CN114039778A - Request processing method, device, equipment and readable storage medium - Google Patents
Request processing method, device, equipment and readable storage medium Download PDFInfo
- Publication number
- CN114039778A CN114039778A CN202111320306.1A CN202111320306A CN114039778A CN 114039778 A CN114039778 A CN 114039778A CN 202111320306 A CN202111320306 A CN 202111320306A CN 114039778 A CN114039778 A CN 114039778A
- Authority
- CN
- China
- Prior art keywords
- rule information
- target
- request
- web request
- field
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 25
- 238000000034 method Methods 0.000 claims abstract description 31
- 238000004590 computer program Methods 0.000 claims description 9
- 238000001514 detection method Methods 0.000 claims description 6
- 230000000694 effects Effects 0.000 abstract description 6
- 238000010586 diagram Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 5
- 238000002347 injection Methods 0.000 description 4
- 239000007924 injection Substances 0.000 description 4
- 238000007726 management method Methods 0.000 description 3
- 239000000243 solution Substances 0.000 description 3
- 238000001914 filtration Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012550 audit Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000004880 explosion Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 230000001052 transient effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0263—Rule management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a request processing method, a device, equipment and a readable storage medium, wherein the method comprises the following steps: acquiring a Web request; determining target rule information corresponding to the Web request from a rule information base; the target rule information is used for representing field requirements for Web requests; detecting whether a target field in the Web request meets the field requirement by using target middleware according to the target rule information; if so, processing the Web request; according to the method and the device, whether the target field in the Web request meets the field requirement is detected by using the target middleware according to the target rule information, the corresponding field in the Web request can be detected by using the field requirement in the target rule information before the middleware is used for processing the service of the Web request, and the Web safety protection is carried out in a white list mode, so that the problem of mistaken killing or bypassing of a WAF black list is avoided, the protection effect is improved, and the safety of the device is ensured.
Description
Technical Field
The present invention relates to the field of network security technologies, and in particular, to a request processing method, apparatus, device, and readable storage medium.
Background
Currently, for Web security protection, the industry generally adopts a WAF (Web Application Firewall) blacklist mode; however, the WAF needs to pass through a blacklist filtering mechanism due to the unclear use of the requested data, and the blacklist filtering often has a bypass problem and is difficult to ensure the security of the device. Therefore, how to improve the protection effect of Web security protection and ensure the security of the device is a problem that needs to be solved urgently nowadays.
Disclosure of Invention
The invention aims to provide a request processing method, a request processing device and a readable storage medium, which are used for performing Web security protection by utilizing a middleware in a white list mode, so that the protection effect is improved, and the security of equipment is ensured.
To solve the above technical problem, the present invention provides a request processing method, including:
acquiring a Web request;
determining target rule information corresponding to the Web request from a rule information base; wherein the target rule information is used for representing field requirements for the Web request, and the rule information base comprises at least one item of rule information;
detecting whether a target field in the Web request meets the field requirement or not by using target middleware according to the target rule information;
and if so, processing the Web request.
Optionally, the determining, from a rule information base, target rule information corresponding to the Web request includes:
and determining target rule information corresponding to the Web request from a rule information base according to the request type of the Web request.
Optionally, before the detecting, by using the target middleware, whether the target field in the Web request meets the field requirement according to the target rule information, the method further includes:
determining the request type of the Web request;
and selecting the security middleware matched with the request type from the plurality of security middleware as the target middleware.
Optionally, the field is specifically required to be a regular expression.
Optionally, after detecting, by using the target middleware, whether the target field in the Web request meets the field requirement according to the target rule information, the method further includes:
and if the target field does not meet the field requirement, determining that the Web request is an illegal request, and intercepting the Web request.
Optionally, before the detecting, by using the target middleware, whether the target field in the Web request meets the field requirement according to the target rule information, the method further includes:
detecting whether the number of illegal requests corresponding to the source information in the Web request reaches a threshold value;
if the threshold value is reached, the Web request is intercepted;
the detecting, by using the target middleware, whether the target field in the Web request meets the field requirement according to the target rule information includes:
under the condition that the number of illegal requests corresponding to the source information in the Web request does not reach a threshold value, detecting whether the target field meets the field requirement or not by using the target middleware according to the target rule information;
correspondingly, after the determining that the Web request is an illegal request, the method further includes:
and recording the number of times of illegal requests corresponding to the source information in the Web request.
Optionally, the method further includes:
if rule updating information from a server is received, acquiring the updated rule information from the server; wherein the rule update information is used to indicate that the server contains the updated rule information;
and updating the rule information base through the updated rule information.
Optionally, the updating the rule information base through the updated rule information includes:
newly adding the updated rule information to the rule information base;
or replacing the first rule information in the rule information base with the updated rule information; wherein a version of the first rule information is lower than the updated rule information.
Optionally, the rule information base is a security patch base, and the rule information in the rule information base is a security patch.
The present invention also provides a request processing apparatus, including:
the acquisition module is used for acquiring the Web request;
the determining module is used for determining target rule information corresponding to the Web request from a rule information base; wherein the target rule information is used for representing field requirements for the Web request, and the rule information base comprises at least one item of rule information;
the detection module is used for detecting whether a target field in the Web request meets the field requirement or not by using target middleware according to the target rule information;
and the processing module is used for processing the Web request if the field requirement is met.
The present invention also provides a request processing device, including:
a memory for storing a computer program;
a processor for implementing the steps of the request processing method as described above when executing the computer program.
Furthermore, the present invention also provides a readable storage medium, on which a computer program is stored, which, when being executed by a processor, realizes the steps of the request processing method as described above.
The invention provides a request processing method, which comprises the following steps: acquiring a Web request; determining target rule information corresponding to the Web request from a rule information base; the target rule information is used for representing field requirements for Web requests, and the rule information base comprises at least one item of rule information; detecting whether a target field in the Web request meets the field requirement by using target middleware according to the target rule information; if so, processing the Web request;
therefore, the target middleware is used for detecting whether the target field in the Web request meets the field requirement or not according to the target rule information, the corresponding field in the Web request can be detected through the field requirement in the target rule information before the middleware is used for processing the service of the Web request, the Web safety protection is carried out in a white list mode, the problem of mistaken killing or bypassing of a WAF black list is avoided, the protection effect is improved, and the safety of equipment is ensured. In addition, the invention also provides a request processing device, equipment and a readable storage medium, which also have the beneficial effects.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of a request processing method according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating another request processing method according to an embodiment of the present invention;
fig. 3 is a block diagram of a request processing apparatus according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a request processing device according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a request processing device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, fig. 1 is a flowchart illustrating a request processing method according to an embodiment of the present invention. The method can comprise the following steps:
step 101: and acquiring the Web request.
The Web request in this step may be a request for a Web service, such as a request received by a Web server through an API (Application Programming Interface).
Step 102: determining target rule information corresponding to the Web request from a rule information base; wherein the target rule information is used for representing field requirements for the Web request, and the rule information base comprises at least one item of rule information.
The target rule information is rule information corresponding to the Web request in the rule information base, and the target rule information can be used for representing field requirements for the corresponding Web request, namely preset requirements of a target field in the Web request.
Correspondingly, the field requirement in this step may be a preset requirement of the field to be detected by the target rule information (i.e., the target field), such as a requirement of the type and format of the field. That is, the rule information in the rule information base in this step may include the field to be detected and the field requirement corresponding to each target field.
Correspondingly, the specific content of the field requirement in the step, that is, the specific content of the preset requirement in the rule information base, can be set by a designer, and if the field requirement is a regular expression, that is, the preset requirement in the rule information can be a preset regular expression of a field meeting the requirement; that is to say, in this embodiment, the target middleware may be used to detect whether a field (i.e., a target field) corresponding to the target rule information in the Web request conforms to the regular expression in the corresponding target rule information, and determine whether the Web request is a legal request.
Specifically, the target rule information in this step may be a security patch, that is, the rule information of the corresponding Web request may be added or updated in the security patch manner in this embodiment, so as to implement the Web security protection in the white list manner; correspondingly, the rule information base in this step may be specifically a security patch base. That is to say, for a specific security problem, the administrator updates the corresponding rule information by installing the security patch, and fixes and solves the security problem.
It should be noted that, in this step, by determining the target rule information corresponding to the Web request from the rule information base, the rule information for performing corresponding field detection on the Web request can be determined. For the specific manner of determining the target rule information corresponding to the Web request from the rule information base in this step, the specific manner may be set by a designer according to a practical scenario and a user requirement, for example, the processor may determine the target rule information corresponding to the Web request directly from the rule information base according to a request type of the Web request (e.g., a type of accessing different applications or servers). The processor can also determine target rule information corresponding to the Web request from a rule information base by utilizing middleware (namely target middleware) corresponding to the Web request according to the request type of the Web request; if each middleware corresponds to a Web request of a request type, if each middleware corresponds to a Web request of an API interface, the processor in this step may determine target rule information corresponding to the target middleware; that is, the processor may detect whether a corresponding field in the Web request meets a field requirement by using the middleware according to rule information (i.e., target rule information) in a rule information base corresponding to the middleware (i.e., target middleware) for detecting the Web request. When the middleware can correspond to Web requests of multiple request types, if the middleware corresponds to Web requests of all request types, the processor in the step can determine target rule information corresponding to the Web requests from the rule information base according to the request types of the Web requests; that is, the target middleware may detect whether a corresponding field in the Web request meets a field requirement according to rule information (i.e., target rule information) in a rule information base corresponding to a request type of the received Web request. If each middleware corresponds to a partial request type Web request, the processor determines a target middleware corresponding to the Web request in the security middleware according to the request group information corresponding to each security middleware; determining target rule information corresponding to the target middleware according to the request type of the Web request; for example, the processor may determine, according to information (i.e., request group information, such as a request type information group) of a combination of Web requests of different request types, which are processed by different middleware (i.e., security middleware) for detecting the Web request, middleware (i.e., a target middleware) corresponding to the request type of the Web request in the security middleware, so that the processor may detect, by using the target middleware, whether a corresponding field in the Web request meets a field requirement according to rule information (i.e., target rule information) in a rule information base corresponding to the request type of the received Web request. The present embodiment does not set any limit to this.
Step 103: detecting whether a target field in the Web request meets the field requirement by using target middleware according to the target rule information; if yes, go to step 103.
Specifically, the target MiddleWare in this step may be MiddleWare (MiddleWare) that detects a corresponding field (i.e., a target field) in the obtained Web request by using the target rule information, that is, MiddleWare that performs Web security protection on the obtained Web request; that is to say, in this embodiment, after the Web request of the client is obtained, the middleware (i.e., the target middleware) corresponding to the Web request may perform Web security protection on the Web request first, and then transmit the Web request meeting the field requirement to the actual service logic for processing.
It should be noted that, in this step, the processor may detect, by using the target middleware, whether a target field corresponding to the target rule information in the Web request is a preset requirement (i.e., a field requirement) in the target rule information, that is, by comparing a field to be detected in the Web request with the field requirement, the Web security protection is implemented.
Correspondingly, the step can also include a process of determining a target middleware before the step, for example, the processor can determine the request type of the Web request, and select a security middleware matched with the request type from the plurality of security middleware as the target middleware; that is to say, when each security middleware performs Web security protection on a Web request of a corresponding request type, the processor may determine a target middleware from the multiple security middleware according to the request type of the Web request; the security middleware may be a middleware for performing Web security protection on the corresponding Web request by using the rule information in the rule information base. When one security middleware performs Web security protection on Web requests of all request types, the processor can also directly take the security middleware as target middleware. The present embodiment does not set any limit to this.
In this embodiment, a middleware (e.g., a security middleware) may be deployed on a VPN (Virtual Private Network) management platform, may be deployed in a Web server, or may be deployed in a gateway device, a firewall, or a VPN device, and is used to screen and intercept a Web request before the Web request reaches a background service logic. If the number of the middleware is multiple, multiple middleware may be deployed in the same physical device, or may be deployed in multiple physical devices. The rule information in the rule information base is stored in a form of a security patch (namely independent of background business logic codes), and the middleware can call the security patch, analyze the rules of the security patch and screen and intercept the Web request according to the rules of the security patch. In this embodiment, if a vulnerability exists in the service logic, the vulnerability can be repaired by updating or adding the security patch. Because the security patch is independent of the background service code, the service code does not need to be changed when the bug is repaired.
For example, when security middleware (SPM, i.e. security patch middleware) is integrated on a VPN management platform, there is an injection vulnerability in the VPN team internal audit discovery/api/ssl/handle _ a code, the injection being due to the request parameter param 1; the VPN team may not modify the handle _ a code directly, but solve the problem through SPM, such as adding rule information of { "rule ID": R0009 "," path ":'/api/ssl/handle _ a", "threateItems" [ { "Field": param1 "," Pattern ": xxxx" }, ] } to the rule information base and updating to the rule information base upgrade server; all VPN devices regularly check whether a rule information base upgrading server is updated or not, and when an updated rule information R0009 is found, a local rule information base is updated; subsequently, if the user of the VPN device accesses the console: the Web request reaches a Web server, and the Web server can flow to the SPM according to the middleware pipeline principle; when the SPM checks a local rule information base and finds that the R0009 rule matches the request path,/api/ssl/handle _ a, whether the param1 of the request parameter is legal (for example, matching Pattern) is judged according to the R0009 rule, if the param1 of the request parameter is illegal, the judgment is an attack aiming at the vulnerability, and the SPM can intercept and stop the Web request so that the Web request cannot be sent to the handle _ a code with the vulnerability.
The condition that the target field in the Web request in the step does not meet the field requirement can be set by a designer, for example, the processor can determine that the Web request is an illegal request and intercept the Web request so as to avoid performing service processing on the illegal request; the processor may also record the Web request to facilitate subsequent data analysis.
For example, there is an injection problem for the IP address in the data of the Web request corresponding to the/api/device interface, such as "xx" of the IP field in { "deviceId": "xxx", "IP": "xx"; the rule information base may include rule information for the above problem, such as { "rule id": xxxxx "," path ":/api/device", "threatItems" [ { "Field": IP "," Pattern ": xxxx" }, ] }, and the rule information may indicate that the IP Field of/api/device must conform to the regular expression "xxxx", otherwise, the Web request may be determined to be an illegal request by an injection attack for the interface.
Further, in this embodiment, the processor may record the number of times of the illegal request corresponding to the source information of the Web request after determining that the Web request is the illegal request, so that when the number of times of the illegal request corresponding to the source information reaches a threshold value, the subsequently received Web request corresponding to the source information is directly intercepted to prevent the explosion attack of the model attacker; that is, in this embodiment, before step 103, the processor may detect whether the number of illegal requests corresponding to the source information in the Web request reaches a threshold; if the threshold value is reached, intercepting the Web request; if the number of illegal requests corresponding to the source information in the Web request does not reach the threshold value, the process proceeds to step 103, and if the number of illegal requests corresponding to the source information in the Web request does not reach the threshold value, the target middleware is used to detect whether the target field meets the field requirement according to the target rule information. For example, the processor may directly intercept the Web request when detecting that URL (Uniform Resource Locator) information and/or user information (i.e., source information) in the Web request is interception source information (i.e., URL information and/or user information) in which the number of times of the recorded illegal requests reaches a threshold value.
Step 104: the Web request is processed.
It can be understood that, in this step, when the target middleware detects that the target field in the Web request meets the field requirement, the processor may determine that the Web request is a legal request, and perform service processing on the Web request; as shown in fig. 2, after detecting that a corresponding field in a Web request of a user meets a field requirement by using a security patch rule (i.e., rule information), Middleware (Middleware) may transmit the Web request to a corresponding service code to process the Web request, so as to complete service processing of the Web request.
In this embodiment, according to the target rule information, the target middleware is used to detect whether the target field in the Web request meets the field requirement, and before the middleware is used to process the service of the Web request, the corresponding field in the Web request can be detected according to the field requirement in the target rule information, so that Web security protection is performed in a white list manner, the problem of mistaken killing or bypassing of a WAF black list is avoided, the protection effect is improved, and the security of equipment is ensured.
Based on the above embodiment, the request processing method provided by the embodiment of the present invention may further include a process of updating rule information in the rule information base, so that when discovering that a certain API has a bug, a manager may repair the bug by updating corresponding rule information.
Specifically, the present embodiment does not limit the specific way in which the processor updates the rule information in the local rule information base, for example, in the present embodiment, the processor may obtain the updated rule information from the server according to the received rule update information from the server; wherein the rule update information is used to indicate that the server contains updated rule information; and updating the rule information base through the updated rule information. In this embodiment, the processor may also query and acquire updated rule information from the server at preset time intervals; and updating the rule information base through the updated rule information.
Correspondingly, the specific mode of updating the rule information base through the updated rule information can be set by a designer, for example, the processor can newly add the updated rule information to the rule information base; for example, the processor may directly add the updated rule information to the rule information base, or add the updated rule information to the rule information base if the rule information base does not have the low version of the rule information corresponding to the updated rule information. The processor can also replace the first rule information in the rule information base with the updated rule information; wherein the version of the first rule information is lower than the updated rule information; that is, in the case where there is a low version of rule information (i.e., first rule information) corresponding to the updated rule information in the rule information base, the processor may replace the first rule information in the rule information base with the updated rule information, thereby implementing security patch coverage on the historical version.
Corresponding to the above method embodiments, the present invention further provides a request processing apparatus, and the request processing apparatus described below and the request processing method described above may be referred to correspondingly.
Referring to fig. 3, fig. 3 is a block diagram of a request processing device according to an embodiment of the present invention. The apparatus may include:
an obtaining module 10, configured to obtain a Web request;
a determining module 20, configured to determine target rule information corresponding to the Web request from a rule information base; the target rule information is used for representing field requirements for Web requests, and the rule information base comprises at least one item of rule information;
the detection module 30 is configured to detect whether a target field in the Web request meets a field requirement by using the target middleware according to the target rule information;
and the processing module 40 is used for processing the Web request if the field requirement is met.
Optionally, the determining module 20 may be specifically configured to determine, according to the request type of the Web request, target rule information corresponding to the Web request from a rule information base.
Optionally, the apparatus may further include:
the type determining module is used for determining the request type of the Web request;
and the safety piece selecting module is used for selecting the safety middleware matched with the request type from the plurality of safety middleware as the target middleware.
Optionally, the field requirement is specifically a regular expression.
Optionally, the apparatus may further include:
and the interception module is used for determining that the Web request is an illegal request and intercepting the Web request if the target field does not meet the field requirement.
Optionally, the apparatus may further include:
the times detection module is used for detecting whether the times of illegal requests corresponding to the source information in the Web request reach a threshold value; if the threshold value is reached, intercepting the Web request;
correspondingly, the detecting module 30 may be specifically configured to, under the condition that the number of times of the illegal request corresponding to the source information in the Web request does not reach the threshold, detect whether the target field meets the field requirement by using the target middleware according to the target rule information;
correspondingly, the device can further comprise:
and the recording module is used for recording the illegal request times corresponding to the source information in the Web request after the Web request is determined to be the illegal request.
Optionally, the apparatus may further include:
the updating receiving module is used for acquiring the updated rule information from the server if the rule updating information from the server is received; wherein the rule update information is used to indicate that the server contains updated rule information;
and the updating module is used for updating the rule information base through the updated rule information.
Optionally, the update module may be specifically configured to add the updated rule information to the rule information base; or replacing the first rule information in the rule information base with the updated rule information; wherein the version of the first rule information is lower than the updated rule information.
Optionally, the rule information base is a security patch base, and the rule information in the rule information base is a security patch.
In this embodiment, the detection module 30 detects whether the target field in the Web request meets the field requirement by using the target middleware according to the target rule information, and can detect the corresponding field in the Web request by using the field requirement in the target rule information before processing the service of the Web request by using the middleware, so as to perform Web security protection by using a white list, thereby avoiding the problem of mistaken killing or bypassing of a WAF black list, improving the protection effect, and ensuring the security of equipment.
Corresponding to the above method embodiment, the embodiment of the present invention further provides a request processing device, and a request processing device described below and a request processing method described above may be referred to in correspondence with each other.
Referring to fig. 4, fig. 4 is a schematic structural diagram of a request processing device according to an embodiment of the present invention. The request processing device may include:
a memory D1 for storing computer programs;
the processor D2 is configured to implement the steps of the request processing method provided by the above method embodiments when executing the computer program.
Specifically, referring to fig. 5, fig. 5 is a schematic diagram illustrating a specific structure of a request processing device according to an embodiment of the present invention, where the request processing device may have a relatively large difference due to different configurations or performances, and may include one or more processors (CPUs) 322 (e.g., one or more processors) and a memory 332, and one or more storage media 330 (e.g., one or more mass storage devices) storing an application 342 or data 344. Memory 332 and storage media 330 may be, among other things, transient storage or persistent storage. The program stored on the storage medium 330 may include one or more modules (not shown), each of which may include a series of instructions operating on a data processing device. Still further, the central processor 322 may be configured to communicate with the storage medium 330 to execute a series of instruction operations in the storage medium 330 on the request processing device 310.
The request processing apparatus 310 may also include one or more power supplies 326, one or more wired or wireless network interfaces 350, one or more input-output interfaces 358, and/or one or more operating systems 341. Such as Windows Server, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, etc.
The request processing device 310 may be specifically a boundary class management control device of a private cloud or a public cloud, such as a firewall device, a VPN device, a load balancing device, or a Web server.
The steps in the request processing method described above may be implemented by the structure of the request processing device.
Corresponding to the above method embodiment, the embodiment of the present invention further provides a readable storage medium, and a readable storage medium described below and a request processing method described above may be referred to in correspondence with each other.
A readable storage medium, on which a computer program is stored, which, when executed by a processor, implements the steps of the request processing method provided by the above-described method embodiments.
The readable storage medium may be a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and various other readable storage media capable of storing program codes.
The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. The device, the apparatus and the readable storage medium disclosed by the embodiments correspond to the method disclosed by the embodiments, so that the description is simple, and the relevant points can be referred to the method part for description.
The above description details a request processing method, apparatus, device and readable storage medium provided by the present invention. The principles and embodiments of the present invention are explained herein using specific examples, which are presented only to assist in understanding the method and its core concepts. It should be noted that, for those skilled in the art, it is possible to make various improvements and modifications to the present invention without departing from the principle of the present invention, and those improvements and modifications also fall within the scope of the claims of the present invention.
Claims (12)
1. A method for processing a request, comprising:
acquiring a Web request;
determining target rule information corresponding to the Web request from a rule information base; wherein the target rule information is used for representing field requirements for the Web request, and the rule information base comprises at least one item of rule information;
detecting whether a target field in the Web request meets the field requirement or not by using target middleware according to the target rule information;
and if so, processing the Web request.
2. The method according to claim 1, wherein the determining the target rule information corresponding to the Web request from a rule information base comprises:
and determining target rule information corresponding to the Web request from a rule information base according to the request type of the Web request.
3. The method according to claim 1, wherein before detecting, by using a target middleware, whether a target field in the Web request meets the field requirement according to the target rule information, the method further comprises:
determining the request type of the Web request;
and selecting the security middleware matched with the request type from the plurality of security middleware as the target middleware.
4. The request processing method according to claim 1, wherein the field requirement is a regular expression.
5. The method according to claim 1, wherein after detecting, by using a target middleware, whether a target field in the Web request meets the field requirement according to the target rule information, the method further comprises:
and if the target field does not meet the field requirement, determining that the Web request is an illegal request, and intercepting the Web request.
6. The method according to claim 1, wherein before detecting, by using a target middleware, whether a target field in the Web request meets the field requirement according to the target rule information, the method further comprises:
detecting whether the number of illegal requests corresponding to the source information in the Web request reaches a threshold value;
if the threshold value is reached, the Web request is intercepted;
the detecting, by using the target middleware, whether the target field in the Web request meets the field requirement according to the target rule information includes:
under the condition that the number of illegal requests corresponding to the source information in the Web request does not reach a threshold value, detecting whether the target field meets the field requirement or not by using the target middleware according to the target rule information;
correspondingly, after the determining that the Web request is an illegal request, the method further includes:
and recording the number of times of illegal requests corresponding to the source information in the Web request.
7. The request processing method according to any one of claims 1 to 6, further comprising:
if rule updating information from a server is received, acquiring the updated rule information from the server; wherein the rule update information is used to indicate that the server contains the updated rule information;
and updating the rule information base through the updated rule information.
8. The method according to claim 7, wherein the updating the rule information base by the updated rule information comprises:
newly adding the updated rule information to the rule information base;
or replacing the first rule information in the rule information base with the updated rule information; wherein a version of the first rule information is lower than the updated rule information.
9. The request processing method according to claim 1, wherein the rule information base is a security patch base, and the rule information in the rule information base is a security patch.
10. A request processing apparatus, comprising:
the acquisition module is used for acquiring the Web request;
the determining module is used for determining target rule information corresponding to the Web request from a rule information base; wherein the target rule information is used for representing field requirements for the Web request, and the rule information base comprises at least one item of rule information;
the detection module is used for detecting whether a target field in the Web request meets the field requirement or not by using target middleware according to the target rule information;
and the processing module is used for processing the Web request if the field requirement is met.
11. A request processing device, comprising:
a memory for storing a computer program;
a processor for implementing the steps of the request processing method of any one of claims 1 to 9 when executing the computer program.
12. A readable storage medium, characterized in that the readable storage medium has stored thereon a computer program which, when being executed by a processor, carries out the steps of the request processing method according to any one of claims 1 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111320306.1A CN114039778A (en) | 2021-11-09 | 2021-11-09 | Request processing method, device, equipment and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111320306.1A CN114039778A (en) | 2021-11-09 | 2021-11-09 | Request processing method, device, equipment and readable storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114039778A true CN114039778A (en) | 2022-02-11 |
Family
ID=80143653
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111320306.1A Pending CN114039778A (en) | 2021-11-09 | 2021-11-09 | Request processing method, device, equipment and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114039778A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114553550A (en) * | 2022-02-24 | 2022-05-27 | 京东科技信息技术有限公司 | Request detection method and device, storage medium and electronic equipment |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070022119A1 (en) * | 2005-07-22 | 2007-01-25 | Patrick Roy | Rich Web application input validation |
| US8806605B1 (en) * | 2008-01-11 | 2014-08-12 | Juniper Networks, Inc. | Provisioning network access through a firewall |
| CN107644166A (en) * | 2017-09-22 | 2018-01-30 | 成都知道创宇信息技术有限公司 | It is a kind of based on the WEB application safety protecting method learnt automatically |
| CN108111466A (en) * | 2016-11-24 | 2018-06-01 | 北京金山云网络技术有限公司 | A kind of attack detection method and device |
| CN110213208A (en) * | 2018-05-09 | 2019-09-06 | 腾讯科技(深圳)有限公司 | A kind of method and apparatus and storage medium of processing request |
| CN111786959A (en) * | 2020-06-10 | 2020-10-16 | 中移(杭州)信息技术有限公司 | Security protection method, WAF system, electronic device and storage medium |
| WO2021027150A1 (en) * | 2019-08-13 | 2021-02-18 | 平安国际智慧城市科技股份有限公司 | Server security detection method and apparatus, computer device, and storage medium |
-
2021
- 2021-11-09 CN CN202111320306.1A patent/CN114039778A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070022119A1 (en) * | 2005-07-22 | 2007-01-25 | Patrick Roy | Rich Web application input validation |
| US8806605B1 (en) * | 2008-01-11 | 2014-08-12 | Juniper Networks, Inc. | Provisioning network access through a firewall |
| CN108111466A (en) * | 2016-11-24 | 2018-06-01 | 北京金山云网络技术有限公司 | A kind of attack detection method and device |
| CN107644166A (en) * | 2017-09-22 | 2018-01-30 | 成都知道创宇信息技术有限公司 | It is a kind of based on the WEB application safety protecting method learnt automatically |
| CN110213208A (en) * | 2018-05-09 | 2019-09-06 | 腾讯科技(深圳)有限公司 | A kind of method and apparatus and storage medium of processing request |
| WO2021027150A1 (en) * | 2019-08-13 | 2021-02-18 | 平安国际智慧城市科技股份有限公司 | Server security detection method and apparatus, computer device, and storage medium |
| CN111786959A (en) * | 2020-06-10 | 2020-10-16 | 中移(杭州)信息技术有限公司 | Security protection method, WAF system, electronic device and storage medium |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114553550A (en) * | 2022-02-24 | 2022-05-27 | 京东科技信息技术有限公司 | Request detection method and device, storage medium and electronic equipment |
| CN114553550B (en) * | 2022-02-24 | 2024-02-02 | 京东科技信息技术有限公司 | Request detection method and device, storage medium and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109076063B (en) | Protecting dynamic and short-term virtual machine instances in a cloud environment | |
| US10911479B2 (en) | Real-time mitigations for unfamiliar threat scenarios | |
| US10320833B2 (en) | System and method for detecting creation of malicious new user accounts by an attacker | |
| CN102694817B (en) | The whether abnormal method of the network behavior of a kind of recognizer, Apparatus and system | |
| US11086983B2 (en) | System and method for authenticating safe software | |
| US7506056B2 (en) | System analyzing configuration fingerprints of network nodes for granting network access and detecting security threat | |
| CN104270467B (en) | A kind of virtual machine management-control method for mixed cloud | |
| US9338187B1 (en) | Modeling user working time using authentication events within an enterprise network | |
| CN108183900B (en) | Method, server, system, terminal device and storage medium for detecting mining script | |
| CN109379347B (en) | Safety protection method and equipment | |
| US11621974B2 (en) | Managing supersedence of solutions for security issues among assets of an enterprise network | |
| US10826756B2 (en) | Automatic generation of threat remediation steps by crowd sourcing security solutions | |
| US20190245870A1 (en) | Mitigating communication and control attempts | |
| CN111431753A (en) | Asset information updating method, device, equipment and storage medium | |
| CN107623693B (en) | Domain name resolution protection method, device, system, computing equipment and storage medium | |
| US20220083659A1 (en) | Utilizing Machine Learning to detect malicious executable files efficiently and effectively | |
| CN112291258A (en) | Gateway risk control method and device | |
| CN108809950B (en) | Wireless router protection method and system based on cloud shadow system | |
| CN109818972B (en) | Information security management method and device for industrial control system and electronic equipment | |
| CN113923008B (en) | Malicious website interception method, device, equipment and storage medium | |
| CN114039778A (en) | Request processing method, device, equipment and readable storage medium | |
| CN114900341A (en) | Scanning detection method, device, system, equipment and medium in mixed cloud environment | |
| CN111258712B (en) | Method and system for protecting safety of virtual machine under virtual platform network isolation | |
| CN113900679A (en) | Patch installation method and device, computer equipment and storage medium | |
| CN113704749A (en) | Malicious excavation detection processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |