CN111898046B - Method and device for redirection management - Google Patents
Method and device for redirection management Download PDFInfo
- Publication number
- CN111898046B CN111898046B CN202010685982.8A CN202010685982A CN111898046B CN 111898046 B CN111898046 B CN 111898046B CN 202010685982 A CN202010685982 A CN 202010685982A CN 111898046 B CN111898046 B CN 111898046B
- Authority
- CN
- China
- Prior art keywords
- url
- redirection
- path
- detected
- taking
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 47
- 230000004044 response Effects 0.000 claims abstract description 39
- 238000001514 detection method Methods 0.000 claims abstract description 30
- 238000004590 computer program Methods 0.000 claims description 10
- 230000009191 jumping Effects 0.000 claims description 3
- 238000007726 management method Methods 0.000 abstract description 20
- 230000006399 behavior Effects 0.000 abstract description 18
- 238000010586 diagram Methods 0.000 description 15
- 230000008569 process Effects 0.000 description 12
- 230000006854 communication Effects 0.000 description 10
- 238000004891 communication Methods 0.000 description 9
- 230000006870 function Effects 0.000 description 7
- 238000012545 processing Methods 0.000 description 7
- 230000003287 optical effect Effects 0.000 description 4
- 230000003993 interaction Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 239000000835 fiber Substances 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 239000004065 semiconductor Substances 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/955—Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
- G06F16/9566—URL specific, e.g. using aliases, detecting broken or misspelled links
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
Abstract
The invention discloses a redirection management method and device, and relates to the technical field of computers. One embodiment of the method comprises the following steps: taking the URL to be detected as a starting point of the path; obtaining a response result corresponding to the URL to be detected; judging whether the response result has redirection behavior or not; if yes, adding the redirection URL to the tail part of the path to update the path, taking the redirection URL as a new URL to be detected, and repeatedly executing the step of obtaining a response result corresponding to the URL to be detected; otherwise, taking the updated path as a redirection path of the URL to be detected. According to the embodiment, when the URL to be detected has redirection behaviors, the URL after redirection can be obtained as much as possible, and the redirection path of the URL to be detected is generated, so that comprehensive and accurate security risk detection can be carried out on the URL to be detected.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method and apparatus for redirection management.
Background
The great development of internet technology, people use network communication increasingly frequently, and in normal information browsing and communication, there may be a security risk, for example: in the process of instant messaging and mail transmission, a message or mail contains a hyperlink URL (Uniform Resource Locator ), after clicking the hyperlink URL, a user may have viruses in the URL, or fall into a network trap, or consume system resources, and the like, so that leakage of user information and data loss are caused, i.e. the URL is a malicious link. URL redirection (URL Redirect) refers to the redirection of URL access requests to other locations, possibly web page redirection, and possibly domain name redirection.
At present, a method for detecting a malicious link is often used, and after a hyperlink is found, the hyperlink is subjected to malicious link detection. But if the hyperlink has a redirect action, no existing security risk may be detected.
Disclosure of Invention
In view of this, the embodiments of the present invention provide a method and an apparatus for redirection management, which can obtain, when a URL to be detected has a redirection behavior, as many URLs after redirection as possible, and generate a redirection path of the URL to be detected, so as to perform comprehensive and accurate security risk detection on the URL to be detected.
To achieve the above object, according to an aspect of an embodiment of the present invention, there is provided a method of redirection management, including:
taking the URL to be detected as a starting point of the path;
obtaining a response result corresponding to the URL to be detected;
judging whether the response result has redirection behavior or not; if yes, adding the redirection URL to the tail part of the path to update the path, taking the redirection URL as a new URL to be detected, and repeatedly executing the step of obtaining a response result corresponding to the URL to be detected; otherwise, taking the updated path as a redirection path of the URL to be detected.
Optionally, before taking the redirected URL as a new URL to be detected, the method further includes: confirming that the redirection URL does not exist in the path and/or confirming that the redirection times are smaller than a set time threshold;
and if the redirection URL exists in the path or the redirection times are greater than or equal to a set time threshold, taking the path as the redirection path of the URL to be detected.
Optionally, before taking the redirected URL as a new URL to be detected, the method further includes: confirm that the redirect URL is not a malicious link;
and if the redirected URL is a malicious link, taking the path as a redirected path of the URL to be detected.
Optionally, the method of the embodiment of the present invention further includes: and if the redirected URL is a malicious link, judging that the URL to be detected is a malicious link.
Optionally, after taking the path as a redirection path of the URL to be detected, the method further includes: detecting whether a malicious link exists in the redirection path; if yes, judging the URL to be detected is a malicious link.
According to a second aspect of an embodiment of the present invention, there is provided an apparatus for redirection management, including:
the path starting point module takes the URL to be detected as a starting point of the path;
the result acquisition module acquires a response result corresponding to the URL to be detected;
the path generation module is used for judging whether the response result has redirection behavior or not; if yes, adding the redirection URL to the tail part of the path to update the path, taking the redirection URL as a new URL to be detected, and repeatedly executing the step of obtaining a response result corresponding to the URL to be detected; otherwise, taking the updated path as a redirection path of the URL to be detected.
Optionally, the path generation module is further configured to:
before the redirection URL is used as a new URL to be detected, confirming that the redirection URL does not exist in the path and/or confirming that the redirection times are smaller than a set times threshold;
and if the redirection URL exists in the path or the redirection times are greater than or equal to a set time threshold, taking the path as the redirection path of the URL to be detected.
Optionally, the path generation module is further configured to:
before taking the redirected URL as a new URL to be detected, confirming that the redirected URL is not a malicious link; and if the redirected URL is a malicious link, taking the path as a redirected path of the URL to be detected.
Optionally, the device of the embodiment of the present invention further includes a malicious detection module, configured to: and if the redirected URL is a malicious link, judging that the URL to be detected is a malicious link.
Optionally, the device of the embodiment of the present invention further includes a malicious detection module, configured to: after the path is used as a redirection path of the URL to be detected, detecting whether a malicious link exists in the redirection path; if yes, judging the URL to be detected is a malicious link.
According to a third aspect of an embodiment of the present invention, there is provided an electronic device for redirection management, including:
one or more processors;
storage means for storing one or more programs,
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method provided by the first aspect of the embodiments of the present invention.
According to a fourth aspect of embodiments of the present invention, there is provided a computer readable medium having stored thereon a computer program which when executed by a processor implements the method provided by the first aspect of embodiments of the present invention.
One embodiment of the above invention has the following advantages or benefits: by adding the redirection URL to the tail part of the path when the response result corresponding to the URL to be detected has the behavior, and repeatedly executing the step of obtaining the response result corresponding to the URL to be detected by taking the redirection URL as a new URL to be detected, the URL after redirection can be obtained as much as possible when the URL to be detected has the redirection behavior, and the redirection path of the URL to be detected is generated, so that comprehensive and accurate security risk detection can be carried out on the URL to be detected.
Further effects of the above-described non-conventional alternatives are described below in connection with the embodiments.
Drawings
The drawings are included to provide a better understanding of the invention and are not to be construed as unduly limiting the invention. Wherein:
FIG. 1 is a schematic diagram of the main flow of a method of redirection management in accordance with an embodiment of the present invention;
FIG. 2 is a schematic diagram of the main flow of generating a redirect path in an alternative embodiment of the invention;
FIG. 3 is a schematic diagram of a redirect path in an alternative embodiment of the invention;
FIG. 4 is a schematic diagram of the main modules of an apparatus for redirection management in accordance with an embodiment of the present invention;
FIG. 5 is an exemplary system architecture diagram in which embodiments of the present invention may be applied;
fig. 6 is a schematic diagram of a computer system suitable for use in implementing an embodiment of the invention.
Detailed Description
Exemplary embodiments of the present invention will now be described with reference to the accompanying drawings, in which various details of the embodiments of the present invention are included to facilitate understanding, and are to be considered merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
According to one aspect of an embodiment of the present invention, a method of redirection management is provided.
Fig. 1 is a schematic diagram of main flow of a redirection management method according to an embodiment of the present invention, and as shown in fig. 1, the redirection management method includes:
step S101, taking a URL to be detected as a starting point of a path;
step S102, obtaining a response result corresponding to the URL to be detected;
step S103, judging whether the response result has redirection behavior or not; if yes, jump to step S104; otherwise, jumping to step S105;
step S104, adding the redirection URL to the tail part of the path to update the path, taking the redirection URL as a new URL to be detected, and then jumping to step S102;
step S105, taking the updated path as a redirection path of the URL to be detected.
URL redirection (URL Redirect) refers to the relocation of URL access requests to other locations, possibly web page redirection, and possibly domain name redirection. There are several ways in which the URL is redirected, mainly two: one is 301 permanent redirection and the other is 302 temporary redirection. 301 permanent redirection refers to the resource to which the URL corresponds being permanently moved elsewhere. 302 temporary redirection refers to the temporary movement of the resource corresponding to the URL to another place, which may be restored to its original location soon after. In the actual application process, the access request can be sent to the URL to be detected to obtain the corresponding response result. If the access request of the URL to be detected is redirected to other positions, indicating that the redirection behavior exists in the response result corresponding to the URL to be detected.
By adding the redirection URL to the tail part of the path when the response result corresponding to the URL to be detected has the behavior, and repeatedly executing the step of obtaining the response result corresponding to the URL to be detected by taking the redirection URL as a new URL to be detected, the URL after redirection can be obtained as much as possible when the URL to be detected has the redirection behavior, and the redirection path of the URL to be detected is generated, so that comprehensive and accurate security risk detection can be carried out on the URL to be detected.
In some optional embodiments, in step S104, before taking the redirect URL as a new URL to be detected, the method further includes: confirming that the redirect URL is not present in the path. If the redirect URL exists in the path, the path is directly used as the redirect path of the URL to be detected, and the step S102 is not skipped. If a URL on a redirect path redirects to another URL on the redirect path, then there is a ring in the redirect path, and the presence of the ring can cause the URL to be detected to be redirected multiple times unnecessarily. The embodiment stops the redirection operation after confirming that the redirection URL exists in the path, so that on one hand, resource consumption caused by repeated redirection operation can be avoided, and on the other hand, the redirection operation can be prevented from being sunk into infinite loops.
In other optional embodiments, before taking the redirected URL as the new URL to be detected, the method further includes: and confirming that the redirection times are smaller than a set time threshold. And if the redirection times are greater than or equal to a set time threshold, taking the path as a redirection path of the URL to be detected. In this embodiment, by setting the frequency threshold, the redirection operation can be stopped when the redirection frequency reaches the set frequency threshold in the redirection path forming process, so as to avoid that the length of the URL redirection path is too long. The value of the threshold of the set times can be selectively set according to the actual situation, which is not particularly limited in the present invention.
In still other optional embodiments, in step S104, before taking the redirected URL as a new URL to be detected, the method further includes: confirm that the redirect URL is not a malicious link. If the redirected URL is a malicious link, the path is taken as the redirected path of the URL to be detected, and the step S102 is not skipped. If a certain URL on the redirection path is a malicious link or points to a malicious link, the security risk of the current URL to be detected can be determined without continuously detecting other URLs pointed to by the malicious link.
The method of the embodiment of the invention can further comprise the step of judging whether the URL to be detected is a malicious link. At present, when detecting a malicious link, it is often to detect the malicious link after finding a link. If the link has a redirection behavior, no security risk may be detected as present. According to the method, malicious link detection is carried out based on the redirection path, single and multiple redirection conditions are also included in the detection flow of the malicious link, the identification accuracy of the malicious link can be improved, and the safety monitoring level is further improved.
For example, in the process of determining the redirection path of the URL to be detected, each redirection URL is determined, and malicious detection is performed on the redirection URL. If the redirected URL is a malicious link, the URL to be detected is judged to be the malicious link. Because the obtained redirected URL is judged in real time, whether the URL to be detected has risks or not can be known in real time, and the real-time performance of risk detection is improved.
For another example, after obtaining the redirection path of the URL to be detected, detecting whether a malicious link exists in the redirection path; if yes, judging the URL to be detected is a malicious link. According to the embodiment of the invention, after the redirection path of the URL to be detected is obtained, each URL in the redirection path is detected, so that information interaction in the detection process can be reduced, and resource consumption in the detection process is reduced.
The method for determining whether the redirected URL is a malicious link can be selectively set according to actual situations. For example, a specific decision process is performed by the third party service and it is determined whether the redirect URL is a malicious link by invoking the decision result of the third party service. For another example, a malicious link URL library is maintained in advance and updated in real time, and if a redirect URL exists in the malicious link library, the redirect URL is indicated as a malicious link. The method of determining whether the redirect URL is a malicious link is not particularly limited in the present invention.
Fig. 2 is a schematic diagram of the main flow of generating a redirect path in an alternative embodiment of the invention. As shown in fig. 2, the main flow of generating the redirection path includes:
step 1: the URL is set as the path start point and placed into a container.
Step 2: and sending an access request to the URL and receiving a server response result.
Step 3: and judging a response result. If the response code is not 301 or 302, go to step 10.
Step 4: and acquiring a value corresponding to the Location field from the response head, namely a new URL needing redirection operation.
Step 5: it is detected whether a new URL exists in the container. If so, the URL redirect path is indicated to begin looping, and step 10 is repeated.
Step 6: a new URL is added to the redirect path tail.
Step 7: a new URL is added to the container.
Step 8: the number of redirection times is added with 1, and the number of redirection times is 0 under the initial condition.
Step 9: it is determined whether the number of redirections reaches a maximum number (i.e., a set number threshold). If the number of redirections reaches the set maximum number, step 10 is entered. Otherwise, turning to step 2.
Step 10: the redirection path is formed and ended.
In detecting whether the URL as the start point of the path is a malicious link, interaction with a detection module having a function of detecting a malicious link may be performed, for example: third party services, databases, etc. During detection, all URLs in the redirection path can be sent to the detection module for processing at one time, and the processing result of the detection module is received. Therefore, the interaction time of the detection process can be reduced, and the detection time consumption is reduced. In the detection process, the URL may be immediately sent to the detection module for detection after the execution of step 6, and the subsequent flow may be determined according to the detection result, for example, step 10 may be immediately turned to when the URL is a malicious link, and step 7 may be continued when the URL is not a malicious link. In this way, it is possible to know in real time whether the URL is at risk.
The embodiment of the invention can simulate the browser to send the request to the server so as to judge whether the server returns the redirection URL or not and whether the server has the condition of repeated redirection URLs or not. In the detection of the malicious links, the condition of redirecting the URL for one time and multiple times is also included in the detection flow of the malicious links, so that the identification accuracy of the malicious links can be improved, and the safety monitoring level is further improved.
Fig. 3 is a schematic diagram of a redirect path in an alternative embodiment of the invention. In the figure, the URL is to-be-detected, URL1 is a URL obtained by redirecting the URL, URL2 is a URL obtained by redirecting the URL1, and URL3 is a URL obtained by redirecting the URL 2. If URL3 is redirected to URL1, a ring exists in the redirection path, and redirection is stopped; or stopping the redirection operation when the redirection times reach the set times threshold after the URL3 is obtained.
According to the invention, the URL to be detected is redirected to obtain the redirection path, so that the end point of the URL can be detected, and the real corresponding resource of the URL in the communication process and the security risk of the resource are obtained. And corresponding risk processing can be performed on the URL with the safety risk, such as deleting operation, safety warning reminding and the like, so that the user is reminded early, and the potential safety risk of the URL is reduced.
According to a second aspect of an embodiment of the present invention, there is provided an apparatus for implementing the above method.
Fig. 4 is a schematic diagram of main modules of an apparatus for redirection management according to an embodiment of the present invention, and as shown in fig. 4, an apparatus 400 for redirection management includes:
the path starting point module 401 takes the URL to be detected as a starting point of the path;
the result obtaining module 402 obtains a response result corresponding to the URL to be detected;
a path generating module 403, configured to determine whether the response result has a redirection behavior; if yes, adding the redirection URL to the tail part of the path to update the path, taking the redirection URL as a new URL to be detected, and repeatedly executing the step of obtaining a response result corresponding to the URL to be detected; otherwise, taking the updated path as a redirection path of the URL to be detected.
Optionally, the path generation module is further configured to:
before the redirection URL is used as a new URL to be detected, confirming that the redirection URL does not exist in the path and/or confirming that the redirection times are smaller than a set times threshold;
and if the redirection URL exists in the path or the redirection times are greater than or equal to a set time threshold, taking the path as the redirection path of the URL to be detected.
Optionally, the path generation module is further configured to:
before taking the redirected URL as a new URL to be detected, confirming that the redirected URL is not a malicious link; and if the redirected URL is a malicious link, taking the path as a redirected path of the URL to be detected.
Optionally, the device of the embodiment of the present invention further includes a malicious detection module, configured to: and if the redirected URL is a malicious link, judging that the URL to be detected is a malicious link.
Optionally, the device of the embodiment of the present invention further includes a malicious detection module, configured to: after the path is used as a redirection path of the URL to be detected, detecting whether a malicious link exists in the redirection path; if yes, judging the URL to be detected is a malicious link.
According to a third aspect of an embodiment of the present invention, there is provided an electronic device for redirection management, including:
one or more processors;
storage means for storing one or more programs,
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method provided by the first aspect of the embodiments of the present invention.
According to a fourth aspect of embodiments of the present invention, there is provided a computer readable medium having stored thereon a computer program which when executed by a processor implements the method provided by the first aspect of embodiments of the present invention.
Fig. 5 illustrates an exemplary system architecture 500 of a device or method of redirection management to which embodiments of the present invention may be applied.
As shown in fig. 5, the system architecture 500 may include terminal devices 501, 502, 503, a network 504, and a server 505. The network 504 is used as a medium to provide communication links between the terminal devices 501, 502, 503 and the server 505. The network 504 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.
A user may interact with the server 505 via the network 504 using the terminal devices 501, 502, 503 to receive or send messages or the like. Various communication client applications may be installed on the terminal devices 501, 502, 503, such as shopping class applications, web browser applications, search class applications, instant messaging tools, mailbox clients, social platform software, etc. (by way of example only).
The terminal devices 501, 502, 503 may be a variety of electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.
The server 505 may be a server providing various services, such as a background management server (by way of example only) providing support for shopping-type websites browsed by users using the terminal devices 501, 502, 503. The background management server may analyze and process the received data such as the product information query request, and feed back the processing result (e.g., the product information page—only an example) to the terminal device.
It should be noted that, the method for redirection management provided in the embodiment of the present invention is generally performed by the server 505, and accordingly, the device for redirection management is generally disposed in the server 505.
It should be understood that the number of terminal devices, networks and servers in fig. 5 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
Referring now to FIG. 6, there is illustrated a schematic diagram of a computer system 600 suitable for use in implementing an embodiment of the present invention. The terminal device shown in fig. 6 is only an example, and should not impose any limitation on the functions and the scope of use of the embodiment of the present invention.
As shown in fig. 6, the computer system 600 includes a Central Processing Unit (CPU) 601, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 602 or a program loaded from a storage section 608 into a Random Access Memory (RAM) 603. In the RAM 603, various programs and data required for the operation of the system 600 are also stored. The CPU 601, ROM 602, and RAM 603 are connected to each other through a bus 604. An input/output (I/O) interface 605 is also connected to bus 604.
The following components are connected to the I/O interface 605: an input portion 606 including a keyboard, mouse, etc.; an output portion 607 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, a speaker, and the like; a storage section 608 including a hard disk and the like; and a communication section 609 including a network interface card such as a LAN card, a modem, or the like. The communication section 609 performs communication processing via a network such as the internet. The drive 610 is also connected to the I/O interface 605 as needed. Removable media 611 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is installed as needed on drive 610 so that a computer program read therefrom is installed as needed into storage section 608.
In particular, according to embodiments of the present disclosure, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication portion 609, and/or installed from the removable medium 611. The above-described functions defined in the system of the present invention are performed when the computer program is executed by a Central Processing Unit (CPU) 601.
The computer readable medium shown in the present invention may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, the computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with the computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules involved in the embodiments of the present invention may be implemented in software or in hardware. The described modules may also be provided in a processor, for example, as: a processor comprising: the path starting point module takes the URL to be detected as a starting point of the path; the result acquisition module acquires a response result corresponding to the URL to be detected; the path generation module is used for judging whether the response result has redirection behavior or not; if yes, adding the redirection URL to the tail part of the path to update the path, taking the redirection URL as a new URL to be detected, and repeatedly executing the step of obtaining a response result corresponding to the URL to be detected; otherwise, taking the updated path as a redirection path of the URL to be detected. The names of these modules do not in some cases limit the module itself, for example, the result acquisition module may also be described as "a module that determines whether there is redirection behavior in the response result".
As another aspect, the present invention also provides a computer-readable medium that may be contained in the apparatus described in the above embodiments; or may be present alone without being fitted into the device. The computer readable medium carries one or more programs which, when executed by a device, cause the device to include: taking the URL to be detected as a starting point of the path; obtaining a response result corresponding to the URL to be detected; judging whether the response result has redirection behavior or not; if yes, adding the redirection URL to the tail part of the path to update the path, taking the redirection URL as a new URL to be detected, and repeatedly executing the step of obtaining a response result corresponding to the URL to be detected; otherwise, taking the updated path as a redirection path of the URL to be detected.
According to the technical scheme provided by the embodiment of the invention, the redirected URL is added to the tail part of the path when the response result corresponding to the URL to be detected has the behavior, and the step of acquiring the response result corresponding to the URL to be detected is repeatedly executed by taking the redirected URL as a new URL to be detected, so that the redirected URL can be acquired as much as possible when the URL to be detected has the redirected behavior, and the redirected path of the URL to be detected is generated, so that comprehensive and accurate security risk detection can be carried out on the URL to be detected.
The above embodiments do not limit the scope of the present invention. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives can occur depending upon design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the scope of the present invention.
Claims (9)
1. A method of redirection management, comprising:
taking the URL to be detected as a starting point of the path;
obtaining a response result corresponding to the URL to be detected;
judging whether the response result has redirection behavior or not; if yes, determining whether a redirection URL exists in the path, and/or determining whether the redirection times is smaller than a set time threshold, and if the redirection URL exists in the path, or the redirection times is larger than or equal to the set time threshold, taking the path as a redirection path of the URL to be detected; if the redirection URL does not exist in the path and the redirection times are smaller than the set times threshold, adding the redirection URL to the tail of the path to update the path, taking the redirection URL as a new URL to be detected, and jumping to obtain a response result corresponding to the URL to be detected; otherwise, taking the updated path as a redirection path of the URL to be detected.
2. The method of claim 1, further comprising, prior to taking the redirect URL as a new URL to be detected: confirm that the redirect URL is not a malicious link;
and if the redirected URL is a malicious link, taking the path as a redirected path of the URL to be detected.
3. The method as recited in claim 2, further comprising: and if the redirected URL is a malicious link, judging that the URL to be detected is a malicious link.
4. The method according to any one of claims 1-2, further comprising, after taking the path as a redirection path for the URL to be detected: detecting whether a malicious link exists in the redirection path; if yes, judging the URL to be detected is a malicious link.
5. An apparatus for redirection management, comprising:
the path starting point module takes the URL to be detected as a starting point of the path;
the result acquisition module acquires a response result corresponding to the URL to be detected;
the path generation module is used for judging whether the response result has redirection behavior or not; if yes, determining whether a redirection URL exists in the path, and/or determining whether the redirection times is smaller than a set time threshold, and if the redirection URL exists in the path, or the redirection times is larger than or equal to the set time threshold, taking the path as a redirection path of the URL to be detected; if the redirection URL does not exist in the path and the redirection times are smaller than the set times threshold, adding the redirection URL to the tail of the path to update the path, taking the redirection URL as a new URL to be detected, and repeatedly executing the step of obtaining a response result corresponding to the URL to be detected; otherwise, taking the updated path as a redirection path of the URL to be detected.
6. The apparatus of claim 5, further comprising a malicious detection module to: and if the redirected URL is a malicious link, judging that the URL to be detected is a malicious link.
7. The apparatus of claim 5, further comprising a malicious detection module to: after the path is used as a redirection path of the URL to be detected, detecting whether a malicious link exists in the redirection path; if yes, judging the URL to be detected is a malicious link.
8. An electronic device for redirection management, comprising:
one or more processors;
storage means for storing one or more programs,
when executed by the one or more processors, causes the one or more processors to implement the method of any of claims 1-4.
9. A computer readable medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements the method according to any of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010685982.8A CN111898046B (en) | 2020-07-16 | 2020-07-16 | Method and device for redirection management |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010685982.8A CN111898046B (en) | 2020-07-16 | 2020-07-16 | Method and device for redirection management |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111898046A CN111898046A (en) | 2020-11-06 |
| CN111898046B true CN111898046B (en) | 2024-02-13 |
Family
ID=73189658
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010685982.8A Active CN111898046B (en) | 2020-07-16 | 2020-07-16 | Method and device for redirection management |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111898046B (en) |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR20130080831A (en) * | 2013-06-25 | 2013-07-15 | 엔에이치엔비즈니스플랫폼 주식회사 | System, method and computer readable recording medium for detecting malicious message |
| CN103678364A (en) * | 2012-09-13 | 2014-03-26 | 阿里巴巴集团控股有限公司 | Dynamic detection method and device for URL redirection endless loop |
| CN104615695A (en) * | 2015-01-23 | 2015-05-13 | 腾讯科技(深圳)有限公司 | Malicious website detecting method and system |
| CN104679798A (en) * | 2013-12-03 | 2015-06-03 | 腾讯科技(深圳)有限公司 | Webpage detection method and device |
| CN104766014A (en) * | 2015-04-30 | 2015-07-08 | 安一恒通(北京)科技有限公司 | Method and system used for detecting malicious website |
| WO2016201819A1 (en) * | 2015-06-19 | 2016-12-22 | 安一恒通(北京)科技有限公司 | Method and apparatus for detecting malicious file |
| CN106940711A (en) * | 2017-02-27 | 2017-07-11 | 北京神州绿盟信息安全科技股份有限公司 | A kind of URL detection methods and detection means |
| CN107437026A (en) * | 2017-07-13 | 2017-12-05 | 西北大学 | A kind of malicious web pages commercial detection method based on advertising network topology |
| CN109040073A (en) * | 2018-08-07 | 2018-12-18 | 北京神州绿盟信息安全科技股份有限公司 | A kind of detection method, device, medium and the equipment of the access of WWW abnormal behaviour |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9549035B2 (en) * | 2013-03-13 | 2017-01-17 | Apple Inc. | Automatic updating of redirected location references |
-
2020
- 2020-07-16 CN CN202010685982.8A patent/CN111898046B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103678364A (en) * | 2012-09-13 | 2014-03-26 | 阿里巴巴集团控股有限公司 | Dynamic detection method and device for URL redirection endless loop |
| KR20130080831A (en) * | 2013-06-25 | 2013-07-15 | 엔에이치엔비즈니스플랫폼 주식회사 | System, method and computer readable recording medium for detecting malicious message |
| CN104679798A (en) * | 2013-12-03 | 2015-06-03 | 腾讯科技(深圳)有限公司 | Webpage detection method and device |
| CN104615695A (en) * | 2015-01-23 | 2015-05-13 | 腾讯科技(深圳)有限公司 | Malicious website detecting method and system |
| CN104766014A (en) * | 2015-04-30 | 2015-07-08 | 安一恒通(北京)科技有限公司 | Method and system used for detecting malicious website |
| WO2016201819A1 (en) * | 2015-06-19 | 2016-12-22 | 安一恒通(北京)科技有限公司 | Method and apparatus for detecting malicious file |
| CN106940711A (en) * | 2017-02-27 | 2017-07-11 | 北京神州绿盟信息安全科技股份有限公司 | A kind of URL detection methods and detection means |
| CN107437026A (en) * | 2017-07-13 | 2017-12-05 | 西北大学 | A kind of malicious web pages commercial detection method based on advertising network topology |
| CN109040073A (en) * | 2018-08-07 | 2018-12-18 | 北京神州绿盟信息安全科技股份有限公司 | A kind of detection method, device, medium and the equipment of the access of WWW abnormal behaviour |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111898046A (en) | 2020-11-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10635735B2 (en) | Method and apparatus for displaying information | |
| CN106911693B (en) | Method and device for detecting hijacking of webpage content and terminal equipment | |
| CN108897854B (en) | Monitoring method and device for overtime task | |
| CN110708346A (en) | Information processing system and method | |
| CN109829121B (en) | Method and device for reporting click behavior data | |
| CN109218041B (en) | Request processing method and device for server system | |
| CN109446445B (en) | Resource acquisition method and device | |
| CN111143722A (en) | Method, device, equipment and medium for detecting webpage hidden link | |
| CN109587197B (en) | Method, device and system for associating reported data | |
| CN111898046B (en) | Method and device for redirection management | |
| CN115495740A (en) | Virus detection method and device | |
| CN113452733A (en) | File downloading method and device | |
| CN107634942B (en) | Method and device for identifying malicious request | |
| CN111338928A (en) | Chrome-based browser testing method and device | |
| CN113138943B (en) | Method and device for processing request | |
| CN112910855B (en) | Sample message processing method and device | |
| CN113114611B (en) | Blacklist management method and device | |
| CN112825519B (en) | Method and device for identifying abnormal login | |
| CN110209959B (en) | Information processing method and device | |
| CN110457632B (en) | Webpage loading processing method and device | |
| CN113722193A (en) | Method and device for detecting page abnormity | |
| CN108811036B (en) | Method and apparatus for displaying wireless access point information | |
| CN108920589B (en) | Browsing hijacking identification method, device, server and storage medium | |
| CN111339453A (en) | Navigation page distinguishing method and device | |
| CN112448931B (en) | Network hijacking monitoring method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |