CN102176722A - Method and system for preventing page tampering based on front-end gateway - Google Patents
Method and system for preventing page tampering based on front-end gateway Download PDFInfo
- Publication number
- CN102176722A CN102176722A CN2011100639401A CN201110063940A CN102176722A CN 102176722 A CN102176722 A CN 102176722A CN 2011100639401 A CN2011100639401 A CN 2011100639401A CN 201110063940 A CN201110063940 A CN 201110063940A CN 102176722 A CN102176722 A CN 102176722A
- Authority
- CN
- China
- Prior art keywords
- page
- gateway
- website
- targeted website
- site
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a method and system for preventing page tampering based on a front-end gateway, belonging to the technical field of information safety. The method comprises the following steps: a) the gateway builds the mirror site of a target site and stores the check value of each page of the target site; and b) the gateway compares the check values of the pages of the target site with those of the pages of the mirror site according to the set period, and if the check values are different, the access request of the page of the target site with different check values is redirected to a corresponding page in the mirror site. The gateway comprises an initialization module, a tampering detection module and a request redirection module, wherein the initialization module is used for building the mirror site of the target site and storing the check value of each page of the site; the tampering detection module is used for comparing the check values of the pages of the target site with those of the pages of the mirror site according to the set period; and the request redirection module is used for redirecting the access request of the page of the target site with different check values to the corresponding page in the mirror site. The method and the system can be used for safely protecting the site.
Description
Technical field
The present invention relates to computer network security.Specifically, relate to based on preposition gateway and realize Website page is distorted the method and system that detect and distort protection, belong to field of information security technology.
Background technology
Website (website) is on the internet, according to certain rule, uses the set of related pages that is used to show certain content of tool making such as HTML.In brief, the website is a kind of communication tool, is used for issuing wanting disclosed information.The page (webpage) is the basic element that constitutes the website, is the platform that use the various websites of carrying.The user obtains the service that the website provides by the page of access websites, and the page is web site contents is transmitted in a carrier from the website to the user.Present most of government and enterprise have all set up the website of oneself, and the user not only can grasp information by the Website login browsing pages, and can finish more complicated operations by submitting the modification page to.
The page is the basis that the website provides diversified service, in case the page is distorted, will cause the image of whole website to seriously influence even great economic loss is caused in the website.The page was distorted and was become main mode and the means that the website is attacked present stage, and it is fast that it has propagation velocity, and coverage is wide, takes precautions against characteristics such as difficulty in advance, and website under attack can't provide the normal page to the user.
At present, the page technology of distorting protection mainly contains embedding technique and Event triggered technology in plug-in polling technique, the core.These distort preventive means all is to distort securing software and website Web server close-coupled together, and require the user to carry out page management by the page management interface of special use, thereby cause and distort securing software and depend critically upon the Web system platform and lack versatility, and disturb the original management mode in website.For example will distort trace routine usually and be embedded in the Website server, the shielded Web page will be carried out the attribute change monitoring by Microsoft's filter Driver on FSD technology based on the page tamper protection of Event triggered technology.The problem of this method is: the first, and the filter Driver on FSD technology depends critically upon website Web server and operating system, and lacks basic versatility; Second, whether the variation that this method can't be distinguished this document attribute from essence belongs to normal modification, be that rough thinking has only the file modification that is undertaken by the proprietary management interface of distorting guard system and providing to be only normally, this has disturbed the Website page management in the legitimacy of in fact having got rid of the original management mode of Website page.
Summary of the invention
The objective of the invention is to overcome problems of the prior art, propose a kind of page tamper resistant method and system based on preposition gateway.The page tamper-resistance techniques that the present invention proposes based on preposition gateway, realize the protection of distorting by the preposition proxy gateway of Website server to the page of website, and do not rely on the Web server and the operating system of website, do not disturb the existing page management pattern in website yet.
In order to realize purpose of the present invention, the present invention adopts following technical scheme:
A kind of page tamper resistant method based on preposition gateway, described gateway is characterized in that between website and client described method comprises: a) described gateway is set up the mirror site of targeted website, and stores the check value of each page of targeted website; B) described gateway compares by the check value of the cycle of setting to the targeted website page and the mirror site page, when finding that not simultaneously the access request of the targeted website page that check value is different is redirected to the respective page in the mirror site.Described method also can comprise: during c) keeper made amendment to the targeted website, described gateway was redirected to respective page in the mirror site with the access request of the page of targeted website; After described modification was finished, described gateway upgraded the mirror site and the check value of targeted website.
A kind of page tamper resistant systems based on preposition gateway, described system comprises the gateway between website and client, it is characterized in that, described gateway comprises initialization module, distorts detection module and request redirection module: described initialization module is used to set up the mirror site of targeted website, and stores the check value of each page in the described website; The described detection module of distorting is used for comparing by the check value of the cycle of setting to the targeted website page and the mirror site page; The access request that the described request redirection module is used for the targeted website page that check value is different is redirected to the respective page of mirror site.Described gateway also can comprise the mirror image synchronization module, and described mirror image synchronization module is used for according to the targeted website mirror site being carried out synchronously.
Below the present invention is more specifically illustrated.
One. page tamper resistant method
In technical scheme of the present invention, preposition gateway is the shielded Web of agency website comprehensively, is submitted to gateway earlier and then is transmitted to the Web website from the HTTP request of client, and the HTTP that Web returns the website replys and arrives gateway earlier and then be transmitted to client.In the Web website during first protected or each content modification, gateway is set up page mirror image to shielded Web website by synchronization scenario in this locality, detects the correctness reference and distorts redirection target under a situation arises as follow-up distorting.Gateway periodically extracts the content of pages in the Web website, compares with the local mirror image of aforementioned foundation then, to detect the generation that the page is distorted.Under the situation that the generation page is distorted, request is redirected to the correct page of preserving in the local mirror image to gateway to client side HTTP, avoids distorting content and flows to client, realizes distorting protection.
Put it briefly, page tamper resistant method of the present invention mainly comprises: mirror image is set up with synchronously, is distorted and detect and distort protection.
Mirror image is set up with synchronously
When mirror image is set up and to be occurred in the Web website and be subjected to the gateway anti-tampering protection first.Gateway can obtain page directory structure and pagefile on the target Web website with http protocol by the reptile program, sets up the mirror image M of this Web website in this locality
Base, calculate the check value (such as cryptographic Hash) of each file, and preserve.Here the record with the All Files hash value is designated as F
Hash
When the keeper makes amendment to the Web web site contents, at first on gateway, submit page amendment advice to, gateway knows that legal modifications will take place web site contents, the record current time is designated as T
AstartGateway replaces protected website that mirroring service outwards is provided during this period; with the page request of local mirror image replacement website acknowledged client end, when guaranteeing to provide normal page access service, avoid any outside malicious user directly to have access to shielded website.Simultaneously, gateway stops all and distorts and detect or simultaneous operation.
When the keeper revises when finishing the Web web site contents, on gateway, submit to the page to revise and finish notice.Gateway knows that Website page is revised and finishes that the record current time is T
Astop, the file synchronization that gateway initiatively upgrades the website during this period is to the existing mirror image M of gateway
BaseIn, then will calculate the cryptographic Hash of back image file synchronously, with the last F
HashCompare, analyze the file of renewal, upgrade F simultaneously
Hash
Distort detection
Distort in the detection scheme at the page of the present invention, the note gateway time is t, if t does not belong to T
AstartTo T
AstopTime interval, then t be considered to unauthorized during, the Website page that takes place in is during this period revised and then is considered to the malice tampering.During unauthorized, gateway adopts plug-in polling technique periodically to extract the current page content and provisional being saved in the local page staging directory of gateway, detects for follow-up comparison, is designated as M
Check. concrete operations are described below:
With M
CheckAnd M
BaseBe kept at local diverse location, traversal M
CheckIn file, calculate the cryptographic Hash of each file, and with the cryptographic Hash and the M of this document
BaseF
HashThe cryptographic Hash of middle respective file is compared, and following three kinds of situations are arranged:
M
CheckIn file and M
BaseF
HashThe cryptographic Hash of the respective file of preserving in the file is inequality, shows in this document is during unauthorized to be modified, and thinks that then this document is maliciously tampered;
M
CheckIn file at M
BaseF
HashCan not find corresponding file in the file, show in this document is during unauthorized and added by malice;
M
CheckIn file traversal finish after, and M
BaseF
HashStill have file not compare in the file, show in this document is during unauthorized and deleted by malice.
Distort protection
The page of the present invention is distorted protection scheme: the page in finding the website revised mala fide during unauthorized, added, when deleting, and gateway is asked directional technology by HTTP, and request target is redirected to M
BaseMiddle corresponding page.When the website returned to normal condition, the user can close redirected and directly provide service to the user by the website.
Two. page tamper resistant systems
Page tamper resistant systems provided by the invention mainly comprises following modules on function: initialization module, the synchronous update module of mirror image, distort detection module, the request redirection module.
The major function of described initialization module is the mirror image that sets up a web site.
The major function of described mirror image synchronization module is according to content of pages on the gateway local mirror image to be carried out synchronously.
Described major function of distorting detection module is to extract the current up-to-date content of pages in website according to configuration cycle to distort detection.
The major function of described request redirection module be when distort detection module detect unusual after, replace the website that normal page service is provided.
Compare with prior art, the invention has the beneficial effects as follows:
1. can in time determine the generation of the illegal tampering of the page and the safeguard protection of the page under the situation of distorting is provided;
2. any plug-in unit need be installed on the website;
3. do not rely on the Web server and the operating system of website;
4. do not disturb the page management pattern of website.
Description of drawings
Fig. 1 is the composition and the function distribution map of embodiment gateway system;
Fig. 2 is the logical execution flow figure of embodiment gateway system.
Embodiment
Below in conjunction with drawings and Examples the present invention is further described.
As shown in Figure 1, gateway is deployed between client and the Web service, gateway plays agency effect, makes client not walk around gateway and directly visits Web service, and replace server to provide correct Web page service to the user under the situation of generation distorting.
As shown in Figure 2, use and the execution in step at the anti-tamper gateway of the page is:
1. gateway is configured setting, gateway system will be set up local mirror image to shielded Web service after setting is finished.
2. if the keeper submits page amendment advice on gateway, this explanation web site contents has carried out legal modifications, and it is synchronous that system need carry out mirror image:
A) open redirection function, make gateway replace the website that page service is provided; The mirror image synchronous regime is set, suspends and distort measuring ability;
B) the local mirror image of up-to-date page content update on the use website.
C) wait for that the keeper submits to the page to revise and finishes notice.
D) close redirection function, allow client directly to have access to Website page.
3., then distort detection if the keeper does not submit page amendment advice on gateway:
A) the current page content of obtaining on the website arrives the local page staging directory, calculates hash value, with the respective value comparison in the local mirror image;
B) if distort, then open redirection function, make client can only have access to the content in the gateway mirror image.
C) if do not distort, wait for and distort sense cycle next time.
Claims (6)
1. page tamper resistant method based on preposition gateway, described gateway is characterized in that between website and client described method comprises:
A) described gateway is set up the mirror site of targeted website, and stores the check value of each page of targeted website;
B) described gateway compares by the check value of the cycle of setting to the targeted website page and the mirror site page, when finding that not simultaneously the access request of the targeted website page that check value is different is redirected to the respective page in the mirror site.
2. the page tamper resistant method based on preposition gateway as claimed in claim 1 is characterized in that described method also comprises:
C) during the keeper made amendment to the targeted website, described gateway was redirected to respective page in the mirror site with the access request of the page of targeted website; After described modification was finished, described gateway upgraded the mirror site and the check value of targeted website.
3. the page tamper resistant method based on preposition gateway as claimed in claim 1 or 2, it is characterized in that, in step a), described gateway obtains page directory structure and pagefile on the targeted website by the reptile program with http protocol, and sets up the mirror site of described targeted website.
4. the page tamper resistant method based on preposition gateway as claimed in claim 1 or 2 is characterized in that described check value is a hash value.
5. page tamper resistant systems based on preposition gateway, described system comprises the gateway between website and client, it is characterized in that, described gateway comprises initialization module, distorts detection module and request redirection module:
Described initialization module is used to set up the mirror site of targeted website, and stores the check value of each page in the described website;
The described detection module of distorting is used for comparing by the check value of the cycle of setting to the targeted website page and the mirror site page;
The access request that the described request redirection module is used for the targeted website page that check value is different is redirected to the respective page of mirror site.
6. the page tamper resistant systems based on preposition gateway as claimed in claim 5 is characterized in that described gateway also comprises the mirror image synchronization module, and described mirror image synchronization module is used for according to the targeted website mirror site being carried out synchronously.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201110063940 CN102176722B (en) | 2011-03-16 | 2011-03-16 | Method and system for preventing page tampering based on front-end gateway |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201110063940 CN102176722B (en) | 2011-03-16 | 2011-03-16 | Method and system for preventing page tampering based on front-end gateway |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102176722A true CN102176722A (en) | 2011-09-07 |
| CN102176722B CN102176722B (en) | 2013-07-03 |
Family
ID=44519820
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201110063940 Expired - Fee Related CN102176722B (en) | 2011-03-16 | 2011-03-16 | Method and system for preventing page tampering based on front-end gateway |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102176722B (en) |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102546253A (en) * | 2012-01-05 | 2012-07-04 | 中国联合网络通信集团有限公司 | Webpage tamper-resistant method, system and management server |
| CN102624713A (en) * | 2012-02-29 | 2012-08-01 | 深信服网络科技(深圳)有限公司 | Website tampering identification method and website tampering identification device |
| CN102801711A (en) * | 2012-07-10 | 2012-11-28 | 中国科学技术大学 | Autonomous controllable website safety defensive system based on hardware processing board |
| CN103095530A (en) * | 2013-01-21 | 2013-05-08 | 中国科学院信息工程研究所 | Method and system for sensitive information monitoring and leakage prevention based on front-end gateway |
| CN103118033A (en) * | 2013-03-04 | 2013-05-22 | 星云融创(北京)信息技术有限公司 | Method and device for defending user website from being tampered |
| CN103236932A (en) * | 2013-05-07 | 2013-08-07 | 安徽海加网络科技有限公司 | Webpage tamper-proofing device and method based on access control and directory protection |
| CN103581182A (en) * | 2013-10-30 | 2014-02-12 | 汉柏科技有限公司 | Web message releasing method and device |
| WO2014206223A1 (en) * | 2013-06-27 | 2014-12-31 | 华为终端有限公司 | Method, server, and client for securely accessing web application |
| CN105978908A (en) * | 2016-07-08 | 2016-09-28 | 北京奇虎科技有限公司 | Non-real-time information website security protection method and apparatus |
| CN108173879A (en) * | 2018-02-09 | 2018-06-15 | 杭州默安科技有限公司 | A kind of method of website falsification-proof, equipment and system |
| CN110071912A (en) * | 2019-03-26 | 2019-07-30 | 阿里巴巴集团控股有限公司 | Data checking method, device and system |
| CN110912918A (en) * | 2019-12-02 | 2020-03-24 | 泰康保险集团股份有限公司 | Page repairing method and device |
| CN111510432A (en) * | 2020-03-18 | 2020-08-07 | 大箴(杭州)科技有限公司 | Safety monitoring method, device and equipment for website abnormity |
| CN114444127A (en) * | 2021-10-28 | 2022-05-06 | 中国南方电网有限责任公司超高压输电公司 | WEB page tampering detection method and system |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101626368A (en) * | 2008-07-11 | 2010-01-13 | 中联绿盟信息技术(北京)有限公司 | Device, method and system for preventing web page from being distorted |
-
2011
- 2011-03-16 CN CN 201110063940 patent/CN102176722B/en not_active Expired - Fee Related
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101626368A (en) * | 2008-07-11 | 2010-01-13 | 中联绿盟信息技术(北京)有限公司 | Device, method and system for preventing web page from being distorted |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102546253A (en) * | 2012-01-05 | 2012-07-04 | 中国联合网络通信集团有限公司 | Webpage tamper-resistant method, system and management server |
| CN102624713A (en) * | 2012-02-29 | 2012-08-01 | 深信服网络科技(深圳)有限公司 | Website tampering identification method and website tampering identification device |
| CN102624713B (en) * | 2012-02-29 | 2016-01-06 | 深信服网络科技(深圳)有限公司 | The method of website tamper Detection and device |
| CN102801711B (en) * | 2012-07-10 | 2015-03-25 | 中国科学技术大学 | Autonomous controllable website safety defensive system based on hardware processing board |
| CN102801711A (en) * | 2012-07-10 | 2012-11-28 | 中国科学技术大学 | Autonomous controllable website safety defensive system based on hardware processing board |
| CN103095530A (en) * | 2013-01-21 | 2013-05-08 | 中国科学院信息工程研究所 | Method and system for sensitive information monitoring and leakage prevention based on front-end gateway |
| CN103095530B (en) * | 2013-01-21 | 2016-09-07 | 中国科学院信息工程研究所 | The monitoring of a kind of sensitive information based on preposition gateway and leakage prevention method and system |
| CN103118033A (en) * | 2013-03-04 | 2013-05-22 | 星云融创(北京)信息技术有限公司 | Method and device for defending user website from being tampered |
| CN103118033B (en) * | 2013-03-04 | 2016-04-06 | 星云融创(北京)科技有限公司 | A kind of defend user website to be tampered method and device |
| CN103236932A (en) * | 2013-05-07 | 2013-08-07 | 安徽海加网络科技有限公司 | Webpage tamper-proofing device and method based on access control and directory protection |
| CN104253791A (en) * | 2013-06-27 | 2014-12-31 | 华为终端有限公司 | Webpage application security access method, server and client |
| WO2014206223A1 (en) * | 2013-06-27 | 2014-12-31 | 华为终端有限公司 | Method, server, and client for securely accessing web application |
| US9830454B2 (en) | 2013-06-27 | 2017-11-28 | Huawei Device (Dongguan) Co., Ltd. | Web application security access method, server, and client |
| CN103581182A (en) * | 2013-10-30 | 2014-02-12 | 汉柏科技有限公司 | Web message releasing method and device |
| CN105978908A (en) * | 2016-07-08 | 2016-09-28 | 北京奇虎科技有限公司 | Non-real-time information website security protection method and apparatus |
| CN108173879A (en) * | 2018-02-09 | 2018-06-15 | 杭州默安科技有限公司 | A kind of method of website falsification-proof, equipment and system |
| CN110071912A (en) * | 2019-03-26 | 2019-07-30 | 阿里巴巴集团控股有限公司 | Data checking method, device and system |
| CN110071912B (en) * | 2019-03-26 | 2021-05-04 | 创新先进技术有限公司 | Data inspection method, device and system |
| CN110912918A (en) * | 2019-12-02 | 2020-03-24 | 泰康保险集团股份有限公司 | Page repairing method and device |
| CN111510432A (en) * | 2020-03-18 | 2020-08-07 | 大箴(杭州)科技有限公司 | Safety monitoring method, device and equipment for website abnormity |
| CN114444127A (en) * | 2021-10-28 | 2022-05-06 | 中国南方电网有限责任公司超高压输电公司 | WEB page tampering detection method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102176722B (en) | 2013-07-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102176722B (en) | Method and system for preventing page tampering based on front-end gateway | |
| US10262127B2 (en) | Systems and method for securely sharing and executing data and models | |
| CN102609645B (en) | Website data tampering preventing method based on network isolation structure | |
| US11126749B2 (en) | Apparatus and method for securing web application server source code | |
| CN101360102B (en) | Method for detecting dns redirects or fraudulent local certificates for ssl sites in pharming/phishing schemes by remote validation and using a credential manager and recorded certificate attributes | |
| JP6533871B2 (en) | System and method for controlling sign-on to web applications | |
| US11165820B2 (en) | Web injection protection method and system | |
| EP2866411A1 (en) | Method and system for detecting unauthorized access to and use of network resources with targeted analytics | |
| CN110476167A (en) | The system and method for computer security risk mitigation based on context | |
| CN108989355B (en) | Vulnerability detection method and device | |
| CN104753936A (en) | Opc security gateway system | |
| CN1992596A (en) | User authentication device and method | |
| KR100912794B1 (en) | Web hacking management system and manegement method thereof for real time web server hacking analysis and homepage hacking search | |
| CN102902926A (en) | Website file anti-tampering method based on distributed file synchronization technology | |
| CN102035838B (en) | Trust service connecting method and trust service system based on platform identity | |
| CN112417443A (en) | Database protection method and device, firewall and computer readable storage medium | |
| CN112559489B (en) | Cross-chain-based blockchain supervision method, device and storage medium | |
| CN111597424A (en) | Crawler identification method and device, computer equipment and storage medium | |
| CN113221194A (en) | Webpage tampering hybrid detection technology | |
| CN106487752A (en) | A kind of method and apparatus for authentication-access safety | |
| Chen et al. | Practical Byzantine Fault Tolerance Based Robustness for Mobile Crowdsensing | |
| CN112866285B (en) | Gateway interception method and device, electronic equipment and storage medium | |
| CN102404331A (en) | Method for judging whether website is maliciously tampered | |
| CN108696519B (en) | Webpage tamper-proofing system and method based on shared storage | |
| CN112104625B (en) | Process access control method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130703 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |