and device for preventing malicious request
CN105959358A (en) CDN server and method of CDN server of caching data
CN107580021A (en) A kind of method and apparatus of file transmission
US20150006622A1 (en) Web contents transmission method and apparatus
CN105009520A (en) Method for delivering content in communication network and apparatus therefor
WO2022127319A1 (en) Data refreshing method and apparatus, and electronic device and computer-readable storage medium
CN106411978B (en) Resource caching method and device
US20190222582A1 (en) Decentralized method of tracking user login status
EP4227828A1 (en) Web scraping through use of proxies, and applications thereof
US20050246383A1 (en) Web object access authorization protocol based on an HTTP validation model
US20230018983A1 (en) Traffic counting for proxy web scraping
CN107249017B (en) A kind of method and server obtaining HLS content by CDN network
US10326819B2 (en) Method and apparatus for detecting access path
CN106790176B (en) Method and system for accessing network
CN110417850B (en) Software configuration acquisition method, system, server and medium
CN111490997A (en) Task processing method, agent system, service system and electronic equipment
CN115967564B (en) Data content protection method and storage medium
WO2023280593A1 (en) Web scraping through use of proxies, and applications thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant