CN102957705B - A kind of method and device of webpage tamper protection - Google Patents
A kind of method and device of webpage tamper protection Download PDFInfo
- Publication number
- CN102957705B CN102957705B CN201210450653.0A CN201210450653A CN102957705B CN 102957705 B CN102957705 B CN 102957705B CN 201210450653 A CN201210450653 A CN 201210450653A CN 102957705 B CN102957705 B CN 102957705B
- Authority
- CN
- China
- Prior art keywords
- watermark
- response message
- message
- recognition result
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Editing Of Facsimile Originals (AREA)
- Two-Way Televisions, Distribution Of Moving Picture Or The Like (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The method and apparatus that the invention discloses the protection of a kind of webpage tamper.By the data respond packet in IP response message being carried out watermark identification on equipment between in a network, it is judged that the watermark comparison result of watermark identification is the most consistent, and then whether the webpage obtaining client-access is tampered, and without installing plug-in unit at server.By means of the invention it is possible in the case of relatively low installation and safeguarding complexity, web server information is tampered information and cannot be exposed in public access.
Description
Technical field
The present invention relates to network safety filed, particularly relate to the method and device of a kind of webpage tamper protection.
Background technology
Along with the Internet and the universal and development of network application, substantial amounts of assault is following, especially for mutually
The network attack of networking.Wherein, the universal maneuver that web page files is assault is distorted.Webpage tamper attack is the most in advance
Checking and take precautions against in real time more difficult, being difficult to trace responsibility owing to network environment is complicated, attack tool is simple and to intelligent development.
Although having the safety equipment such as fire wall, intruding detection system as safety precaution means at present, but Web application attack being different from it
His attack pattern, is difficult to by detected by traditional safety equipment, can easily break through the guarantor of fire wall and intruding detection system
Protect.The Network Security Device that simple dependence fire wall and intruding detection system etc. are traditional cannot effectively be taken precautions against webpage tamper and attack,
To this end, webpage tamper-resistance techniques becomes one of focus of security fields research.
Existing webpage tamper-resistance techniques typically uses kernel inside technology.Described kernel inside technology, also referred to as numeral water
Print or Digital Fingerprinting Technology, i.e. each webpage flowed out is carried out digital watermarking inspection, if it find that webpage digital watermarking with
The difference before backed up, then can conclude that this webpage is tampered, and stops the webpage after distorting to flow out.By in Web server core
Embedding technique, uses cryptographic algorithm, calculates for each need object to be protected (static Web page, execution script, binary file)
There is the digital watermarking of uniqueness.When the public accesses webpage every time, all web page contents and digital watermarking are carried out comparing calculation;One
Denier finds that webpage is illegally modified, and the most automatically recovers, thus ensures that illegal web page content is not browsed by the public.This skill
Art needs every station server is installed plug-in unit, takies server resource;For such as IDC machine room, there is a large amount of middle servlets
The environment of group is installed and is safeguarded and all limited by various degree, installs and safeguards that complexity is big, even there is also part trustship
Server does not allow to install the situation of plug-in unit.
Summary of the invention
In view of this, the present invention provides a kind of webpage integrity assurance.The present invention is real at IP layer by network intermediary device
Existing, it is not necessary at server, plug-in unit to be installed and just can realize the anti-tamper protection of webpage.
For realizing the object of the invention, implementation of the present invention is specific as follows:
The method of a kind of webpage tamper protection, is applied to network intermediary device, and described network intermediary device is positioned at client
And between server, said method comprising the steps of:
Obtain the IP response message that server sends to client;
Data respond packet in described IP response message is carried out watermark identification, obtains watermark recognition result;
When described watermark recognition result be watermark comparison consistent time, described IP response message is sent to client;
When described watermark comparison result be watermark comparison inconsistent time, block described IP response message.
Present invention simultaneously provides the device of a kind of webpage tamper protection, be applied to network intermediary device, in the middle of described network
Equipment is between client and server, and described device includes:
Receive message unit, for obtaining the IP response message that server sends to client;
Watermark recognition unit, for data respond packet in described IP response message is carried out watermark identification, obtains watermark and knows
Other result;
Packet sending unit, for when described watermark recognition result be watermark comparison consistent time, by described IP response message
It is sent to client;
Message blocking unit, for when described watermark comparison result be watermark comparison inconsistent time, block described IP response
Message.
Compared with prior art, the present invention is carried out by the data respond packet in IP response message on equipment between in a network
Watermark identification, it is judged that in watermark identification, watermark comparison result is the most consistent, and then judges whether the webpage of client-access is usurped
Change, and without installing plug-in unit at server, it is possible to make Web server information quilt in relatively low installation with in the case of safeguarding complexity
The information of distorting cannot be exposed in public access.
Accompanying drawing explanation
Fig. 1 is the method flow schematic diagram of webpage tamper of the present invention protection.
Fig. 2 is the method flow schematic diagram of watermark identification in webpage tamper of the present invention protection.
Fig. 3 is the logic composition diagram of webpage tamper preventer of the present invention.
Detailed description of the invention
The present invention provides the method and apparatus that a kind of webpage tamper protects, and the environment that the present invention realizes can be C/S structure,
The facility such as including client, Web server and network intermediary device.The present invention uses intermediate equipment to carry out webpage tamper protection,
Can effectively solve, at server, plug-in unit is installed and take server resource and the problem that plug-in unit can not be installed on the server.
It should be noted that described network intermediary device can be independent physical equipment, it can also be logical device.
For realizing the object of the invention, describe the present invention in detail below in conjunction with accompanying drawing.Refer to Fig. 1, provide for the present invention
A kind of webpage tamper means of defence, said method comprising the steps of:
The method of a kind of webpage tamper protection, is applied to network intermediary device, and described network intermediary device is positioned at client
And between server, it is characterised in that said method comprising the steps of:
Step 101, obtains the IP response message that server sends to client;
Specifically, when user accesses some websites, sending IP request message to server, server receives described IP
After request message, return corresponding IP response message to client.Described intermediate equipment then obtains described IP response message.
Step 102, carries out watermark identification to data respond packet in described IP response message, obtains watermark recognition result;
Specifically, after described network intermediary device obtains described IP response message, data respond packet is carried out watermark
Comparison, it is judged that whether the webpage asked is tampered.Described data respond packet specifically include http protocol the amendment date,
The length field of http protocol and message content.It should be noted that the number of IP response message described in extracting directly of the present invention
According to TCP sequence number section in respond packet, judge, it is not necessary to above deliver to application layer and recombinate, it is possible to save substantial amounts of data copy
Performance.Additionally, due to the continuity of TCP sequence number in IP response message, the server being dispersed in different IP bags can be responded
Content accurately processes, it is to avoid the probability that can not identify completely for response contents.
Need it is further noted that the watermark compared with described IP response message for by described intermediate equipment to clothes
Business device content learns the watermark that automatic generating network structured file is corresponding automatically.
Step 103, when described watermark recognition result be watermark comparison consistent time, described IP response message is sent to client
End;
Specifically, when described watermark recognition result be watermark comparison consistent time, illustrate that the webpage of described client-access does not has
Being tampered, the IP response message of the webpage distorted then directly is passed through by described intermediate equipment, is left intact, visitor
Family end can browse through the content of server response.
Step 104, when described watermark comparison result be watermark comparison inconsistent time, block described IP response message;
Specifically, when described watermark recognition result be watermark comparison inconsistent time, the webpage of described client-access is described
It is tampered, or the IP response message of the webpage that described intermediate equipment is to distorting blocks to be pushed to cache and no longer carries out
Transmission.
Further, when described watermark comparison result be watermark comparison inconsistent time, by corresponding for described IP response message
URL adds blacklist.After described URL is added blacklist, follow-up client request will be unable to access described URL or propelling movement
Cache contents, legal manager is then by modifying by back-stage management path after the login that hides Paths, after webpage recovers
The access rights of manually opened described webpage.By blocking IP response message or pushing buffer service, and by IP response message
Corresponding URL adds blacklist, it is achieved that in the case of relatively low installation and safeguarding complexity, web server information is tampered
Information cannot be exposed in public access, it is possible to eliminates the harmful effect that society is caused after illegally distorting by webpage.
Further, described HTTP in described IP response message is updated time and response contents carry out watermark identification and enter one
Step includes:
Consistent with watermark when the amendment date in the http protocol of described IP response message, HTTP in described IP response message
File field length in agreement is not changed, and carries out message content calculating digital watermarking by the sampling rate pre-set
And carry out comparison result unanimously, the watermark recognition result described in confirmation.Wherein, described sampling rate is by user as required freely
Arrange.
Further, as in figure 2 it is shown, HTTP updates the time and response contents carries out watermark knowledge in described IP response message
, do not comprise the following steps:
Step 201, it is judged that the amendment date in the http protocol of described IP response message is the most consistent with watermark, if so,
Then perform step 202, if it is not, then perform step 205;
Step 202, it is judged that in described IP response message, whether the file field length in http protocol is changed, and if so, holds
Row step 205, if it is not, perform step 203;
Step 203, carries out calculating digital watermarking and judging watermark comparison to message content by the sampling rate pre-set
Result is the most correct, if being carried out step 204, when described watermark comparison result mistake, then blocks described IP response message.
Step 204, is sent to client by described IP response message;
Step 205, blocks described IP response message.
It should be noted that the order of the judged content of the above step 201, step 202 and step 203 there is no strictly
Regulation, can be adjusted as required.Such as, step 201 judges the file word stated in IP response message in http protocol
Whether segment length is changed, and step 202 judges that the amendment date stating in the http protocol of IP response message is the most consistent with watermark, step
Whether the rapid 3 file field length judged in described IP response message in http protocol are changed.Other sequence of steps by that analogy,
The most burdensome at this.
Refer to Fig. 3, for the device of a kind of webpage tamper protection that the present invention provides, be applied to network intermediary device, institute
Stating network intermediary device between client and server, described device includes:
Receive message unit, for obtaining the IP response message that server sends to client;
Specifically, when user accesses some websites, sending IP request message to server, server receives described IP
After request message, return corresponding IP response message to client.Described intermediate equipment Receive message unit then obtains described
IP response message.
Watermark recognition unit, for data respond packet in described IP response message is carried out watermark identification, obtains watermark and knows
Other result;
Specifically, after described network intermediary device obtains described IP response message, data respond packet is carried out watermark
Comparison, it is judged that whether the webpage asked is tampered.Described data respond packet specifically include http protocol the amendment date,
The length field of http protocol and message content.It should be noted that the number of IP response message described in extracting directly of the present invention
According to TCP sequence number section in respond packet, judge, it is not necessary to above deliver to application layer and recombinate, it is possible to save substantial amounts of data copy
Performance.Additionally, due to the continuity of TCP sequence number in IP response message, the server being dispersed in different IP bags can be responded
Content accurately processes, it is to avoid the probability that can not identify completely for response contents.
Need it is further noted that the watermark compared with described IP response message for by described intermediate equipment to clothes
Business device content learns the watermark that automatic generating network structured file is corresponding automatically.
Packet sending unit, for when described watermark recognition result be watermark comparison consistent time, by described IP response message
It is sent to client;
Specifically, when described watermark recognition result be watermark comparison consistent time, illustrate that the webpage of described client-access does not has
Being tampered, the IP response message of the webpage distorted then directly is passed through by described intermediate equipment, is left intact, by
Described IP response message is sent to client by packet sending unit, and client can browse through the content of server response.
Message blocking unit, for when described watermark comparison result be watermark comparison inconsistent time, block described IP response
Message;
Specifically, when described watermark recognition result be watermark comparison inconsistent time, the webpage of described client-access is described
It is tampered, or the IP response message of the webpage that message blocking unit is to distorting blocks to be pushed to cache and no longer carries out
Transmission.
URL processing unit, for when described watermark comparison result be watermark comparison inconsistent time, by described IP response message
Corresponding URL adds blacklist;
Specifically, when described watermark comparison result be watermark comparison inconsistent time, URL processing unit by described IP response report
The URL that literary composition is corresponding adds blacklist.After described URL is added blacklist, follow-up client request will be unable to access described URL
Or propelling movement cache contents, legal manager is modified by back-stage management path after then logging in by hiding Paths, webpage
The access rights of manually opened described webpage after recovery.
Described watermark recognition unit is further used for:
Consistent with watermark when the amendment date in the http protocol of described IP response message, HTTP in described IP response message
File field length in agreement is not changed, and carries out message content calculating digital watermarking by the sampling rate pre-set
And carry out comparison result unanimously, the watermark recognition result described in confirmation.
The foregoing is only presently preferred embodiments of the present invention, not in order to limit the present invention, all essences in the present invention
Within god and principle, any modification, equivalent substitution and improvement etc. done, within should be included in the scope of protection of the invention.
Claims (6)
1. webpage tamper protection a method, be applied to network intermediary device, described network intermediary device be positioned at client and
Between server, it is characterised in that said method comprising the steps of:
Obtain the IP response message that server sends to client;
To in described IP response message, the HTTP of data respond packet updates the time and response contents carries out watermark identification, obtains watermark
Recognition result;Wherein, described data respond packet specifically include http protocol amendment the date, http protocol length field with
And message content;Described HTTP in described IP response message is updated time and response contents carry out watermark identification and wrap further
Include: consistent with watermark when the amendment date in the http protocol of described IP response message, http protocol in described IP response message
In file field length do not change, and by the sampling rate that pre-sets, message content is carried out calculates digital watermarking and goes forward side by side
Row comparison result is consistent, the watermark recognition result described in confirmation;
When described watermark recognition result be watermark comparison consistent time, described IP response message is sent to client;
When described watermark recognition result be watermark comparison inconsistent time, block described IP response message, or described IP responded
Message is pushed to caching.
2. webpage tamper means of defence as claimed in claim 1, it is characterised in that described method also includes:
When described watermark recognition result be watermark comparison inconsistent time, corresponding for described IP response message URL is added blacklist.
3. webpage tamper means of defence as claimed in claim 1, it is characterised in that compare with described IP response message
Watermark is, by described intermediate equipment, server content learns watermark that automatic generating network structured file is corresponding automatically.
4. webpage tamper protection a device, be applied to network intermediary device, described network intermediary device be positioned at client and
Between server, it is characterised in that described device includes:
Receive message unit, for obtaining the IP response message that server sends to client;
Watermark recognition unit, in described IP response message, the HTTP of data respond packet updates the time and response contents is carried out
Watermark identification, obtains watermark recognition result;Wherein, described data respond packet specifically include http protocol the amendment date,
The length field of http protocol and message content;Described watermark recognition unit is further used for: when described IP response message
The amendment date in http protocol is consistent with watermark, and in described IP response message, the file field length in http protocol is the most more
Change, and carry out message content calculating digital watermarking and carrying out comparison result unanimously by the sampling rate pre-set, confirm institute
The watermark recognition result stated;
Packet sending unit, for when described watermark recognition result be watermark comparison consistent time, by described IP response message send
To client;
Message blocking unit, for when described watermark recognition result be watermark comparison inconsistent time, block described IP response message,
Or described IP response message is pushed to caching.
5. the device of webpage tamper protection as claimed in claim 4, it is characterised in that described device also includes:
URL processing unit, for when described watermark recognition result be watermark comparison inconsistent time, by corresponding for described IP response message
URL add blacklist.
6. webpage tamper preventer as claimed in claim 4, it is characterised in that compare with described IP response message
Watermark is, by described intermediate equipment, server content learns watermark that automatic generating network structured file is corresponding automatically.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210450653.0A CN102957705B (en) | 2012-11-12 | 2012-11-12 | A kind of method and device of webpage tamper protection |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210450653.0A CN102957705B (en) | 2012-11-12 | 2012-11-12 | A kind of method and device of webpage tamper protection |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102957705A CN102957705A (en) | 2013-03-06 |
| CN102957705B true CN102957705B (en) | 2016-12-21 |
Family
ID=47765930
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210450653.0A Active CN102957705B (en) | 2012-11-12 | 2012-11-12 | A kind of method and device of webpage tamper protection |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102957705B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103716315A (en) * | 2013-12-24 | 2014-04-09 | 上海天存信息技术有限公司 | Method and device for detecting web page tampering |
| CN104935551B (en) * | 2014-03-18 | 2018-09-04 | 杭州迪普科技股份有限公司 | A kind of webpage tamper protective device and method |
| CN108363910B (en) * | 2018-01-23 | 2020-01-10 | 南通大学 | Webpage watermark embedding and extracting method based on HTML (Hypertext markup language) code |
| CN108881154A (en) * | 2018-04-20 | 2018-11-23 | 北京海泰方圆科技股份有限公司 | Webpage is tampered detection method, apparatus and system |
| CN110704816B (en) * | 2019-09-29 | 2021-10-22 | 武汉极意网络科技有限公司 | Interface cracking recognition method, device, equipment and storage medium |
| CN110909320B (en) * | 2019-10-18 | 2022-03-15 | 北京字节跳动网络技术有限公司 | Webpage watermark tamper-proofing method, device, medium and electronic equipment |
| CN114553452B (en) * | 2020-11-25 | 2023-06-02 | 华为技术有限公司 | Attack defense method and protection equipment |
| CN113701832A (en) * | 2021-08-28 | 2021-11-26 | 上海光华仪表有限公司 | Control method and system of high-voltage union electromagnetic flowmeter |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101626368A (en) * | 2008-07-11 | 2010-01-13 | 中联绿盟信息技术(北京)有限公司 | Device, method and system for preventing web page from being distorted |
| CN102546253A (en) * | 2012-01-05 | 2012-07-04 | 中国联合网络通信集团有限公司 | Webpage tamper-resistant method, system and management server |
-
2012
- 2012-11-12 CN CN201210450653.0A patent/CN102957705B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101626368A (en) * | 2008-07-11 | 2010-01-13 | 中联绿盟信息技术(北京)有限公司 | Device, method and system for preventing web page from being distorted |
| CN102546253A (en) * | 2012-01-05 | 2012-07-04 | 中国联合网络通信集团有限公司 | Webpage tamper-resistant method, system and management server |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102957705A (en) | 2013-03-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102957705B (en) | A kind of method and device of webpage tamper protection | |
| EP3219068B1 (en) | Method of identifying and counteracting internet attacks | |
| US11165820B2 (en) | Web injection protection method and system | |
| Thakur et al. | Content sniffing attack detection in client and server side: A survey | |
| CN102110198B (en) | Anti-counterfeiting method for web page | |
| US11503072B2 (en) | Identifying, reporting and mitigating unauthorized use of web code | |
| WO2015001535A1 (en) | System and method for web application security | |
| WO2012101623A1 (en) | Web element spoofing prevention system and method | |
| US8893270B1 (en) | Detection of cross-site request forgery attacks | |
| Lamprakis et al. | Unsupervised detection of APT C&C channels using web request graphs | |
| Sangeetha et al. | Signature based semantic intrusion detection system on cloud | |
| CN108319822B (en) | Method, storage medium, electronic device and system for protecting webpage code | |
| CN113221194A (en) | Webpage tampering hybrid detection technology | |
| CN108388812A (en) | A kind of webpage tamper detection method | |
| KR100683166B1 (en) | Protected method of webpage using a safe server or safe setop box | |
| US8650214B1 (en) | Dynamic frame buster injection | |
| Kerschbaumer et al. | Injecting CSP for fun and security | |
| Van Horenbeeck | Deception on the network: thinking differently about covert channels | |
| KR101725670B1 (en) | System and method for malware detection and prevention by checking a web server | |
| Varshney et al. | RC6 based data security and attack detection | |
| Kaluža et al. | Content management system security | |
| CN112637171A (en) | Data traffic processing method, device, equipment, system and storage medium | |
| US20220222342A1 (en) | Monitoring method of static object tampering in hybrid environment | |
| CN112214464A (en) | Evidence preservation method and system based on block chain | |
| Jain et al. | Network security analyzer: Detection and prevention of web attacks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder |
Address after: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building Patentee after: Hangzhou Dipu Polytron Technologies Inc Address before: Binjiang District and Hangzhou city in Zhejiang Province Road 310051 No. 68 in the 6 storey building Patentee before: Hangzhou Dipu Technology Co., Ltd. |
|
| CP01 | Change in the name or title of a patent holder |